From 51e131afb21e6703dfb5b5c7549a24c0a9b66a5f Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Sun, 20 Feb 2022 17:10:08 -0500 Subject: [PATCH 001/243] Add or update the Azure App Service build and deployment workflow config --- .github/workflows/master_cippcklru.yml | 29 ++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/master_cippcklru.yml diff --git a/.github/workflows/master_cippcklru.yml b/.github/workflows/master_cippcklru.yml new file mode 100644 index 000000000000..dff7ee3e3348 --- /dev/null +++ b/.github/workflows/master_cippcklru.yml @@ -0,0 +1,29 @@ +# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action +# More GitHub Actions for Azure: https://github.com/Azure/actions + +name: Build and deploy Powershell project to Azure Function App - cippcklru + +on: + push: + branches: + - master + workflow_dispatch: + +env: + AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root + +jobs: + build-and-deploy: + runs-on: windows-latest + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@v2 + + - name: 'Run Azure Functions Action' + uses: Azure/functions-action@v1 + id: fa + with: + app-name: 'cippcklru' + slot-name: 'Production' + package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} + publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_27B63F21821146D7B2D087D67F258F04 }} From 8dba35e28cbd5085fcd2dc02bd5a9560ad73a87a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 15 Aug 2022 10:25:45 -0400 Subject: [PATCH 002/243] Update master_cippcklru.yml dev testing --- .github/workflows/master_cippcklru.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/master_cippcklru.yml b/.github/workflows/master_cippcklru.yml index dff7ee3e3348..e7003914c17e 100644 --- a/.github/workflows/master_cippcklru.yml +++ b/.github/workflows/master_cippcklru.yml @@ -7,6 +7,7 @@ on: push: branches: - master + - dev workflow_dispatch: env: From 145586a721adf7d71c5f5971d81827e9be1b1387 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 23 Aug 2022 21:18:12 -0400 Subject: [PATCH 003/243] Update host.json enable logging --- host.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/host.json b/host.json index 010993d73c8f..c23881b1813b 100644 --- a/host.json +++ b/host.json @@ -8,7 +8,5 @@ "version": "[2.*, 3.0.0)" }, "extensions": {}, - "logging": { - "fileLoggingMode": "never" - } + "logging": {} } From 437e75b2d619ddbddd138224551eb552cd667d5f Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 15:11:07 -0500 Subject: [PATCH 004/243] Scheduled Updates Update CIPP-API automatically --- .github/workflows/upstream-merge.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/upstream-merge.yml diff --git a/.github/workflows/upstream-merge.yml b/.github/workflows/upstream-merge.yml new file mode 100644 index 000000000000..1763db233bf7 --- /dev/null +++ b/.github/workflows/upstream-merge.yml @@ -0,0 +1,22 @@ +name: Scheduled CIPP Update +on: + schedule: + - cron: '50 11 * * 5' + # scheduled for 11:50 UTC every Friday + +jobs: + merge-upstream: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + ref: upstream # set the branch to merge to + fetch-depth: 0 + - name: Merge Upstream + uses: exions/merge-upstream@v1 + with: + upstream: KelvinTegelaar/CIPP-API # set the upstream repo + upstream-branch: master # set the upstream branch to merge from + branch: master # set the branch to merge to + From db0eed1cb28281ddb42a332c972f472f96203617 Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 15:26:34 -0500 Subject: [PATCH 005/243] Update upstream-merge.yml --- .github/workflows/upstream-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/upstream-merge.yml b/.github/workflows/upstream-merge.yml index 1763db233bf7..3625416181df 100644 --- a/.github/workflows/upstream-merge.yml +++ b/.github/workflows/upstream-merge.yml @@ -11,7 +11,7 @@ jobs: - name: Checkout uses: actions/checkout@v2 with: - ref: upstream # set the branch to merge to + ref: main # set the branch to merge to fetch-depth: 0 - name: Merge Upstream uses: exions/merge-upstream@v1 From dce0363fdae30b5dd62d42b201ac142526537a00 Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 15:26:44 -0500 Subject: [PATCH 006/243] Update upstream-merge.yml --- .github/workflows/upstream-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/upstream-merge.yml b/.github/workflows/upstream-merge.yml index 3625416181df..e4cfa028ec30 100644 --- a/.github/workflows/upstream-merge.yml +++ b/.github/workflows/upstream-merge.yml @@ -11,7 +11,7 @@ jobs: - name: Checkout uses: actions/checkout@v2 with: - ref: main # set the branch to merge to + ref: master # set the branch to merge to fetch-depth: 0 - name: Merge Upstream uses: exions/merge-upstream@v1 From 761d0b94e858e479166c0bd73a3c1844cc07d222 Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 15:27:28 -0500 Subject: [PATCH 007/243] Update upstream-merge.yml --- .github/workflows/upstream-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/upstream-merge.yml b/.github/workflows/upstream-merge.yml index e4cfa028ec30..ad10635abbca 100644 --- a/.github/workflows/upstream-merge.yml +++ b/.github/workflows/upstream-merge.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: ref: master # set the branch to merge to fetch-depth: 0 From 19deb3cb8b2346ba65698b7a3eab865aad73d7bb Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 15:40:45 -0500 Subject: [PATCH 008/243] Update upstream-merge.yml --- .github/workflows/upstream-merge.yml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/.github/workflows/upstream-merge.yml b/.github/workflows/upstream-merge.yml index ad10635abbca..3db64120efec 100644 --- a/.github/workflows/upstream-merge.yml +++ b/.github/workflows/upstream-merge.yml @@ -3,20 +3,14 @@ on: schedule: - cron: '50 11 * * 5' # scheduled for 11:50 UTC every Friday + workflow_dispatch: jobs: merge-upstream: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v3 + - uses: TobKed/github-forks-sync-action@v1.2.1 with: - ref: master # set the branch to merge to - fetch-depth: 0 - - name: Merge Upstream - uses: exions/merge-upstream@v1 - with: - upstream: KelvinTegelaar/CIPP-API # set the upstream repo - upstream-branch: master # set the upstream branch to merge from - branch: master # set the branch to merge to - + upstream_repository: KelvinTegelaar/CIPP-API + upstream_branch: master + target_branch: master From 0f1601fb23924607536ed85eb7adf076522a0bbb Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 16:26:03 -0500 Subject: [PATCH 009/243] Update and rename upstream-merge.yml to cipp-update.yml --- .github/workflows/{upstream-merge.yml => cipp-update.yml} | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) rename .github/workflows/{upstream-merge.yml => cipp-update.yml} (76%) diff --git a/.github/workflows/upstream-merge.yml b/.github/workflows/cipp-update.yml similarity index 76% rename from .github/workflows/upstream-merge.yml rename to .github/workflows/cipp-update.yml index 3db64120efec..5eeff0ec2275 100644 --- a/.github/workflows/upstream-merge.yml +++ b/.github/workflows/cipp-update.yml @@ -9,8 +9,9 @@ jobs: merge-upstream: runs-on: ubuntu-latest steps: - - uses: TobKed/github-forks-sync-action@v1.2.1 + - uses: TobKed/github-forks-sync-action@v0.2.0 with: + github_token: ${{ secrets.GITHUB_TOKEN }} upstream_repository: KelvinTegelaar/CIPP-API upstream_branch: master target_branch: master From c73a89c9e5133a301f05a861e07ca3aff0906a46 Mon Sep 17 00:00:00 2001 From: Complete Network <100042659+Complete-Network@users.noreply.github.com> Date: Mon, 30 Jan 2023 16:29:28 -0500 Subject: [PATCH 010/243] Update cipp-update.yml --- .github/workflows/cipp-update.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cipp-update.yml b/.github/workflows/cipp-update.yml index 5eeff0ec2275..287765556d61 100644 --- a/.github/workflows/cipp-update.yml +++ b/.github/workflows/cipp-update.yml @@ -8,10 +8,7 @@ on: jobs: merge-upstream: runs-on: ubuntu-latest - steps: - - uses: TobKed/github-forks-sync-action@v0.2.0 + steps: + - uses: anatawa12/fork-sync-all-branches@v1 with: github_token: ${{ secrets.GITHUB_TOKEN }} - upstream_repository: KelvinTegelaar/CIPP-API - upstream_branch: master - target_branch: master From dd2cff9bc9543d77617d6c7aed9044c322eac60f Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 10 Jan 2024 07:46:54 -0500 Subject: [PATCH 011/243] Update host.json --- host.json | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/host.json b/host.json index babcfc05bd4c..ebde6e5940fb 100644 --- a/host.json +++ b/host.json @@ -11,8 +11,5 @@ "extensions": { "queues": { "maxDequeueCount": 5 - }}, - "logging": { - "fileLoggingMode": "never" - } + }} } From 4f51782841b00f1151f36808ff1a8f5bb47a702c Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 10 Jan 2024 12:34:24 -0500 Subject: [PATCH 012/243] Update Invoke-CIPPWebhookProcessing.ps1 --- .../Public/Invoke-CIPPWebhookProcessing.ps1 | 32 +++++++++++-------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 index 65991c17a452..358434a3008f 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 @@ -215,20 +215,24 @@ function Invoke-CippWebhookProcessing { } if ($data.ClientIP) { - $IP = $data.ClientIP - if ($IP -match '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$') { - $IP = $IP -replace ':\d+$', '' # Remove the port number if present - } - $LocationInfo = @{ - RowKey = [string]$ip - PartitionKey = [string]$data.UserId - Tenant = [string]$TenantFilter - CountryOrRegion = "$Country" - City = "$City" - Proxy = "$Proxy" - Hosting = "$hosting" - ASName = "$ASName" + try { + $IP = $data.ClientIP + if ($IP -match '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$') { + $IP = $IP -replace ':\d+$', '' # Remove the port number if present + } + $LocationInfo = @{ + RowKey = [string]$ip + PartitionKey = [string]$data.UserId + Tenant = [string]$TenantFilter + CountryOrRegion = "$Country" + City = "$City" + Proxy = "$Proxy" + Hosting = "$hosting" + ASName = "$ASName" + } + $null = Add-CIPPAzDataTableEntity @LocationTable -Entity $LocationInfo -Force + } catch { + Write-Host "Exception adding IP to table - $IP - $($_.Exception.Message)" } - $null = Add-CIPPAzDataTableEntity @LocationTable -Entity $LocationInfo -Force } } From 84347fc465279ddad1b67f31f2e04223155ec9c0 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 10 Jan 2024 12:36:17 -0500 Subject: [PATCH 013/243] Update run.ps1 --- PublicWebhooksProcess/run.ps1 | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/PublicWebhooksProcess/run.ps1 b/PublicWebhooksProcess/run.ps1 index 1f404c867df2..5dcb01dbd2a7 100644 --- a/PublicWebhooksProcess/run.ps1 +++ b/PublicWebhooksProcess/run.ps1 @@ -27,12 +27,16 @@ if ($Request.query.CIPPID -in $Webhooks.RowKey) { $ReceivedItem = [pscustomobject]$ReceivedItem $TenantFilter = (Get-Tenants | Where-Object -Property customerId -EQ $ReceivedItem.TenantId).defaultDomainName Write-Host "TenantFilter: $TenantFilter" - $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' - Write-Host "Data to process found: $(($ReceivedItem.operation).count) items" - Write-Host "Operations to process for this client: $($Webhookinfo.Operations)" - foreach ($Item in $Data) { - Write-Host "Processing $($item.operation)" - Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url + try { + $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' + Write-Host "Data to process found: $(($ReceivedItem.operation).count) items" + Write-Host "Operations to process for this client: $($Webhookinfo.Operations)" + foreach ($Item in $Data) { + Write-Host "Processing $($item.operation)" + Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url + } + } catch { + Write-Host "Exception getting webhook data $($_.Exception.Message)" } } } From e7f551a7426bd2f889fc0ffb446ccb6e65075380 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 10 Jan 2024 12:49:49 -0500 Subject: [PATCH 014/243] Update run.ps1 --- PublicWebhooksProcess/run.ps1 | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/PublicWebhooksProcess/run.ps1 b/PublicWebhooksProcess/run.ps1 index 5dcb01dbd2a7..d47371cf93e4 100644 --- a/PublicWebhooksProcess/run.ps1 +++ b/PublicWebhooksProcess/run.ps1 @@ -27,20 +27,21 @@ if ($Request.query.CIPPID -in $Webhooks.RowKey) { $ReceivedItem = [pscustomobject]$ReceivedItem $TenantFilter = (Get-Tenants | Where-Object -Property customerId -EQ $ReceivedItem.TenantId).defaultDomainName Write-Host "TenantFilter: $TenantFilter" - try { - $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' - Write-Host "Data to process found: $(($ReceivedItem.operation).count) items" - Write-Host "Operations to process for this client: $($Webhookinfo.Operations)" - foreach ($Item in $Data) { - Write-Host "Processing $($item.operation)" - Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url + if ($TenantFilter) { + try { + $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' -ErrorAction Stop + Write-Host "Data to process found: $(($ReceivedItem.operation).count) items" + Write-Host "Operations to process for this client: $($Webhookinfo.Operations)" + foreach ($Item in $Data) { + Write-Host "Processing $($item.operation)" + Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url + } + } catch { + Write-Host "Exception getting webhook data $($_.Exception.Message)" } - } catch { - Write-Host "Exception getting webhook data $($_.Exception.Message)" } } } - } else { Write-Host 'Unauthorised Webhook' } From 3b79f3870b5ea284f11a98f2ea70cb8963c6db42 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Jan 2024 07:18:01 -0500 Subject: [PATCH 015/243] Update host.json --- host.json | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/host.json b/host.json index ebde6e5940fb..00c49cbf2490 100644 --- a/host.json +++ b/host.json @@ -6,10 +6,14 @@ "functionTimeout": "00:10:00", "extensionBundle": { "id": "Microsoft.Azure.Functions.ExtensionBundle", - "version": "[2.*, 3.0.0)" + "version": "[4.*, 5.0.0)" }, "extensions": { "queues": { - "maxDequeueCount": 5 - }} + "maxDequeueCount": 3 + } + }, + "logging": { + "fileLoggingMode": "never" + } } From c94145cad0335305dea7673d4371f3711583fb2b Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Jan 2024 07:18:26 -0500 Subject: [PATCH 016/243] Update run.ps1 --- PublicWebhooksProcess/run.ps1 | 62 ++++++++++++++++++++++++++--------- 1 file changed, 46 insertions(+), 16 deletions(-) diff --git a/PublicWebhooksProcess/run.ps1 b/PublicWebhooksProcess/run.ps1 index d47371cf93e4..69e153f60e01 100644 --- a/PublicWebhooksProcess/run.ps1 +++ b/PublicWebhooksProcess/run.ps1 @@ -22,26 +22,56 @@ if ($Request.query.CIPPID -in $Webhooks.RowKey) { } else { # Auditlog Subscriptions - $Webhookinfo = $Webhooks | Where-Object -Property RowKey -EQ $Request.query.CIPPID - foreach ($ReceivedItem In ($Request.body)) { - $ReceivedItem = [pscustomobject]$ReceivedItem - $TenantFilter = (Get-Tenants | Where-Object -Property customerId -EQ $ReceivedItem.TenantId).defaultDomainName - Write-Host "TenantFilter: $TenantFilter" - if ($TenantFilter) { - try { - $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' -ErrorAction Stop - Write-Host "Data to process found: $(($ReceivedItem.operation).count) items" - Write-Host "Operations to process for this client: $($Webhookinfo.Operations)" - foreach ($Item in $Data) { - Write-Host "Processing $($item.operation)" - Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url - } - } catch { - Write-Host "Exception getting webhook data $($_.Exception.Message)" + try { + foreach ($ReceivedItem In ($Request.body)) { + $ReceivedItem = [pscustomobject]$ReceivedItem + Write-Host "Received Item: $($ReceivedItem | ConvertTo-Json -Depth 15 -Compress))" + $TenantFilter = (Get-Tenants | Where-Object -Property customerId -EQ $ReceivedItem.TenantId).defaultDomainName + Write-Host "Webhook TenantFilter: $TenantFilter" + $ConfigTable = get-cipptable -TableName 'SchedulerConfig' + $Alertconfig = Get-CIPPAzDataTableEntity @ConfigTable | Where-Object { $_.Tenant -eq $TenantFilter -or $_.Tenant -eq 'AllTenants' } + $Operations = ($AlertConfig.if | ConvertFrom-Json -ErrorAction SilentlyContinue).selection, 'UserLoggedIn' + $Webhookinfo = $Webhooks | Where-Object -Property RowKey -EQ $Request.query.CIPPID + #Increased download efficiency: only download the data we need for processing. Todo: Change this to load from table or dynamic source. + $MappingTable = [pscustomobject]@{ + 'UserLoggedIn' = 'Audit.AzureActiveDirectory' + 'Add member to role.' = 'Audit.AzureActiveDirectory' + 'Disable account.' = 'Audit.AzureActiveDirectory' + 'Update StsRefreshTokenValidFrom Timestamp.' = 'Audit.AzureActiveDirectory' + 'Enable account.' = 'Audit.AzureActiveDirectory' + 'Disable Strong Authentication.' = 'Audit.AzureActiveDirectory' + 'Reset user password.' = 'Audit.AzureActiveDirectory' + 'Add service principal.' = 'Audit.AzureActiveDirectory' + 'HostedIP' = 'Audit.AzureActiveDirectory' + 'badRepIP' = 'Audit.AzureActiveDirectory' + 'UserLoggedInFromUnknownLocation' = 'Audit.AzureActiveDirectory' + 'customfield' = 'AnyLog' + 'anyAlert' = 'AnyLog' + 'New-InboxRule' = 'Audit.Exchange' + 'Set-InboxRule' = 'Audit.Exchange' } + #Compare $Operations to $MappingTable. If there is a match, we make a new variable called $LogsToDownload + #Example: $Operations = 'UserLoggedIn', 'Set-InboxRule' makes : $LogsToDownload = @('Audit.AzureActiveDirectory',Audit.Exchange) + $LogsToDownload = $Operations | Where-Object { $MappingTable.$_ } | ForEach-Object { $MappingTable.$_ } + if ($ReceivedItem.ContentType -in $LogsToDownload -or $LogsToDownload -contains 'AnyLog') { + $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' + } else { + Write-Host "No data to download for $($ReceivedItem.ContentType)" + continue + } + Write-Host "Data found: $($data.count) items" + $DataToProcess = $Data | Where-Object -Property Operation -In $Operations + Write-Host "Data to process found: $($DataToProcess.count) items" + foreach ($Item in $DataToProcess) { + Write-Host "Processing $($item.operation)" + Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url + } } + } catch { + Write-Host "Webhook Failed: $($_.Exception.Message)" } } + } else { Write-Host 'Unauthorised Webhook' } From cc3135c3769969c34692444dd5f98a0fdc7809fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Wed, 7 Feb 2024 22:14:58 +0100 Subject: [PATCH 017/243] Better logging --- ...nvoke-CIPPStandardDisableBasicAuthSMTP.ps1 | 66 +++++++++++-------- 1 file changed, 39 insertions(+), 27 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 index 470e5498a1dd..c30afebc1318 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 @@ -4,43 +4,55 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-TransportConfig' + $SMTPusers = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-CASMailbox' -cmdParams @{ ResultSize = 'Unlimited' } | Where-Object { ($_.SmtpClientAuthenticationDisabled -eq $false) } + If ($Settings.remediate) { - # Disable SMTP Basic Authentication for the tenant - try { - $Request = New-ExoRequest -tenantid $Tenant -cmdlet 'Set-TransportConfig' -cmdParams @{ SmtpClientAuthenticationDisabled = $true } - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled SMTP Basic Authentication' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SMTP Basic Authentication: $($_.exception.message)" -sev Error - } - - # Disable SMTP Basic Authentication for all users - $SMTPusers = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-CASMailbox' -cmdParams @{ ResultSize = 'Unlimited' } | Where-Object { ($null -ne $_.SmtpClientAuthenticationDisabled) } - $SMTPusers | ForEach-Object { + if ($CurrentInfo.SmtpClientAuthenticationDisabled -and $SMTPusers.Count -eq 0) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication for tenant and all users is already disabled' -sev Info + } else { + # Disable SMTP Basic Authentication for the tenant try { - New-ExoRequest -tenantid $Tenant -cmdlet 'Set-CASMailbox' -cmdParams @{ Identity = $_.Identity; SmtpClientAuthenticationDisabled = $null } -UseSystemMailbox $true - Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress)" -sev Info + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-TransportConfig' -cmdParams @{ SmtpClientAuthenticationDisabled = $true } + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled SMTP Basic Authentication' -sev Info } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress). Error: $($_.exception.message)" -sev Error - + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SMTP Basic Authentication: $($_.exception.message)" -sev Error + } + + # Disable SMTP Basic Authentication for all users + $SMTPusers | ForEach-Object { + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-CASMailbox' -cmdParams @{ Identity = $_.Identity; SmtpClientAuthenticationDisabled = $null } -UseSystemMailbox $true + Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress)" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress). Error: $($_.exception.message)" -sev Error + + } } } } - - # This is ugly but done to avoid a second call to the Graph API - if ($Settings.alert -or $Settings.report) { - $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-TransportConfig' - - if ($Settings.alert) { - if ($CurrentInfo.SmtpClientAuthenticationDisabled) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication is disabled' -sev Info + if ($Settings.alert) { + if ($CurrentInfo.SmtpClientAuthenticationDisabled -and $SMTPusers.Count -eq 0) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication for tenant and all users is disabled' -sev Info + } else { + + if ($CurrentInfo.SmtpClientAuthenticationDisabled -eq $false) { + $LogMessage = 'SMTP Basic Authentication for tenant is not disabled. ' } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication is not disabled' -sev Alert + $LogMessage = 'SMTP Basic Authentication for tenant is disabled. ' } + if ($SMTPusers.Count -ne 0) { + $LogMessage += "SMTP Basic Authentication for $($SMTPusers.Count) users is not disabled" + } else { + $LogMessage += 'SMTP Basic Authentication for all users is disabled' + } + Write-LogMessage -API 'Standards' -tenant $tenant -message $LogMessage -sev Alert } - if ($Settings.report) { - Add-CIPPBPAField -FieldName 'DisableBasicAuthSMTP' -FieldValue [bool]$CurrentInfo.SmtpClientAuthenticationDisabled -StoreAs bool -Tenant $tenant - } + } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'DisableBasicAuthSMTP' -FieldValue [bool]$CurrentInfo.SmtpClientAuthenticationDisabled -StoreAs bool -Tenant $tenant } } From 84d9c84ecdfa2462ae8eff9ca999d816188300ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Wed, 7 Feb 2024 22:35:50 +0100 Subject: [PATCH 018/243] Change all global standards to report if they were already in the correct state --- ...nvoke-CIPPStandardActivityBasedTimeout.ps1 | 7 +++- .../Invoke-CIPPStandardAnonReportDisable.ps1 | 16 +++++--- .../Standards/Invoke-CIPPStandardAuditLog.ps1 | 16 +++++--- ...nvoke-CIPPStandardDisableBasicAuthSMTP.ps1 | 13 +++---- ...voke-CIPPStandardDisableGuestDirectory.ps1 | 25 ++++++------ .../Invoke-CIPPStandardMailContacts.ps1 | 38 ++++++++++++------- 6 files changed, 68 insertions(+), 47 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 index e61c9bd9e75e..ae2d6a6c094a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardActivityBasedTimeout.ps1 @@ -16,9 +16,12 @@ function Invoke-CIPPStandardActivityBasedTimeout { "definition":["{\"ActivityBasedTimeoutPolicy\":{\"Version\":1,\"ApplicationPolicies\":[{\"ApplicationId\":\"default\",\"WebSessionIdleTimeout\":\"01:00:00\"}]}}"] } '@ - (New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/activityBasedTimeoutPolicies' -Type POST -Body $body -ContentType 'application/json') + + New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/activityBasedTimeoutPolicies' -Type POST -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Enabled Activity Based Timeout of one hour' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Activity Based Timeout is already enabled' -sev Info } - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Enabled Activity Based Timeout of one hour' -sev Info } catch { Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Activity Based Timeout $($_.exception.message)" -sev Error } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 index b17bccf7290c..93f0183adf14 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAnonReportDisable.ps1 @@ -5,12 +5,18 @@ function Invoke-CIPPStandardAnonReportDisable { #> param($Tenant, $Settings) $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/reportSettings' -tenantid $Tenant -AsApp $true + If ($Settings.remediate) { - try { - New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/reportSettings' -Type patch -Body '{"displayConcealedNames": false}' -ContentType 'application/json' -AsApp $true - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Anonymous Reports Disabled.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable anonymous reports. Error: $($_.exception.message)" -sev Error + + if ($CurrentInfo.displayConcealedNames -eq $false) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Anonymous Reports is already disabled.' -sev Info + } else { + try { + New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/reportSettings' -Type patch -Body '{"displayConcealedNames": false}' -ContentType 'application/json' -AsApp $true + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Anonymous Reports Disabled.' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable anonymous reports. Error: $($_.exception.message)" -sev Error + } } } if ($Settings.alert) { diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 index 63bbdafe4269..1dcd16e89cdb 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 @@ -9,19 +9,23 @@ function Invoke-CIPPStandardAuditLog { If ($Settings.remediate) { Write-Host 'Time to remediate' + $DehydratedTenant = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').IsDehydrated if ($DehydratedTenant) { - New-ExoRequest -tenantid $Tenant -cmdlet 'Enable-OrganizationCustomization' + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Enable-OrganizationCustomization' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Organization customization enabled.' -sev Info + } catch { + $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable organization customization. Error: $ErrorMessage" -sev Debug + } } - + try { if ($AuditLogEnabled) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log already enabled.' -sev Info } else { - $AdminAuditLogParams = @{ - UnifiedAuditLogIngestionEnabled = $true - } - New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AdminAuditLogConfig' -cmdParams $AdminAuditLogParams + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AdminAuditLogConfig' -cmdParams @{UnifiedAuditLogIngestionEnabled = $true } Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log Enabled.' -sev Info } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 index c30afebc1318..ea9158643d86 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableBasicAuthSMTP.ps1 @@ -27,7 +27,6 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP { Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress)" -sev Info } catch { Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable SMTP Basic Authentication for $($_.DisplayName), $($_.PrimarySmtpAddress). Error: $($_.exception.message)" -sev Error - } } } @@ -38,15 +37,15 @@ function Invoke-CIPPStandardDisableBasicAuthSMTP { Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMTP Basic Authentication for tenant and all users is disabled' -sev Info } else { - if ($CurrentInfo.SmtpClientAuthenticationDisabled -eq $false) { - $LogMessage = 'SMTP Basic Authentication for tenant is not disabled. ' - } else { + if ($CurrentInfo.SmtpClientAuthenticationDisabled) { $LogMessage = 'SMTP Basic Authentication for tenant is disabled. ' - } - if ($SMTPusers.Count -ne 0) { - $LogMessage += "SMTP Basic Authentication for $($SMTPusers.Count) users is not disabled" } else { + $LogMessage = 'SMTP Basic Authentication for tenant is not disabled. ' + } + if ($SMTPusers.Count -eq 0) { $LogMessage += 'SMTP Basic Authentication for all users is disabled' + } else { + $LogMessage += "SMTP Basic Authentication for $($SMTPusers.Count) users is not disabled" } Write-LogMessage -API 'Standards' -tenant $tenant -message $LogMessage -sev Alert } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 index 9729b4b163a7..44d92753db8f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuestDirectory.ps1 @@ -8,14 +8,16 @@ function Invoke-CIPPStandardDisableGuestDirectory { If ($Settings.remediate) { - - try { - $body = '{guestUserRoleId: "2af84b1e-32c8-42b7-82bc-daa82404023b"}' - (New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -Type patch -Body $body -ContentType 'application/json') - - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Guest access to directory information.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Guest access to directory information.: $($_.exception.message)" -sev 'Error' + if ($CurrentInfo.guestUserRoleId -eq '2af84b1e-32c8-42b7-82bc-daa82404023b') { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Guest access to directory information is already disabled.' -sev Info + } else { + try { + $body = '{guestUserRoleId: "2af84b1e-32c8-42b7-82bc-daa82404023b"}' + New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Guest access to directory information.' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Guest access to directory information.: $($_.exception.message)" -sev 'Error' + } } } @@ -27,12 +29,9 @@ function Invoke-CIPPStandardDisableGuestDirectory { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Guest access to directory information is not disabled.' -sev Alert } } + if ($Settings.report) { - if ($CurrentInfo.guestUserRoleId -eq '2af84b1e-32c8-42b7-82bc-daa82404023b') { - $CurrentInfo.guestUserRoleId = $true - } else { - $CurrentInfo.guestUserRoleId = $false - } + if ($CurrentInfo.guestUserRoleId -eq '2af84b1e-32c8-42b7-82bc-daa82404023b') { $CurrentInfo.guestUserRoleId = $true } else { $CurrentInfo.guestUserRoleId = $false } Add-CIPPBPAField -FieldName 'DisableGuestDirectory' -FieldValue [bool]$CurrentInfo.guestUserRoleId -StoreAs bool -Tenant $tenant } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 index fc2b34dda7b1..09b58fe0671a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMailContacts.ps1 @@ -5,28 +5,37 @@ function Invoke-CIPPStandardMailContacts { #> param($Tenant, $Settings) $TenantID = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/organization' -tenantid $tenant) + $CurrentInfo = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/organization/$($TenantID.id)" -tenantid $Tenant + $contacts = $settings + $TechAndSecurityContacts = @($Contacts.SecurityContact, $Contacts.TechContact) If ($Settings.remediate) { - $contacts = $settings - try { - $Body = [pscustomobject]@{} - switch ($Contacts) { - { $Contacts.MarketingContact } { $body | Add-Member -NotePropertyName marketingNotificationEmails -NotePropertyValue @($Contacts.MarketingContact) } - { $Contacts.SecurityContact } { $body | Add-Member -NotePropertyName technicalNotificationMails -NotePropertyValue @($Contacts.SecurityContact) } - { $Contacts.TechContact } { $body | Add-Member -NotePropertyName technicalNotificationMails -NotePropertyValue @($Contacts.TechContact) } - { $Contacts.GeneralContact } { $body | Add-Member -NotePropertyName privacyProfile -NotePropertyValue @{contactEmail = $Contacts.GeneralContact } } + # TODO: Make this smaller if possible + if ($CurrentInfo.marketingNotificationEmails -eq $Contacts.MarketingContact -and ` + ($CurrentInfo.securityComplianceNotificationMails -in $TechAndSecurityContacts -or + $CurrentInfo.technicalNotificationMails -in $TechAndSecurityContacts) -and ` + $CurrentInfo.privacyProfile.contactEmail -eq $Contacts.GeneralContact) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Contact emails are already set.' -sev Info + } else { + try { + $Body = [pscustomobject]@{} + switch ($Contacts) { + { $Contacts.MarketingContact } { $body | Add-Member -NotePropertyName marketingNotificationEmails -NotePropertyValue @($Contacts.MarketingContact) } + { $Contacts.SecurityContact } { $body | Add-Member -NotePropertyName technicalNotificationMails -NotePropertyValue @($Contacts.SecurityContact) } + { $Contacts.TechContact } { $body | Add-Member -NotePropertyName technicalNotificationMails -NotePropertyValue @($Contacts.TechContact) -ErrorAction SilentlyContinue } + { $Contacts.GeneralContact } { $body | Add-Member -NotePropertyName privacyProfile -NotePropertyValue @{contactEmail = $Contacts.GeneralContact } } + } + Write-Host (ConvertTo-Json -InputObject $body) + New-GraphPostRequest -tenantid $tenant -Uri "https://graph.microsoft.com/v1.0/organization/$($TenantID.id)" -asApp $true -Type patch -Body (ConvertTo-Json -InputObject $body) -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Contact emails set.' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set contact emails: $($_.exception.message)" -sev Error } - Write-Host (ConvertTo-Json -InputObject $body) - New-GraphPostRequest -tenantid $tenant -Uri "https://graph.microsoft.com/v1.0/organization/$($TenantID.id)" -asApp $true -Type patch -Body (ConvertTo-Json -InputObject $body) -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Contact emails set.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set contact emails: $($_.exception.message)" -sev Error } } if ($Settings.alert) { - $CurrentInfo = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/organization/$($TenantID.id)" -tenantid $Tenant if ($CurrentInfo.marketingNotificationEmails -eq $Contacts.MarketingContact) { Write-LogMessage -API 'Standards' -tenant $tenant -message "Marketing contact email is set to $($Contacts.MarketingContact)" -sev Info } else { @@ -47,6 +56,7 @@ function Invoke-CIPPStandardMailContacts { } else { Write-LogMessage -API 'Standards' -tenant $tenant -message "General contact email is not set to $($Contacts.GeneralContact)" -sev Alert } + } if ($Settings.report) { Add-CIPPBPAField -FieldName 'MailContacts' -FieldValue $CurrentInfo -StoreAs json -Tenant $tenant From 4be77ed4ba0d7e51f367e58c4e63971d7dff0238 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Thu, 8 Feb 2024 18:52:53 +0100 Subject: [PATCH 019/243] Logging change in Invoke-CIPPStandardRotateDKIM.ps1 --- .../Invoke-CIPPStandardRotateDKIM.ps1 | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 index 5246d658f5de..0823e515d6c8 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 @@ -8,22 +8,26 @@ function Invoke-CIPPStandardRotateDKIM { If ($Settings.remediate) { - $DKIM | ForEach-Object { - try { - (New-ExoRequest -tenantid $tenant -cmdlet 'Rotate-DkimSigningConfig' -cmdparams @{ KeySize = 2048; Identity = $_.Identity } -useSystemMailbox $true) - Write-LogMessage -API 'Standards' -tenant $tenant -message "Rotated DKIM for $($_.Identity)" -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to rotate DKIM Error: $($_.exception.message)" -sev Error + if ($DKIM) { + $DKIM | ForEach-Object { + try { + (New-ExoRequest -tenantid $tenant -cmdlet 'Rotate-DkimSigningConfig' -cmdparams @{ KeySize = 2048; Identity = $_.Identity } -useSystemMailbox $true) + Write-LogMessage -API 'Standards' -tenant $tenant -message "Rotated DKIM for $($_.Identity)" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to rotate DKIM Error: $($_.exception.message)" -sev Error + } } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'DKIM is rotated for all domains' -sev Info } - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Rotated DKIM' -sev Info + } if ($Settings.alert) { - if ($null -eq $DKIM) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'DKIM is rotated for all domains' -sev Info - } else { + if ($DKIM) { Write-LogMessage -API 'Standards' -tenant $tenant -message "DKIM is not rotated for $($DKIM.Identity -join ';')" -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'DKIM is rotated for all domains' -sev Info } } From ae7ddb4645d1bd0cdb2a466526a5f118dcdbb149 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Thu, 8 Feb 2024 18:59:24 +0100 Subject: [PATCH 020/243] I FORGOT THE ALREADY PART --- .../CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 index 0823e515d6c8..17236da05fdf 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardRotateDKIM.ps1 @@ -18,7 +18,7 @@ function Invoke-CIPPStandardRotateDKIM { } } } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'DKIM is rotated for all domains' -sev Info + Write-LogMessage -API 'Standards' -tenant $tenant -message 'DKIM is already rotated for all domains' -sev Info } } From e2fd37d8ccb24ace5f06a896405a68af1947c623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Thu, 8 Feb 2024 22:01:25 +0100 Subject: [PATCH 021/243] Resharing standard loggign --- .../Invoke-CIPPStandardDisableReshare.ps1 | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 index 2f438e417605..30898dde2ddd 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 @@ -4,27 +4,32 @@ function Invoke-CIPPStandardDisableReshare { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true + If ($Settings.remediate) { - - try { - $body = '{"isResharingByExternalUsersEnabled": "False"}' - $Request = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' - Write-Host ($Request | ConvertTo-Json) - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled guests from resharing files' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable guests from resharing files: $($_.exception.message)" -sev Error + + if ($CurrentInfo.isResharingByExternalUsersEnabled) { + try { + $body = '{"isResharingByExternalUsersEnabled": "False"}' + $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled guests from resharing files' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable guests from resharing files: $($_.exception.message)" -sev Error + } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Guests are already disabled from resharing files' -sev Info } } if ($Settings.alert) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true if ($CurrentInfo.isResharingByExternalUsersEnabled -eq $false) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Guests are not allowed to reshare files' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Guests are allowed to reshare files' -sev Alert } } + if ($Settings.report) { Add-CIPPBPAField -FieldName 'DisableReshare' -FieldValue [bool]$CurrentInfo.isResharingByExternalUsersEnabled -StoreAs bool -Tenant $tenant } From 775940c26b25a44a0531ca8ba700cb8e65827464 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Thu, 8 Feb 2024 22:22:08 +0100 Subject: [PATCH 022/243] LAPS standard logging --- .../Invoke-CIPPStandardDisableReshare.ps1 | 9 +++---- .../Standards/Invoke-CIPPStandardlaps.ps1 | 27 +++++++++++-------- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 index 30898dde2ddd..6f6c0b9f7f7a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableReshare.ps1 @@ -8,7 +8,6 @@ function Invoke-CIPPStandardDisableReshare { If ($Settings.remediate) { - if ($CurrentInfo.isResharingByExternalUsersEnabled) { try { $body = '{"isResharingByExternalUsersEnabled": "False"}' @@ -23,13 +22,13 @@ function Invoke-CIPPStandardDisableReshare { } if ($Settings.alert) { - if ($CurrentInfo.isResharingByExternalUsersEnabled -eq $false) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Guests are not allowed to reshare files' -sev Info - } else { + if ($CurrentInfo.isResharingByExternalUsersEnabled) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Guests are allowed to reshare files' -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Guests are not allowed to reshare files' -sev Info } } - + if ($Settings.report) { Add-CIPPBPAField -FieldName 'DisableReshare' -FieldValue [bool]$CurrentInfo.isResharingByExternalUsersEnabled -StoreAs bool -Tenant $tenant } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 index 7ae60c772a41..5732995e01ca 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardlaps.ps1 @@ -7,24 +7,29 @@ function Invoke-CIPPStandardlaps { $PreviousSetting = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -tenantid $Tenant If ($Settings.remediate) { - - try { - $previoussetting.localadminpassword.isEnabled = $true - $Newbody = ConvertTo-Json -Compress -InputObject $PreviousSetting - New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -Type PUT -Body $newBody -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message 'LAPS has been enabled.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set LAPS: $($_.exception.message)" -sev Error + if ($PreviousSetting.localadminpassword.isEnabled) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'LAPS is already enabled.' -sev Info + } else { + try { + $previoussetting.localadminpassword.isEnabled = $true + $Newbody = ConvertTo-Json -Compress -InputObject $PreviousSetting + New-GraphPostRequest -tenantid $Tenant -Uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -Type PUT -Body $NewBody -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'LAPS has been enabled.' -sev Info + } catch { + $previoussetting.localadminpassword.isEnabled = $false + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set LAPS: $($_.exception.message)" -sev Error + } } } if ($Settings.alert) { - if ($PreviousSetting.localadminpassword.isEnabled -eq $true) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'LAPS is enabled.' -sev Info + if ($PreviousSetting.localadminpassword.isEnabled) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'LAPS is enabled.' -sev Info } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'LAPS is not enabled.' -sev Alert + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'LAPS is not enabled.' -sev Alert } } + if ($Settings.report) { Add-CIPPBPAField -FieldName 'laps' -FieldValue [bool]$PreviousSetting.localadminpassword.isEnabled -StoreAs bool -Tenant $tenant } From f393e4eecb74706d0ef82681db4eaf037a60f954 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 9 Feb 2024 00:29:59 +0100 Subject: [PATCH 023/243] Logging and bug fix --- ...rdPWdisplayAppInformationRequiredState.ps1 | 32 ++++++++++--------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 index 4bf9ebcd3426..78d183b10e27 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWdisplayAppInformationRequiredState.ps1 @@ -4,24 +4,26 @@ function Invoke-CIPPStandardPWdisplayAppInformationRequiredState { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator' -tenantid $Tenant + $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } If ($Settings.remediate) { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'MicrosoftAuthenticator' -Enabled $true - } - # This is ugly but done to avoid a second call to the Graph API - if ($Settings.alert -or $Settings.report) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator' -tenantid $Tenant - $State = if ($CurrentInfo.featureSettings.displayAppInformationRequiredState.state -eq 'enabled') { $true } else { $false } - - if ($Settings.alert) { - if ($State) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Passwordless with Information and Number Matching is enabled.' -sev Info - } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Passwordless with Information and Number Matching is not enabled.' -sev Alert - } + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Passwordless with Information and Number Matching is already enabled.' -sev Info + } else { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'MicrosoftAuthenticator' -Enabled $true } - if ($Settings.report) { - Add-CIPPBPAField -FieldName 'PWdisplayAppInformationRequiredState' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + } + + if ($Settings.alert) { + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Passwordless with Information and Number Matching is enabled.' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Passwordless with Information and Number Matching is not enabled.' -sev Alert } } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'PWdisplayAppInformationRequiredState' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + } } \ No newline at end of file From ee1bda04ff4402f6c17a5b3f3fb0c486e75fcd1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 9 Feb 2024 01:18:46 +0100 Subject: [PATCH 024/243] More logging changes and a few bug fixes --- ...voke-CIPPStandardDisableTenantCreation.ps1 | 30 +++++++---- .../Invoke-CIPPStandardEnableFIDO2.ps1 | 34 +++++++----- ...Invoke-CIPPStandardEnableHardwareOAuth.ps1 | 35 +++++++------ ...CIPPStandardPWcompanionAppAllowedState.ps1 | 52 +++++++++++-------- ...oke-CIPPStandardPasswordExpireDisabled.ps1 | 33 +++++++----- .../Standards/Invoke-CIPPStandardTAP.ps1 | 33 ++++++------ .../Invoke-CIPPStandardallowOAuthTokens.ps1 | 33 ++++++------ .../Invoke-CIPPStandardallowOTPTokens.ps1 | 29 ++++++----- 8 files changed, 158 insertions(+), 121 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1 index 55cde0260efc..d7a57014edcd 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableTenantCreation.ps1 @@ -4,25 +4,33 @@ function Invoke-CIPPStandardDisableTenantCreation { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -tenantid $Tenant + $State = $CurrentInfo.defaultUserRolePermissions.allowedToCreateTenants + If ($Settings.remediate) { - try { - $body = '{"defaultUserRolePermissions":{"allowedToCreateTenants":false}}' - (New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -Type patch -Body $body -ContentType 'application/json') - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standards API: Disabled users from creating tenants.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable users from creating tenants: $($_.exception.message)" -sev 'Error' + + if ($State) { + try { + $body = '{"defaultUserRolePermissions":{"allowedToCreateTenants":false}}' + New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled users from creating tenants.' -sev Info + $State = $false + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable users from creating tenants: $($_.exception.message)" -sev 'Error' + } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are already disabled from creating tenants.' -sev Info } } if ($Settings.alert) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -tenantid $Tenant - if ($CurrentInfo.defaultUserRolePermissions.allowedToCreateTenants -eq $false) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are not allowed to create tenants.' -sev Info - } else { + if ($State) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are allowed to create tenants.' -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are not allowed to create tenants.' -sev Info } } if ($Settings.report) { - Add-CIPPBPAField -FieldName 'DisableTenantCreation' -FieldValue [bool]$CurrentInfo.defaultUserRolePermissions.allowedToCreateTenants -StoreAs bool -Tenant $tenant + Add-CIPPBPAField -FieldName 'DisableTenantCreation' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 index ff80b7f264f8..8fb8ff1a0544 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableFIDO2.ps1 @@ -4,24 +4,30 @@ function Invoke-CIPPStandardEnableFIDO2 { Internal #> param($Tenant, $Settings) - + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/Fido2' -tenantid $Tenant + $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } + If ($Settings.remediate) { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'Fido2' -Enabled $true + + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'FIDO2 Support is already enabled.' -sev Info + } else { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'Fido2' -Enabled $true + } } - # This is ugly but done to avoid a second call to the Graph API - if ($Settings.alert -or $Settings.report) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/Fido2' -tenantid $Tenant - if ($Settings.alert) { - if ($CurrentInfo.state -eq 'enabled') { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'FIDO2 Support is enabled' -sev Info - } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'FIDO2 Support is not enabled' -sev Alert - } - } - if ($Settings.report) { - Add-CIPPBPAField -FieldName 'EnableFIDO2' -FieldValue [bool]$CurrentInfo.state -StoreAs bool -Tenant $tenant + if ($Settings.alert) { + + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'FIDO2 Support is enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'FIDO2 Support is not enabled' -sev Alert } } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'EnableFIDO2' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + } + } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 index 605a5188a47d..53dc0eef1798 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableHardwareOAuth.ps1 @@ -4,24 +4,29 @@ function Invoke-CIPPStandardEnableHardwareOAuth { Internal #> param($Tenant, $Settings) - + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/HardwareOath' -tenantid $Tenant + $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } + If ($Settings.remediate) { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'HardwareOath' -Enabled $true - } - # This is ugly but done to avoid a second call to the Graph API - if ($Settings.alert -or $Settings.report) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/HardwareOath' -tenantid $Tenant - - if ($Settings.alert) { - if ($CurrentInfo.state -eq 'enabled') { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'HardwareOAuth Support is enabled' -sev Info - } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'HardwareOAuth Support is not enabled' -sev Alert - } + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'HardwareOAuth Support is already enabled.' -sev Info + } else { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'HardwareOath' -Enabled $true } - if ($Settings.report) { - Add-CIPPBPAField -FieldName 'EnableHardwareOAuth' -FieldValue [bool]$CurrentInfo.state -StoreAs bool -Tenant $tenant + } + + if ($Settings.alert) { + + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'HardwareOAuth Support is enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'HardwareOAuth Support is not enabled' -sev Alert } } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'EnableHardwareOAuth' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + } } + diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 index 2cd6cb851ba7..ae8dad7d31ea 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPWcompanionAppAllowedState.ps1 @@ -5,42 +5,48 @@ function Invoke-CIPPStandardPWcompanionAppAllowedState { #> param($Tenant, $Settings) $authenticatorFeaturesState = (New-GraphGetRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator' -Type GET) + $authstate = if ($authenticatorFeaturesState.featureSettings.companionAppAllowedState.state -eq 'enabled') { $true } else { $false } + If ($Settings.remediate) { - $Setting = $Settings - try { - # Get current state of microsoftAuthenticator policy - # Remove number matching from featureSettings because this is now Microsoft enforced and shipping it returns an error - $authenticatorFeaturesState.featureSettings.PSObject.Properties.Remove('numberMatchingRequiredState') - # Define feature body - $featureBody = @{ - state = $Setting.state - includeTarget = [PSCustomObject]@{ - targetType = 'group' - id = 'all_users' - } - excludeTarget = [PSCustomObject]@{ - targetType = 'group' - id = '00000000-0000-0000-0000-000000000000' + + if ($authenticatorFeaturesState.featureSettings.companionAppAllowedState.state -eq $Settings.state) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "companionAppAllowedState is already set to the desired state of $($Settings.state)." -sev Info + } else { + try { + # Remove number matching from featureSettings because this is now Microsoft enforced and shipping it returns an error + $authenticatorFeaturesState.featureSettings.PSObject.Properties.Remove('numberMatchingRequiredState') + # Define feature body + $featureBody = @{ + state = $Settings.state + includeTarget = [PSCustomObject]@{ + targetType = 'group' + id = 'all_users' + } + excludeTarget = [PSCustomObject]@{ + targetType = 'group' + id = '00000000-0000-0000-0000-000000000000' + } } + $authenticatorFeaturesState.featureSettings.companionAppAllowedState = $featureBody + $body = ConvertTo-Json -Depth 3 -Compress -InputObject $authenticatorFeaturesState + (New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator' -Type patch -Body $body -ContentType 'application/json') + Write-LogMessage -API 'Standards' -tenant $tenant -message "Set companionAppAllowedState to $($Settings.state)." -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set companionAppAllowedState to $($Settings.state). Error: $($_.exception.message)" -sev Error } - $authenticatorFeaturesState.featureSettings.companionAppAllowedState = $featureBody - $body = $authenticatorFeaturesState | ConvertTo-Json -Depth 3 - (New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator' -Type patch -Body $body -ContentType 'application/json') - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Enabled companionAppAllowedState.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable companionAppAllowedState. Error: $($_.exception.message)" -sev Error } } + if ($Settings.alert) { - if ($authenticatorFeaturesState.featureSettings.companionAppAllowedState.state -eq 'enabled') { + if ($authstate) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'companionAppAllowedState is enabled.' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'companionAppAllowedState is not enabled.' -sev Alert } } + if ($Settings.report) { - if ($authenticatorFeaturesState.featureSettings.companionAppAllowedState.state -eq 'enabled') { $authstate = $true } else { $authstate = $false } Add-CIPPBPAField -FieldName 'companionAppAllowedState' -FieldValue [bool]$authstate -StoreAs bool -Tenant $tenant } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 index 3788a12d72b9..7d5bb92bfad5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 @@ -5,25 +5,34 @@ function Invoke-CIPPStandardPasswordExpireDisabled { #> param($Tenant, $Settings) $GraphRequest = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $Tenant + $DomainswithoutPassExpire = $GraphRequest | Where-Object -Property passwordValidityPeriodInDays -NE '2147483647' + If ($Settings.remediate) { - try { - $GraphRequest | Where-Object -Property passwordValidityPeriodInDays -NE '2147483647' | ForEach-Object { - New-GraphPostRequest -type Patch -tenantid $Tenant -uri "https://graph.microsoft.com/beta/domains/$($_.id)" -body '{"passwordValidityPeriodInDays": 2147483647 }' + + if ($DomainswithoutPassExpire) { + $DomainswithoutPassExpire | ForEach-Object { + try { + New-GraphPostRequest -type Patch -tenantid $Tenant -uri "https://graph.microsoft.com/beta/domains/$($_.id)" -body '{"passwordValidityPeriodInDays": 2147483647 }' + Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled Password Expiration for $($_.name)." -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Password Expiration for $($_.name). Error: $($_.exception.message)" -sev Error + } } - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Password Expiration' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Password Expiration. Error: $($_.exception.message)" -sev Error + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Password Expiration is already disabled for all $($GraphRequest.Count) domains." -sev Info } + } - if ($Settings.alert) { - $GraphRequest | Where-Object -Property passwordValidityPeriodInDays -NE '2147483647' | ForEach-Object { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Password Expiration is not disabled for $($_.name)" -sev Alert + if ($Settings.alert) { + if ($DomainswithoutPassExpire) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Password Expiration is not disabled for the following $($DomainswithoutPassExpire.Count) domains: $($DomainswithoutPassExpire -join ', ')" -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Password Expiration is disabled for all $($GraphRequest.Count) domains." -sev Info } } + if ($Settings.report) { - $DomainswithoutPassExpire = $GraphRequest | Where-Object -Property passwordValidityPeriodInDays -NE '2147483647' Add-CIPPBPAField -FieldName 'PasswordExpireDisabled' -FieldValue $DomainswithoutPassExpire -StoreAs json -Tenant $tenant - } -} +} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 index e98e7faddd01..178274286074 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardTAP.ps1 @@ -4,25 +4,26 @@ function Invoke-CIPPStandardTAP { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/TemporaryAccessPass' -tenantid $Tenant + $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } If ($Settings.remediate) { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'TemporaryAccessPass' -Enabled $true -TAPisUsableOnce $Settings.config + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Temporary Access Passwords is already enabled.' -sev Info + } else { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'TemporaryAccessPass' -Enabled $true -TAPisUsableOnce $Settings.config + } } - # This is ugly but done to avoid a second call to the Graph API - if ($Settings.alert -or $Settings.report) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/TemporaryAccessPass' -tenantid $Tenant - $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } - - if ($Settings.alert) { - if ($State) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Temporary Access Passwords is enabled.' -sev Info - } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Temporary Access Passwords is not enabled.' -sev Alert - } - } - if ($Settings.report) { - Add-CIPPBPAField -FieldName 'TemporaryAccessPass' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + if ($Settings.alert) { + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Temporary Access Passwords is enabled.' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Temporary Access Passwords is not enabled.' -sev Alert } } -} \ No newline at end of file + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'TemporaryAccessPass' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + } +} diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 index 8455c93208f5..883c23c3ca5a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOAuthTokens.ps1 @@ -4,26 +4,27 @@ function Invoke-CIPPStandardallowOAuthTokens { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath' -tenantid $Tenant + $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } If ($Settings.remediate) { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'softwareOath' -Enabled $true + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Software OTP/oAuth tokens is already enabled.' -sev Info + } else { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'softwareOath' -Enabled $true + } } + + if ($Settings.alert) { - # This is ugly but done to avoid a second call to the Graph API - if ($Settings.alert -or $Settings.report) { - $CurrentInfo = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/softwareOath' -tenantid $Tenant - $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } - - if ($Settings.alert) { - if ($State) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Software OTP/oAuth tokens is enabled' -sev Info - } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Software OTP/oAuth tokens is not enabled' -sev Alert - } + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Software OTP/oAuth tokens is enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Software OTP/oAuth tokens is not enabled' -sev Alert } + } - if ($Settings.report) { - Add-CIPPBPAField -FieldName 'softwareOath' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant - } + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'softwareOath' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant } -} \ No newline at end of file +} diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 index cca5dc8ae8e2..8f3f6b456010 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardallowOTPTokens.ps1 @@ -4,25 +4,26 @@ function Invoke-CIPPStandardallowOTPTokens { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator' -tenantid $Tenant If ($Settings.remediate) { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'MicrosoftAuthenticator' -Enabled $true -MicrosoftAuthenticatorSoftwareOathEnabled $true + if ($CurrentInfo.isSoftwareOathEnabled) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'MS authenticator OTP/oAuth tokens is already enabled.' -sev Info + } else { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'MicrosoftAuthenticator' -Enabled $true -MicrosoftAuthenticatorSoftwareOathEnabled $true + } } - # This is ugly but done to avoid a second call to the Graph API - if ($Settings.alert -or $Settings.report) { - $CurrentInfo = new-graphgetRequest -uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/microsoftAuthenticator' -tenantid $Tenant - if ($Settings.alert) { - - if ($CurrentInfo.isSoftwareOathEnabled) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'MS authenticator OTP/oAuth tokens is enabled' -sev Info - } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'MS authenticator OTP/oAuth tokens is not enabled' -sev Alert - } + if ($Settings.alert) { + if ($CurrentInfo.isSoftwareOathEnabled) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'MS authenticator OTP/oAuth tokens is enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'MS authenticator OTP/oAuth tokens is not enabled' -sev Alert } + } - if ($Settings.report) { - Add-CIPPBPAField -FieldName 'MSAuthenticator' -FieldValue [bool]$CurrentInfo.isSoftwareOathEnabled -StoreAs bool -Tenant $tenant - } + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'MSAuthenticator' -FieldValue [bool]$CurrentInfo.isSoftwareOathEnabled -StoreAs bool -Tenant $tenant } + } \ No newline at end of file From 0a86c63065c66796141ece3d3a8df266709e7ac7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 9 Feb 2024 12:36:59 +0100 Subject: [PATCH 025/243] Rewrite, logging and bugfixing --- .../Standards/Invoke-CIPPStandardNudgeMFA.ps1 | 42 +++++++++++-------- 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 index f9a6a0710d44..a022bea6f0f6 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 @@ -5,33 +5,39 @@ function Invoke-CIPPStandardNudgeMFA { #> param($Tenant, $Settings) $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy' -tenantid $Tenant + $State = if ($CurrentInfo.registrationEnforcement.authenticationMethodsRegistrationCampaign.state -eq 'enabled') { $true } else { $false } If ($Settings.remediate) { - $status = if ($Settings.enable -and $Settings.disable) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'You cannot both enable and disable the Nudge MFA setting' -sev Error - Exit - } elseif ($Settings.enable) { 'enabled' } else { 'disabled' } - Write-Output $status - try { - $Body = $CurrentInfo - $body.registrationEnforcement.authenticationMethodsRegistrationCampaign.state = $status - $body = ConvertTo-Json -Depth 10 -InputObject ($body | Select-Object registrationEnforcement) - New-GraphPostRequest -tenantid $tenant -Uri "https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy" -Type patch -Body $body -ContentType "application/json" - Write-LogMessage -API "Standards" -tenant $tenant -message "$status Authenticator App Nudge" -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to $status Authenticator App Nudge: $($_.exception.message)" -sev Error + + if ($Settings.state -ne $CurrentInfo.registrationEnforcement.authenticationMethodsRegistrationCampaign.state -or $Settings.snoozeDurationInDays -ne $CurrentInfo.registrationEnforcement.authenticationMethodsRegistrationCampaign.snoozeDurationInDays) { + try { + $Body = $CurrentInfo + $body.registrationEnforcement.authenticationMethodsRegistrationCampaign.state = $Settings.state + $body.registrationEnforcement.authenticationMethodsRegistrationCampaign.snoozeDurationInDays = $Settings.snoozeDurationInDays + + $body = ConvertTo-Json -Depth 10 -InputObject ($body | Select-Object registrationEnforcement) + New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy' -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message "$($Settings.state) Authenticator App Nudge with a snooze duration of $($Settings.snoozeDurationInDays)" -sev Info + $CurrentInfo.registrationEnforcement.authenticationMethodsRegistrationCampaign.state = $Settings.state + $CurrentInfo.registrationEnforcement.authenticationMethodsRegistrationCampaign.snoozeDurationInDays = $Settings.snoozeDurationInDays + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to $($Settings.state) Authenticator App Nudge: $($_.exception.message)" -sev Error + } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Authenticator App Nudge is already set to $($Settings.state) with a snooze duration of $($Settings.snoozeDurationInDays)" -sev Info } } + if ($Settings.alert) { - if ($CurrentInfo.registrationEnforcement.authenticationMethodsRegistrationCampaign.state -eq 'enabled') { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Authenticator App Nudge is enabled' -sev Info + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Authenticator App Nudge is enabled with a snooze duration of $($CurrentInfo.registrationEnforcement.authenticationMethodsRegistrationCampaign.snoozeDurationInDays)" -sev Info } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Authenticator App Nudge is not enabled' -sev Alert + Write-LogMessage -API 'Standards' -tenant $tenant -message "Authenticator App Nudge is not enabled with a snooze duration of $($CurrentInfo.registrationEnforcement.authenticationMethodsRegistrationCampaign.snoozeDurationInDays)" -sev Alert } } + if ($Settings.report) { - if ($CurrentInfo.registrationEnforcement.authenticationMethodsRegistrationCampaign.state -eq 'enabled') { $actualstate = $true } else { $actualstate = $false } - Add-CIPPBPAField -FieldName 'NudgeMFA' -FieldValue [bool]$actualstate -StoreAs bool -Tenant $tenant + Add-CIPPBPAField -FieldName 'NudgeMFA' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant } } From 16f8275859e46df11cdf5359a81f59e86721d7c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 9 Feb 2024 14:33:53 +0100 Subject: [PATCH 026/243] Logging changes for rest of the standards except for the enable oauth --- .../Invoke-CIPPStandardDisableEmail.ps1 | 31 ++++++++--------- .../Invoke-CIPPStandardDisableGuests.ps1 | 21 +++++++----- ...voke-CIPPStandardDisableM365GroupUsers.ps1 | 28 +++++++++------- .../Invoke-CIPPStandardDisableSMS.ps1 | 33 ++++++++++--------- ...-CIPPStandardDisableSecurityGroupUsers.ps1 | 24 ++++++++------ .../Invoke-CIPPStandardDisableVoice.ps1 | 31 ++++++++--------- ...oke-CIPPStandardDisablex509Certificate.ps1 | 32 +++++++++--------- .../Invoke-CIPPStandardSecurityDefaults.ps1 | 19 +++++++---- .../Invoke-CIPPStandardUndoOauth.ps1 | 31 ++++++++++++++--- 9 files changed, 147 insertions(+), 103 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 index dcd995600259..1bc4d0161cb0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableEmail.ps1 @@ -4,25 +4,26 @@ function Invoke-CIPPStandardDisableEmail { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/Email' -tenantid $Tenant + $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } If ($Settings.remediate) { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'Email' -Enabled $false + if ($State) { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'Email' -Enabled $false + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Email authentication method is already disabled.' -sev Info + } } - # This is ugly but done to avoid a second call to the Graph API - if ($Settings.alert -or $Settings.report) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/Email' -tenantid $Tenant - $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } - - if ($Settings.alert) { - if ($State) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Email Support is enabled' -sev Alert - } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Email Support is not enabled' -sev Info - } - } - if ($Settings.report) { - Add-CIPPBPAField -FieldName 'DisableEmail' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + if ($Settings.alert) { + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Email authentication method is enabled' -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Email authentication method is not enabled' -sev Info } } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'DisableEmail' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 index e328f3d99afc..6ccac9c5f3c8 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableGuests.ps1 @@ -4,19 +4,24 @@ function Invoke-CIPPStandardDisableGuests { Internal #> param($Tenant, $Settings) - $lookup = (Get-Date).AddDays(-90).ToUniversalTime().ToString('o') - $GraphRequest = New-GraphgetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastSignInDateTime le $lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled" -scope 'https://graph.microsoft.com/.default' -tenantid $Tenant | Where-Object { $_.userType -EQ 'Guest' -and $_.AccountEnabled -EQ $true } + $Lookup = (Get-Date).AddDays(-90).ToUniversalTime().ToString('o') + $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users?`$filter=(signInActivity/lastSignInDateTime le $Lookup)&`$select=id,UserPrincipalName,signInActivity,mail,userType,accountEnabled" -scope 'https://graph.microsoft.com/.default' -tenantid $Tenant | Where-Object { $_.userType -EQ 'Guest' -and $_.AccountEnabled -EQ $true } If ($Settings.remediate) { - try { + + if ($GraphRequest) { foreach ($guest in $GraphRequest) { - New-GraphPostRequest -type Patch -tenantid $tenant -uri "https://graph.microsoft.com/beta/users/$($guest.id)" -body '{"accountEnabled":"false"}' - Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabling guest $($guest.UserPrincipalName) ($($guest.id))" -sev Info + try { + New-GraphPostRequest -type Patch -tenantid $tenant -uri "https://graph.microsoft.com/beta/users/$($guest.id)" -body '{"accountEnabled":"false"}' + Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabling guest $($guest.UserPrincipalName) ($($guest.id))" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable guest $($guest.UserPrincipalName) ($($guest.id)): $($_.exception.message)" -sev Error + } } - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled guests accounts with a login longer than 90 days ago.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable guests older than 90 days: $($_.exception.message)" -sev Error + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'No guests accounts with a login longer than 90 days ago.' -sev Info } + } if ($Settings.alert) { diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableM365GroupUsers.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableM365GroupUsers.ps1 index bbb62f9b0b92..de0c916d64b7 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableM365GroupUsers.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableM365GroupUsers.ps1 @@ -7,19 +7,23 @@ function Invoke-CIPPStandardDisableM365GroupUsers { $CurrentState = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/settings' -tenantid $tenant) | Where-Object -Property displayname -EQ 'Group.unified' If ($Settings.remediate) { - try { - if (!$CurrentState) { - #if no current configuration is found, we set it to the default template supplied by MS. - $CurrentState = '{"id":"","displayName":"Group.Unified","templateId":"62375ab9-6b52-47ed-826b-58e47e0e304b","values":[{"name":"NewUnifiedGroupWritebackDefault","value":"true"},{"name":"EnableMIPLabels","value":"false"},{"name":"CustomBlockedWordsList","value":""},{"name":"EnableMSStandardBlockedWords","value":"false"},{"name":"ClassificationDescriptions","value":""},{"name":"DefaultClassification","value":""},{"name":"PrefixSuffixNamingRequirement","value":""},{"name":"AllowGuestsToBeGroupOwner","value":"false"},{"name":"AllowGuestsToAccessGroups","value":"true"},{"name":"GuestUsageGuidelinesUrl","value":""},{"name":"GroupCreationAllowedGroupId","value":""},{"name":"AllowToAddGuests","value":"true"},{"name":"UsageGuidelinesUrl","value":""},{"name":"ClassificationList","value":""},{"name":"EnableGroupCreation","value":"true"}]}' - New-GraphPostRequest -tenantid $tenant -Uri "https://graph.microsoft.com/beta/settings/$($CurrentState.id)" -AsApp $true -Type POST -Body $CurrentState -ContentType 'application/json' - $CurrentState = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/settings' -tenantid $tenant) | Where-Object -Property displayname -EQ 'Group.unified' + if (($CurrentState.values | Where-Object { $_.name -eq 'EnableGroupCreation' }).value -eq 'false') { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are already disabled from creating M365 Groups.' -sev Info + } else { + try { + if (!$CurrentState) { + # If no current configuration is found, we set it to the default template supplied by MS. + $CurrentState = '{"id":"","displayName":"Group.Unified","templateId":"62375ab9-6b52-47ed-826b-58e47e0e304b","values":[{"name":"NewUnifiedGroupWritebackDefault","value":"true"},{"name":"EnableMIPLabels","value":"false"},{"name":"CustomBlockedWordsList","value":""},{"name":"EnableMSStandardBlockedWords","value":"false"},{"name":"ClassificationDescriptions","value":""},{"name":"DefaultClassification","value":""},{"name":"PrefixSuffixNamingRequirement","value":""},{"name":"AllowGuestsToBeGroupOwner","value":"false"},{"name":"AllowGuestsToAccessGroups","value":"true"},{"name":"GuestUsageGuidelinesUrl","value":""},{"name":"GroupCreationAllowedGroupId","value":""},{"name":"AllowToAddGuests","value":"true"},{"name":"UsageGuidelinesUrl","value":""},{"name":"ClassificationList","value":""},{"name":"EnableGroupCreation","value":"true"}]}' + New-GraphPostRequest -tenantid $tenant -Uri "https://graph.microsoft.com/beta/settings/$($CurrentState.id)" -AsApp $true -Type POST -Body $CurrentState -ContentType 'application/json' + $CurrentState = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/settings' -tenantid $tenant) | Where-Object -Property displayname -EQ 'Group.unified' + } + ($CurrentState.values | Where-Object { $_.name -eq 'EnableGroupCreation' }).value = 'false' + $body = "{values : $($CurrentState.values | ConvertTo-Json -Compress)}" + $null = New-GraphPostRequest -tenantid $tenant -asApp $true -Uri "https://graph.microsoft.com/beta/settings/$($CurrentState.id)" -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled users from creating M365 Groups.' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable users from creating M365 Groups: $($_.exception.message)" -sev 'Error' } - ($CurrentState.values | Where-Object { $_.name -eq 'EnableGroupCreation' }).value = 'false' - $body = "{values : $($CurrentState.values | ConvertTo-Json -Compress)}" - New-GraphPostRequest -tenantid $tenant -asApp $true -Uri "https://graph.microsoft.com/beta/settings/$($CurrentState.id)" -Type patch -Body $body -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standards API: Disabled users from creating M365 Groups.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable users from creating M365 Groups: $($_.exception.message)" -sev 'Error' } } if ($Settings.alert) { diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 index d133c34deef5..337dffde4b20 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSMS.ps1 @@ -4,25 +4,26 @@ function Invoke-CIPPStandardDisableSMS { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/SMS' -tenantid $Tenant + $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } If ($Settings.remediate) { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'SMS' -Enabled $false - } - - # This is ugly but done to avoid a second call to the Graph API - if ($Settings.alert -or $Settings.report) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/SMS' -tenantid $Tenant - $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } - - if ($Settings.alert) { - if ($State) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMS Support is enabled' -sev Alert - } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMS Support is not enabled' -sev Info - } + if ($State) { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'SMS' -Enabled $false + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMS authentication method is already disabled.' -sev Info } - if ($Settings.report) { - Add-CIPPBPAField -FieldName 'DisableSMS' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + } + + if ($Settings.alert) { + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMS authentication method is enabled' -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'SMS authentication method is not enabled' -sev Info } } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'DisableSMS' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSecurityGroupUsers.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSecurityGroupUsers.ps1 index 75facbab7757..56510a1eb758 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSecurityGroupUsers.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSecurityGroupUsers.ps1 @@ -4,28 +4,32 @@ function Invoke-CIPPStandardDisableSecurityGroupUsers { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -tenantid $Tenant + If ($Settings.remediate) { - - - try { - $body = '{"defaultUserRolePermissions":{"allowedToCreateSecurityGroups":false}}' - (New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -Type patch -Body $body -ContentType 'application/json') - - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standards API: Disabled users from creating Security Groups.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable users from creating Security Groups: $($_.exception.message)" -sev 'Error' + if ($CurrentInfo.defaultUserRolePermissions.allowedToCreateSecurityGroups -eq $false) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are already not allowed to create Security Groups.' -sev Info + } else { + try { + $body = '{"defaultUserRolePermissions":{"allowedToCreateSecurityGroups":false}}' + $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled users from creating Security Groups.' -sev Info + $CurrentInfo.defaultUserRolePermissions.allowedToCreateSecurityGroups = $false + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable users from creating Security Groups: $($_.exception.message)" -sev 'Error' + } } } if ($Settings.alert) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -tenantid $Tenant if ($CurrentInfo.defaultUserRolePermissions.allowedToCreateSecurityGroups -eq $false) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are not allowed to create Security Groups.' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are allowed to create Security Groups.' -sev Alert } } + if ($Settings.report) { Add-CIPPBPAField -FieldName 'DisableSecurityGroupUsers' -FieldValue [bool]$CurrentInfo.defaultUserRolePermissions.allowedToCreateSecurityGroups -StoreAs bool -Tenant $tenant } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 index 50d18e51c43f..96c52b33e37c 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableVoice.ps1 @@ -4,25 +4,26 @@ function Invoke-CIPPStandardDisableVoice { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/Voice' -tenantid $Tenant + $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } If ($Settings.remediate) { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'Voice' -Enabled $false + if ($State) { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'Voice' -Enabled $false + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Voice authentication method is already disabled.' -sev Info + } } - # This is ugly but done to avoid a second call to the Graph API - if ($Settings.alert -or $Settings.report) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/Voice' -tenantid $Tenant - $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } - - if ($Settings.alert) { - if ($State) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Voice Support is enabled' -sev Alert - } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Voice Support is not enabled' -sev Info - } - } - if ($Settings.report) { - Add-CIPPBPAField -FieldName 'DisableVoice' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + if ($Settings.alert) { + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Voice authentication method is enabled' -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Voice authentication method is not enabled' -sev Info } } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'DisableVoice' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 index 94a36d9b9125..c2da2547c1a5 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisablex509Certificate.ps1 @@ -4,25 +4,27 @@ function Invoke-CIPPStandardDisablex509Certificate { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/x509Certificate' -tenantid $Tenant + $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } If ($Settings.remediate) { - Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'x509Certificate' -Enabled $false + if ($State) { + Set-CIPPAuthenticationPolicy -Tenant $tenant -APIName 'Standards' -AuthenticationMethodId 'x509Certificate' -Enabled $false + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'x509Certificate authentication method is already disabled.' -sev Info + } } - # This is ugly but done to avoid a second call to the Graph API - if ($Settings.alert -or $Settings.report) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/x509Certificate' -tenantid $Tenant - $State = if ($CurrentInfo.state -eq 'enabled') { $true } else { $false } - - if ($Settings.alert) { - if ($State) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'x509Certificate Support is enabled' -sev Alert - } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'x509Certificate Support is not enabled' -sev Info - } - } - if ($Settings.report) { - Add-CIPPBPAField -FieldName 'Disablex509Certificate' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + if ($Settings.alert) { + if ($State) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'x509Certificate authentication method is enabled' -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'x509Certificate authentication method is not enabled' -sev Info } } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'Disablex509Certificate' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + } + } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 index 5d2c0c9c26f7..0c92a0829b60 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSecurityDefaults.ps1 @@ -5,26 +5,31 @@ function Invoke-CIPPStandardSecurityDefaults { #> param($Tenant, $Settings) $SecureDefaultsState = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy' -tenantid $tenant) + If ($Settings.remediate) { - try { - if ($SecureDefaultsState.IsEnabled -ne $true) { + if ($SecureDefaultsState.IsEnabled -ne $true) { + try { Write-Host "Secure Defaults is disabled. Enabling for $tenant" -ForegroundColor Yellow $body = '{ "isEnabled": true }' - (New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy' -Type patch -Body $body -ContentType 'application/json') + $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy' -Type patch -Body $body -ContentType 'application/json' + + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Enabled Security Defaults.' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Security Defaults. Error: $($_.exception.message)" -sev Error } - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standards API: Security Defaults Enabled.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable Security Defaults Error: $($_.exception.message)" -sev 'Error' + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Security Defaults is already enabled.' -sev Info } } - if ($Settings.alert) { + if ($Settings.alert) { if ($SecureDefaultsState.IsEnabled -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Security Defaults is enabled.' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Security Defaults is not enabled.' -sev Alert } } + if ($Settings.report) { Add-CIPPBPAField -FieldName 'SecurityDefaults' -FieldValue [bool]$SecureDefaultsState.IsEnabled -StoreAs bool -Tenant $tenant } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 index 1098903a7c74..5eae5226cd93 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUndoOauth.ps1 @@ -4,14 +4,35 @@ function Invoke-CIPPStandardUndoOauth { Internal #> param($Tenant, $Settings) + $CurrentState = New-GraphGetRequest -tenantid $Tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy?$select=permissionGrantPolicyIdsAssignedToDefaultUserRole' + $State = if ($CurrentState.permissionGrantPolicyIdsAssignedToDefaultUserRole -eq 'ManagePermissionGrantsForSelf.microsoft-user-default-legacy') { $true } else { $false } + $State + If ($Settings.remediate) { - try { - New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -Type PATCH -Body '{"permissionGrantPolicyIdsAssignedToDefaultUserRole":["ManagePermissionGrantsForSelf.microsoft-user-default-legacy"]}' -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Application Consent Mode has been disabled.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set Application Consent Mode to disabled Error: $($_.exception.message)" -sev Error + if ($State) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Application Consent Mode is already disabled.' -sev Info + } else { + try { + New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -Type PATCH -Body '{"permissionGrantPolicyIdsAssignedToDefaultUserRole":["ManagePermissionGrantsForSelf.microsoft-user-default-legacy"]}' -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Application Consent Mode has been disabled.' -sev Info + $CurrentState.permissionGrantPolicyIdsAssignedToDefaultUserRole = 'ManagePermissionGrantsForSelf.microsoft-user-default-legacy' + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set Application Consent Mode to disabled. Error: $($_.exception.message)" -sev Error + } + } + + } + + if ($Settings.alert) { + if ($State) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Application Consent Mode is disabled.' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Application Consent Mode is not disabled.' -sev Alert } } + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'UndoOauth' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + } } From 155711c5051949c7f156a9ea059e9e18641e7997 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Fri, 9 Feb 2024 14:53:45 +0100 Subject: [PATCH 027/243] Add logic to check current outbound spam filter settings and update if necessary --- .../Invoke-CIPPStandardOutBoundSpamAlert.ps1 | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 index 1816a15ca998..9758a8c40b76 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardOutBoundSpamAlert.ps1 @@ -4,24 +4,32 @@ function Invoke-CIPPStandardOutBoundSpamAlert { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-HostedOutboundSpamFilterPolicy' -useSystemMailbox $true + If ($Settings.remediate) { - $Contacts = $settings.OutboundSpamContact - try { - New-ExoRequest -tenantid $tenant -cmdlet 'Set-HostedOutboundSpamFilterPolicy' -cmdparams @{ Identity = 'Default'; NotifyOutboundSpam = $true; NotifyOutboundSpamRecipients = $Contacts } -useSystemMailbox $true - Write-LogMessage -API 'Standards' -tenant $tenant -message "Set outbound spam filter alert to $($Contacts)" -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set outbound spam contact to $($Contacts). $($_.exception.message)" -sev Error + + if ($CurrentInfo.NotifyOutboundSpam -ne $true -or $CurrentInfo.NotifyOutboundSpamRecipients -ne $settings.OutboundSpamContact) { + $Contacts = $settings.OutboundSpamContact + try { + New-ExoRequest -tenantid $tenant -cmdlet 'Set-HostedOutboundSpamFilterPolicy' -cmdparams @{ Identity = 'Default'; NotifyOutboundSpam = $true; NotifyOutboundSpamRecipients = $Contacts } -useSystemMailbox $true + Write-LogMessage -API 'Standards' -tenant $tenant -message "Set outbound spam filter alert to $($Contacts)" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set outbound spam contact to $($Contacts). $($_.exception.message)" -sev Error + } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Outbound spam filter alert is already set to $($CurrentInfo.NotifyOutboundSpamRecipients)" -sev Info } } + if ($Settings.alert) { - $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-HostedOutboundSpamFilterPolicy' -useSystemMailbox $true if ($CurrentInfo.NotifyOutboundSpam -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message "Outbound spam filter alert is set to $($CurrentInfo.NotifyOutboundSpamRecipients)" -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Outbound spam filter alert is not set' -sev Alert } } + if ($Settings.report) { Add-CIPPBPAField -FieldName 'OutboundSpamAlert' -FieldValue [bool]$CurrentInfo.NotifyOutboundSpam -StoreAs bool -Tenant $tenant } From fc575ae1839e014851f91e5dc0f1b10e8006b697 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sat, 10 Feb 2024 12:04:09 +0100 Subject: [PATCH 028/243] fix reporting and alert bug --- .../Invoke-CIPPStandardDisableViva.ps1 | 26 ++++++++++++------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 index 3c7332d68d7c..462c49f3cb24 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 @@ -4,26 +4,34 @@ function Invoke-CIPPStandardDisableViva { Internal #> param($Tenant, $Settings) - $currentsetting = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/organization/$tenant/settings/peopleInsights" -tenantid $Tenant -AsApp $true + $CurrentSetting = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/organization/$tenant/settings/peopleInsights" -tenantid $Tenant -AsApp $true + If ($Settings.remediate) { - try { - New-GraphPOSTRequest -Uri "https://graph.microsoft.com/beta/organization/$tenant/settings/peopleInsights" -tenantid $Tenant -AsApp $true -Type PATCH -Body '{"isEnabledInOrganization": false}' -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Viva insights' -sev Info - - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Viva for all users Error: $($_.exception.message)" -sev Error + + if ($CurrentSetting.isEnabledInOrganization -eq $false) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Viva is already disabled.' -sev Info + } else { + try { + New-GraphPOSTRequest -Uri "https://graph.microsoft.com/beta/organization/$tenant/settings/peopleInsights" -tenantid $Tenant -AsApp $true -Type PATCH -Body '{"isEnabledInOrganization": false}' -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Viva insights' -sev Info + + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Viva for all users. Error: $($_.exception.message)" -sev Error + } } } + if ($Settings.alert) { - if ($currentsetting.isEnabled -eq $false) { + if ($CurrentSetting.isEnabledInOrganization -eq $false) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Viva is disabled' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Viva is not disabled' -sev Alert } } + if ($Settings.report) { - Add-CIPPBPAField -FieldName 'DisableViva' -FieldValue [bool]$currentsetting.isEnabled -StoreAs bool -Tenant $tenant + Add-CIPPBPAField -FieldName 'DisableViva' -FieldValue [bool]$CurrentSetting.isEnabledInOrganization -StoreAs bool -Tenant $tenant } } From 3dbac5e3a69ceba0942491391c47e404ebf31f45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sat, 10 Feb 2024 12:28:01 +0100 Subject: [PATCH 029/243] More logging changes to standards --- .../Standards/Invoke-CIPPStandardAddDKIM.ps1 | 54 ++++++++++--------- .../Invoke-CIPPStandardAutoExpandArchive.ps1 | 17 +++--- .../Invoke-CIPPStandardDisableViva.ps1 | 2 +- .../Invoke-CIPPStandardEnableMailTips.ps1 | 43 +++++++-------- ...voke-CIPPStandardEnableMailboxAuditing.ps1 | 6 ++- ...oke-CIPPStandardSendReceiveLimitTenant.ps1 | 1 + .../Invoke-CIPPStandardSpoofWarn.ps1 | 26 +++++---- 7 files changed, 83 insertions(+), 66 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 index 9b6eb9012710..4a980913b0f6 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDKIM.ps1 @@ -13,32 +13,37 @@ function Invoke-CIPPStandardAddDKIM { $SetDomains = $DKIM | Where-Object { $AllDomains -contains $_.Domain -and $_.Enabled -eq $false } If ($Settings.remediate) { - $ErrorCounter = 0 - # New-domains - foreach ($Domain in $NewDomains) { - try { - (New-ExoRequest -tenantid $tenant -cmdlet 'New-DkimSigningConfig' -cmdparams @{ KeySize = 2048; DomainName = $Domain; Enabled = $true } -useSystemMailbox $true) - Write-LogMessage -API 'Standards' -tenant $tenant -message "Enabled DKIM for $Domain" -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable DKIM. Error: $($_.Exception.Message)" -sev Error - $ErrorCounter++ + + if ($null -eq $NewDomains -and $null -eq $SetDomains) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'DKIM is already enabled for all available domains.' -sev Info + } else { + $ErrorCounter = 0 + # New-domains + foreach ($Domain in $NewDomains) { + try { + (New-ExoRequest -tenantid $tenant -cmdlet 'New-DkimSigningConfig' -cmdparams @{ KeySize = 2048; DomainName = $Domain; Enabled = $true } -useSystemMailbox $true) + Write-LogMessage -API 'Standards' -tenant $tenant -message "Enabled DKIM for $Domain" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable DKIM. Error: $($_.Exception.Message)" -sev Error + $ErrorCounter++ + } } - } - - # Set-domains - foreach ($Domain in $SetDomains) { - try { - (New-ExoRequest -tenantid $tenant -cmdlet 'Set-DkimSigningConfig' -cmdparams @{ Identity = $Domain.Domain; Enabled = $true } -useSystemMailbox $true) - Write-LogMessage -API 'Standards' -tenant $tenant -message "Enabled DKIM for $($Domain.Domain)" -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable DKIM. Error: $($_.Exception.Message)" -sev Error - $ErrorCounter++ + + # Set-domains + foreach ($Domain in $SetDomains) { + try { + (New-ExoRequest -tenantid $tenant -cmdlet 'Set-DkimSigningConfig' -cmdparams @{ Identity = $Domain.Domain; Enabled = $true } -useSystemMailbox $true) + Write-LogMessage -API 'Standards' -tenant $tenant -message "Enabled DKIM for $($Domain.Domain)" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable DKIM. Error: $($_.Exception.Message)" -sev Error + $ErrorCounter++ + } + } + if ($ErrorCounter -eq 0) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Enabled DKIM for all domains in tenant' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Failed to enable DKIM for all domains in tenant' -sev Error } - } - if ($ErrorCounter -eq 0) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Enabled DKIM for all domains in tenant' -sev Info - } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Failed to enable DKIM for all domains in tenant' -sev Error } } @@ -51,6 +56,7 @@ function Invoke-CIPPStandardAddDKIM { Write-LogMessage -API 'Standards' -tenant $tenant -message "DKIM is not enabled for: $NoDKIM" -sev Alert } } + if ($Settings.report) { if ($null -eq $NewDomains -and $null -eq $SetDomains) { $DKIMState = $true } else { $DKIMState = $false } Add-CIPPBPAField -FieldName 'DKIM' -FieldValue [bool]$DKIMState -StoreAs bool -Tenant $tenant diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 index 429466241b5c..0a12b3e92524 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAutoExpandArchive.ps1 @@ -5,25 +5,30 @@ function Invoke-CIPPStandardAutoExpandArchive { #> param($Tenant, $Settings) $CurrentState = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').AutoExpandingArchiveEnabled + If ($Settings.remediate) { - try { - if (!$currentstate) { + if ($CurrentState) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Auto Expanding Archive is already enabled.' -sev Info + } else { + try { New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{AutoExpandingArchive = $true } Write-LogMessage -API 'Standards' -tenant $tenant -message 'Added Auto Expanding Archive.' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Auto Expanding Archives. Error: $($_.exception.message)" -sev Error } - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Auto Expanding Archives Error: $($_.exception.message)" -sev Error } } + if ($Settings.alert) { - if ($AuditLogEnabled) { + if ($CurrentState) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Auto Expanding Archives is enabled' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Auto Expanding Archives is not enabled' -sev Alert } } + if ($Settings.report) { - Add-CIPPBPAField -FieldName 'AutoExpandingArchive' -FieldValue [bool]$CurrentState.AutoExpandingArchiveEnabled -StoreAs bool -Tenant $tenant + Add-CIPPBPAField -FieldName 'AutoExpandingArchive' -FieldValue [bool]$CurrentState -StoreAs bool -Tenant $tenant } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 index 462c49f3cb24..788e9204328f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableViva.ps1 @@ -12,9 +12,9 @@ function Invoke-CIPPStandardDisableViva { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Viva is already disabled.' -sev Info } else { try { + # TODO This does not work. Throws an "EXCEPTION: Tenant admin role is required" error. Cant figure out how to fix -Bobby New-GraphPOSTRequest -Uri "https://graph.microsoft.com/beta/organization/$tenant/settings/peopleInsights" -tenantid $Tenant -AsApp $true -Type PATCH -Body '{"isEnabledInOrganization": false}' -ContentType 'application/json' Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Viva insights' -sev Info - } catch { Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Viva for all users. Error: $($_.exception.message)" -sev Error } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 index 51991bf57f9e..47eb5a54118f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailTips.ps1 @@ -5,38 +5,35 @@ function Invoke-CIPPStandardEnableMailTips { #> param($Tenant, $Settings) + $MailTipsState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig' | Select-Object MailTipsAllTipsEnabled, MailTipsExternalRecipientsTipsEnabled, MailTipsGroupMetricsEnabled, MailTipsLargeAudienceThreshold + $StateIsCorrect = if ($MailTipsState.MailTipsAllTipsEnabled -and $MailTipsState.MailTipsExternalRecipientsTipsEnabled -and $MailTipsState.MailTipsGroupMetricsEnabled -and $MailTipsState.MailTipsLargeAudienceThreshold -eq $Settings.MailTipsLargeAudienceThreshold) { $true } else { $false } if ($Settings.remediate) { - - try { - New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdparams @{ MailTipsAllTipsEnabled = $true; MailTipsExternalRecipientsTipsEnabled = $true; MailTipsGroupMetricsEnabled = $true; MailTipsLargeAudienceThreshold = $Settings.MailTipsLargeAudienceThreshold } - Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Enabled all MailTips' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable all MailTips: $($_.exception.message)" -sev Error + if ($StateIsCorrect) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All MailTips are already enabled.' -sev Info + } else { + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdparams @{ MailTipsAllTipsEnabled = $true; MailTipsExternalRecipientsTipsEnabled = $true; MailTipsGroupMetricsEnabled = $true; MailTipsLargeAudienceThreshold = $Settings.MailTipsLargeAudienceThreshold } + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Enabled all MailTips' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable all MailTips. Error: $($_.exception.message)" -sev Error + } } } + if ($Settings.alert) { - if ($Settings.alert -or $Settings.report) { - $MailTipsState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig' | Select-Object MailTipsAllTipsEnabled, MailTipsExternalRecipientsTipsEnabled, MailTipsGroupMetricsEnabled, MailTipsLargeAudienceThreshold - - if ($Settings.alert) { - if ($MailTipsState.MailTipsAllTipsEnabled -and $MailTipsState.MailTipsExternalRecipientsTipsEnabled -and $MailTipsState.MailTipsGroupMetricsEnabled -and $MailTipsState.MailTipsLargeAudienceThreshold -eq $Settings.MailTipsLargeAudienceThreshold) { - Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All MailTips are enabled' -sev Info - } else { - Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Not all MailTips are enabled' -sev Alert - } + if ($StateIsCorrect) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'All MailTips are enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Not all MailTips are enabled' -sev Alert } + } - if ($Settings.report) { + if ($Settings.report) { - if ($MailTipsState.MailTipsAllTipsEnabled -and $MailTipsState.MailTipsExternalRecipientsTipsEnabled -and $MailTipsState.MailTipsGroupMetricsEnabled -and $MailTipsState.MailTipsLargeAudienceThreshold -eq $Settings.MailTipsLargeAudienceThreshold) { - $MailTipsState = $true - } else { - $MailTipsState = $false - } - Add-CIPPBPAField -FieldName 'MailTipsEnabled' -FieldValue [bool]$MailTipsState -StoreAs bool -Tenant $tenant - } + Add-CIPPBPAField -FieldName 'MailTipsEnabled' -FieldValue [bool]$StateIsCorrect -StoreAs bool -Tenant $tenant } + } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 index 3bde7b01121f..c94a51555107 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 @@ -4,14 +4,15 @@ function Invoke-CIPPStandardEnableMailboxAuditing { Internal #> param($Tenant, $Settings) - $AuditState = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').AuditDisabled - if ( $Settings.remediate) { + + if ($Settings.remediate) { if ($AuditState) { # Enable tenant level mailbox audit try { New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{AuditDisabled = $false } -useSystemMailbox $true Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit enabled' -sev Info + $LogMessage = 'Tenant level mailbox audit enabled. ' } catch { Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to enable tenant level mailbox audit. Error: $($_.exception.message)" -sev Error } @@ -63,6 +64,7 @@ function Invoke-CIPPStandardEnableMailboxAuditing { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Tenant level mailbox audit is enabled' -sev Info } } + if ($Settings.report) { Add-CIPPBPAField -FieldName 'MailboxAuditingEnabled' -FieldValue [bool]$AuditState -StoreAs bool -Tenant $Tenant } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 index 640cea2d18f0..efd1df2a6c02 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 @@ -5,6 +5,7 @@ function Invoke-CIPPStandardSendReceiveLimitTenant { #> param($Tenant, $Settings) $AllMailBoxPlans = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxPlan' | Select-Object DisplayName, MaxSendSize, MaxReceiveSize, GUID + If ($Settings.remediate) { Write-Host "Time to remediate. Our Settings are $($Settings.SendLimit)MB and $($Settings.ReceiveLimit)MB" $MaxReceiveSize = [int64]"$($Settings.SendLimit)MB" diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 index 4b8d790f7dcf..a2613c4d0f3d 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSpoofWarn.ps1 @@ -4,28 +4,34 @@ function Invoke-CIPPStandardSpoofWarn { Internal #> param($Tenant, $Settings) + $CurrentInfo = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-ExternalInOutlook') + If ($Settings.remediate) { $status = if ($Settings.enable -and $Settings.disable) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'You cannot both enable and disable the Spoof Warnings setting' -sev Error Exit - } elseif ($Settings.state -eq 'Enabled' -or $Settings.enable) { $true } else { $false } - try { - New-ExoRequest -tenantid $Tenant -cmdlet 'Set-ExternalInOutlook' -cmdParams @{ Enabled = $status; } - Write-LogMessage -API 'Standards' -tenant $tenant -message "Spoofing warnings set to $status." -sev Info + } elseif ($Settings.state -eq 'enabled' -or $Settings.enable) { $true } else { $false } - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set spoofing warnings to $status. Error: $($_.exception.message)" -sev Error + if ($CurrentInfo.Enabled -eq $status) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Outlook external spoof warnings are already set to $status." -sev Info + } else { + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-ExternalInOutlook' -cmdParams @{ Enabled = $status; } + Write-LogMessage -API 'Standards' -tenant $tenant -message "Outlook external spoof warnings set to $status." -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set Outlook external spoof warnings to $status. Error: $($_.exception.message)" -sev Error + } } } - if ($Settings.alert) { - $CurrentInfo = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-ExternalInOutlook') + if ($Settings.alert) { if ($CurrentInfo.Enabled -eq $true) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Spoofing warnings are enabled.' -sev Info + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Outlook external spoof warnings are enabled.' -sev Info } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Spoofing warnings are not enabled.' -sev Alert + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Outlook external spoof warnings are not enabled.' -sev Alert } } + if ($Settings.report) { Add-CIPPBPAField -FieldName 'SpoofingWarnings' -FieldValue [bool]$CurrentInfo.Enabled -StoreAs bool -Tenant $tenant } From 9415082ce75191a4e4095024e6c61f44738aa56a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sat, 10 Feb 2024 20:20:29 +0100 Subject: [PATCH 030/243] Fix mailbox plan send and receive size limits --- ...oke-CIPPStandardSendReceiveLimitTenant.ps1 | 39 ++++++++++++------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 index efd1df2a6c02..e430e96a0f93 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendReceiveLimitTenant.ps1 @@ -5,32 +5,45 @@ function Invoke-CIPPStandardSendReceiveLimitTenant { #> param($Tenant, $Settings) $AllMailBoxPlans = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxPlan' | Select-Object DisplayName, MaxSendSize, MaxReceiveSize, GUID + $MaxSendSize = [int64]"$($Settings.SendLimit)MB" + $MaxReceiveSize = [int64]"$($Settings.ReceiveLimit)MB" + $NotSetCorrectly = foreach ($MailboxPlan in $AllMailBoxPlans) { + $PlanMaxSendSize = [int64]($MailboxPlan.MaxSendSize -replace '.*\(([\d,]+).*', '$1' -replace ',', '') + $PlanMaxReceiveSize = [int64]($MailboxPlan.MaxReceiveSize -replace '.*\(([\d,]+).*', '$1' -replace ',', '') + if ($PlanMaxSendSize -ne $MaxSendSize -or $PlanMaxReceiveSize -ne $MaxReceiveSize) { + $MailboxPlan + } + } + If ($Settings.remediate) { Write-Host "Time to remediate. Our Settings are $($Settings.SendLimit)MB and $($Settings.ReceiveLimit)MB" - $MaxReceiveSize = [int64]"$($Settings.SendLimit)MB" - $MaxSendSize = [int64]"$($Settings.ReceiveLimit)MB" - try { - foreach ($MailboxPlan in $AllMailBoxPlans) { - if ($MailboxPlan.MaxSendSize -ne $MaxSendSize -and $MailboxPlan.MaxReceiveSize -ne $MaxReceiveSize) { + if ($NotSetCorrectly.Count -gt 0) { + Write-Host "Found $($NotSetCorrectly.Count) Mailbox Plans that are not set correctly. Setting them to $($Settings.SendLimit)MB and $($Settings.ReceiveLimit)MB" + try { + foreach ($MailboxPlan in $NotSetCorrectly) { New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxPlan' -cmdParams @{Identity = $MailboxPlan.GUID; MaxSendSize = $MaxSendSize; MaxReceiveSize = $MaxReceiveSize } -useSystemMailbox $true } + Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully set the tenant send($($Settings.SendLimit)MB) and receive($($Settings.ReceiveLimit)MB) limits" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set the tenant send and receive limits. Error: $($_.exception.message)" -sev Error } - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Successfully set the tenant send and receive limits ' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set the tenant send and receive limits. Error: $($_.exception.message)" -sev Error + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message "The tenant send($($Settings.SendLimit)MB) and receive($($Settings.ReceiveLimit)MB) limits are already set correctly" -sev Info } } + if ($Settings.alert) { - foreach ($MailboxPlan in $AllMailBoxPlans) { - if ($MailboxPlan.MaxSendSize -ne $MaxSendSize -and $MailboxPlan.MaxReceiveSize -ne $MaxReceiveSize) { - Write-LogMessage -API 'Standards' -tenant $tenant -message "The tenant send and receive limits are not set correctly for $($MailboxPlan.DisplayName)" -sev Alert - } + if ($NotSetCorrectly.Count -eq 0) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "The tenant send($($Settings.SendLimit)MB) and receive($($Settings.ReceiveLimit)MB) limits are set correctly" -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message "The tenant send($($Settings.SendLimit)MB) and receive($($Settings.ReceiveLimit)MB) limits are not set correctly" -sev Alert } } + if ($Settings.report) { - Add-CIPPBPAField -FieldName 'SendReceiveLimit' -FieldValue $AllMailBoxPlans -StoreAs json -Tenant $tenant + Add-CIPPBPAField -FieldName 'SendReceiveLimit' -FieldValue $NotSetCorrectly -StoreAs json -Tenant $tenant } } From f4a1f208df51e99a012793b81df135bc70cce55f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 11 Feb 2024 01:22:42 +0100 Subject: [PATCH 031/243] Logging and bug fixing in the rest of the exchange standards --- .../Invoke-CIPPStandardDelegateSentItems.ps1 | 34 ++++++----- ...ndardDisableAdditionalStorageProviders.ps1 | 5 +- ...StandardDisableExternalCalendarSharing.ps1 | 42 +++++++------ ...nvoke-CIPPStandardDisableSharedMailbox.ps1 | 21 ++++--- ...voke-CIPPStandardEnableMailboxAuditing.ps1 | 1 + .../Invoke-CIPPStandardSafeSendersDisable.ps1 | 1 + .../Invoke-CIPPStandardSendFromAlias.ps1 | 27 ++++---- .../Invoke-CIPPStandardUserSubmissions.ps1 | 61 ++++++++++--------- 8 files changed, 107 insertions(+), 85 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 index 4c219d329ba6..dfca3c7c4456 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDelegateSentItems.ps1 @@ -7,28 +7,34 @@ function Invoke-CIPPStandardDelegateSentItems { $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ RecipientTypeDetails = @('UserMailbox', 'SharedMailbox') } | Where-Object { $_.MessageCopyForSendOnBehalfEnabled -eq $false -or $_.MessageCopyForSentAsEnabled -eq $false } If ($Settings.remediate) { - try { - $Mailboxes | ForEach-Object { - try { - $username = $_.UserPrincipalName - New-ExoRequest -tenantid $Tenant -cmdlet 'set-mailbox' -cmdParams @{Identity = $_.GUID ; MessageCopyForSendOnBehalfEnabled = $True; MessageCopyForSentAsEnabled = $True } -anchor $username - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not enable delegate sent item style for $($username): $($_.Exception.message)" -sev Warn - } - } - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Delegate Sent Items Style enabled.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Delegate Sent Items Style. Error: $($_.exception.message)" -sev Error + + if ($Mailboxes) { + try { + $Mailboxes | ForEach-Object { + try { + $username = $_.UserPrincipalName + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $_.GUID ; MessageCopyForSendOnBehalfEnabled = $True; MessageCopyForSentAsEnabled = $True } -anchor $username + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not enable delegate sent item style for $($username): $($_.Exception.message)" -sev Warn + } + } + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Delegate Sent Items Style enabled.' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Delegate Sent Items Style. Error: $($_.exception.message)" -sev Error + } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Delegate Sent Items Style already enabled.' -sev Info + } } if ($Settings.alert) { - if ($Mailboxes) { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Delegate Sent Items Style is not enabled for $($mailboxes.count) users" -sev Alert + Write-LogMessage -API 'Standards' -tenant $tenant -message "Delegate Sent Items Style is not enabled for $($mailboxes.count) mailboxes" -sev Alert } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Delegate Sent Items Style is enabled' -sev Info } } + if ($Settings.report) { $Filtered = $Mailboxes | Select-Object -Property UserPrincipalName, MessageCopyForSendOnBehalfEnabled, MessageCopyForSentAsEnabled Add-CIPPBPAField -FieldName 'DelegateSentItems' -FieldValue $Filtered -StoreAs json -Tenant $tenant diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1 index c90b9cb4c4f9..c0bab8bcb749 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAdditionalStorageProviders.ps1 @@ -4,7 +4,6 @@ function Invoke-CIPPStandardDisableAdditionalStorageProviders { Internal #> param($Tenant, $Settings) - $AdditionalStorageProvidersState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OwaMailboxPolicy' -cmdParams @{Identity = 'OwaMailboxPolicy-Default' } if ($Settings.remediate) { @@ -23,8 +22,7 @@ function Invoke-CIPPStandardDisableAdditionalStorageProviders { } - if ($Settings.alert) { - + if ($Settings.alert) { if ($AdditionalStorageProvidersState.AdditionalStorageProvidersAvailable) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'OWA additional storage providers are enabled' -sev Alert } else { @@ -33,7 +31,6 @@ function Invoke-CIPPStandardDisableAdditionalStorageProviders { } if ($Settings.report) { - Add-CIPPBPAField -FieldName 'AdditionalStorageProvidersEnabled' -FieldValue [bool]$AdditionalStorageProvidersState.AdditionalStorageProvidersEnabled -StoreAs bool -Tenant $tenant } } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 index e5e9232ed9b4..a1c29b7724c9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableExternalCalendarSharing.ps1 @@ -4,33 +4,35 @@ function Invoke-CIPPStandardDisableExternalCalendarSharing { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SharingPolicy' | Where-Object { $_.Default -eq $true } if ($Settings.remediate) { - New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SharingPolicy' | Where-Object { $_.Default -eq $true } | ForEach-Object { - try { - New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SharingPolicy' -cmdParams @{ Identity = $_.Id ; Enabled = $false } -UseSystemMailbox $true - Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully disabled external calendar sharing for the policy $($_.Name)" -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable external calendar sharing for the policy $($_.Name). Error: $($_.exception.message)" -sev Error + if ($CurrentInfo.Enabled) { + $CurrentInfo | ForEach-Object { + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SharingPolicy' -cmdParams @{ Identity = $_.Id ; Enabled = $false } -UseSystemMailbox $true + Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully disabled external calendar sharing for the policy $($_.Name)" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable external calendar sharing for the policy $($_.Name). Error: $($_.exception.message)" -sev Error + } } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'External calendar sharing is already disabled' -sev Info + } - } - # This is ugly but done to avoid a second call to the Graph API - if ($Settings.alert -or $Settings.report) { - $CurrentInfo = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SharingPolicy' | Where-Object { $_.Default -eq $true } + } - if ($Settings.alert) { - if ($CurrentInfo.Enabled) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'External calendar sharing is enabled' -sev Alert - } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'External calendar sharing is not enabled' -sev Info - } - } - if ($Settings.report) { - Add-CIPPBPAField -FieldName 'ExternalCalendarSharingDisabled' -FieldValue [bool]$CurrentInfo.Enabled -StoreAs bool -Tenant $tenant + if ($Settings.alert) { + if ($CurrentInfo.Enabled) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'External calendar sharing is enabled' -sev Alert + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'External calendar sharing is not enabled' -sev Info } } - + if ($Settings.report) { + $CurrentInfo.Enabled = -not $CurrentInfo.Enabled + Add-CIPPBPAField -FieldName 'ExternalCalendarSharingDisabled' -FieldValue [bool]$CurrentInfo.Enabled -StoreAs bool -Tenant $tenant + } } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 index 77e7295aaca8..45b637dcc905 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableSharedMailbox.ps1 @@ -5,24 +5,31 @@ function Invoke-CIPPStandardDisableSharedMailbox { #> param($Tenant, $Settings) $SharedMailboxList = (New-GraphGetRequest -uri "https://outlook.office365.com/adminapi/beta/$($Tenant)/Mailbox?`$filter=ExchangeUserAccountControl ne 'accountdisabled'" -Tenantid $tenant -scope ExchangeOnline | Where-Object { $_.RecipientTypeDetails -EQ 'SharedMailbox' -or $_.RecipientTypeDetails -eq 'SchedulingMailbox' }) + If ($Settings.remediate) { - try { + if ($SharedMailboxList) { $SharedMailboxList | ForEach-Object { - New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/users/$($_.ObjectKey)" -type 'PATCH' -body '{"accountEnabled":"false"}' -tenantid $tenant + try { + New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/users/$($_.ObjectKey)" -type PATCH -body '{"accountEnabled":"false"}' -tenantid $tenant + Write-LogMessage -API 'Standards' -tenant $tenant -message "AAD account for shared mailbox $($_.DisplayName) disabled." -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable AAD account for shared mailbox. Error: $($_.exception.message)" -sev Error + } } - Write-LogMessage -API 'Standards' -tenant $tenant -message 'AAD Accounts for shared mailboxes disabled.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable AAD accounts for shared mailboxes. Error: $($_.exception.message)" -sev Error + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'All AAD accounts for shared mailboxes are already disabled.' -sev Info } } + if ($Settings.alert) { if ($SharedMailboxList) { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Shared mailboxes with enabled accounts: $($SharedMailboxList.count)" -sev Alert + Write-LogMessage -API 'Standards' -tenant $tenant -message "Shared mailboxes with enabled accounts: $($SharedMailboxList.Count)" -sev Alert } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'No AAD accounts enables for shared mailboxes.' -sev Info + Write-LogMessage -API 'Standards' -tenant $tenant -message 'All AAD accounts for shared mailboxes are disabled.' -sev Info } } + if ($Settings.report) { Add-CIPPBPAField -FieldName 'DisableSharedMailbox' -FieldValue $SharedMailboxList -StoreAs json -Tenant $tenant } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 index c94a51555107..fcdc684d1f37 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 @@ -66,6 +66,7 @@ function Invoke-CIPPStandardEnableMailboxAuditing { } if ($Settings.report) { + $AuditState = -not $AuditState Add-CIPPBPAField -FieldName 'MailboxAuditingEnabled' -FieldValue [bool]$AuditState -StoreAs bool -Tenant $Tenant } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 index a0cb61fa8e64..5563e3d5d4e4 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeSendersDisable.ps1 @@ -4,6 +4,7 @@ function Invoke-CIPPStandardSafeSendersDisable { Internal #> param($Tenant, $Settings) + If ($Settings.remediate) { try { $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' | ForEach-Object { diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 index cd4972866185..6d465e0b51f8 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSendFromAlias.ps1 @@ -4,28 +4,31 @@ function Invoke-CIPPStandardSendFromAlias { Internal #> param($Tenant, $Settings) + $CurrentInfo = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').SendFromAliasEnabled + If ($Settings.remediate) { - try { - $AdminAuditLogParams = @{ - SendFromAliasEnabled = $true + if ($CurrentInfo -eq $false) { + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams @{ SendFromAliasEnabled = $true } + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Send from alias enabled.' -sev Info + $CurrentInfo = $true + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable send from alias. Error: $($_.exception.message)" -sev Error } - New-ExoRequest -tenantid $Tenant -cmdlet 'Set-OrganizationConfig' -cmdParams $AdminAuditLogParams - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Send from alias Enabled.' -sev Info - - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to apply Send from Alias Standard. Error: $($_.exception.message)" -sev Error + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Send from alias is already enabled.' -sev Info } } - if ($Settings.alert) { - $CurrentInfo = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig') - if ($CurrentInfo.SendFromAliasEnabled -eq $true) { + if ($Settings.alert) { + if ($CurrentInfo -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Send from alias is enabled.' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Send from alias is not enabled.' -sev Alert } } + if ($Settings.report) { - Add-CIPPBPAField -FieldName 'SendFromAlias' -FieldValue [bool]$CurrentInfo.SendFromAliasEnabled -StoreAs bool -Tenant $tenant + Add-CIPPBPAField -FieldName 'SendFromAlias' -FieldValue [bool]$CurrentInfo -StoreAs bool -Tenant $tenant } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 index f7a5ff7aa040..934f79995842 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardUserSubmissions.ps1 @@ -5,39 +5,43 @@ function Invoke-CIPPStandardUserSubmissions { #> param($Tenant, $Settings) $Policy = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-ReportSubmissionPolicy' + If ($Settings.remediate) { - if ($Settings.enable -and $Settings.disable) { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'You cannot both enable and disable the User Submission policy' -sev Error - Exit - } elseif ($Settings.enable) { - $status = $true - try { - - if ($Policy.length -eq 0) { - New-ExoRequest -tenantid $Tenant -cmdlet 'New-ReportSubmissionPolicy' - Write-LogMessage -API 'Standards' -tenant $tenant -message "User Submission policy set to $status." -sev Info - } else { - New-ExoRequest -tenantid $Tenant -cmdlet 'Set-ReportSubmissionPolicy' -cmdParams @{ EnableReportToMicrosoft = $status; Identity = $($Policy.Identity); } - Write-LogMessage -API 'Standards' -tenant $tenant -message "User Submission policy set to $status." -sev Info + $Status = if ($Settings.state -eq 'enable') { $true } else { $false } + + # If policy is set correctly, log and skip setting the policy + if ($Policy.EnableReportToMicrosoft -eq $status) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "User Submission policy is already set to $status." -sev Info + } else { + if ($Settings.state -eq 'enable') { + # Policy is not set correctly, enable the policy. Create new policy if it does not exist + try { + if ($Policy.length -eq 0) { + New-ExoRequest -tenantid $Tenant -cmdlet 'New-ReportSubmissionPolicy' -UseSystemMailbox $true + Write-LogMessage -API 'Standards' -tenant $tenant -message "User Submission policy set to $status." -sev Info + } else { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-ReportSubmissionPolicy' -cmdParams @{ EnableReportToMicrosoft = $status; Identity = $($Policy.Identity); } -UseSystemMailbox $true + Write-LogMessage -API 'Standards' -tenant $tenant -message "User Submission policy set to $status." -sev Info + } + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set User Submission policy to $status. Error: $($_.exception.message)" -sev Error } - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set User Submission policy to $status. Error: $($_.exception.message)" -sev Error - } - } else { - $status = $false - try { - $Policy = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-ReportSubmissionPolicy' - if ($Policy.length -eq 0) { - Write-LogMessage -API 'Standards' -tenant $tenant -message "User Submission policy set to $status." -sev Info - } else { - New-ExoRequest -tenantid $Tenant -cmdlet 'Set-ReportSubmissionPolicy' -cmdParams @{ EnableReportToMicrosoft = $status; Identity = $($Policy.Identity); EnableThirdPartyAddress = $status; ReportJunkToCustomizedAddress = $status; ReportNotJunkToCustomizedAddress = $status; ReportPhishToCustomizedAddress = $status; } - Write-LogMessage -API 'Standards' -tenant $tenant -message "User Submission policy set to $status." -sev Info + } else { + # Policy is not set correctly, disable the policy. + try { + if ($Policy.length -eq 0) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "User Submission policy set to $status." -sev Info + } else { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-ReportSubmissionPolicy' -cmdParams @{ EnableReportToMicrosoft = $status; Identity = $($Policy.Identity); EnableThirdPartyAddress = $status; ReportJunkToCustomizedAddress = $status; ReportNotJunkToCustomizedAddress = $status; ReportPhishToCustomizedAddress = $status; } -UseSystemMailbox $true + Write-LogMessage -API 'Standards' -tenant $tenant -message "User Submission policy set to $status." -sev Info + } + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set User Submission policy to $status. Error: $($_.exception.message)" -sev Error } - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Could not set User Submission policy to $status. Error: $($_.exception.message)" -sev Error } } } + if ($Settings.alert) { if ($Policy.length -eq 0) { @@ -50,6 +54,7 @@ function Invoke-CIPPStandardUserSubmissions { } } } + if ($Settings.report) { if ($Policy.length -eq 0) { Add-CIPPBPAField -FieldName 'UserSubmissionPolicy' -FieldValue $false -StoreAs bool -Tenant $tenant @@ -57,4 +62,4 @@ function Invoke-CIPPStandardUserSubmissions { Add-CIPPBPAField -FieldName 'UserSubmissionPolicy' -FieldValue [bool]$Policy.EnableReportToMicrosoft -StoreAs bool -Tenant $tenant } } -} +} \ No newline at end of file From cc942f769ca282e0888d162d2e3081925f7f844a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 11 Feb 2024 01:59:04 +0100 Subject: [PATCH 032/243] logging changes for intune standards --- .../Invoke-CIPPStandardintuneDeviceReg.ps1 | 18 ++++++----- ...CIPPStandardintuneDeviceRetirementDays.ps1 | 23 +++++++++----- .../Invoke-CIPPStandardintuneRequireMFA.ps1 | 30 +++++++++++-------- 3 files changed, 44 insertions(+), 27 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 index 6d2ece082f77..713fe5e8ff41 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceReg.ps1 @@ -7,13 +7,17 @@ function Invoke-CIPPStandardintuneDeviceReg { $PreviousSetting = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -tenantid $Tenant If ($Settings.remediate) { - try { - $PreviousSetting.userDeviceQuota = $Settings.max - $Newbody = ConvertTo-Json -Compress -InputObject $PreviousSetting - New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -Type PUT -Body $NewBody -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message "Set user device quota to $($Settings.max)" -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set user device quota to $($Settings.max) : $($_.exception.message)" -sev Error + if ($PreviousSetting.userDeviceQuota -eq $Settings.max) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "User device quota is already set to $($Settings.max)" -sev Info + } else { + try { + $PreviousSetting.userDeviceQuota = $Settings.max + $Newbody = ConvertTo-Json -Compress -InputObject $PreviousSetting + $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -Type PUT -Body $NewBody -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message "Set user device quota to $($Settings.max)" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set user device quota to $($Settings.max) : $($_.exception.message)" -sev Error + } } } if ($Settings.alert) { diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 index 502be8862b12..8ab48cf6efb9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneDeviceRetirementDays.ps1 @@ -4,27 +4,34 @@ function Invoke-CIPPStandardintuneDeviceRetirementDays { Internal #> param($Tenant, $Settings) + $CurrentInfo = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/deviceManagement/managedDeviceCleanupSettings' -tenantid $Tenant) + If ($Settings.remediate) { - try { - $body = @{ DeviceInactivityBeforeRetirementInDays = $Settings.days } | ConvertTo-Json - (New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/deviceManagement/managedDeviceCleanupSettings' -Type PATCH -Body $body -ContentType 'application/json') - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Enabled DeviceInactivityBeforeRetirementInDays.' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable DeviceInactivityBeforeRetirementInDays. Error: $($_.exception.message)" -sev Error + if ($CurrentInfo.DeviceInactivityBeforeRetirementInDays -eq $Settings.days) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "DeviceInactivityBeforeRetirementInDays for $($Settings.days) days is already enabled." -sev Info + } else { + try { + $body = @{ DeviceInactivityBeforeRetirementInDays = $Settings.days } | ConvertTo-Json + (New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/deviceManagement/managedDeviceCleanupSettings' -Type PATCH -Body $body -ContentType 'application/json') + Write-LogMessage -API 'Standards' -tenant $tenant -message "Enabled DeviceInactivityBeforeRetirementInDays for $($Settings.days) days." -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable DeviceInactivityBeforeRetirementInDays. Error: $($_.exception.message)" -sev Error + } } } + if ($Settings.alert) { - $CurrentInfo = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/deviceManagement/managedDeviceCleanupSettings' -tenantid $Tenant) if ($CurrentInfo.DeviceInactivityBeforeRetirementInDays -eq $Settings.days) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'DeviceInactivityBeforeRetirementInDays is enabled.' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'DeviceInactivityBeforeRetirementInDays is not enabled.' -sev Alert } } + if ($Settings.report) { - if ($PreviousSetting.DeviceInactivityBeforeRetirementInDays -eq $Settings.days) { $UserQuota = $true } else { $UserQuota = $false } + $UserQuota = if ($PreviousSetting.DeviceInactivityBeforeRetirementInDays -eq $Settings.days) { $true } else { $false } Add-CIPPBPAField -FieldName 'intuneDeviceRetirementDays' -FieldValue [bool]$UserQuota -StoreAs bool -Tenant $tenant } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 index 30a25866768e..f2cc643746e9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardintuneRequireMFA.ps1 @@ -7,26 +7,32 @@ function Invoke-CIPPStandardintuneRequireMFA { $PreviousSetting = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -tenantid $Tenant If ($Settings.remediate) { - try { - $NewSetting = $PreviousSetting - $NewSetting.multiFactorAuthConfiguration = '1' - $Newbody = ConvertTo-Json -Compress -InputObject $NewSetting - New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -Type PUT -Body $NewBody -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Set required to use MFA when joining Intune Devices' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set require to use MFA when joining Intune Devices: $($_.exception.message)" -sev Error + if ($PreviousSetting.multiFactorAuthConfiguration -eq 'required') { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Require to use MFA when joining/registering Entra Devices is already enabled.' -sev Info + } else { + try { + $NewSetting = $PreviousSetting + $NewSetting.multiFactorAuthConfiguration = '1' + $Newbody = ConvertTo-Json -Compress -InputObject $NewSetting + New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy' -Type PUT -Body $NewBody -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Set required to use MFA when joining/registering Entra Devices' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set require to use MFA when joining/registering Entra Devices: $($_.exception.message)" -sev Error + } } } + if ($Settings.alert) { if ($PreviousSetting.multiFactorAuthConfiguration -eq 'required') { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Require to use MFA when joining Intune Devices is enabled.' -sev Info + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Require to use MFA when joining/registering Entra Devices is enabled.' -sev Info } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Require to use MFA when joining Intune Devices is not enabled.' -sev Alert + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Require to use MFA when joining/registering Entra Devices is not enabled.' -sev Alert } } + if ($Settings.report) { - if ($PreviousSetting.multiFactorAuthConfiguration -eq 'required') { $UserQuota = $true } else { $UserQuota = $false } - Add-CIPPBPAField -FieldName 'intuneRequireMFA' -FieldValue [bool]$UserQuota -StoreAs bool -Tenant $tenant + $RequireMFA = if ($PreviousSetting.multiFactorAuthConfiguration -eq 'required') { $true } else { $false } + Add-CIPPBPAField -FieldName 'intuneRequireMFA' -FieldValue [bool]$RequireMFA -StoreAs bool -Tenant $tenant } } From 027d6c2b794a7db99c634f845bcafe11948c8f94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 11 Feb 2024 17:23:02 +0100 Subject: [PATCH 033/243] logging for almost all of the rest of SP standards --- ...voke-CIPPStandardDeletedUserRentention.ps1 | 32 ++++++++------- ...voke-CIPPStandardDisableUserSiteCreate.ps1 | 23 +++++++---- .../Invoke-CIPPStandardExcludedfileExt.ps1 | 40 +++++++++++++------ .../Invoke-CIPPStandarddisableMacSync.ps1 | 25 +++++++----- .../Invoke-CIPPStandardsharingCapability.ps1 | 24 ++++++++--- .../Invoke-CIPPStandardunmanagedSync.ps1 | 26 ++++++------ 6 files changed, 110 insertions(+), 60 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 index 975368668560..ffda26966410 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDeletedUserRentention.ps1 @@ -5,30 +5,34 @@ function Invoke-CIPPStandardDeletedUserRentention { #> param($Tenant, $Settings) $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true + $StateSetCorrectly = if ($CurrentInfo.deletedUserPersonalSiteRetentionPeriodInDays -eq 365) { $true } else { $false } If ($Settings.remediate) { - try { - $body = '{"deletedUserPersonalSiteRetentionPeriodInDays": 365}' - New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type PATCH -Body $body -ContentType 'application/json' - - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Set deleted user rentention of OneDrive to 1 year' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set deleted user rentention of OneDrive to 1 year: $($_.exception.message)" -sev Error + if ($StateSetCorrectly -eq $false) { + try { + $body = '{"deletedUserPersonalSiteRetentionPeriodInDays": 365}' + New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type PATCH -Body $body -ContentType 'application/json' + + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Set deleted user rentention of OneDrive to 1 year' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set deleted user rentention of OneDrive to 1 year: $($_.exception.message)" -sev Error + } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Deleted user rentention of OneDrive is already set to 1 year' -sev Info + } } + if ($Settings.alert) { - if ($CurrentInfo.deletedUserPersonalSiteRetentionPeriodInDays -eq 365) { + if ($StateSetCorrectly) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Deleted user rentention of OneDrive is set to 1 year' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Deleted user rentention of OneDrive is not set to 1 year' -sev Alert } } + if ($Settings.report) { - if ($CurrentInfo.deletedUserPersonalSiteRetentionPeriodInDays -eq 365) { - $CurrentInfo.deletedUserPersonalSiteRetentionPeriodInDays = $true - } else { - $CurrentInfo.deletedUserPersonalSiteRetentionPeriodInDays = $false - } - Add-CIPPBPAField -FieldName 'DeletedUserRentention' -FieldValue [bool]$CurrentInfo.deletedUserPersonalSiteRetentionPeriodInDays -StoreAs bool -Tenant $tenant + + Add-CIPPBPAField -FieldName 'DeletedUserRentention' -FieldValue [bool]$StateSetCorrectly -StoreAs bool -Tenant $tenant } } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 index 3943cbc38d43..da501dac7956 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableUserSiteCreate.ps1 @@ -4,24 +4,33 @@ function Invoke-CIPPStandardDisableUserSiteCreate { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true + If ($Settings.remediate) { - try { - $body = '{"isSiteCreationEnabled": false}' - New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled standard users from creating sites' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable standard users from creating sites: $($_.exception.message)" -sev Error + + if ($CurrentInfo.isSiteCreationEnabled) { + try { + $body = '{"isSiteCreationEnabled": false}' + $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled standard users from creating sites' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable standard users from creating sites: $($_.exception.message)" -sev Error + } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are already disabled from creating sites' -sev Info } + } + if ($Settings.alert) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true if ($CurrentInfo.isSiteCreationEnabled -eq $false) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are not allowed to create sites' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Standard users are allowed to create sites' -sev Alert } } + if ($Settings.report) { Add-CIPPBPAField -FieldName 'DisableUserSiteCreate' -FieldValue [bool]$CurrentInfo.isSiteCreationEnabled -StoreAs bool -Tenant $tenant } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 index 7d52d6c4eb74..b5f8ab8c006a 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 @@ -4,27 +4,43 @@ function Invoke-CIPPStandardExcludedfileExt { Internal #> param($Tenant, $Settings) - $Exts = $Settings.ext -split ',' + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true + $Exts = ($Settings.ext -replace ' ', '') -split ',' + + $MissingExclutions = foreach ($Exclusion in $Exts) { + if ($Exclusion -notin $CurrentInfo.excludedFileExtensionsForSyncApp) { + $Exclusion + } + } + Write-Host "MissingExclutions: $($MissingExclutions)" + + If ($Settings.remediate) { - - try { - $body = ConvertTo-Json -InputObject @{ excludedFileExtensionsForSyncApp = @($Exts) } - New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message "Added $($Settings.ext) to excluded synced files" -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to add $($Settings.ext) to excluded synced files: $($_.exception.message)" -sev Error + if ($MissingExclutions) { + Write-Host "CurrentInfo.excludedFileExtensionsForSyncApp: $($CurrentInfo.excludedFileExtensionsForSyncApp)" + Write-Host "Exts: $($Exts)" + try { + $body = ConvertTo-Json -InputObject @{ excludedFileExtensionsForSyncApp = @($Exts) } + $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message "Added $($Settings.ext) to excluded synced files" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to add $($Settings.ext) to excluded synced files: $($_.exception.message)" -sev Error + } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Excluded synced files already contains $($Settings.ext)" -sev Info } } + if ($Settings.alert) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true - if ($CurrentInfo.excludedFileExtensionsForSyncApp -contains $Exts) { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Excluded synced files contains $($Settings.ext)" -sev Info + if ($MissingExclutions) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Excluded synced files does not contain $($MissingExclutions -join ',')" -sev Alert } else { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Excluded synced files does not contain $($Settings.ext)" -sev Alert + Write-LogMessage -API 'Standards' -tenant $tenant -message "Excluded synced files contains $($Settings.ext)" -sev Info } } + if ($Settings.report) { Add-CIPPBPAField -FieldName 'ExcludedfileExt' -FieldValue $CurrentInfo.excludedFileExtensionsForSyncApp -StoreAs json -Tenant $tenant } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 index 41cd85e43c53..b273dbcb9fdd 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandarddisableMacSync.ps1 @@ -4,27 +4,34 @@ function Invoke-CIPPStandarddisableMacSync { Internal #> param($Tenant, $Settings) - If ($Settings.remediate) { - + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true - try { - $body = '{"isMacSyncAppEnabled": false}' - New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Mac OneDrive Sync' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Mac OneDrive Sync: $($_.exception.message)" -sev Error + If ($Settings.remediate) { + + if ($CurrentInfo.isMacSyncAppEnabled -eq $true) { + try { + $body = '{"isMacSyncAppEnabled": false}' + New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Mac OneDrive Sync' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Mac OneDrive Sync: $($_.exception.message)" -sev Error + } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Mac OneDrive Sync is already disabled' -sev Info } } + if ($Settings.alert) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true if ($CurrentInfo.isMacSyncAppEnabled -eq $false) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Mac OneDrive Sync is disabled' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Mac OneDrive Sync is not disabled' -sev Alert } } + if ($Settings.report) { + $CurrentInfo.isMacSyncAppEnabled = -not $CurrentInfo.isMacSyncAppEnabled Add-CIPPBPAField -FieldName 'MacSync' -FieldValue [bool]$CurrentInfo.isMacSyncAppEnabled -StoreAs bool -Tenant $tenant } } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 index 0003bddc0be4..ee36e115f5b0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardsharingCapability.ps1 @@ -5,23 +5,35 @@ function Invoke-CIPPStandardsharingCapability { #> param($Tenant, $Settings) $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true + # $CurrentInfo.sharingCapability.GetType() + $Settings.Level + $CurrentInfo.sharingCapability If ($Settings.remediate) { - try { - New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body "{`"sharingCapability`":`"$($Settings.Level)`"}" -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message "Set sharing level to $($Settings.Level)" -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set sharing level to $($Settings.Level): $($_.exception.message)" -sev Error + + if ($CurrentInfo.sharingCapability -eq $Settings.Level) { + Write-Host "Sharing level is already set to $($Settings.Level)" + Write-LogMessage -API 'Standards' -tenant $tenant -message "Sharing level is already set to $($Settings.Level)" -sev Info + } else { + Write-Host "Setting sharing level to $($Settings.Level) from $($CurrentInfo.sharingCapability)" + try { + $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body "{`"sharingCapability`":`"$($Settings.Level)`"}" -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message "Set sharing level to $($Settings.Level) from $($CurrentInfo.sharingCapability)" -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set sharing level to $($Settings.Level): $($_.exception.message)" -sev Error + } } } + if ($Settings.alert) { - if ($CurrentInfo.sharingCapability -eq $Settings.level) { + if ($CurrentInfo.sharingCapability -eq $Settings.Level) { Write-LogMessage -API 'Standards' -tenant $tenant -message "Sharing level is set to $($Settings.Level)" -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message "Sharing level is not set to $($Settings.Level)" -sev Alert } } + if ($Settings.report) { Add-CIPPBPAField -FieldName 'sharingCapability' -FieldValue $CurrentInfo.sharingCapability -StoreAs string -Tenant $tenant } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 index 42261e2b2d86..d7595fb0416e 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 @@ -4,18 +4,24 @@ function Invoke-CIPPStandardunmanagedSync { Internal #> param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true + If ($Settings.remediate) { - try { - $body = '{"isUnmanagedSyncAppForTenantRestricted": false}' - New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Sync for unmanaged devices' -sev Info - } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Sync for unmanaged devices: $($_.exception.message)" -sev Error + + if ($CurrentInfo.isUnmanagedSyncAppForTenantRestricted -eq $false) { + try { + $body = '{"isUnmanagedSyncAppForTenantRestricted": false}' + New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Sync for unmanaged devices' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Sync for unmanaged devices: $($_.exception.message)" -sev Error + } + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Sync for unmanaged devices is already disabled' -sev Info } } if ($Settings.alert) { - $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true if ($CurrentInfo.isUnmanagedSyncAppForTenantRestricted -eq $false) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Sync for unmanaged devices is disabled' -sev Info } else { @@ -23,11 +29,7 @@ function Invoke-CIPPStandardunmanagedSync { } } if ($Settings.report) { - if ($CurrentInfo.isUnmanagedSyncAppForTenantRestricted -eq $false) { - $CurrentInfo.isUnmanagedSyncAppForTenantRestricted = $true - } else { - $CurrentInfo.isUnmanagedSyncAppForTenantRestricted = $false - } + $CurrentInfo.isUnmanagedSyncAppForTenantRestricted = -not $CurrentInfo.isUnmanagedSyncAppForTenantRestricted Add-CIPPBPAField -FieldName 'unmanagedSync' -FieldValue [bool]$CurrentInfo.isUnmanagedSyncAppForTenantRestricted -StoreAs bool -Tenant $tenant } } From e744e91b5a7357be31bd4fbd1073af98c8268ef2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 11 Feb 2024 17:59:00 +0100 Subject: [PATCH 034/243] auto handling of extensions to be in correct format and replace all exts if there is too few or too many exts --- .../Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 index b5f8ab8c006a..902fe7301a6f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExcludedfileExt.ps1 @@ -6,17 +6,23 @@ function Invoke-CIPPStandardExcludedfileExt { param($Tenant, $Settings) $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -tenantid $Tenant -AsApp $true $Exts = ($Settings.ext -replace ' ', '') -split ',' + # Add a wildcard to the extensions since thats what the SP admin center does + $Exts = $Exts | ForEach-Object { if ($_ -notlike '*.*') { "*.$_" } else { $_ } } + $MissingExclutions = foreach ($Exclusion in $Exts) { if ($Exclusion -notin $CurrentInfo.excludedFileExtensionsForSyncApp) { $Exclusion } } + Write-Host "MissingExclutions: $($MissingExclutions)" If ($Settings.remediate) { + # If the number of extensions in the settings does not match the number of extensions in the current settings, we need to update the settings + $MissingExclutions = if ($Exts.Count -ne $CurrentInfo.excludedFileExtensionsForSyncApp.Count) { $true } else { $MissingExclutions } if ($MissingExclutions) { Write-Host "CurrentInfo.excludedFileExtensionsForSyncApp: $($CurrentInfo.excludedFileExtensionsForSyncApp)" Write-Host "Exts: $($Exts)" From 91b9efd067a5464a1aecb85003d292046fdb4402 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sun, 11 Feb 2024 18:00:33 +0100 Subject: [PATCH 035/243] Invert standard since it was doing the opposite of what it said --- .../Standards/Invoke-CIPPStandardunmanagedSync.ps1 | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 index d7595fb0416e..2d6f3b81bd34 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 @@ -10,8 +10,8 @@ function Invoke-CIPPStandardunmanagedSync { if ($CurrentInfo.isUnmanagedSyncAppForTenantRestricted -eq $false) { try { - $body = '{"isUnmanagedSyncAppForTenantRestricted": false}' - New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' + $body = '{"isUnmanagedSyncAppForTenantRestricted": true}' + $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Sync for unmanaged devices' -sev Info } catch { Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Sync for unmanaged devices: $($_.exception.message)" -sev Error @@ -20,16 +20,17 @@ function Invoke-CIPPStandardunmanagedSync { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Sync for unmanaged devices is already disabled' -sev Info } } + if ($Settings.alert) { - if ($CurrentInfo.isUnmanagedSyncAppForTenantRestricted -eq $false) { + if ($CurrentInfo.isUnmanagedSyncAppForTenantRestricted -eq $true) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Sync for unmanaged devices is disabled' -sev Info } else { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Sync for unmanaged devices is not disabled' -sev Alert } } + if ($Settings.report) { - $CurrentInfo.isUnmanagedSyncAppForTenantRestricted = -not $CurrentInfo.isUnmanagedSyncAppForTenantRestricted Add-CIPPBPAField -FieldName 'unmanagedSync' -FieldValue [bool]$CurrentInfo.isUnmanagedSyncAppForTenantRestricted -StoreAs bool -Tenant $tenant } } From c691becc6d4355a2c44b26c42bac332fe667408c Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 13 Feb 2024 16:02:19 -0500 Subject: [PATCH 036/243] Remove excluded tenants from CPV refresh --- UpdatePermissions/run.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UpdatePermissions/run.ps1 b/UpdatePermissions/run.ps1 index e4e73f4be9ed..5707bb45734a 100644 --- a/UpdatePermissions/run.ps1 +++ b/UpdatePermissions/run.ps1 @@ -1,7 +1,7 @@ # Input bindings are passed in via param block. param($Timer) -$Tenants = get-tenants -IncludeAll | Where-Object { $_.customerId -ne $env:TenantId } +$Tenants = get-tenants -IncludeErrors | Where-Object { $_.customerId -ne $env:TenantId } foreach ($Row in $Tenants) { Push-OutputBinding -Name Msg -Value $row } \ No newline at end of file From 98a2b7682f0a1d9d473b3b22bd1e8f2db8263152 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 14 Feb 2024 21:54:15 +0100 Subject: [PATCH 037/243] bug fix for CA policy. --- Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 | 2 +- PublicWebhooks/run.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 index 5fd635238470..0ecfd722c6cf 100644 --- a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 @@ -46,7 +46,7 @@ function New-CIPPCAPolicy { } #If Grant Controls contains authenticationstrength, create these and then replace the id - if ($JSONobj.GrantControls.authenticationStrength.policyType -eq 'custom') { + if ($JSONobj.GrantControls.authenticationStrength.policyType -eq 'custom' -or $JSONobj.GrantControls.authenticationStrength.policyType -eq 'BuiltIn') { $ExistingStrength = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/authenticationStrength/policies/' -tenantid $TenantFilter | Where-Object -Property displayName -EQ $JSONobj.GrantControls.authenticationStrength.displayName if ($ExistingStrength) { $JSONObj.GrantControls.authenticationStrength = @{ id = $ExistingStrength.id } diff --git a/PublicWebhooks/run.ps1 b/PublicWebhooks/run.ps1 index fc7ca248ea4c..2faa35804e05 100644 --- a/PublicWebhooks/run.ps1 +++ b/PublicWebhooks/run.ps1 @@ -14,7 +14,7 @@ if ($Request.Query.CIPPID -in $Webhooks.RowKey) { Write-Host 'Found matching CIPPID' if ($Webhooks.Resource -eq 'M365AuditLogs') { Write-Host "Found M365AuditLogs - This is an old entry, we'll deny so Microsoft stops sending it." - $body = 'This webhook is not authorized.' + $body = 'This webhook is not authorized, its an old entry.' $StatusCode = [HttpStatusCode]::Forbidden } if ($Request.query.ValidationToken -or $Request.body.validationCode) { From 76afff083010362ab32bceca99cbc064485c01bb Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Thu, 15 Feb 2024 16:08:54 +0100 Subject: [PATCH 038/243] move some code around --- .../Public/Invoke-CIPPWebhookProcessing.ps1 | 36 +++++++++---------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 index fee8af4c24be..77139f1ddaba 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 @@ -43,6 +43,18 @@ function Invoke-CippWebhookProcessing { $Proxy = if ($Location.Proxy -ne $null) { $Location.Proxy } else { 'Unknown' } $hosting = if ($Location.Hosting -ne $null) { $Location.Hosting } else { 'Unknown' } $ASName = if ($Location.ASName) { $Location.ASName } else { 'Unknown' } + $IP = $data.ClientIP + $LocationInfo = @{ + RowKey = [string]$data.clientip + PartitionKey = [string]$data.UserId + Tenant = [string]$TenantFilter + CountryOrRegion = "$Country" + City = "$City" + Proxy = "$Proxy" + Hosting = "$hosting" + ASName = "$ASName" + } + $null = Add-CIPPAzDataTableEntity @LocationTable -Entity $LocationInfo -Force } } $TableObj = [PSCustomObject]::new() @@ -128,15 +140,16 @@ function Invoke-CippWebhookProcessing { $dynamicIf = "`$data.$key -$operator '$value'" } if (Invoke-Expression $dynamicIf) { + Write-Host "Condition met: $dynamicIf" $ConditionMet = $true } else { + Write-Host "Condition not met: $dynamicIf" $ConditionMet = $false } } if ($ConditionMet) { #we're doing two loops, one first to collect the results of any action taken, then the second to pass those results via email etc. - $ActionResults = foreach ($action in $dos) { Write-Host "this is our action: $($action | ConvertTo-Json -Depth 15 -Compress))" switch ($action.execute) { @@ -212,6 +225,7 @@ function Invoke-CippWebhookProcessing { Send-CIPPAlert -Type 'psa' -Title $GenerateEmail.title -HTMLContent $GenerateEmail.htmlcontent -TenantFilter $TenantFilter } 'generateWebhook' { + Write-Host 'Generating the webhook content' $GenerateJSON = New-CIPPAlertTemplate -format 'json' -data $Data -ActionResults $ActionResults $JsonContent = @{ Title = $GenerateJSON.Title @@ -225,28 +239,12 @@ function Invoke-CippWebhookProcessing { PotentialASName = $ASName ActionsTaken = [string]($ActionResults | ConvertTo-Json -Depth 15 -Compress) } | ConvertTo-Json -Depth 15 -Compress + Write-Host 'Sending Webhook Content' + Send-CIPPAlert -Type 'webhook' -Title $GenerateJSON.Title -JSONContent $JsonContent -TenantFilter $TenantFilter } } } } } - - if ($data.ClientIP) { - $IP = $data.ClientIP - if ($IP -match '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$') { - $IP = $IP -replace ':\d+$', '' # Remove the port number if present - } - $LocationInfo = @{ - RowKey = [string]$ip - PartitionKey = [string]$data.UserId - Tenant = [string]$TenantFilter - CountryOrRegion = "$Country" - City = "$City" - Proxy = "$Proxy" - Hosting = "$hosting" - ASName = "$ASName" - } - $null = Add-CIPPAzDataTableEntity @LocationTable -Entity $LocationInfo -Force - } } From a486572742e951daf03fb1d68df6775135a9599c Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Sat, 17 Feb 2024 19:17:04 +0100 Subject: [PATCH 039/243] improvements mailbox stats --- .../CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 index e6f2f4e3ff40..2e32585d341d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 @@ -47,6 +47,10 @@ function Invoke-ListGraphRequest { $Parameters.'$search' = $Request.Query.'$search' } + if ($Request.Query.'$format') { + $Parameters.'$format' = $Request.Query.'$format' + } + $GraphRequestParams = @{ Endpoint = $Request.Query.Endpoint Parameters = $Parameters From 56a4fb8e07cc78cd9f503b5450db9407bc47ed1e Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Sat, 17 Feb 2024 19:18:44 +0100 Subject: [PATCH 040/243] resolve unrequired error --- Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 index 1e5f94064479..47d455057c19 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 @@ -16,6 +16,5 @@ function Push-CIPPAlertQuotaUsed { } } } catch { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Mailbox Quota Alert Error occurred: $(Get-NormalizedError -message $_.Exception.message)" } } From 05b6c79a5b2f23da15e5adf8f918acb047137428 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Sun, 18 Feb 2024 13:46:16 +0100 Subject: [PATCH 041/243] fixes displayname issue --- Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 index 34a79bee6b7e..ca5240804f3b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 @@ -42,7 +42,10 @@ Function Invoke-AddPolicy { if ($PolicyName -in $CheckExististing.displayName) { Throw "Policy with Display Name $($Displayname) Already exists" } - + $PolicyFile = $RawJSON | ConvertFrom-Json + $Null = $PolicyFile | Add-Member -MemberType NoteProperty -Name 'description' -Value $description -Force + $null = $PolicyFile | Add-Member -MemberType NoteProperty -Name 'displayName' -Value $displayname -Force + $RawJSON = ConvertTo-Json -InputObject $PolicyFile -Depth 20 $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenant -type POST -body $RawJSON } 'Catalog' { @@ -62,8 +65,7 @@ Function Invoke-AddPolicy { Set-CIPPAssignedPolicy -GroupName $AssignTo -PolicyId $CreateRequest.id -Type $TemplateTypeURL -TenantFilter $tenant } "Successfully added policy for $($Tenant)" - } - catch { + } catch { "Failed to add policy for $($Tenant): $($_.Exception.Message)" Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Failed adding policy $($Displayname). Error: $($_.Exception.Message)" -Sev 'Error' continue From a21802df4db5b55567b19d2df9811e555819b830 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Sun, 18 Feb 2024 19:51:54 +0100 Subject: [PATCH 042/243] added sorts --- Modules/CIPPCore/Public/Entrypoints/Invoke-ListBPA.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 | 2 +- .../Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBPA.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBPA.ps1 index e9f9f9a1fbf4..7ff48e0ca1c9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBPA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBPA.ps1 @@ -13,7 +13,7 @@ Function Invoke-ListBPA { $Table = get-cipptable 'cachebpav2' $name = $Request.query.Report - if ($name -eq $null) { $name = 'CIPP Best Practices v1.0 - Table view' } + if ($name -eq $null) { $name = 'CIPP Best Practices v1.5 - Table view' } # Get all possible JSON files for reports, find the correct one, select the Columns $JSONFields = @() diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 index 28dc15275c83..897fcf53b3ed 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExConnectorTemplates.ps1 @@ -22,7 +22,7 @@ Function Invoke-ListExConnectorTemplates { $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $GUID $data | Add-Member -NotePropertyName 'cippconnectortype' -NotePropertyValue $Direction $data - } + } | Sort-Object -Property displayName if ($Request.query.ID) { $Templates = $Templates | Where-Object -Property RowKey -EQ $Request.query.id } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 index e3270a1834b0..abd31c65b7cd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 @@ -35,8 +35,8 @@ Function Invoke-ListIntuneTemplates { $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $_.Type $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID $data - } - } + } | Sort-Object -Property displayName + } if ($Request.query.ID) { $Templates = $Templates | Where-Object -Property guid -EQ $Request.query.id } From 5b877e9663b3568c413a41c0c6717f28eedab9b1 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Sun, 18 Feb 2024 23:13:57 +0100 Subject: [PATCH 043/243] added manager field --- .../Public/Entrypoints/Invoke-AddUser.ps1 | 23 ++++++++++++------- .../Public/Entrypoints/Invoke-EditUser.ps1 | 9 +++++++- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUser.ps1 index 8845a0a8987c..c1d7512b14d6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUser.ps1 @@ -8,7 +8,7 @@ Function Invoke-AddUser { [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = "AddUser" + $APIName = 'AddUser' Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Results = [System.Collections.ArrayList]@() @@ -56,8 +56,7 @@ Function Invoke-AddUser { $results.add('Created user.') $results.add("Username: $($UserprincipalName)") $results.add("Password: $password") - } - catch { + } catch { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid) -message "Failed to create user. Error:$($_.Exception.Message)" -Sev 'Error' $body = $results.add("Failed to create user. $($_.Exception.Message)" ) } @@ -70,8 +69,7 @@ Function Invoke-AddUser { $LicenseBody = if ($licenses.count -ge 2) { $liclist = foreach ($license in $Licenses) { '{"disabledPlans": [],"skuId": "' + $license + '" },' } '{"addLicenses": [' + $LicList + '], "removeLicenses": [ ] }' - } - else { + } else { '{"addLicenses": [ {"disabledPlans": [],"skuId": "' + $licenses + '" }],"removeLicenses": [ ]}' } Write-Host $LicenseBody @@ -97,8 +95,7 @@ Function Invoke-AddUser { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid) -message "Added alias $($Alias) to $($userobj.displayname)" -Sev 'Info' $body = $results.add("Added Aliases: $($Aliases -join ',')") } - } - catch { + } catch { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid) -message "Failed to create the Aliases. Error:$($_.Exception.Message)" -Sev 'Error' $body = $results.add("Failed to create the Aliases: $($_.Exception.Message)") } @@ -107,7 +104,15 @@ Function Invoke-AddUser { $results.Add($CopyFrom.Success -join ', ') $results.Add($CopyFrom.Error -join ', ') } - + + if ($Request.body.setManager) { + $ManagerBody = [PSCustomObject]@{'@odata.id' = "https://graph.microsoft.com/beta/users/$($Request.body.setManager.value)" } + $ManagerBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $ManagerBody + New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($GraphRequest.id)/manager/`$ref" -tenantid $Userobj.tenantid -type PUT -body $ManagerBodyJSON -Verbose + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Userobj.tenantid -message "Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)" -Sev 'Info' + $results.add("Success. Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)") + } + $copyFromResults = @{ 'Success' = $CopyFrom.Success 'Error' = $CopyFrom.Error @@ -119,6 +124,8 @@ Function Invoke-AddUser { 'Password' = $password 'CopyFrom' = $copyFromResults } + + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 index d5d7b4e1b961..7c4674317d06 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 @@ -161,7 +161,14 @@ Function Invoke-EditUser { } } - + if ($Request.body.setManager) { + $ManagerBody = [PSCustomObject]@{'@odata.id' = "https://graph.microsoft.com/beta/users/$($Request.body.setManager.value)" } + $ManagerBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $ManagerBody + New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($userobj.Userid)/manager/`$ref" -tenantid $Userobj.tenantid -type PUT -body $ManagerBodyJSON -Verbose + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Userobj.tenantid -message "Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)" -Sev 'Info' + $results.add("Success. Set $($UserObj.DisplayName)'s manager to $($Request.body.setManager.label)") + } + if ($RemoveFromGroups) { $RemoveFromGroups | ForEach-Object { From 4d9a52d731da30d2b86967906fe94f781f62f54b Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 20 Feb 2024 16:14:47 -0500 Subject: [PATCH 044/243] Dev environment improvements - Move dev authentication from local.settings.json to table storage - Env vars need to be removed before the new method will take effect - Limit use to only when Azurite connection string is detected - Update SAM wizard to work - Allow for UpdateTokens function to get new refresh token and avoid 90 day timeout --- .../Entrypoints/Invoke-ExecSAMSetup.ps1 | 400 ++++++++++-------- .../Public/Get-CIPPAuthentication.ps1 | 34 +- UpdateTokens/run.ps1 | 32 +- 3 files changed, 265 insertions(+), 201 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSAMSetup.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSAMSetup.ps1 index a224182bf1c9..ba829541e6dc 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSAMSetup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSAMSetup.ps1 @@ -1,198 +1,242 @@ using namespace System.Net Function Invoke-ExecSAMSetup { - <# + <# .FUNCTIONALITY Entrypoint #> - [CmdletBinding()] - param($Request, $TriggerMetadata) - - $UserCreds = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json) - if ($Request.query.error) { - Add-Type -AssemblyName System.Web - Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - ContentType = 'text/html' - StatusCode = [HttpStatusCode]::Forbidden - Body = Get-normalizedError -Message [System.Web.HttpUtility]::UrlDecode($Request.Query.error_description) - }) - exit - } - if ('admin' -notin $UserCreds.userRoles) { - Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - ContentType = 'text/html' - StatusCode = [HttpStatusCode]::Forbidden - Body = 'Could not find an admin cookie in your browser. Make sure you do not have an adblocker active, use a Chromium browser, and allow cookies. If our automatic refresh does not work, try pressing the URL bar and hitting enter. We will try to refresh ourselves in 3 seconds.' - }) - exit - } - - $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - if ($env:MSI_SECRET) { + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $UserCreds = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json) + if ($Request.query.error) { + Add-Type -AssemblyName System.Web + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + ContentType = 'text/html' + StatusCode = [HttpStatusCode]::Forbidden + Body = Get-normalizedError -Message [System.Web.HttpUtility]::UrlDecode($Request.Query.error_description) + }) + exit + } + if ('admin' -notin $UserCreds.userRoles) { + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + ContentType = 'text/html' + StatusCode = [HttpStatusCode]::Forbidden + Body = 'Could not find an admin cookie in your browser. Make sure you do not have an adblocker active, use a Chromium browser, and allow cookies. If our automatic refresh does not work, try pressing the URL bar and hitting enter. We will try to refresh ourselves in 3 seconds.' + }) + exit + } + + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { + $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets' + $Secret = Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'" + if (!$Secret) { + $Secret = [PSCustomObject]@{ + 'PartitionKey' = 'Secret' + 'RowKey' = 'Secret' + 'TenantId' = '' + 'RefreshToken' = '' + 'ApplicationId' = '' + 'ApplicationSecret' = '' + } + Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force + } + } else { + if ($env:MSI_SECRET) { Disable-AzContextAutosave -Scope Process | Out-Null $AzSession = Connect-AzAccount -Identity - } - if (!$ENV:SetFromProfile) { - Write-Host "We're reloading from KV" - Get-CIPPAuthentication - } - - $KV = $ENV:WEBSITE_DEPLOYMENT_ID - $Table = Get-CIPPTable -TableName SAMWizard - $Rows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Timestamp -GT (Get-Date).AddMinutes(-10) - - try { - if ($Request.query.count -lt 1 ) { $Results = 'No authentication code found. Please go back to the wizard.' } - - if ($request.body.setkeys) { - if ($request.body.tenantid) { Set-AzKeyVaultSecret -VaultName $kv -Name 'tenantid' -SecretValue (ConvertTo-SecureString -String $request.body.tenantid -AsPlainText -Force) } - if ($request.body.RefreshToken) { Set-AzKeyVaultSecret -VaultName $kv -Name 'RefreshToken' -SecretValue (ConvertTo-SecureString -String $request.body.RefreshToken -AsPlainText -Force) } - if ($request.body.applicationid) { Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationid' -SecretValue (ConvertTo-SecureString -String $request.body.applicationid -AsPlainText -Force) } - if ($request.body.applicationsecret) { Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationsecret' -SecretValue (ConvertTo-SecureString -String $request.body.applicationsecret -AsPlainText -Force) } - $Results = @{ Results = 'The keys have been replaced. Please perform a permissions check.' } + } + } + if (!$ENV:SetFromProfile) { + Write-Host "We're reloading from KV" + Get-CIPPAuthentication + } + + $KV = $ENV:WEBSITE_DEPLOYMENT_ID + $Table = Get-CIPPTable -TableName SAMWizard + $Rows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Timestamp -GT (Get-Date).AddMinutes(-10) + + try { + if ($Request.query.count -lt 1 ) { $Results = 'No authentication code found. Please go back to the wizard.' } + + if ($request.body.setkeys) { + if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { + if ($request.body.TenantId) { $Secret.TenantId = $Request.body.tenantid } + if ($request.body.RefreshToken) { $Secret.RefreshToken = $Request.body.RefreshToken } + if ($request.body.applicationid) { $Secret.ApplicationId = $Request.body.ApplicationId } + if ($request.body.ApplicationSecret) { $Secret.ApplicationSecret = $Request.body.ApplicationSecret } + Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force + } else { + if ($request.body.tenantid) { Set-AzKeyVaultSecret -VaultName $kv -Name 'tenantid' -SecretValue (ConvertTo-SecureString -String $request.body.tenantid -AsPlainText -Force) } + if ($request.body.RefreshToken) { Set-AzKeyVaultSecret -VaultName $kv -Name 'RefreshToken' -SecretValue (ConvertTo-SecureString -String $request.body.RefreshToken -AsPlainText -Force) } + if ($request.body.applicationid) { Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationid' -SecretValue (ConvertTo-SecureString -String $request.body.applicationid -AsPlainText -Force) } + if ($request.body.applicationsecret) { Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationsecret' -SecretValue (ConvertTo-SecureString -String $request.body.applicationsecret -AsPlainText -Force) } + } + $Results = @{ Results = 'The keys have been replaced. Please perform a permissions check.' } + } + if ($Request.query.error -eq 'invalid_client') { $Results = 'Client ID was not found in Azure. Try waiting 10 seconds to try again, if you have gotten this error after 5 minutes, please restart the process.' } + if ($request.query.code) { + try { + $TenantId = $Rows.tenantid + if (!$TenantId) { $TenantId = $ENV:TenantId } + $AppID = $Rows.appid + if (!$AppID) { $appid = $env:ApplicationId } + $URL = ($Request.headers.'x-ms-original-url').split('?') | Select-Object -First 1 + if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { + $clientsecret = $Secret.ApplicationSecret + } else { + $clientsecret = Get-AzKeyVaultSecret -VaultName $kv -Name 'applicationsecret' -AsPlainText + } + if (!$clientsecret) { $clientsecret = $ENV:ApplicationSecret } + $RefreshToken = Invoke-RestMethod -Method POST -Body "client_id=$appid&scope=https://graph.microsoft.com/.default+offline_access+openid+profile&code=$($request.query.code)&grant_type=authorization_code&redirect_uri=$($url)&client_secret=$clientsecret" -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" + + if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { + $Secret.RefreshToken = $RefreshToken.refresh_token + Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force + } else { + Set-AzKeyVaultSecret -VaultName $kv -Name 'RefreshToken' -SecretValue (ConvertTo-SecureString -String $RefreshToken.refresh_token -AsPlainText -Force) + } + + $Results = 'Authentication is now complete. You may now close this window.' + try { + $SetupPhase = $rows.validated = $true + Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null + } catch { + #no need. + } + } catch { + $Results = "Authentication failed. $($_.Exception.message)" + } + } + if ($request.query.CreateSAM) { + $Rows = @{ + RowKey = 'setup' + PartitionKey = 'setup' + validated = $false + SamSetup = 'NotStarted' + partnersetup = $false + appid = 'NotStarted' + tenantid = 'NotStarted' } - if ($Request.query.error -eq 'invalid_client') { $Results = 'Client ID was not found in Azure. Try waiting 10 seconds to try again, if you have gotten this error after 5 minutes, please restart the process.' } - if ($request.query.code) { - try { - $TenantId = $Rows.tenantid - if (!$TenantId) { $TenantId = $ENV:TenantId } - $AppID = $Rows.appid - if (!$AppID) { $appid = $env:ApplicationId } - $URL = ($Request.headers.'x-ms-original-url').split('?') | Select-Object -First 1 - $clientsecret = Get-AzKeyVaultSecret -VaultName $kv -Name 'applicationsecret' -AsPlainText - if (!$clientsecret) { $clientsecret = $ENV:ApplicationSecret } - $RefreshToken = Invoke-RestMethod -Method POST -Body "client_id=$appid&scope=https://graph.microsoft.com/.default+offline_access+openid+profile&code=$($request.query.code)&grant_type=authorization_code&redirect_uri=$($url)&client_secret=$clientsecret" -Uri "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token" - Set-AzKeyVaultSecret -VaultName $kv -Name 'RefreshToken' -SecretValue (ConvertTo-SecureString -String $RefreshToken.refresh_token -AsPlainText -Force) - $Results = 'Authentication is now complete. You may now close this window.' + Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null + $Rows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Timestamp -GT (Get-Date).AddMinutes(-10) + + if ($Request.query.partnersetup) { + $SetupPhase = $Rows.partnersetup = $true + Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null + } + $step = 1 + $DeviceLogon = New-DeviceLogin -clientid '1b730954-1685-4b74-9bfd-dac224a7b894' -Scope 'https://graph.microsoft.com/.default' -FirstLogon + $SetupPhase = $rows.SamSetup = [string]($DeviceLogon | ConvertTo-Json) + Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null + $Results = @{ message = "Your code is $($DeviceLogon.user_code). Enter the code" ; step = $step; url = $DeviceLogon.verification_uri } + } + if ($Request.query.CheckSetupProcess -and $request.query.step -eq 1) { + $SAMSetup = $Rows.SamSetup | ConvertFrom-Json -ErrorAction SilentlyContinue + $Token = (New-DeviceLogin -clientid '1b730954-1685-4b74-9bfd-dac224a7b894' -Scope 'https://graph.microsoft.com/.default' -device_code $SAMSetup.device_code) + if ($token.Access_Token) { + $step = 2 + $URL = ($Request.headers.'x-ms-original-url').split('?') | Select-Object -First 1 + $PartnerSetup = $Rows.partnersetup + $TenantId = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/organization' -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method GET -ContentType 'application/json').value.id + $SetupPhase = $rows.tenantid = [string]($TenantId) + Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null + if ($PartnerSetup) { + $app = Get-Content '.\Cache_SAMSetup\SAMManifest.json' | ConvertFrom-Json + $App.web.redirectUris = @($App.web.redirectUris + $URL) + $app = $app | ConvertTo-Json -Depth 15 + $AppId = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/applications' -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body $app -ContentType 'application/json') + $rows.appid = [string]($AppId.appId) + Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null + $attempt = 0 + do { try { - $SetupPhase = $rows.validated = $true - Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null + try { + $SPNDefender = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body "{ `"appId`": `"fc780465-2017-40d4-a0c5-307022471b92`" }" -ContentType 'application/json') + } catch { + Write-Host "didn't deploy spn for defender, probably already there." + } + try { + $SPNTeams = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body "{ `"appId`": `"48ac35b8-9aa8-4d74-927d-1f4a14a0b239`" }" -ContentType 'application/json') + } catch { + Write-Host "didn't deploy spn for Teams, probably already there." + } + $SPN = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body "{ `"appId`": `"$($AppId.appId)`" }" -ContentType 'application/json') + Start-Sleep 3 + $GroupID = (Invoke-RestMethod "https://graph.microsoft.com/v1.0/groups?`$filter=startswith(displayName,'AdminAgents')" -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method Get -ContentType 'application/json').value.id + Write-Host "Id is $GroupID" + $AddingToAdminAgent = (Invoke-RestMethod "https://graph.microsoft.com/v1.0/groups/$($GroupID)/members/`$ref" -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body "{ `"@odata.id`": `"https://graph.microsoft.com/v1.0/directoryObjects/$($SPN.id)`"}" -ContentType 'application/json') + Write-Host 'Added to adminagents' + $attempt ++ } catch { - #no need. + $attempt ++ } - } catch { - $Results = "Authentication failed. $($_.Exception.message)" - } + } until ($attempt -gt 5) + } else { + $app = Get-Content '.\Cache_SAMSetup\SAMManifestNoPartner.json' + $AppId = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/applications' -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body $app -ContentType 'application/json') + $rows.appid = [string]($AppId.appId) + Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null + } + $AppPassword = (Invoke-RestMethod "https://graph.microsoft.com/v1.0/applications/$($AppID.id)/addPassword" -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body '{"passwordCredential":{"displayName":"CIPPInstall"}}' -ContentType 'application/json').secretText + + + if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { + $Secret.TenantId = $Request.body.tenantid + $Secret.ApplicationId = $Request.body.ApplicationId + $Secret.ApplicationSecret = $Request.body.ApplicationSecret + Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force + } else { + Set-AzKeyVaultSecret -VaultName $kv -Name 'tenantid' -SecretValue (ConvertTo-SecureString -String $TenantId -AsPlainText -Force) + Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationid' -SecretValue (ConvertTo-SecureString -String $Appid.appid -AsPlainText -Force) + Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationsecret' -SecretValue (ConvertTo-SecureString -String $AppPassword -AsPlainText -Force) + } + $Results = @{'message' = 'Created application. Waiting 30 seconds for Azure propagation'; step = $step } + } else { + $step = 1 + $Results = @{ message = "Your code is $($SAMSetup.user_code). Enter the code " ; step = $step; url = $SAMSetup.verification_uri } } - if ($request.query.CreateSAM) { - $Rows = @{ - RowKey = 'setup' - PartitionKey = 'setup' - validated = $false - SamSetup = 'NotStarted' - partnersetup = $false - appid = 'NotStarted' - tenantid = 'NotStarted' - } - Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null - $Rows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Timestamp -GT (Get-Date).AddMinutes(-10) - - if ($Request.query.partnersetup) { - $SetupPhase = $Rows.partnersetup = $true - Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null - } - $step = 1 - $DeviceLogon = New-DeviceLogin -clientid '1b730954-1685-4b74-9bfd-dac224a7b894' -Scope 'https://graph.microsoft.com/.default' -FirstLogon - $SetupPhase = $rows.SamSetup = [string]($DeviceLogon | ConvertTo-Json) - Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null - $Results = @{ message = "Your code is $($DeviceLogon.user_code). Enter the code" ; step = $step; url = $DeviceLogon.verification_uri } + + } + switch ($request.query.step) { + 2 { + $step = 2 + $TenantId = $Rows.tenantid + $AppID = $rows.appid + $PartnerSetup = $Rows.partnersetup + $SetupPhase = $rows.SamSetup = [string]($FirstLogonRefreshtoken | ConvertTo-Json) + Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null + $URL = ($Request.headers.'x-ms-original-url').split('?') | Select-Object -First 1 + $Validated = $Rows.validated + if ($Validated) { $step = 3 } + $Results = @{ message = 'Give the next approval by clicking ' ; step = $step; url = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/authorize?scope=https://graph.microsoft.com/.default+offline_access+openid+profile&response_type=code&client_id=$($appid)&redirect_uri=$($url)" } } - if ($Request.query.CheckSetupProcess -and $request.query.step -eq 1) { - $SAMSetup = $Rows.SamSetup | ConvertFrom-Json -ErrorAction SilentlyContinue - $Token = (New-DeviceLogin -clientid '1b730954-1685-4b74-9bfd-dac224a7b894' -Scope 'https://graph.microsoft.com/.default' -device_code $SAMSetup.device_code) - if ($token.Access_Token) { - $step = 2 - $URL = ($Request.headers.'x-ms-original-url').split('?') | Select-Object -First 1 - $PartnerSetup = $Rows.partnersetup - $TenantId = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/organization' -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method GET -ContentType 'application/json').value.id - $SetupPhase = $rows.tenantid = [string]($TenantId) - Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null - if ($PartnerSetup) { - $app = Get-Content '.\Cache_SAMSetup\SAMManifest.json' | ConvertFrom-Json - $App.web.redirectUris = @($App.web.redirectUris + $URL) - $app = $app | ConvertTo-Json -Depth 15 - $AppId = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/applications' -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body $app -ContentType 'application/json') - $rows.appid = [string]($AppId.appId) - Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null - $attempt = 0 - do { - try { - try { - $SPNDefender = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body "{ `"appId`": `"fc780465-2017-40d4-a0c5-307022471b92`" }" -ContentType 'application/json') - } catch { - Write-Host "didn't deploy spn for defender, probably already there." - } - try { - $SPNTeams = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body "{ `"appId`": `"48ac35b8-9aa8-4d74-927d-1f4a14a0b239`" }" -ContentType 'application/json') - } catch { - Write-Host "didn't deploy spn for Teams, probably already there." - } - $SPN = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/servicePrincipals' -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body "{ `"appId`": `"$($AppId.appId)`" }" -ContentType 'application/json') - Start-Sleep 3 - $GroupID = (Invoke-RestMethod "https://graph.microsoft.com/v1.0/groups?`$filter=startswith(displayName,'AdminAgents')" -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method Get -ContentType 'application/json').value.id - Write-Host "Id is $GroupID" - $AddingToAdminAgent = (Invoke-RestMethod "https://graph.microsoft.com/v1.0/groups/$($GroupID)/members/`$ref" -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body "{ `"@odata.id`": `"https://graph.microsoft.com/v1.0/directoryObjects/$($SPN.id)`"}" -ContentType 'application/json') - Write-Host 'Added to adminagents' - $attempt ++ - } catch { - $attempt ++ - } - } until ($attempt -gt 5) - } else { - $app = Get-Content '.\Cache_SAMSetup\SAMManifestNoPartner.json' - $AppId = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/applications' -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body $app -ContentType 'application/json') - $rows.appid = [string]($AppId.appId) - Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null - } - $AppPassword = (Invoke-RestMethod "https://graph.microsoft.com/v1.0/applications/$($AppID.id)/addPassword" -Headers @{ authorization = "Bearer $($Token.Access_Token)" } -Method POST -Body '{"passwordCredential":{"displayName":"CIPPInstall"}}' -ContentType 'application/json').secretText - Set-AzKeyVaultSecret -VaultName $kv -Name 'tenantid' -SecretValue (ConvertTo-SecureString -String $TenantId -AsPlainText -Force) - Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationid' -SecretValue (ConvertTo-SecureString -String $Appid.appid -AsPlainText -Force) - Set-AzKeyVaultSecret -VaultName $kv -Name 'applicationsecret' -SecretValue (ConvertTo-SecureString -String $AppPassword -AsPlainText -Force) - $Results = @{'message' = 'Created application. Waiting 30 seconds for Azure propagation'; step = $step } - } else { - $step = 1 - $Results = @{ message = "Your code is $($SAMSetup.user_code). Enter the code " ; step = $step; url = $SAMSetup.verification_uri } - } - + 3 { + + $step = 4 + $Results = @{'message' = 'Received token.'; step = $step } + + } - switch ($request.query.step) { - 2 { - $step = 2 - $TenantId = $Rows.tenantid - $AppID = $rows.appid - $PartnerSetup = $Rows.partnersetup - $SetupPhase = $rows.SamSetup = [string]($FirstLogonRefreshtoken | ConvertTo-Json) - Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null - $URL = ($Request.headers.'x-ms-original-url').split('?') | Select-Object -First 1 - $Validated = $Rows.validated - if ($Validated) { $step = 3 } - $Results = @{ message = 'Give the next approval by clicking ' ; step = $step; url = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/authorize?scope=https://graph.microsoft.com/.default+offline_access+openid+profile&response_type=code&client_id=$($appid)&redirect_uri=$($url)" } - } - 3 { - - $step = 4 - $Results = @{'message' = 'Received token.'; step = $step } - - - } - 4 { - Remove-AzDataTableEntity @Table -Entity $Rows - - $step = 5 - $Results = @{'message' = 'setup completed.'; step = $step - } - } + 4 { + Remove-AzDataTableEntity @Table -Entity $Rows + + $step = 5 + $Results = @{'message' = 'setup completed.'; step = $step + } } + } - } catch { - $Results = [pscustomobject]@{'Results' = "Failed. $($_.InvocationInfo.ScriptLineNumber): $($_.Exception.message)" ; step = $step } - } + } catch { + $Results = [pscustomobject]@{'Results' = "Failed. $($_.InvocationInfo.ScriptLineNumber): $($_.Exception.message)" ; step = $step } + } - # Associate values to output bindings by calling 'Push-OutputBinding'. - Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = $Results - }) + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $Results + }) } diff --git a/Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1 b/Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1 index 97a499bdfc82..0d3092fc54c3 100644 --- a/Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1 @@ -2,23 +2,35 @@ function Get-CIPPAuthentication { [CmdletBinding()] param ( - $APIName = "Get Keyvault Authentication" + $APIName = 'Get Keyvault Authentication' ) + $Variables = @('ApplicationId', 'ApplicationSecret', 'TenantId', 'RefreshToken') try { - Connect-AzAccount -Identity - - @('ApplicationId','ApplicationSecret','TenantId','RefreshToken') | Foreach-Object { - Set-Item -path ENV:$_ -value (Get-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name $_ -AsPlainText -ErrorAction Stop) -Force + if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { + $Table = Get-CIPPTable -tablename 'DevSecrets' + $Secret = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'" + if (!$Secret) { + throw 'Development variables not set' + } + foreach ($Var in $Variables) { + if ($Secret.$Var) { + Set-Item -Path ENV:$Var -Value $Secret.$Var -Force -ErrorAction Stop + } + } + } else { + Connect-AzAccount -Identity + + $Variables | ForEach-Object { + Set-Item -Path ENV:$_ -Value (Get-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name $_ -AsPlainText -ErrorAction Stop) -Force + } } - $ENV:SetFromProfile = $true - Write-LogMessage -message "Reloaded authentication data from KeyVault" -Sev 'debug' -API "CIPP Authentication" + Write-LogMessage -message 'Reloaded authentication data from KeyVault' -Sev 'debug' -API 'CIPP Authentication' - return $true - } - catch { - Write-LogMessage -message "Could not retrieve keys from Keyvault: $($_.Exception.Message)" -Sev 'CRITICAL' -API "CIPP Authentication" + return $true + } catch { + Write-LogMessage -message "Could not retrieve keys from Keyvault: $($_.Exception.Message)" -Sev 'CRITICAL' -API 'CIPP Authentication' return $false } } diff --git a/UpdateTokens/run.ps1 b/UpdateTokens/run.ps1 index 8f80a365bbb3..ed20d6a67fbf 100644 --- a/UpdateTokens/run.ps1 +++ b/UpdateTokens/run.ps1 @@ -6,18 +6,26 @@ $currentUTCtime = (Get-Date).ToUniversalTime() $Refreshtoken = (Get-GraphToken -ReturnRefresh $true).Refresh_token -if ($env:MSI_SECRET) { - Disable-AzContextAutosave -Scope Process | Out-Null - $AzSession = Connect-AzAccount -Identity -} - -$KV = $ENV:WEBSITE_DEPLOYMENT_ID - -if ($Refreshtoken) { - Set-AzKeyVaultSecret -VaultName $kv -Name 'RefreshToken' -SecretValue (ConvertTo-SecureString -String $Refreshtoken -AsPlainText -Force) -} -else { - Write-LogMessage -message "Could not update refresh token. Will try again in 7 days." -sev "CRITICAL" +if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') { + $Table = Get-CIPPTable -tablename 'DevSecrets' + $Secret = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'" + if ($Secret) { + $Secret.RefreshToken = $Refreshtoken + Add-AzDataTableEntity @Table -Entity $Secret + } else { + Write-LogMessage -message 'Could not update refresh token. Will try again in 7 days.' -sev 'CRITICAL' + } +} else { + if ($env:MSI_SECRET) { + Disable-AzContextAutosave -Scope Process | Out-Null + $AzSession = Connect-AzAccount -Identity + } + $KV = $ENV:WEBSITE_DEPLOYMENT_ID + if ($Refreshtoken) { + Set-AzKeyVaultSecret -VaultName $kv -Name 'RefreshToken' -SecretValue (ConvertTo-SecureString -String $Refreshtoken -AsPlainText -Force) + } else { + Write-LogMessage -message 'Could not update refresh token. Will try again in 7 days.' -sev 'CRITICAL' + } } # Write an information log with the current time. From daa89c8735a577996d40ffa1649a5c24f0176e61 Mon Sep 17 00:00:00 2001 From: Roel van der Wegen Date: Wed, 21 Feb 2024 10:14:31 +0100 Subject: [PATCH 045/243] Minor wording fix --- Modules/DNSHealth/1.0.7/DNSHealth.psm1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/DNSHealth/1.0.7/DNSHealth.psm1 b/Modules/DNSHealth/1.0.7/DNSHealth.psm1 index b69e40274c16..749a158a5fa6 100644 --- a/Modules/DNSHealth/1.0.7/DNSHealth.psm1 +++ b/Modules/DNSHealth/1.0.7/DNSHealth.psm1 @@ -1179,7 +1179,7 @@ function Read-MXRecord { catch { Write-Verbose $_.Exception.Message } } - $ValidationPasses.Add('Mail exchanger records record(s) are present for this domain.') | Out-Null + $ValidationPasses.Add('Mail exchanger record(s) are present for this domain.') | Out-Null $MXRecords = $MXRecords | Sort-Object -Property Priority # Attempt to identify mail provider based on MX record From 9a86a42e653322f9660948e47b939e155587a759 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 21 Feb 2024 11:39:37 +0100 Subject: [PATCH 046/243] add urlonly --- Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 index 9a0d7a228765..51f31ef28b70 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 @@ -52,6 +52,10 @@ Function Invoke-ListSites { $StatusCode = [HttpStatusCode]::Forbidden $GraphRequest = $ErrorMessage } + if ($Request.query.URLOnly -eq 'true') { + $GraphRequest = $GraphRequest | Where-Object { $null -ne $_.URL } + } + # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode From 38533bd7543aa75bc4bfb3f18e749702a8f103a4 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 21 Feb 2024 11:57:11 +0100 Subject: [PATCH 047/243] solves issue with deleting templates by overwriting the guid. --- .../Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 index abd31c65b7cd..d9c02d090fb2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListIntuneTemplates.ps1 @@ -32,8 +32,8 @@ Function Invoke-ListIntuneTemplates { $data = $_.RAWJson | ConvertFrom-Json $data | Add-Member -NotePropertyName 'displayName' -NotePropertyValue $_.Displayname -Force $data | Add-Member -NotePropertyName 'description' -NotePropertyValue $_.Description -Force - $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $_.Type - $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID + $data | Add-Member -NotePropertyName 'Type' -NotePropertyValue $_.Type -Force + $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID -Force $data } | Sort-Object -Property displayName } From 70c051eca557652a9e1859a295740ff0d00e4476 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 21 Feb 2024 13:06:44 +0100 Subject: [PATCH 048/243] add device actions --- .../Entrypoints/Invoke-ExecDeviceDelete.ps1 | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceDelete.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceDelete.ps1 new file mode 100644 index 000000000000..843764a6d5d4 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceDelete.ps1 @@ -0,0 +1,35 @@ +using namespace System.Net + +Function Invoke-ExecDeviceDelete { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + # Interact with query parameters or the body of the request. + + + try { + $url = "https://graph.microsoft.com/beta/devices/$($request.query.id)" + if ($Request.query.action -eq 'delete') { + $ActionResult = New-GraphPOSTRequest -uri $url -type DELETE -tenantid $Request.Query.TenantFilter + } else { + $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": false }' + } + $body = [pscustomobject]@{'Results' = "Executed action $($Request.query.action) on $($Request.query.id)" } + } catch { + $body = [pscustomobject]@{'Results' = "Failed to queue action $($Request.query.action) on $($request.query.id): $($_.Exception.Message)" } + } + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $body + }) + +} From d5d762dab618804a8cb51ef90f4549dccb3c6133 Mon Sep 17 00:00:00 2001 From: jonc3tech <153545031+jonc3tech@users.noreply.github.com> Date: Wed, 21 Feb 2024 14:25:58 -0500 Subject: [PATCH 049/243] adds check for basic complexity requirements to New-passworstring --- .../Public/GraphHelper/New-passwordString.ps1 | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/New-passwordString.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-passwordString.ps1 index 6793c5cc17b3..5869c370108e 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-passwordString.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-passwordString.ps1 @@ -13,6 +13,23 @@ function New-passwordString { $Words = Get-Content .\words.txt (Get-Random -InputObject $words -Count 4) -join '-' } else { - -join ('abcdefghkmnrstuvwxyzABCDEFGHKLMNPRSTUVWXYZ23456789$%&*#'.ToCharArray() | Get-Random -Count $count) + # Generate a complex password with a maximum of 100 tries + $maxTries = 100 + $tryCount = 0 + + do { + $Password = -join ('abcdefghkmnrstuvwxyzABCDEFGHKLMNPRSTUVWXYZ23456789$%&*#'.ToCharArray() | Get-Random -Count $count) + + $containsUppercase = $Password -cmatch '[A-Z]' + $containsLowercase = $Password -cmatch '[a-z]' + $containsDigit = $Password -cmatch '\d' + $containsSpecialChar = $Password -cmatch "[$%&*#]" + + $isComplex = $containsUppercase -and $containsLowercase -and $containsDigit -and $containsSpecialChar + + $tryCount++ + } while (!$isComplex -and ($tryCount -lt $maxTries)) + + $Password } } From 725e7bb3eee1d16795dcd8ca2e7b671863f03d9b Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 21 Feb 2024 16:59:02 -0500 Subject: [PATCH 050/243] Cleanup graph explorer import/export --- .../Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 index b4d51d4f5d18..883d43e2fce6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 @@ -21,21 +21,25 @@ Function Invoke-ExecGraphExplorerPreset { $Id = (New-Guid).Guid } 'Save' { - $Id = $Request.Body.values.reportTemplate.value + $Id = $Request.Body.preset.reportTemplate.value } 'Delete' { - $Id = $Request.Body.values.reportTemplate.value + $Id = $Request.Body.preset.reportTemplate.value + } + default { + $Request.Body.Action = 'Copy' + $Id = (New-Guid).Guid } } - $params = $Request.Body.values | Select-Object endpoint, '$filter', '$select', '$count', '$expand', '$search', NoPagination, '$top', IsShared + $params = $Request.Body.preset | Select-Object endpoint, '$filter', '$select', '$count', '$expand', '$search', NoPagination, '$top', IsShared $Preset = [PSCustomObject]@{ PartitionKey = 'Preset' RowKey = [string]$Id id = [string]$Id - name = [string]$Request.Body.values.name + name = [string]$Request.Body.preset.name Owner = [string]$Username - IsShared = $Request.Body.values.IsShared + IsShared = $Request.Body.preset.IsShared params = [string](ConvertTo-Json -InputObject $params -Compress) } From a2df2906eb7ef8ce65173801b7560ea877748eea Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Thu, 22 Feb 2024 11:23:16 +0100 Subject: [PATCH 051/243] added force writes --- .../NinjaOne/Invoke-NinjaOneTenantSync.ps1 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 index 05b4ecbcaaac..295e3289cd20 100644 --- a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 +++ b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 @@ -653,7 +653,7 @@ function Invoke-NinjaOneTenantSync { M365ID = $device.id } $DeviceMap.Add($DeviceMapItem) - Add-CIPPAzDataTableEntity @DeviceMapTable -Entity $DeviceMapItem + Add-CIPPAzDataTableEntity @DeviceMapTable -Entity $DeviceMapItem -Force } elseif ($MappedDevice.NinjaOneID -ne $MatchedNinjaDevice.id) { $MappedDevice.NinjaOneID = $MatchedNinjaDevice.id @@ -742,7 +742,7 @@ function Invoke-NinjaOneTenantSync { PartitionKey = $Customer.CustomerId RowKey = $device.AzureADDeviceId RawDevice = "$($ParsedDevice | ConvertTo-Json -Depth 100 -Compress)" - } + } -Force $ParsedDevices.add($ParsedDevice) @@ -1264,7 +1264,7 @@ function Invoke-NinjaOneTenantSync { } - Add-CIPPAzDataTableEntity @UsersTable -Entity $ParsedUser + Add-CIPPAzDataTableEntity @UsersTable -Entity $ParsedUser -Force $ParsedUsers.add($ParsedUser) @@ -1330,7 +1330,7 @@ function Invoke-NinjaOneTenantSync { } | ConvertTo-Json -Depth 100)" } $NinjaUserUpdates.Add($UpdateObject) - Add-CIPPAzDataTableEntity @UsersUpdateTable -Entity $UpdateObject + Add-CIPPAzDataTableEntity @UsersUpdateTable -Entity $UpdateObject -Force } else { $CreateObject = [PSCustomObject]@{ @@ -1345,7 +1345,7 @@ function Invoke-NinjaOneTenantSync { } | ConvertTo-Json -Depth 100)" } $NinjaUserCreation.Add($CreateObject) - Add-CIPPAzDataTableEntity @UsersUpdateTable -Entity $CreateObject + Add-CIPPAzDataTableEntity @UsersUpdateTable -Entity $CreateObject -Force } @@ -1399,7 +1399,7 @@ function Invoke-NinjaOneTenantSync { M365ID = $Field.value } $UsersMap.Add($UserMapItem) - Add-CIPPAzDataTableEntity @UsersMapTable -Entity $UserMapItem + Add-CIPPAzDataTableEntity @UsersMapTable -Entity $UserMapItem -Force } elseif ($MappedUser.NinjaOneID -ne $UserDoc.documentId) { $MappedUser.NinjaOneID = $UserDoc.documentId @@ -1476,7 +1476,7 @@ function Invoke-NinjaOneTenantSync { M365ID = $Field.value } $UsersMap.Add($UserMapItem) - Add-CIPPAzDataTableEntity @UsersMapTable -Entity $UserMapItem + Add-CIPPAzDataTableEntity @UsersMapTable -Entity $UserMapItem -Force } elseif ($MappedUser.NinjaOneID -ne $UserDoc.documentId) { $MappedUser.NinjaOneID = $UserDoc.documentId From 2e4d9fc2c3c864e926d481ea0a40e6210dc375fa Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Thu, 22 Feb 2024 11:54:07 +0100 Subject: [PATCH 052/243] continue on failed conversion --- .../CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 index 295e3289cd20..971adfcddfb9 100644 --- a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 +++ b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 @@ -2039,7 +2039,7 @@ function Invoke-NinjaOneTenantSync { ### Fetch BPA Data $Table = get-cipptable 'cachebpav2' - $BPAData = (Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq '$($Customer.customerId)' and RowKey eq 'CIPP Best Practices v1.0 - Table view'") + $BPAData = (Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq '$($Customer.customerId)'") if ($Null -ne $BPAData.Timestamp) { ## BPA Data Widgets @@ -2062,7 +2062,7 @@ function Invoke-NinjaOneTenantSync { # Unused Licenses $WidgetData.add([PSCustomObject]@{ Value = $( - $BPAUnusedLicenses = (($BpaData.Unusedlicenses | ConvertFrom-Json).availableUnits | Measure-Object -Sum).sum + $BPAUnusedLicenses = (($BpaData.Unusedlicenses | ConvertFrom-Json -ErrorAction SilentlyContinue).availableUnits | Measure-Object -Sum).sum if ($BPAUnusedLicenses -ne 0) { $ResultColour = '#D53948' } else { @@ -2308,7 +2308,8 @@ function Invoke-NinjaOneTenantSync { Get-NormalizedError -Message $_.ErrorDetails.Message } else { $_.Exception.message - } Write-Error "Failed NinjaOne Processing for $($Customer.displayName) Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $Message" + } + Write-Error "Failed NinjaOne Processing for $($Customer.displayName) Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $Message" Write-LogMessage -API 'NinjaOneSync' -user 'NinjaOneSync' -message "Failed NinjaOne Processing for $($Customer.displayName) Linenumber: $($_.InvocationInfo.ScriptLineNumber) Error: $Message" -Sev 'Error' $CurrentItem | Add-Member -NotePropertyName lastEndTime -NotePropertyValue ([string]$((Get-Date).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffZ'))) -Force $CurrentItem | Add-Member -NotePropertyName lastStatus -NotePropertyValue 'Failed' -Force From 30c8959d4471833321819d07ce6e367f7e6e6ba2 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Thu, 22 Feb 2024 12:04:17 +0100 Subject: [PATCH 053/243] update to latest bpa --- Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 index 971adfcddfb9..5ea8ce7755c9 100644 --- a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 +++ b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 @@ -2072,7 +2072,7 @@ function Invoke-NinjaOneTenantSync { ) Description = 'Unused Licenses' Colour = $ResultColour - Link = "https://$CIPPUrl/tenant/standards/bpa-report?SearchNow=true&Report=CIPP+Best+Practices+v1.0+-+Tenant+view&tenantFilter=$($Customer.customerId)" + Link = "https://$CIPPUrl/tenant/standards/bpa-report?SearchNow=true&Report=CIPP+Best+Practices+v1.5+-+Tenant+view&tenantFilter=$($Customer.customerId)" }) @@ -2103,7 +2103,7 @@ function Invoke-NinjaOneTenantSync { ) Description = 'Password Never Expires' Colour = $ResultColour - Link = "https://$CIPPUrl/tenant/standards/bpa-report?SearchNow=true&Report=CIPP+Best+Practices+v1.0+-+Tenant+view&tenantFilter=$($Customer.customerId)" + Link = "https://$CIPPUrl/tenant/standards/bpa-report?SearchNow=true&Report=CIPP+Best+Practices+v1.5+-+Tenant+view&tenantFilter=$($Customer.customerId)" }) # oAuth App Consent From 4c1c0bc29dbe8cd9ef247f59cea8f0e19e3d7f10 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Thu, 22 Feb 2024 16:15:19 +0100 Subject: [PATCH 054/243] deduplication fix --- .../Entrypoints/Push-SchedulerAlert.ps1 | 13 ------------ .../Public/GraphHelper/Write-AlertMessage.ps1 | 20 ++++++++++--------- 2 files changed, 11 insertions(+), 22 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 index d9800f40a34a..8955adccb16c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 @@ -23,19 +23,6 @@ function Push-SchedulerAlert { } Push-OutputBinding -Name QueueItemOut -Value $QueueItem } - - $Table = Get-CIPPTable - $PartitionKey = Get-Date -UFormat '%Y%m%d' - $Filter = "PartitionKey eq '{0}' and Tenant eq '{1}'" -f $PartitionKey, $tenant.tenant - $currentlog = Get-CIPPAzDataTableEntity @Table -Filter $Filter - - $AlertsTable = Get-CIPPTable -Table cachealerts - $CurrentAlerts = (Get-CIPPAzDataTableEntity @AlertsTable -Filter $Filter) - $CurrentAlerts | ForEach-Object { - if ($_.Message -notin $currentlog.Message) { Write-LogMessage -message $_.Message -API 'Alerts' -tenant $tenant.tenant -sev Alert -tenantid $Tenant.tenantid } - Remove-AzDataTableEntity @AlertsTable -Entity $_ | Out-Null - } - } catch { $Message = 'Exception on line {0} - {1}' -f $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message Write-LogMessage -message $Message -API 'Alerts' -tenant $tenant.tenant -sev Error diff --git a/Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 b/Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 index 567f1c05cb77..0636fb67ccbe 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 @@ -3,14 +3,16 @@ function Write-AlertMessage($message, $tenant = 'None', $tenantId = $null) { .FUNCTIONALITY Internal #> - $Table = Get-CIPPTable -tablename cachealerts - $PartitionKey = (Get-Date -UFormat '%Y%m%d').ToString() - $TableRow = @{ - 'Tenant' = [string]$tenant - 'Message' = [string]$message - 'PartitionKey' = $PartitionKey - 'RowKey' = ([guid]::NewGuid()).ToString() + #Do duplicate detection, if no duplicate, write. + $Table = Get-CIPPTable -tablename CippLogs + $PartitionKey = Get-Date -UFormat '%Y%m%d' + $Filter = "PartitionKey eq '{0}' and Message eq '{1}' and Tenant eq '{2}'" -f $PartitionKey, $message.Replace("'", "''"), $tenant + $ExistingMessage = Get-CIPPAzDataTableEntity @Table -Filter $Filter + if (!$ExistingMessage) { + Write-Host 'No duplicate message found, writing to log' + Write-LogMessage -message $message -tenant $tenant -sev 'Alert' -tenantId $tenantId -user 'CIPP' + } else { + Write-Host 'Alerts: Duplicate entry found, not writing to log' + } - $Table.Entity = $TableRow - Add-CIPPAzDataTableEntity @Table | Out-Null } \ No newline at end of file From 71e9e7dcef9593a1aa74a792a886b46bd8d3db65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Thu, 22 Feb 2024 22:42:23 +0100 Subject: [PATCH 055/243] Change parameter that does not exist --- .../Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 index 7d5bb92bfad5..e9182bb95717 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 @@ -13,9 +13,9 @@ function Invoke-CIPPStandardPasswordExpireDisabled { $DomainswithoutPassExpire | ForEach-Object { try { New-GraphPostRequest -type Patch -tenantid $Tenant -uri "https://graph.microsoft.com/beta/domains/$($_.id)" -body '{"passwordValidityPeriodInDays": 2147483647 }' - Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled Password Expiration for $($_.name)." -sev Info + Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled Password Expiration for $($_.id)." -sev Info } catch { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Password Expiration for $($_.name). Error: $($_.exception.message)" -sev Error + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Password Expiration for $($_.id). Error: $($_.exception.message)" -sev Error } } } else { @@ -26,7 +26,7 @@ function Invoke-CIPPStandardPasswordExpireDisabled { if ($Settings.alert) { if ($DomainswithoutPassExpire) { - Write-LogMessage -API 'Standards' -tenant $tenant -message "Password Expiration is not disabled for the following $($DomainswithoutPassExpire.Count) domains: $($DomainswithoutPassExpire -join ', ')" -sev Alert + Write-LogMessage -API 'Standards' -tenant $tenant -message "Password Expiration is not disabled for the following $($DomainswithoutPassExpire.Count) domains: $($DomainswithoutPassExpire.id -join ', ')" -sev Alert } else { Write-LogMessage -API 'Standards' -tenant $tenant -message "Password Expiration is disabled for all $($GraphRequest.Count) domains." -sev Info } From 2ed22c6ada1d4793a71656c9f4af15e5967a3037 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Thu, 22 Feb 2024 22:47:32 +0100 Subject: [PATCH 056/243] fix schedule task waits --- .../Entrypoints/Push-SchedulerAlert.ps1 | 21 ++++++++++++++----- .../NinjaOne/Invoke-NinjaOneTenantSync.ps1 | 6 ++---- .../Public/Get-ExtensionRateLimit.ps1 | 8 +++---- 3 files changed, 22 insertions(+), 13 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 index 8955adccb16c..81b9acf6a8ae 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 @@ -16,12 +16,23 @@ function Push-SchedulerAlert { $IgnoreList = @('Etag', 'PartitionKey', 'Timestamp', 'RowKey', 'tenantid', 'tenant', 'type') $alertList = $Alerts | Select-Object * -ExcludeProperty $IgnoreList foreach ($task in ($AlertList.psobject.members | Where-Object { $_.MemberType -EQ 'NoteProperty' -and $_.value -eq $True }).name) { - $QueueItem = [pscustomobject]@{ - tenant = $tenant.tenant - tenantid = $tenant.tenantid - FunctionName = "CIPPAlert$($Task)" + $Table = Get-CIPPTable -TableName AlertRunCheck + $Filter = "PartitionKey eq '{0}' and RowKey eq '{1}' and Timestamp ge datetime'{2}'" -f $tenant.tenant, $task, (Get-Date).AddMinutes(-10).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss') + $ExistingMessage = Get-CIPPAzDataTableEntity @Table -Filter $Filter + if (!$ExistingMessage) { + $QueueItem = [pscustomobject]@{ + tenant = $tenant.tenant + tenantid = $tenant.tenantid + FunctionName = "CIPPAlert$($Task)" + } + Push-OutputBinding -Name QueueItemOut -Value $QueueItem + $QueueItem | Add-Member -MemberType NoteProperty -Name 'RowKey' -Value $task + $QueueItem | Add-Member -MemberType NoteProperty -Name 'PartitionKey' -Value $tenant.tenant + Add-CIPPAzDataTableEntity @Table -Entity $QueueItem -Force + } else { + Write-Host 'Alerts: Duplicate entry found, not writing to log' } - Push-OutputBinding -Name QueueItemOut -Value $QueueItem + } } catch { $Message = 'Exception on line {0} - {1}' -f $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message diff --git a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 index 5ea8ce7755c9..ad3e211cc633 100644 --- a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 +++ b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 @@ -7,11 +7,9 @@ function Invoke-NinjaOneTenantSync { $StartQueueTime = Get-Date Write-Host "$(Get-Date) - Starting NinjaOne Sync" - # Stagger start - Start-Sleep -Milliseconds (Get-Random -Minimum 0 -Maximum 5001) - + # Stagger start # Check Global Rate Limiting - $CurrentMap = Get-ExtensionRateLimit -ExtensionName 'NinjaOne' -ExtensionPartitionKey 'NinjaOrgsMapping' -RateLimit 5 -WaitTime 60 + $CurrentMap = Get-ExtensionRateLimit -ExtensionName 'NinjaOne' -ExtensionPartitionKey 'NinjaOrgsMapping' -RateLimit 5 -WaitTime 10 $StartTime = Get-Date diff --git a/Modules/CippExtensions/Public/Get-ExtensionRateLimit.ps1 b/Modules/CippExtensions/Public/Get-ExtensionRateLimit.ps1 index 069dec362229..2a0e718402f4 100644 --- a/Modules/CippExtensions/Public/Get-ExtensionRateLimit.ps1 +++ b/Modules/CippExtensions/Public/Get-ExtensionRateLimit.ps1 @@ -3,14 +3,14 @@ function Get-ExtensionRateLimit($ExtensionName, $ExtensionPartitionKey, $RateLim $MappingTable = Get-CIPPTable -TableName CippMapping $CurrentMap = (Get-CIPPAzDataTableEntity @MappingTable -Filter "PartitionKey eq '$ExtensionPartitionKey'") $CurrentMap | ForEach-Object { - if ($Null -ne $_.lastEndTime -and $_.lastEndTime -ne ''){ - $_.lastEndTime = (Get-Date($_.lastEndTime)) + if ($Null -ne $_.lastEndTime -and $_.lastEndTime -ne '') { + $_.lastEndTime = (Get-Date($_.lastEndTime)) } else { $_ | Add-Member -NotePropertyName lastEndTime -NotePropertyValue $Null -Force } if ($Null -ne $_.lastStartTime -and $_.lastStartTime -ne '') { - $_.lastStartTime = (Get-Date($_.lastStartTime)) + $_.lastStartTime = (Get-Date($_.lastStartTime)) } else { $_ | Add-Member -NotePropertyName lastStartTime -NotePropertyValue $Null -Force } @@ -18,7 +18,7 @@ function Get-ExtensionRateLimit($ExtensionName, $ExtensionPartitionKey, $RateLim # Check Global Rate Limiting try { - $ActiveJobs = $CurrentMap | Where-Object { ($Null -ne $_.lastStartTime) -and ($_.lastStartTime -gt (Get-Date).AddMinutes(-10)) -and ($Null -eq $_.lastEndTime -or $_.lastStartTime -gt $_.lastEndTime) } + $ActiveJobs = $CurrentMap | Where-Object { ($Null -ne $_.lastStartTime) -and ($_.lastStartTime -gt (Get-Date).AddMinutes(-10)) -and ($Null -eq $_.lastEndTime -or $_.lastStartTime -gt $_.lastEndTime) } } catch { $ActiveJobs = 'FirstRun' } From 4fffd5853c2cd65ac197065b3445cb591084fc03 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Thu, 22 Feb 2024 22:52:22 +0100 Subject: [PATCH 057/243] write host added --- Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 index 81b9acf6a8ae..540e7c175c9b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 @@ -26,11 +26,11 @@ function Push-SchedulerAlert { FunctionName = "CIPPAlert$($Task)" } Push-OutputBinding -Name QueueItemOut -Value $QueueItem - $QueueItem | Add-Member -MemberType NoteProperty -Name 'RowKey' -Value $task - $QueueItem | Add-Member -MemberType NoteProperty -Name 'PartitionKey' -Value $tenant.tenant + $QueueItem | Add-Member -MemberType NoteProperty -Name 'RowKey' -Value $task -Force + $QueueItem | Add-Member -MemberType NoteProperty -Name 'PartitionKey' -Value $tenant.tenant -Force Add-CIPPAzDataTableEntity @Table -Entity $QueueItem -Force } else { - Write-Host 'Alerts: Duplicate entry found, not writing to log' + Write-Host 'ALERTS: Duplicate run found. Ignoring. Tenant: {0}, Task: {1}' -f $tenant.tenant, $task } } From 4b73b1a7b6f4ce61f12f4f98a514f06d9fbfdb05 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 22 Feb 2024 17:08:32 -0500 Subject: [PATCH 058/243] Add ListProperties query parameter --- .../Entrypoints/Invoke-ListGraphRequest.ps1 | 24 +++++++++++++++---- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 index 2e32585d341d..04106b6dfc5c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 @@ -93,17 +93,31 @@ function Invoke-ListGraphRequest { $GraphRequestParams.SkipCache = [System.Boolean]$Request.Query.SkipCache } + if ($Request.Query.ListProperties) { + $GraphRequestParams.NoPagination = $true + $GraphRequestParams.Parameters.'$select' = '' + if ($Request.Query.TenantFilter -eq 'AllTenants') { + $GraphRequestParams.TenantFilter = (Get-Tenants | Select-Object -First 1).customerId + } + } + Write-Host ($GraphRequestParams | ConvertTo-Json) $Metadata = $GraphRequestParams try { $Results = Get-GraphRequestList @GraphRequestParams - if ($Results.Queued -eq $true) { - $Metadata.Queued = $Results.Queued - $Metadata.QueueMessage = $Results.QueueMessage - $Metadata.QueuedId = $Results.QueueId - $Results = @() + + if ($Request.Query.ListProperties) { + $Columns = ($Results | Select-Object -First 1).PSObject.Properties.Name + $Results = $Columns | Where-Object { @('Tenant', 'CippStatus') -notcontains $_ } + } else { + if ($Results.Queued -eq $true) { + $Metadata.Queued = $Results.Queued + $Metadata.QueueMessage = $Results.QueueMessage + $Metadata.QueuedId = $Results.QueueId + $Results = @() + } } $GraphRequestData = [PSCustomObject]@{ Results = @($Results) From 81278a1182c17deadd93be323c51c1564a959b40 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 22 Feb 2024 18:42:57 -0500 Subject: [PATCH 059/243] Queue statistics tracking --- .../Public/Entrypoints/Push-CIPPStandard.ps1 | 8 +++-- .../GraphHelper/Write-CippFunctionStats.ps1 | 34 +++++++++++++++++++ Modules/CippEntrypoints/CippEntrypoints.psm1 | 21 +++++++++++- 3 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 index 03848da177c9..89a9024a9389 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 @@ -8,5 +8,9 @@ function Push-CIPPStandard { $Standard = $QueueItem.Standard $FunctionName = 'Invoke-CIPPStandard{0}' -f $Standard Write-Host "We'll be running $FunctionName" - & $FunctionName -Tenant $Tenant -Settings $QueueItem.Settings -} \ No newline at end of file + try { + & $FunctionName -Tenant $Tenant -Settings $QueueItem.Settings -ErrorAction Stop + } catch { + throw $_.Exception.Message + } +} diff --git a/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 b/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 new file mode 100644 index 000000000000..020462605ea8 --- /dev/null +++ b/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 @@ -0,0 +1,34 @@ +function Write-CippFunctionStats { + <# + .FUNCTIONALITY + Internal + #> + Param( + [string]$FunctionType, + $Entity, + [DateTime]$Start, + [DateTime]$End, + [int]$Duration, + [string]$ErrorMsg = '' + ) + try { + $Table = Get-CIPPTable -tablename CippFunctionStats + $RowKey = [string](New-Guid).Guid + # Flatten data to json string + $Entity.PartitionKey = $FunctionType + $Entity.RowKey = $RowKey + $Entity.Start = $Start + $Entity.End = $End + $Entity.Duration = $Duration + $Entity.ErrorMsg = $ErrorMsg + $Entity = [PSCustomObject]$Entity + foreach ($Property in $Entity.PSObject.Properties.Name) { + if ($Entity.$Property.GetType().Name -in ('Hashtable', 'PSCustomObject')) { + $Entity.$Property = [string]($Entity.$Property | ConvertTo-Json -Compress) + } + } + Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force + } catch { + Write-Host "Exception logging stats $($_.Exception.Message)" + } +} diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index 7e376917303d..100f1c4cba27 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -19,6 +19,7 @@ function Receive-CippHttpTrigger { function Receive-CippQueueTrigger { Param($QueueItem, $TriggerMetadata) + $Start = (Get-Date).ToUniversalTime() $APIName = $TriggerMetadata.FunctionName Set-Location (Get-Item $PSScriptRoot).Parent.Parent.FullName $FunctionName = 'Push-{0}' -f $APIName @@ -26,8 +27,26 @@ function Receive-CippQueueTrigger { QueueItem = $QueueItem TriggerMetadata = $TriggerMetadata } + try { + & $FunctionName @QueueTrigger + } catch { + $ErrorMsg = $_.Exception.Message + } - & $FunctionName @QueueTrigger + $End = (Get-Date).ToUniversalTime() + $TimeSpan = New-TimeSpan -Start $Start -End $End + $Duration = [int]$TimeSpan.TotalSeconds + + $Stats = @{ + FunctionType = 'Queue' + Entity = $QueueItem + Start = $Start + End = $End + Duration = $Duration + ErrorMsg = $ErrorMsg + } + Write-Information '####### Adding stats' + Write-CippFunctionStats @Stats } Export-ModuleMember -Function @('Receive-CippHttpTrigger', 'Receive-CippQueueTrigger') From dad044e0fbfd630d0d440b024679f4978ee97f92 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 22 Feb 2024 22:38:48 -0500 Subject: [PATCH 060/243] Function Stats --- .../Entrypoints/Invoke-ListFunctionStats.ps1 | 96 +++++++++++++++++++ .../GraphHelper/Write-CippFunctionStats.ps1 | 4 +- Modules/CippEntrypoints/CippEntrypoints.psm1 | 3 - 3 files changed, 99 insertions(+), 4 deletions(-) create mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 new file mode 100644 index 000000000000..a9903b33ac16 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 @@ -0,0 +1,96 @@ +using namespace System.Net + +Function Invoke-ListFunctionStats { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + # Write to the Azure Functions log stream. + Write-Host 'PowerShell HTTP trigger function processed a request.' + # Interact with query parameters or the body of the request. + + try { + $TenantFilter = $Request.Query.TenantFilter + $PartitionKey = $Request.Query.FunctionType + + $Timestamp = if (![string]::IsNullOrEmpty($Request.Query.Interval) -and ![string]::IsNullOrEmpty($Request.Query.Time)) { + switch ($Request.Query.Interval) { + 'Days' { + (Get-Date).AddDays(-$Request.Query.Time).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffK') + } + 'Hours' { + (Get-Date).AddHours(-$Request.Query.Time).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffK') + } + 'Minutes' { + (Get-Date).AddMinutes(-$Request.Query.Time).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffK') + } + } + } else { + (Get-Date).AddDays(-1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffK') + } + $Table = Get-CIPPTable -tablename 'CippFunctionStats' + + if (!$PartitionKey) { $PartitionKey = 'Queue' } + if (![string]::IsNullOrEmpty($TenantFilter) -and $TenantFilter -ne 'AllTenants') { + $TenantQuery = " and (tenant eq '{0}' or Tenant eq '{0}' or Tenantid eq '{0}' or tenantid eq '{0}')" -f $TenantFilter + } else { + $TenantQuery = '' + } + $Filter = "PartitionKey eq '{0}' and Start ge datetime'{1}'{2}" -f $PartitionKey, $Timestamp, $TenantQuery + + $Entries = Get-CIPPAzDataTableEntity @Table -Filter $Filter + $FunctionList = $Entries | Group-Object -Property FunctionName + $StandardList = $Entries | Where-Object { $_.Standard } | Group-Object -Property Standard + $FunctionStats = foreach ($Function in $FunctionList) { + $Stats = $Function.Group | Measure-Object -Property Duration -AllStats + [PSCustomObject]@{ + 'Name' = $Function.Name + 'ExecutionCount' = $Function.Count + 'TotalSeconds' = $Stats.Sum + 'MaxSeconds' = $Stats.Maximum + 'AvgSeconds' = $Stats.Average + } + } + $StandardStats = foreach ($Standard in $StandardList) { + $Stats = $Standard.Group | Measure-Object -Property Duration -AllStats + [PSCustomObject]@{ + 'Name' = $Standard.Name + 'ExecutionCount' = $Standard.Count + 'TotalSeconds' = $Stats.Sum + 'MaxSeconds' = $Stats.Maximum + 'AvgSeconds' = $Stats.Average + } + } + $Status = [HttpStatusCode]::OK + $Body = @{ + Results = @{ + Functions = @($FunctionStats) + Standards = @($StandardStats) + } + Metadata = @{ + Filter = $Filter + } + } + } catch { + $Status = [HttpStatusCode]::BadRequest + $Body = @{ + Results = @() + Metadata = @{ + Filter = $Filter + Exception = $_.Exception.Message + } + } + } + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = $Status + Body = $Body + }) -Clobber + +} diff --git a/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 b/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 index 020462605ea8..cac4bf0a3173 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 @@ -8,12 +8,14 @@ function Write-CippFunctionStats { $Entity, [DateTime]$Start, [DateTime]$End, - [int]$Duration, [string]$ErrorMsg = '' ) try { $Table = Get-CIPPTable -tablename CippFunctionStats $RowKey = [string](New-Guid).Guid + $TimeSpan = New-TimeSpan -Start $Start -End $End + $Duration = [int]$TimeSpan.TotalSeconds + # Flatten data to json string $Entity.PartitionKey = $FunctionType $Entity.RowKey = $RowKey diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index 100f1c4cba27..3073f1d30ef9 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -34,15 +34,12 @@ function Receive-CippQueueTrigger { } $End = (Get-Date).ToUniversalTime() - $TimeSpan = New-TimeSpan -Start $Start -End $End - $Duration = [int]$TimeSpan.TotalSeconds $Stats = @{ FunctionType = 'Queue' Entity = $QueueItem Start = $Start End = $End - Duration = $Duration ErrorMsg = $ErrorMsg } Write-Information '####### Adding stats' From ee7c13f00a6bab916df44e2c398a6e820c885a80 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 23 Feb 2024 11:06:24 +0100 Subject: [PATCH 061/243] remove += usage --- .../Invoke-CIPPStandardEnableMailboxAuditing.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 index fcdc684d1f37..3a9e7ef1eacd 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 @@ -42,15 +42,15 @@ function Invoke-CIPPStandardEnableMailboxAuditing { } } - if ($Mailboxes.Count -eq 0 -and $BypassMailboxes.Count -eq 0) { + $LogMessage = if ($Mailboxes.Count -eq 0 -and $BypassMailboxes.Count -eq 0) { # Make log message smaller if both are already in the desired state - $LogMessage += 'User level mailbox audit already enabled and mailbox audit bypass already disabled for all mailboxes' + 'User level mailbox audit already enabled and mailbox audit bypass already disabled for all mailboxes' } else { if ($Mailboxes.Count -eq 0) { - $LogMessage += 'User level mailbox audit already enabled for all mailboxes. ' + 'User level mailbox audit already enabled for all mailboxes. ' } if ($BypassMailboxes.Count -eq 0) { - $LogMessage += 'Mailbox audit bypass already disabled for all mailboxes' + 'Mailbox audit bypass already disabled for all mailboxes' } } From 70f362eee28535d4c10af51cb186e69bef08138b Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 23 Feb 2024 11:39:59 +0100 Subject: [PATCH 062/243] fix for duplicate alert run --- Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 index 540e7c175c9b..5b32b6fb3c51 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 @@ -30,7 +30,7 @@ function Push-SchedulerAlert { $QueueItem | Add-Member -MemberType NoteProperty -Name 'PartitionKey' -Value $tenant.tenant -Force Add-CIPPAzDataTableEntity @Table -Entity $QueueItem -Force } else { - Write-Host 'ALERTS: Duplicate run found. Ignoring. Tenant: {0}, Task: {1}' -f $tenant.tenant, $task + Write-Host ('ALERTS: Duplicate run found. Ignoring. Tenant: {0}, Task: {1}' -f $tenant.tenant, $task) } } From 537408f057fdbfa82b133837883ce5c1a52a00d8 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 23 Feb 2024 13:24:00 +0100 Subject: [PATCH 063/243] fix default setting issue --- .../Public/Entrypoints/Push-SchedulerCIPPNotifications.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerCIPPNotifications.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerCIPPNotifications.ps1 index 3ec9e8b7d9a2..1f3c9c1d0a91 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerCIPPNotifications.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerCIPPNotifications.ps1 @@ -7,7 +7,7 @@ function Push-SchedulerCIPPNotifications { $Filter = "RowKey eq 'CippNotifications' and PartitionKey eq 'CippNotifications'" $Config = [pscustomobject](Get-CIPPAzDataTableEntity @Table -Filter $Filter) - $Settings = [System.Collections.ArrayList]@('Alerts') + $Settings = [System.Collections.ArrayList]@('Alert') $Config.psobject.properties.name | ForEach-Object { $settings.add($_) } $severity = $Config.Severity -split ',' Write-Host "Our Severity table is: $severity" From 5b4f6dbabf2661c65efa7d560fb2bfb4b58b7d60 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 23 Feb 2024 13:25:06 +0100 Subject: [PATCH 064/243] scheduler timer back to 15 minutes --- Scheduler_GetQueue/function.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Scheduler_GetQueue/function.json b/Scheduler_GetQueue/function.json index d0f59a682e3c..73fa51771c60 100644 --- a/Scheduler_GetQueue/function.json +++ b/Scheduler_GetQueue/function.json @@ -2,7 +2,7 @@ "bindings": [ { "name": "Timer", - "schedule": "0 0 * * * *", + "schedule": "0 */15 * * * *", "direction": "in", "type": "timerTrigger" }, From 4eec27d8425ae7c828ef218f1b7a68bc88d210bd Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 23 Feb 2024 13:35:42 +0100 Subject: [PATCH 065/243] add write host --- Modules/CippEntrypoints/CippEntrypoints.psm1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index 3073f1d30ef9..3714731668b8 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -19,6 +19,7 @@ function Receive-CippHttpTrigger { function Receive-CippQueueTrigger { Param($QueueItem, $TriggerMetadata) + Write-Host "#### Running $APINAME" $Start = (Get-Date).ToUniversalTime() $APIName = $TriggerMetadata.FunctionName Set-Location (Get-Item $PSScriptRoot).Parent.Parent.FullName From e45b151ac780c663d66276d5580563e3b49d92e0 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 23 Feb 2024 13:36:17 +0100 Subject: [PATCH 066/243] move write host --- .../Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 index 581c56ebd962..82bcde9bb74f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 @@ -7,12 +7,13 @@ function Push-CIPPAlertAppSecretExpiry { ) $LastRunTable = Get-CIPPTable -Table AlertLastRun - Write-Host "Checking app expire for $($QueueItem.tenant)" + try { $Filter = "RowKey eq 'AppSecretExpiry' and PartitionKey eq '{0}'" -f $QueueItem.tenantid $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter $Yesterday = (Get-Date).AddDays(-1) if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) { + Write-Host "Checking app expire for $($QueueItem.tenant)" New-GraphGetRequest -uri "https://graph.microsoft.com/beta/applications?`$select=appId,displayName,passwordCredentials" -tenantid $QueueItem.tenant | ForEach-Object { foreach ($App in $_) { Write-Host "checking $($App.displayName)" From 2055b3014bd36d7d743f093bb467a0536b56ef91 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 23 Feb 2024 13:46:03 +0100 Subject: [PATCH 067/243] positioning change --- Modules/CippEntrypoints/CippEntrypoints.psm1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index 3714731668b8..d6d80cdcf143 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -19,9 +19,10 @@ function Receive-CippHttpTrigger { function Receive-CippQueueTrigger { Param($QueueItem, $TriggerMetadata) - Write-Host "#### Running $APINAME" + $Start = (Get-Date).ToUniversalTime() $APIName = $TriggerMetadata.FunctionName + Write-Host "#### Running $APINAME" Set-Location (Get-Item $PSScriptRoot).Parent.Parent.FullName $FunctionName = 'Push-{0}' -f $APIName $QueueTrigger = @{ From 6874629bf65bd5c9c1b901d0f0564a1bb37ea0d5 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 23 Feb 2024 13:55:03 +0100 Subject: [PATCH 068/243] revert change --- .../Public/Entrypoints/Push-SchedulerCIPPNotifications.ps1 | 2 +- Scheduler_GetQueue/function.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerCIPPNotifications.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerCIPPNotifications.ps1 index 1f3c9c1d0a91..3ec9e8b7d9a2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerCIPPNotifications.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerCIPPNotifications.ps1 @@ -7,7 +7,7 @@ function Push-SchedulerCIPPNotifications { $Filter = "RowKey eq 'CippNotifications' and PartitionKey eq 'CippNotifications'" $Config = [pscustomobject](Get-CIPPAzDataTableEntity @Table -Filter $Filter) - $Settings = [System.Collections.ArrayList]@('Alert') + $Settings = [System.Collections.ArrayList]@('Alerts') $Config.psobject.properties.name | ForEach-Object { $settings.add($_) } $severity = $Config.Severity -split ',' Write-Host "Our Severity table is: $severity" diff --git a/Scheduler_GetQueue/function.json b/Scheduler_GetQueue/function.json index 73fa51771c60..d0f59a682e3c 100644 --- a/Scheduler_GetQueue/function.json +++ b/Scheduler_GetQueue/function.json @@ -2,7 +2,7 @@ "bindings": [ { "name": "Timer", - "schedule": "0 */15 * * * *", + "schedule": "0 0 * * * *", "direction": "in", "type": "timerTrigger" }, From 2cf3800cb5cc907fd2509cde3fb840061404996a Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 23 Feb 2024 13:57:03 +0100 Subject: [PATCH 069/243] fixes alerts email --- Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 b/Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 index 0636fb67ccbe..4d9fd8095059 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Write-AlertMessage.ps1 @@ -10,7 +10,7 @@ function Write-AlertMessage($message, $tenant = 'None', $tenantId = $null) { $ExistingMessage = Get-CIPPAzDataTableEntity @Table -Filter $Filter if (!$ExistingMessage) { Write-Host 'No duplicate message found, writing to log' - Write-LogMessage -message $message -tenant $tenant -sev 'Alert' -tenantId $tenantId -user 'CIPP' + Write-LogMessage -message $message -tenant $tenant -sev 'Alert' -tenantId $tenantId -user 'CIPP' -API 'Alerts' } else { Write-Host 'Alerts: Duplicate entry found, not writing to log' From 2664772262689bed9d57cbdb713ae7a68170bca6 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 23 Feb 2024 14:39:02 +0100 Subject: [PATCH 070/243] add standard --- .../Invoke-CIPPStandardMessageExpiration.ps1 | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMessageExpiration.ps1 diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMessageExpiration.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMessageExpiration.ps1 new file mode 100644 index 000000000000..294729a36583 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMessageExpiration.ps1 @@ -0,0 +1,34 @@ +function Invoke-CIPPStandardMessageExpiration { + <# + .FUNCTIONALITY + Internal + #> + param($Tenant, $Settings) + + $MessageExpiration = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-TransportConfig').messageExpiration + + If ($Settings.remediate) { + Write-Host 'Time to remediate' + if ($MessageExpiration -ne '12:00:00') { + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-TransportConfig' -cmdParams @{MessageExpiration = '12:00:00' } + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Set transport configuration message expiration to 12 hours' -sev Info + } catch { + $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set transport configuration message expiration to 12 hours. Error: $ErrorMessage" -sev Debug + } + } + + } + if ($Settings.alert) { + if ($MessageExpiration -ne '12:00:00') { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Transport configuration message expiration is set to 12 hours' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Transport configuration message expiration is not set to 12 hours' -sev Alert + } + } + if ($Settings.report) { + if ($MessageExpiration -ne '12:00:00') { $MessageExpiration = $false } else { $MessageExpiration = $true } + Add-CIPPBPAField -FieldName 'messageExpiration' -FieldValue [bool]$MessageExpiration -StoreAs bool -Tenant $tenant + } +} From fba3cd9492c9706caf528f3ada1b6c925979c93f Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 23 Feb 2024 14:57:38 +0100 Subject: [PATCH 071/243] version up --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 1b47e8f3efe7..7cbea073bea1 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.1.2 \ No newline at end of file +5.2.0 \ No newline at end of file From 433f702b8f8f685e00250b0256383d8b750fc36c Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 23 Feb 2024 09:46:14 -0500 Subject: [PATCH 072/243] Revert "Merge branch 'master' into dev" This reverts commit d3e4480999f6c8099becf1b862c4c2f1dcc7ac1c, reversing changes made to 2d8e766d9da09d6c1eec17ff66237a84e0585f1f. --- .github/workflows/cipp-update.yml | 14 -------- .github/workflows/master_cippcklru.yml | 30 ---------------- .../Public/Invoke-CIPPWebhookProcessing.ps1 | 34 ++++--------------- 3 files changed, 6 insertions(+), 72 deletions(-) delete mode 100644 .github/workflows/cipp-update.yml delete mode 100644 .github/workflows/master_cippcklru.yml diff --git a/.github/workflows/cipp-update.yml b/.github/workflows/cipp-update.yml deleted file mode 100644 index 287765556d61..000000000000 --- a/.github/workflows/cipp-update.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Scheduled CIPP Update -on: - schedule: - - cron: '50 11 * * 5' - # scheduled for 11:50 UTC every Friday - workflow_dispatch: - -jobs: - merge-upstream: - runs-on: ubuntu-latest - steps: - - uses: anatawa12/fork-sync-all-branches@v1 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/master_cippcklru.yml b/.github/workflows/master_cippcklru.yml deleted file mode 100644 index e7003914c17e..000000000000 --- a/.github/workflows/master_cippcklru.yml +++ /dev/null @@ -1,30 +0,0 @@ -# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action -# More GitHub Actions for Azure: https://github.com/Azure/actions - -name: Build and deploy Powershell project to Azure Function App - cippcklru - -on: - push: - branches: - - master - - dev - workflow_dispatch: - -env: - AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root - -jobs: - build-and-deploy: - runs-on: windows-latest - steps: - - name: 'Checkout GitHub Action' - uses: actions/checkout@v2 - - - name: 'Run Azure Functions Action' - uses: Azure/functions-action@v1 - id: fa - with: - app-name: 'cippcklru' - slot-name: 'Production' - package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} - publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_27B63F21821146D7B2D087D67F258F04 }} diff --git a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 index e542e6bda4a2..77139f1ddaba 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 @@ -81,7 +81,7 @@ function Invoke-CippWebhookProcessing { { 'UserLoggedIn' -eq $data.operation -and $hosting -eq $true -and !$TrustedIps } { $data.operation = 'HostedIP' } { 'UserLoggedIn' -eq $data.operation -and $Country -notin $AllowedLocations -and $data.ResultStatus -eq 'Success' -and $TableObj.ResultStatusDetail -eq 'Success' } { Write-Host "$($country) is not in $($AllowedLocations)" - $data.operation = 'UserLoggedInFromUnknownLocation' + $data.operation = 'UserLoggedInFromUnknownLocation' } { 'UserloggedIn' -eq $data.operation -and $data.UserType -eq 2 -and $data.ResultStatus -eq 'Success' -and $TableObj.ResultStatusDetail -eq 'Success' } { $data.operation = 'AdminLoggedIn' } default { break } @@ -129,7 +129,7 @@ function Invoke-CippWebhookProcessing { $key = $parts[0] $operator = $parts[1] $value = $parts[2] - if (!$value) { + if (!$value) { Write-Host 'blank value, skip' continue } @@ -164,9 +164,9 @@ function Invoke-CippWebhookProcessing { $RuleDisabled = 0 New-ExoRequest -anchor $username -tenantid $TenantFilter -cmdlet 'get-inboxrule' -cmdParams @{Mailbox = $username } | ForEach-Object { $null = New-ExoRequest -anchor $username -tenantid $TenantFilter -cmdlet 'Disable-InboxRule' -cmdParams @{Confirm = $false; Identity = $_.Identity } - "Disabled Inbox Rule $($_.Identity) for $username" + "Disabled Inbox Rule $($_.Identity) for $username" $RuleDisabled ++ - } + } if ($RuleDisabled) { "Disabled $RuleDisabled Inbox Rules for $username" } else { @@ -210,7 +210,7 @@ function Invoke-CippWebhookProcessing { } } Write-Host 'Going to create the content' - foreach ($action in $dos) { + foreach ($action in $dos) { switch ($action.execute) { 'generatemail' { Write-Host 'Going to create the email' @@ -219,7 +219,7 @@ function Invoke-CippWebhookProcessing { Send-CIPPAlert -Type 'email' -Title $GenerateEmail.title -HTMLContent $GenerateEmail.htmlcontent -TenantFilter $TenantFilter Write-Host 'email should be sent' - } + } 'generatePSA' { $GenerateEmail = New-CIPPAlertTemplate -format 'html'-data $Data -LocationInfo $Location -ActionResults $ActionResults Send-CIPPAlert -Type 'psa' -Title $GenerateEmail.title -HTMLContent $GenerateEmail.htmlcontent -TenantFilter $TenantFilter @@ -247,26 +247,4 @@ function Invoke-CippWebhookProcessing { } } } - - if ($data.ClientIP) { - try { - $IP = $data.ClientIP - if ($IP -match '^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$') { - $IP = $IP -replace ':\d+$', '' # Remove the port number if present - } - $LocationInfo = @{ - RowKey = [string]$ip - PartitionKey = [string]$data.UserId - Tenant = [string]$TenantFilter - CountryOrRegion = "$Country" - City = "$City" - Proxy = "$Proxy" - Hosting = "$hosting" - ASName = "$ASName" - } - $null = Add-CIPPAzDataTableEntity @LocationTable -Entity $LocationInfo -Force - } catch { - Write-Host "Exception adding IP to table - $IP - $($_.Exception.Message)" - } - } } From 2f5c041995f608c30c0187f778ccce834f586a29 Mon Sep 17 00:00:00 2001 From: Roel van der Wegen Date: Fri, 23 Feb 2024 22:45:53 +0100 Subject: [PATCH 073/243] Add more URLs to whitelist Zolder made a follow up post where they identified a few extra locations that can trigger branding. https://zolder.io/microsoft-365-aitm-detection-the-lessons-learned/ --- .../Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 index 32541d596cbf..68442e76a7b4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 @@ -13,8 +13,10 @@ Function Invoke-PublicPhishingCheck { $validList = @( 'https://login.microsoftonline.com', 'https://login.microsoft.net', - 'https://login.microsoft.com' - 'https://autologon.microsoftazuread-sso.com' + 'https://login.microsoft.com', + 'https://autologon.microsoftazuread-sso.com', + 'https://tasks.office.com', + 'https://login.windows.net' ) $matchedUrls = $validList | Where-Object { ([uri]$_).Host -in ([uri]$($request.headers.Referer)).Host } From 639d595088aba12033cb40f8a9aeba19698da5f4 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 24 Feb 2024 10:27:36 -0500 Subject: [PATCH 074/243] Graph Request tweak - Add IgnoreErrors property for certain queries --- .../Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 | 2 ++ .../CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 index 883d43e2fce6..6587c2c41822 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 @@ -33,6 +33,8 @@ Function Invoke-ExecGraphExplorerPreset { } $params = $Request.Body.preset | Select-Object endpoint, '$filter', '$select', '$count', '$expand', '$search', NoPagination, '$top', IsShared + if ($params.'$select') { $params.'$select' = ($params.'$select').value -join ',' } + $Preset = [PSCustomObject]@{ PartitionKey = 'Preset' RowKey = [string]$Id diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 index 04106b6dfc5c..3b14227b1907 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 @@ -126,7 +126,8 @@ function Invoke-ListGraphRequest { $StatusCode = [HttpStatusCode]::OK } catch { $GraphRequestData = "Graph Error: $($_.Exception.Message) - Endpoint: $($Request.Query.Endpoint)" - $StatusCode = [HttpStatusCode]::BadRequest + if ($Request.Query.IgnoreErrors) { $StatusCode = [HttpStatusCode]::OK } + else { $StatusCode = [HttpStatusCode]::BadRequest } } Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ From d1559c52e38a3b9564c9e48b7eb21378522d423c Mon Sep 17 00:00:00 2001 From: rvdwegen Date: Sun, 25 Feb 2024 21:36:22 +0100 Subject: [PATCH 075/243] Function to retrieve audit logs for a CA policy --- ...oke-ListConditionalAccessPolicyChanges.ps1 | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicyChanges.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicyChanges.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicyChanges.ps1 new file mode 100644 index 000000000000..89e2ecfb2bff --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicyChanges.ps1 @@ -0,0 +1,47 @@ +using namespace System.Net + +Function Invoke-ListConditionalAccessPolicyChanges { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + # Write to the Azure Functions log stream. + Write-Host 'PowerShell HTTP trigger function processed a request.' + + # Interact with query parameters or the body of the request. + $TenantFilter = $Request.Query.TenantFilter + $policyId = $Request.body.id + $policyDisplayName = $Request.body.displayName + + try { + [array]$changes = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits?`$filter=targetResources/any(s:s/id eq '$($policyId)')" -tenantid $TenantFilter | ForEach-Object { + [pscustomobject]@{ + policy = $policyDisplayName + policyId = $policyId + typeFriendlyName = $_.activityDisplayName + type = $_.operationType + initiatedBy = if ($_.initiatedBy.user.userPrincipalName) { $_.initiatedBy.user.userPrincipalName } else { $_.initiatedBy.app.displayName } + date = $_.activityDateTime + oldValue = ($_.targetResources[0].modifiedProperties.oldValue | ConvertFrom-Json) # targetResources is an array, can we ever get more than 1 object in it? + newValue = ($_.targetResources[0].modifiedProperties.newValue | ConvertFrom-Json) + } + } + $StatusCode = [HttpStatusCode]::OK + } catch { + $StatusCode = [HttpStatusCode]::BadRequest + Write-Host $($_.Exception.message) + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APIName -message "Failed to request audit logs for policy $($policyDisplayName): $($_.Exception.message)" -Sev "Error" -tenant $TenantFilter + } + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = $StatusCode + Body = $changes + }) +} \ No newline at end of file From 81ba005a1c8f87b08eb60ed13e7a5449ec610968 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 26 Feb 2024 11:39:52 +0100 Subject: [PATCH 076/243] removal of false objects --- .../Public/Entrypoints/Invoke-AddStandardsDeploy.ps1 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddStandardsDeploy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddStandardsDeploy.ps1 index 127c285bbc1e..567452b932c7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddStandardsDeploy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddStandardsDeploy.ps1 @@ -26,6 +26,12 @@ Function Invoke-AddStandardsDeploy { URL = $URL } } + #Get all subobjects in $Settings that are set to false, and remove them. + $Settings.psobject.properties.name | Where-Object { $Settings.$_ -eq $false -and $_ -ne 'v2.1' -and $_ -in 'Alert', 'Remediate', 'Report' } | ForEach-Object { + $Settings.psobject.properties.remove($_) + } + + foreach ($Tenant in $tenants) { $object = [PSCustomObject]@{ From 0a3f8144b83a63294a2052af69f8871132384e3a Mon Sep 17 00:00:00 2001 From: Jr7468 Date: Tue, 6 Feb 2024 10:14:32 +0000 Subject: [PATCH 077/243] Fixed removing guest users from DG --- Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1 index 135ddf5a44ba..6990f6baa46f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1 @@ -69,6 +69,7 @@ Function Invoke-EditGroup { if ($RemoveMembers) { $RemoveMembers | ForEach-Object { $member = $_ + if ($member -like '*#EXT#*') { $member = [System.Web.HttpUtility]::UrlEncode($member) } if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') { $Params = @{ Identity = $userobj.groupid; Member = $member ; BypassSecurityGroupManagerCheck = $true } New-ExoRequest -tenantid $Userobj.tenantid -cmdlet 'Remove-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true From 44252b391e5354cdc9da367ca710af7c71dac7b5 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 26 Feb 2024 11:43:03 +0100 Subject: [PATCH 078/243] unused license statement --- .../CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 index ad3e211cc633..ebf491cec05a 100644 --- a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 +++ b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneTenantSync.ps1 @@ -2060,7 +2060,11 @@ function Invoke-NinjaOneTenantSync { # Unused Licenses $WidgetData.add([PSCustomObject]@{ Value = $( - $BPAUnusedLicenses = (($BpaData.Unusedlicenses | ConvertFrom-Json -ErrorAction SilentlyContinue).availableUnits | Measure-Object -Sum).sum + try { + $BPAUnusedLicenses = (($BpaData.Unusedlicenses | ConvertFrom-Json -ErrorAction SilentlyContinue).availableUnits | Measure-Object -Sum).sum + } catch { + $BPAUnusedLicenses = 'Failed to retrieve unused licenses' + } if ($BPAUnusedLicenses -ne 0) { $ResultColour = '#D53948' } else { From c6a079f89662bae16d572726554a06bf21d9a5f6 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 26 Feb 2024 15:19:16 +0100 Subject: [PATCH 079/243] hotfixy --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 7cbea073bea1..804440660c71 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.2.0 \ No newline at end of file +5.2.1 \ No newline at end of file From c5f7ecc9cf83e26c61b6e80f9501ed907ad638cb Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 26 Feb 2024 15:34:42 +0100 Subject: [PATCH 080/243] include in hotfix --- .../Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 index 2d6f3b81bd34..185fd53610f0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardunmanagedSync.ps1 @@ -10,9 +10,9 @@ function Invoke-CIPPStandardunmanagedSync { if ($CurrentInfo.isUnmanagedSyncAppForTenantRestricted -eq $false) { try { - $body = '{"isUnmanagedSyncAppForTenantRestricted": true}' - $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' - Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled Sync for unmanaged devices' -sev Info + #$body = '{"isUnmanagedSyncAppForTenantRestricted": true}' + #$null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/admin/sharepoint/settings' -AsApp $true -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'The unmanaged Sync standard has been temporarily disabled.' -sev Info } catch { Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Sync for unmanaged devices: $($_.exception.message)" -sev Error } From 4e4a4affbc3a46c391c2a863761f296bf18966f7 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 27 Feb 2024 13:53:26 +0100 Subject: [PATCH 081/243] improvements to mailbox auditing to make it faster --- .../Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 index 3a9e7ef1eacd..6d959f03d8d9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardEnableMailboxAuditing.ps1 @@ -21,7 +21,7 @@ function Invoke-CIPPStandardEnableMailboxAuditing { } # Check for mailbox audit on all mailboxes. Enable for all that it's not enabled for - $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{ResultSize = 'Unlimited' } | Where-Object { $_.AuditEnabled -ne $true } + $Mailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-Mailbox' -cmdParams @{filter = "auditenabled -eq 'False'" } -useSystemMailbox $true -Select 'AuditEnabled,UserPrincipalName' $Mailboxes | ForEach-Object { try { New-ExoRequest -tenantid $Tenant -cmdlet 'Set-Mailbox' -cmdParams @{Identity = $_.UserPrincipalName; AuditEnabled = $true } -Anchor $_.UserPrincipalName @@ -32,7 +32,8 @@ function Invoke-CIPPStandardEnableMailboxAuditing { } # Disable audit bypass for all mailboxes that have it enabled - $BypassMailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxAuditBypassAssociation' -cmdParams @{ResultSize = 'Unlimited' } | Where-Object { $_.AuditBypassEnabled -eq $true } + + $BypassMailboxes = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MailboxAuditBypassAssociation' -select 'GUID, AuditBypassEnabled, Name' -useSystemMailbox $true | Where-Object { $_.AuditBypassEnabled -eq $true } $BypassMailboxes | ForEach-Object { try { New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MailboxAuditBypassAssociation' -cmdParams @{Identity = $_.Guid; AuditBypassEnabled = $false } -UseSystemMailbox $true From a268f187576296efdea790342b5fc21c88c96d95 Mon Sep 17 00:00:00 2001 From: BNWEIN Date: Tue, 27 Feb 2024 18:12:14 +0000 Subject: [PATCH 082/243] Update run.ps1 added DKIM Records to table and export --- DomainAnalyser_All/run.ps1 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DomainAnalyser_All/run.ps1 b/DomainAnalyser_All/run.ps1 index d0da4a3e09da..468962b0ec20 100644 --- a/DomainAnalyser_All/run.ps1 +++ b/DomainAnalyser_All/run.ps1 @@ -52,6 +52,7 @@ $Result = [PSCustomObject]@{ DNSSECPresent = '' MailProvider = '' DKIMEnabled = '' + DKIMRecords = '' Score = '' MaximumScore = 160 ScorePercentage = '' @@ -218,6 +219,7 @@ try { if ($DkimRecordCount -gt 0 -and $DkimFailCount -eq 0) { $Result.DKIMEnabled = $true $ScoreDomain += $Scores.DKIMActiveAndWorking + $Result.DKIMRecords = $DkimRecord.Records | Select-Object Selector, Record } else { $Result.DKIMEnabled = $false $ScoreExplanation.Add('DKIM Not Configured') | Out-Null From c0739fb224f5c64e8be74ad95f891b19e4431477 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 28 Feb 2024 14:41:21 +0100 Subject: [PATCH 083/243] fixes sign in log --- .../Public/Entrypoints/Invoke-ListUserSigninLogs.ps1 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSigninLogs.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSigninLogs.ps1 index d4fe27a93764..d421b79441d5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSigninLogs.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSigninLogs.ps1 @@ -40,9 +40,14 @@ Function Invoke-ListUserSigninLogs { @{ Name = 'FailureReason'; Expression = { $_.status.failureReason } }, @{ Name = 'FullDetails'; Expression = { $_ } } # Associate values to output bindings by calling 'Push-OutputBinding'. + if ($GraphRequest.FullDetails -eq $null) { + $GraphRequest = $null + } else { + $GraphRequest = @($GraphRequest) + } Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK - Body = @($GraphRequest) + Body = $GraphRequest }) } catch { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Failed to retrieve Sign In report: $($_.Exception.message) " -Sev 'Error' -tenant $TenantFilter From aadb9b79e5d6a4a80e6c1456737af0b938dc8671 Mon Sep 17 00:00:00 2001 From: BNWEIN Date: Wed, 28 Feb 2024 14:29:22 +0000 Subject: [PATCH 084/243] Added custom thresholds for SharePoint and Mailbox Quota alerts Added custom thresholds for SharePoint and Mailbox Quota alerts --- .../CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1 | 4 ++-- .../Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 | 9 +++++++-- .../Entrypoints/Push-CIPPAlertSharepointQuota.ps1 | 9 +++++++-- .../Public/Entrypoints/Push-SchedulerAlert.ps1 | 11 ++++++----- 4 files changed, 22 insertions(+), 11 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1 index 9bc6df14e424..ad22d9aef8b1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1 @@ -32,7 +32,7 @@ Function Invoke-AddAlert { MFAAlertUsers = [bool]$Request.body.MFAAlertUsers NewGA = [bool]$Request.body.NewGA NewRole = [bool]$Request.body.NewRole - QuotaUsed = [bool]$Request.body.QuotaUsed + QuotaUsed = [int]$Request.body.QuotaUsedQuota UnusedLicenses = [bool]$Request.body.UnusedLicenses OverusedLicenses = [bool]$Request.body.OverusedLicenses AppSecretExpiry = [bool]$Request.body.AppSecretExpiry @@ -41,7 +41,7 @@ Function Invoke-AddAlert { DepTokenExpiry = [bool]$Request.body.DepTokenExpiry NoCAConfig = [bool]$Request.body.NoCAConfig SecDefaultsUpsell = [bool]$Request.body.SecDefaultsUpsell - SharePointQuota = [bool]$Request.body.SharePointQuota + SharePointQuota = [int]$Request.body.SharePointQuotaQuota ExpiringLicenses = [bool]$Request.body.ExpiringLicenses type = 'Alert' RowKey = $TenantID diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 index 47d455057c19..1d008a4c784d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 @@ -11,8 +11,13 @@ function Push-CIPPAlertQuotaUsed { New-GraphGetRequest -uri "https://graph.microsoft.com/beta/reports/getMailboxUsageDetail(period='D7')?`$format=application/json" -tenantid $QueueItem.tenant | ForEach-Object { if ($_.StorageUsedInBytes -eq 0) { continue } $PercentLeft = [math]::round($_.StorageUsedInBytes / $_.prohibitSendReceiveQuotaInBytes * 100) - if ($PercentLeft -gt 90) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.UserPrincipalName): Mailbox has less than 10% space left. Mailbox is $PercentLeft% full" + if ($QueueItem.value -eq $true) { + if ($PercentLeft -gt 90) { + Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.UserPrincipalName): Mailbox is more than $($QueueItem.value)% full. Mailbox is $PercentLeft% full" + } + } + elseif ($PercentLeft -gt $QueueItem.value) { + Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.UserPrincipalName): Mailbox is more than $($QueueItem.value)% full. Mailbox is $PercentLeft% full" } } } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 index 0f010b2bb59c..d96dd801aedb 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 @@ -13,8 +13,13 @@ function Push-CIPPAlertSharepointQuota { $sharepointQuota = (Invoke-RestMethod -Method 'GET' -Headers $sharepointToken -Uri "https://$($tenantName)-admin.sharepoint.com/_api/StorageQuotas()?api-version=1.3.2" -ErrorAction Stop).value if ($sharepointQuota) { $UsedStoragePercentage = [int](($sharepointQuota.GeoUsedStorageMB / $sharepointQuota.TenantStorageMB) * 100) - if ($UsedStoragePercentage -gt 90) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "SharePoint Storage is at $($UsedStoragePercentage)%" + if ($QueueItem.value -eq $true){ + if ($UsedStoragePercentage -gt 90) { + Write-AlertMessage -tenant $($QueueItem.tenant) -message "SharePoint Storage is at $($UsedStoragePercentage)%. Your alert threshold is 90%" + } + } + elseif ($UsedStoragePercentage -gt $QueueItem.value) { + Write-AlertMessage -tenant $($QueueItem.tenant) -message "SharePoint Storage is at $($UsedStoragePercentage)%. Your alert threshold is $($QueueItem.value)%" } } } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 index 5b32b6fb3c51..30a4b2583cde 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 @@ -15,22 +15,23 @@ function Push-SchedulerAlert { $IgnoreList = @('Etag', 'PartitionKey', 'Timestamp', 'RowKey', 'tenantid', 'tenant', 'type') $alertList = $Alerts | Select-Object * -ExcludeProperty $IgnoreList - foreach ($task in ($AlertList.psobject.members | Where-Object { $_.MemberType -EQ 'NoteProperty' -and $_.value -eq $True }).name) { + foreach ($task in ($AlertList.psobject.members | Where-Object { $_.MemberType -EQ 'NoteProperty' -and $_.value -ne $false })) { $Table = Get-CIPPTable -TableName AlertRunCheck - $Filter = "PartitionKey eq '{0}' and RowKey eq '{1}' and Timestamp ge datetime'{2}'" -f $tenant.tenant, $task, (Get-Date).AddMinutes(-10).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss') + $Filter = "PartitionKey eq '{0}' and RowKey eq '{1}' and Timestamp ge datetime'{2}'" -f $tenant.tenant, $task.Name, (Get-Date).AddMinutes(-10).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss') $ExistingMessage = Get-CIPPAzDataTableEntity @Table -Filter $Filter if (!$ExistingMessage) { $QueueItem = [pscustomobject]@{ tenant = $tenant.tenant tenantid = $tenant.tenantid - FunctionName = "CIPPAlert$($Task)" + FunctionName = "CIPPAlert$($Task.Name)" + value = $Task.value } Push-OutputBinding -Name QueueItemOut -Value $QueueItem - $QueueItem | Add-Member -MemberType NoteProperty -Name 'RowKey' -Value $task -Force + $QueueItem | Add-Member -MemberType NoteProperty -Name 'RowKey' -Value $task.Name -Force $QueueItem | Add-Member -MemberType NoteProperty -Name 'PartitionKey' -Value $tenant.tenant -Force Add-CIPPAzDataTableEntity @Table -Entity $QueueItem -Force } else { - Write-Host ('ALERTS: Duplicate run found. Ignoring. Tenant: {0}, Task: {1}' -f $tenant.tenant, $task) + Write-Host ('ALERTS: Duplicate run found. Ignoring. Tenant: {0}, Task: {1}' -f $tenant.tenant, $task.Name) } } From e4032a8005eb3790926ce5b5a45b9b24dfdf297e Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 28 Feb 2024 11:24:35 -0500 Subject: [PATCH 085/243] Tweak ExecScheduledCommand --- ExecScheduledCommand/run.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ExecScheduledCommand/run.ps1 b/ExecScheduledCommand/run.ps1 index 180df3368b87..d0031f771c5c 100644 --- a/ExecScheduledCommand/run.ps1 +++ b/ExecScheduledCommand/run.ps1 @@ -19,7 +19,7 @@ try { if ($results -is [String]) { $results = @{ Results = $results } } - if ($results -is [array]) { + if ($results -is [array] -and $results[0] -is [string]) { $results = $results | Where-Object { $_ -is [string] } $results = $results | ForEach-Object { @{ Results = $_ } } } From a825f3ad8c5ac79f68aeeae4d7e68287fb6a0606 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 28 Feb 2024 22:57:59 +0100 Subject: [PATCH 086/243] fixes api --- .../Entrypoints/Push-CIPPAlertSharepointQuota.ps1 | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 index d96dd801aedb..7eb8f351a6ca 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 @@ -12,16 +12,14 @@ function Push-CIPPAlertSharepointQuota { $sharepointToken.Add('accept', 'application/json') $sharepointQuota = (Invoke-RestMethod -Method 'GET' -Headers $sharepointToken -Uri "https://$($tenantName)-admin.sharepoint.com/_api/StorageQuotas()?api-version=1.3.2" -ErrorAction Stop).value if ($sharepointQuota) { + if ($QueueItem.value) { $Value = $QueueItem.value } else { $Value = 90 } $UsedStoragePercentage = [int](($sharepointQuota.GeoUsedStorageMB / $sharepointQuota.TenantStorageMB) * 100) - if ($QueueItem.value -eq $true){ - if ($UsedStoragePercentage -gt 90) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "SharePoint Storage is at $($UsedStoragePercentage)%. Your alert threshold is 90%" - } - } - elseif ($UsedStoragePercentage -gt $QueueItem.value) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "SharePoint Storage is at $($UsedStoragePercentage)%. Your alert threshold is $($QueueItem.value)%" + if ($UsedStoragePercentage -gt $Value) { + Write-AlertMessage -tenant $($QueueItem.tenant) -message "SharePoint Storage is at $($UsedStoragePercentage)%. Your alert threshold is $($Value)%" } } } catch { } -} + + +} \ No newline at end of file From 0f6ebaef80cac288ad48c539fbaa6ebf4b24c45c Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 28 Feb 2024 22:59:28 +0100 Subject: [PATCH 087/243] fixes mailbox quota --- .../CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 index 1d008a4c784d..ecb2aaf7b4ad 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 @@ -12,13 +12,11 @@ function Push-CIPPAlertQuotaUsed { if ($_.StorageUsedInBytes -eq 0) { continue } $PercentLeft = [math]::round($_.StorageUsedInBytes / $_.prohibitSendReceiveQuotaInBytes * 100) if ($QueueItem.value -eq $true) { + if ($QueueItem.value) { $Value = $QueueItem.value } else { $Value = 90 } if ($PercentLeft -gt 90) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.UserPrincipalName): Mailbox is more than $($QueueItem.value)% full. Mailbox is $PercentLeft% full" + Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.UserPrincipalName): Mailbox is more than $($value)% full. Mailbox is $PercentLeft% full" } } - elseif ($PercentLeft -gt $QueueItem.value) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.UserPrincipalName): Mailbox is more than $($QueueItem.value)% full. Mailbox is $PercentLeft% full" - } } } catch { } From be4fc52697665ffc848041e543e542d382555793 Mon Sep 17 00:00:00 2001 From: Roel van der Wegen Date: Sat, 2 Mar 2024 20:24:15 +0100 Subject: [PATCH 088/243] Account for people using ; as delimiter --- Modules/CIPPCore/Public/Send-CIPPAlert.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Send-CIPPAlert.ps1 b/Modules/CIPPCore/Public/Send-CIPPAlert.ps1 index a253311fae29..55d7e9db9803 100644 --- a/Modules/CIPPCore/Public/Send-CIPPAlert.ps1 +++ b/Modules/CIPPCore/Public/Send-CIPPAlert.ps1 @@ -18,7 +18,7 @@ function Send-CIPPAlert { Write-Host "Trying to send email" try { if ($Config.email -like '*@*') { - $Recipients = $Config.email.split(",").trim() | ForEach-Object { if ($_ -like '*@*') { [pscustomobject]@{EmailAddress = @{Address = $_ } } } } + $Recipients = $Config.email.split($(if ($Config.email -like "*,*") { ',' } else { ';' })).trim() | ForEach-Object { if ($_ -like '*@*') { [pscustomobject]@{EmailAddress = @{Address = $_ } } } } $PowerShellBody = [PSCustomObject]@{ message = @{ subject = $Title From 7118b825d0d67649f982bcec407a2c8450d4998a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 4 Mar 2024 14:25:12 -0500 Subject: [PATCH 089/243] Update Entra Device actions --- .../Public/Entrypoints/Invoke-ExecDeviceDelete.ps1 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceDelete.ps1 index 843764a6d5d4..25e64be478b3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceDelete.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceDelete.ps1 @@ -14,13 +14,16 @@ Function Invoke-ExecDeviceDelete { # Interact with query parameters or the body of the request. - try { + try { $url = "https://graph.microsoft.com/beta/devices/$($request.query.id)" if ($Request.query.action -eq 'delete') { $ActionResult = New-GraphPOSTRequest -uri $url -type DELETE -tenantid $Request.Query.TenantFilter - } else { + } elseif ($Request.query.action -eq 'disable') { $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": false }' + } elseif ($Request.query.action -eq 'enable') { + $ActionResult = New-GraphPOSTRequest -uri $url -type PATCH -tenantid $Request.Query.TenantFilter -body '{"accountEnabled": true }' } + Write-Host $ActionResult $body = [pscustomobject]@{'Results' = "Executed action $($Request.query.action) on $($Request.query.id)" } } catch { $body = [pscustomobject]@{'Results' = "Failed to queue action $($Request.query.action) on $($request.query.id): $($_.Exception.Message)" } From c7140d873e728bd4d35bedbddce961aee4017cdd Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 4 Mar 2024 14:25:44 -0500 Subject: [PATCH 090/243] Add entrypoints for generic durables --- CIPPActivityFunction/function.json | 11 ++++ CIPPOrchestrator/function.json | 11 ++++ Modules/CippEntrypoints/CippEntrypoints.psm1 | 58 +++++++++++++++++++- 3 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 CIPPActivityFunction/function.json create mode 100644 CIPPOrchestrator/function.json diff --git a/CIPPActivityFunction/function.json b/CIPPActivityFunction/function.json new file mode 100644 index 000000000000..b4007235d549 --- /dev/null +++ b/CIPPActivityFunction/function.json @@ -0,0 +1,11 @@ +{ + "scriptFile": "../Modules/CippEntryPoints/CippEntryPoints.psm1", + "entryPoint": "Receive-CippActivityTrigger", + "bindings": [ + { + "name": "name", + "type": "activityTrigger", + "direction": "in" + } + ] +} diff --git a/CIPPOrchestrator/function.json b/CIPPOrchestrator/function.json new file mode 100644 index 000000000000..011113dbc618 --- /dev/null +++ b/CIPPOrchestrator/function.json @@ -0,0 +1,11 @@ +{ + "scriptFile": "../Modules/CippEntryPoints/CippEntryPoints.psm1", + "entryPoint": "Receive-CippOrchestrationTrigger", + "bindings": [ + { + "name": "Context", + "type": "orchestrationTrigger", + "direction": "in" + } + ] +} diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index d6d80cdcf143..119187c412d0 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -19,7 +19,7 @@ function Receive-CippHttpTrigger { function Receive-CippQueueTrigger { Param($QueueItem, $TriggerMetadata) - + $Start = (Get-Date).ToUniversalTime() $APIName = $TriggerMetadata.FunctionName Write-Host "#### Running $APINAME" @@ -48,5 +48,59 @@ function Receive-CippQueueTrigger { Write-CippFunctionStats @Stats } -Export-ModuleMember -Function @('Receive-CippHttpTrigger', 'Receive-CippQueueTrigger') +function Receive-CippOrchestrationTrigger { + param($Context) + + $DurableRetryOptions = @{ + FirstRetryInterval = (New-TimeSpan -Seconds 5) + MaxNumberOfAttempts = 3 + BackoffCoefficient = 2 + } + $RetryOptions = New-DurableRetryOptions @DurableRetryOptions + Write-LogMessage -API $Context.Input.OrchestratorName -tenant $Context.Input.TenantFilter -message "Started $($Context.Input.OrchestratorName)" -sev info + + if (!$Context.Input.Batch -or ($Context.Input.Batch | Measure-Object).Count -eq 0) { + $Batch = (Invoke-ActivityFunction -FunctionName 'CIPPActivityFunction' -Input $Context.Input.QueueFunction) + } else { + $Batch = $Context.Input.Batch + } + + foreach ($Item in $Batch) { + Invoke-DurableActivity -FunctionName 'CIPPActivityFunction' -Input $Item -NoWait -RetryOptions $RetryOptions + } + + Write-LogMessage -API $Context.Input.OrchestratorName -tenant $tenant -message "Finished $($Context.Input.OrchestratorName)" -sev Info +} + +function Receive-CippActivityTrigger { + Param($Item) + + $Start = (Get-Date).ToUniversalTime() + Set-Location (Get-Item $PSScriptRoot).Parent.Parent.FullName + + if ($Item.FunctionName) { + $FunctionName = 'Push-{0}' -f $Item.FunctionName + try { + & $FunctionName @Item + } catch { + $ErrorMsg = $_.Exception.Message + } + } else { + $ErrorMsg = 'Function not provided' + } + + $End = (Get-Date).ToUniversalTime() + + $Stats = @{ + FunctionType = 'Durable' + Entity = $Item + Start = $Start + End = $End + ErrorMsg = $ErrorMsg + } + Write-Information '####### Adding stats' + Write-CippFunctionStats @Stats +} + +Export-ModuleMember -Function @('Receive-CippHttpTrigger', 'Receive-CippQueueTrigger', 'Receive-CippOrchestrationTrigger', 'Receive-CippActivityTrigger') From 5c87c669c71f068d91f0b85d815d172a99c10d03 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 4 Mar 2024 15:47:40 -0500 Subject: [PATCH 091/243] Standards to durable --- CIPPActivityFunction/function.json | 2 +- .../Public/Entrypoints/Push-CIPPStandard.ps1 | 10 +++--- .../GraphHelper/Write-CippFunctionStats.ps1 | 2 +- .../Public/Invoke-CIPPStandardsRun.ps1 | 32 ++++++++++++------- Modules/CippEntrypoints/CippEntrypoints.psm1 | 1 + Scheduler_Standards/function.json | 5 +++ 6 files changed, 33 insertions(+), 19 deletions(-) diff --git a/CIPPActivityFunction/function.json b/CIPPActivityFunction/function.json index b4007235d549..a9529e73be54 100644 --- a/CIPPActivityFunction/function.json +++ b/CIPPActivityFunction/function.json @@ -3,7 +3,7 @@ "entryPoint": "Receive-CippActivityTrigger", "bindings": [ { - "name": "name", + "name": "Item", "type": "activityTrigger", "direction": "in" } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 index 89a9024a9389..2431afb0c8e6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 @@ -1,15 +1,15 @@ function Push-CIPPStandard { param ( - $QueueItem, $TriggerMetadata + $Tenant, + $Standard, + $Settings ) - Write-Host "Received queue item for $($QueueItem.Tenant) and standard $($QueueItem.Standard)." - $Tenant = $QueueItem.Tenant - $Standard = $QueueItem.Standard + Write-Host "Received queue item for $Tenant and standard $Standard." $FunctionName = 'Invoke-CIPPStandard{0}' -f $Standard Write-Host "We'll be running $FunctionName" try { - & $FunctionName -Tenant $Tenant -Settings $QueueItem.Settings -ErrorAction Stop + & $FunctionName -Tenant $Tenant -Settings $Settings -ErrorAction Stop } catch { throw $_.Exception.Message } diff --git a/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 b/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 index cac4bf0a3173..e4102cd31521 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 @@ -15,7 +15,7 @@ function Write-CippFunctionStats { $RowKey = [string](New-Guid).Guid $TimeSpan = New-TimeSpan -Start $Start -End $End $Duration = [int]$TimeSpan.TotalSeconds - + # Flatten data to json string $Entity.PartitionKey = $FunctionType $Entity.RowKey = $RowKey diff --git a/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 index 353551cdaadf..37d85bba93b4 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 @@ -1,4 +1,4 @@ - + function Invoke-CIPPStandardsRun { [CmdletBinding()] param( @@ -20,7 +20,7 @@ function Invoke-CIPPStandardsRun { $OldStd = $_ $OldStd.standards.psobject.properties.name | ForEach-Object { if ($_ -eq 'MailContacts') { - $OldStd.Standards.$_ = [pscustomobject]@{ + $OldStd.Standards.$_ = [pscustomobject]@{ GeneralContact = $OldStd.Standards.MailContacts.GeneralContact.Mail SecurityContact = $OldStd.Standards.MailContacts.SecurityContact.Mail MarketingContact = $OldStd.Standards.MailContacts.MarketingContact.Mail @@ -28,16 +28,16 @@ function Invoke-CIPPStandardsRun { remediate = $true } } else { - if ($OldStd.Standards.$_ -eq $true -and $_ -ne 'v2.1') { - $OldStd.Standards.$_ = @{ remediate = $true } - } else { - $OldStd.Standards.$_ | Add-Member -NotePropertyName 'remediate' -NotePropertyValue $true -Force + if ($OldStd.Standards.$_ -eq $true -and $_ -ne 'v2.1') { + $OldStd.Standards.$_ = @{ remediate = $true } + } else { + $OldStd.Standards.$_ | Add-Member -NotePropertyName 'remediate' -NotePropertyValue $true -Force } - + } } $OldStd | Add-Member -NotePropertyName 'v2.1' -NotePropertyValue $true -PassThru -Force - $Entity = @{ + $Entity = @{ PartitionKey = 'standards' RowKey = "$($OldStd.Tenant)" JSON = "$($OldStd | ConvertTo-Json -Depth 10)" @@ -76,15 +76,23 @@ function Invoke-CIPPStandardsRun { } } - #For each item in our object, run the queue. + #For each item in our object, run the queue. - foreach ($task in $object | Where-Object -Property Standard -NotLike 'v2*') { - $QueueItem = [pscustomobject]@{ + $Batch = foreach ($task in $object | Where-Object -Property Standard -NotLike 'v2*') { + [PSCustomObject]@{ Tenant = $task.Tenant Standard = $task.Standard Settings = $task.Settings FunctionName = 'CIPPStandard' } - Push-OutputBinding -Name QueueItem -Value $QueueItem } + + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'Standards' + Batch = @($Batch) + } + + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject $InputObject + Write-Host "Started orchestration with ID = '$InstanceId'" + $Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId } \ No newline at end of file diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index 119187c412d0..3d9d1f631186 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -98,6 +98,7 @@ function Receive-CippActivityTrigger { End = $End ErrorMsg = $ErrorMsg } + Write-Information '####### Adding stats' Write-CippFunctionStats @Stats } diff --git a/Scheduler_Standards/function.json b/Scheduler_Standards/function.json index 35ec29f027f7..81d53b9a1598 100644 --- a/Scheduler_Standards/function.json +++ b/Scheduler_Standards/function.json @@ -11,6 +11,11 @@ "direction": "out", "name": "QueueItem", "queueName": "CIPPGenericQueue" + }, + { + "name": "starter", + "type": "durableClient", + "direction": "in" } ] } From 575ae066f56ae5364a0d82eafc9656b749c8817b Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 4 Mar 2024 18:54:56 -0500 Subject: [PATCH 092/243] tweak orchestrator allow for json input for larger depth --- .../Public/Entrypoints/Push-CIPPStandard.ps1 | 10 +++++----- .../Public/Invoke-CIPPStandardsRun.ps1 | 2 +- Modules/CippEntrypoints/CippEntrypoints.psm1 | 18 ++++++++++++------ 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 index 2431afb0c8e6..dd9849da8514 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 @@ -1,15 +1,15 @@ function Push-CIPPStandard { param ( - $Tenant, - $Standard, - $Settings + $Item ) - Write-Host "Received queue item for $Tenant and standard $Standard." + Write-Host "Received queue item for $($Item.Tenant) and standard $($Item.Standard)." + $Tenant = $Item.Tenant + $Standard = $Item.Standard $FunctionName = 'Invoke-CIPPStandard{0}' -f $Standard Write-Host "We'll be running $FunctionName" try { - & $FunctionName -Tenant $Tenant -Settings $Settings -ErrorAction Stop + & $FunctionName -Tenant $Item.Tenant -Settings $Item.Settings -ErrorAction Stop } catch { throw $_.Exception.Message } diff --git a/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 index 37d85bba93b4..dd4acff806e8 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 @@ -92,7 +92,7 @@ function Invoke-CIPPStandardsRun { Batch = @($Batch) } - $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject $InputObject + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) Write-Host "Started orchestration with ID = '$InstanceId'" $Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId } \ No newline at end of file diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index 3d9d1f631186..a651d072339f 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -56,20 +56,26 @@ function Receive-CippOrchestrationTrigger { MaxNumberOfAttempts = 3 BackoffCoefficient = 2 } + if (Test-Json -Json $Context.Input) { + $OrchestratorInput = $Context.Input | ConvertFrom-Json + } else { + $OrchestratorInput = $Context.Input + } + Write-Host ($Context | ConvertTo-Json -Depth 10) $RetryOptions = New-DurableRetryOptions @DurableRetryOptions - Write-LogMessage -API $Context.Input.OrchestratorName -tenant $Context.Input.TenantFilter -message "Started $($Context.Input.OrchestratorName)" -sev info + Write-LogMessage -API $OrchestratorInput.OrchestratorName -tenant $OrchestratorInput.TenantFilter -message "Started $($OrchestratorInput.OrchestratorName)" -sev info - if (!$Context.Input.Batch -or ($Context.Input.Batch | Measure-Object).Count -eq 0) { - $Batch = (Invoke-ActivityFunction -FunctionName 'CIPPActivityFunction' -Input $Context.Input.QueueFunction) + if (!$OrchestratorInput.Batch -or ($OrchestratorInput.Batch | Measure-Object).Count -eq 0) { + $Batch = (Invoke-ActivityFunction -FunctionName 'CIPPActivityFunction' -Input $OrchestratorInput.QueueFunction) } else { - $Batch = $Context.Input.Batch + $Batch = $OrchestratorInput.Batch } foreach ($Item in $Batch) { Invoke-DurableActivity -FunctionName 'CIPPActivityFunction' -Input $Item -NoWait -RetryOptions $RetryOptions } - Write-LogMessage -API $Context.Input.OrchestratorName -tenant $tenant -message "Finished $($Context.Input.OrchestratorName)" -sev Info + Write-LogMessage -API $OrchestratorInput.OrchestratorName -tenant $tenant -message "Finished $($OrchestratorInput.OrchestratorName)" -sev Info } function Receive-CippActivityTrigger { @@ -81,7 +87,7 @@ function Receive-CippActivityTrigger { if ($Item.FunctionName) { $FunctionName = 'Push-{0}' -f $Item.FunctionName try { - & $FunctionName @Item + & $FunctionName -Item $Item } catch { $ErrorMsg = $_.Exception.Message } From d4d09f9cbffdb611d8fb2d5ba890a4b2220653ee Mon Sep 17 00:00:00 2001 From: Mo Date: Thu, 7 Mar 2024 11:47:05 +0000 Subject: [PATCH 093/243] Update adding Connectors with the correct text --- .../CIPPCore/Public/Entrypoints/Invoke-AddExConnector.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddExConnector.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddExConnector.ps1 index 3686d66c124d..b3246cea773d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddExConnector.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddExConnector.ps1 @@ -18,12 +18,12 @@ Function Invoke-AddExConnector { $Result = foreach ($Tenantfilter in $tenants) { try { $GraphRequest = New-ExoRequest -tenantid $Tenantfilter -cmdlet "New-$($ConnectorType)connector" -cmdParams $RequestParams - "Successfully created transport rule for $Tenantfilter." - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Tenantfilter -message "Created transport rule for $($Tenantfilter)" -sev 'Info' + "Successfully created Connector for $Tenantfilter." + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Tenantfilter -message "Created Connector for $($Tenantfilter)" -sev 'Info' } catch { - "Could not create created transport rule for $($Tenantfilter): $($_.Exception.message)" - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Tenantfilter -message "Could not create created transport rule for $($Tenantfilter): $($_.Exception.message)" -sev 'Error' + "Could not create created Connector for $($Tenantfilter): $($_.Exception.message)" + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $Tenantfilter -message "Could not create created Connector for $($Tenantfilter): $($_.Exception.message)" -sev 'Error' } } From 24b0eaab6457c65e35411567ae09f0bbf19a8a40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sat, 9 Mar 2024 14:57:31 +0100 Subject: [PATCH 094/243] Handle rare error case and change to use v1.0 endpoint --- .../Invoke-CIPPStandardPasswordExpireDisabled.ps1 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 index e9182bb95717..47cdc60712c8 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardPasswordExpireDisabled.ps1 @@ -4,7 +4,7 @@ function Invoke-CIPPStandardPasswordExpireDisabled { Internal #> param($Tenant, $Settings) - $GraphRequest = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $Tenant + $GraphRequest = New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/domains' -tenantid $Tenant $DomainswithoutPassExpire = $GraphRequest | Where-Object -Property passwordValidityPeriodInDays -NE '2147483647' If ($Settings.remediate) { @@ -12,7 +12,13 @@ function Invoke-CIPPStandardPasswordExpireDisabled { if ($DomainswithoutPassExpire) { $DomainswithoutPassExpire | ForEach-Object { try { - New-GraphPostRequest -type Patch -tenantid $Tenant -uri "https://graph.microsoft.com/beta/domains/$($_.id)" -body '{"passwordValidityPeriodInDays": 2147483647 }' + if ( $null -eq $_.passwordNotificationWindowInDays ) { + $Body = '{"passwordValidityPeriodInDays": 2147483647, "passwordNotificationWindowInDays": 14 }' + Write-Host "PasswordNotificationWindowInDays is null for $($_.id). Setting to the default of 14 days." + } else { + $Body = '{"passwordValidityPeriodInDays": 2147483647 }' + } + New-GraphPostRequest -type Patch -tenantid $Tenant -uri "https://graph.microsoft.com/v1.0/domains/$($_.id)" -body $Body Write-LogMessage -API 'Standards' -tenant $tenant -message "Disabled Password Expiration for $($_.id)." -sev Info } catch { Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable Password Expiration for $($_.id). Error: $($_.exception.message)" -sev Error From 7c1c526ab9a2ee2403c3e64eea5d4e2d8689092b Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 9 Mar 2024 11:37:38 -0800 Subject: [PATCH 095/243] Alerts Durable --- CIPPActivityFunction/function.json | 5 ++ .../Push-CIPPAlertAdminPassword.ps1 | 11 ++-- .../Push-CIPPAlertApnCertExpiry.ps1 | 11 ++-- .../Push-CIPPAlertAppSecretExpiry.ps1 | 17 +++--- .../Push-CIPPAlertDefenderMalware.ps1 | 9 ++- .../Push-CIPPAlertDefenderStatus.ps1 | 10 ++-- .../Push-CIPPAlertDepTokenExpiry.ps1 | 11 ++-- .../Push-CIPPAlertExpiringLicenses.ps1 | 7 +-- .../Entrypoints/Push-CIPPAlertMFAAdmins.ps1 | 15 +++-- .../Push-CIPPAlertMFAAlertUsers.ps1 | 11 ++-- .../Entrypoints/Push-CIPPAlertNewRole.ps1 | 13 ++-- .../Entrypoints/Push-CIPPAlertNoCAConfig.ps1 | 11 ++-- .../Push-CIPPAlertOverusedLicenses.ps1 | 9 ++- .../Entrypoints/Push-CIPPAlertQuotaUsed.ps1 | 13 ++-- .../Push-CIPPAlertSecDefaultsUpsell.ps1 | 11 ++-- .../Push-CIPPAlertSharepointQuota.ps1 | 11 ++-- .../Push-CIPPAlertUnusedLicenses.ps1 | 9 ++- .../Push-CIPPAlertVppTokenExpiry.ps1 | 13 ++-- .../Entrypoints/Push-SchedulerAlert.ps1 | 51 ++++++++++------ .../GraphHelper/Write-CippFunctionStats.ps1 | 19 +++--- .../Public/Invoke-CIPPStandardsRun.ps1 | 2 +- .../Standards/Invoke-CIPPStandardAuditLog.ps1 | 10 ++-- Modules/CippEntrypoints/CippEntrypoints.psm1 | 59 +++++++++++-------- Scheduler_GetQueue/function.json | 5 ++ Scheduler_GetQueue/run.ps1 | 25 ++++---- 25 files changed, 198 insertions(+), 170 deletions(-) diff --git a/CIPPActivityFunction/function.json b/CIPPActivityFunction/function.json index a9529e73be54..e8a29dde00c3 100644 --- a/CIPPActivityFunction/function.json +++ b/CIPPActivityFunction/function.json @@ -6,6 +6,11 @@ "name": "Item", "type": "activityTrigger", "direction": "in" + }, + { + "name": "starter", + "type": "durableClient", + "direction": "in" } ] } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAdminPassword.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAdminPassword.ps1 index af03360c1973..63f371b10aa6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAdminPassword.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAdminPassword.ps1 @@ -3,17 +3,16 @@ function Push-CIPPAlertAdminPassword { [CmdletBinding()] param( [Parameter(Mandatory = $true)] - [pscustomobject]$QueueItem, - $TriggerMetadata + [pscustomobject]$Item ) try { - New-GraphGETRequest -uri "https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments?`$filter=roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'&`$expand=principal" -tenantid $($QueueItem.tenant) | Where-Object { ($_.principalOrganizationId -EQ $QueueItem.tenantid) -and ($_.principal.'@odata.type' -eq '#microsoft.graph.user') } | ForEach-Object { - $LastChanges = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/users/$($_.principalId)?`$select=UserPrincipalName,lastPasswordChangeDateTime" -tenant $($QueueItem.tenant) + New-GraphGETRequest -uri "https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments?`$filter=roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'&`$expand=principal" -tenantid $($Item.tenant) | Where-Object { ($_.principalOrganizationId -EQ $Item.tenantid) -and ($_.principal.'@odata.type' -eq '#microsoft.graph.user') } | ForEach-Object { + $LastChanges = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/users/$($_.principalId)?`$select=UserPrincipalName,lastPasswordChangeDateTime" -tenant $($Item.tenant) if ($LastChanges.LastPasswordChangeDateTime -gt (Get-Date).AddDays(-1)) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Admin password has been changed for $($LastChanges.UserPrincipalName) in last 24 hours" + Write-AlertMessage -tenant $($Item.tenant) -message "Admin password has been changed for $($LastChanges.UserPrincipalName) in last 24 hours" } } } catch { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Could not get admin password changes for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.tenant) -message "Could not get admin password changes for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 index 07571db760aa..9ef318273f8d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 @@ -2,26 +2,25 @@ function Push-CIPPAlertApnCertExpiry { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) $LastRunTable = Get-CIPPTable -Table AlertLastRun try { - $Filter = "RowKey eq 'ApnCertExpiry' and PartitionKey eq '{0}'" -f $QueueItem.tenantid + $Filter = "RowKey eq 'ApnCertExpiry' and PartitionKey eq '{0}'" -f $Item.tenantid $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter $Yesterday = (Get-Date).AddDays(-1) if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) { try { - $Apn = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/applePushNotificationCertificate' -tenantid $QueueItem.tenant + $Apn = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/applePushNotificationCertificate' -tenantid $Item.tenant if ($Apn.expirationDateTime -lt (Get-Date).AddDays(30) -and $Apn.expirationDateTime -gt (Get-Date).AddDays(-7)) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message ('Intune: Apple Push Notification certificate for {0} is expiring on {1}' -f $Apn.appleIdentifier, $Apn.expirationDateTime) + Write-AlertMessage -tenant $($Item.tenant) -message ('Intune: Apple Push Notification certificate for {0} is expiring on {1}' -f $Apn.appleIdentifier, $Apn.expirationDateTime) } } catch {} } $LastRun = @{ RowKey = 'ApnCertExpiry' - PartitionKey = $QueueItem.tenantid + PartitionKey = $Item.tenantid } Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 index 82bcde9bb74f..06477e708ff7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 @@ -2,26 +2,25 @@ function Push-CIPPAlertAppSecretExpiry { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) $LastRunTable = Get-CIPPTable -Table AlertLastRun - + try { - $Filter = "RowKey eq 'AppSecretExpiry' and PartitionKey eq '{0}'" -f $QueueItem.tenantid + $Filter = "RowKey eq 'AppSecretExpiry' and PartitionKey eq '{0}'" -f $Item.tenantid $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter $Yesterday = (Get-Date).AddDays(-1) if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) { - Write-Host "Checking app expire for $($QueueItem.tenant)" - New-GraphGetRequest -uri "https://graph.microsoft.com/beta/applications?`$select=appId,displayName,passwordCredentials" -tenantid $QueueItem.tenant | ForEach-Object { + Write-Host "Checking app expire for $($Item.tenant)" + New-GraphGetRequest -uri "https://graph.microsoft.com/beta/applications?`$select=appId,displayName,passwordCredentials" -tenantid $Item.tenant | ForEach-Object { foreach ($App in $_) { Write-Host "checking $($App.displayName)" if ($App.passwordCredentials) { foreach ($Credential in $App.passwordCredentials) { if ($Credential.endDateTime -lt (Get-Date).AddDays(30) -and $Credential.endDateTime -gt (Get-Date).AddDays(-7)) { Write-Host ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime) - Write-AlertMessage -tenant $($QueueItem.tenant) -message ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime) + Write-AlertMessage -tenant $($Item.tenant) -message ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime) } } } @@ -29,12 +28,12 @@ function Push-CIPPAlertAppSecretExpiry { } $LastRun = @{ RowKey = 'AppSecretExpiry' - PartitionKey = $QueueItem.tenantid + PartitionKey = $Item.tenantid } Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } } catch { - + } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderMalware.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderMalware.ps1 index b69ed1b50ab2..0d4d1c7b02ab 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderMalware.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderMalware.ps1 @@ -3,14 +3,13 @@ function Push-CIPPAlertDefenderMalware { [CmdletBinding()] param( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) try { - New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/windowsDeviceMalwareStates?`$top=999&`$filter=tenantId eq '$($QueueItem.tenantid)'" | Where-Object { $_.malwareThreatState -eq 'Active' } | ForEach-Object { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.managedDeviceName): Malware found and active. Severity: $($_.MalwareSeverity). Malware name: $($_.MalwareDisplayName)" + New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/windowsDeviceMalwareStates?`$top=999&`$filter=tenantId eq '$($Item.tenantid)'" | Where-Object { $_.malwareThreatState -eq 'Active' } | ForEach-Object { + Write-AlertMessage -tenant $($Item.tenant) -message "$($_.managedDeviceName): Malware found and active. Severity: $($_.MalwareSeverity). Malware name: $($_.MalwareDisplayName)" } } catch { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Could not get malware data for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.tenant) -message "Could not get malware data for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderStatus.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderStatus.ps1 index e9d4e06adae0..7b42affa4e00 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderStatus.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderStatus.ps1 @@ -1,16 +1,14 @@ - function Push-CIPPAlertDefenderStatus { [CmdletBinding()] param( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) try { - New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/windowsProtectionStates?`$top=999&`$filter=tenantId eq '$($QueueItem.tenantid)'" | Where-Object { $_.realTimeProtectionEnabled -eq $false -or $_.MalwareprotectionEnabled -eq $false } | ForEach-Object { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.managedDeviceName) - Real Time Protection: $($_.realTimeProtectionEnabled) & Malware Protection: $($_.MalwareprotectionEnabled)" + New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/windowsProtectionStates?`$top=999&`$filter=tenantId eq '$($Item.tenantid)'" | Where-Object { $_.realTimeProtectionEnabled -eq $false -or $_.MalwareprotectionEnabled -eq $false } | ForEach-Object { + Write-AlertMessage -tenant $($Item.tenant) -message "$($_.managedDeviceName) - Real Time Protection: $($_.realTimeProtectionEnabled) & Malware Protection: $($_.MalwareprotectionEnabled)" } } catch { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Could not get defender status for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.tenant) -message "Could not get defender status for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 index 804750e60705..4246a5364ef3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 @@ -2,27 +2,26 @@ function Push-CIPPAlertDepTokenExpiry { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) $LastRunTable = Get-CIPPTable -Table AlertLastRun try { - $Filter = "RowKey eq 'DepTokenExpiry' and PartitionKey eq '{0}'" -f $QueueItem.tenantid + $Filter = "RowKey eq 'DepTokenExpiry' and PartitionKey eq '{0}'" -f $Item.tenantid $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter $Yesterday = (Get-Date).AddDays(-1) if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) { try { - $DepTokens = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings' -tenantid $QueueItem.tenant).value + $DepTokens = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings' -tenantid $Item.tenant).value foreach ($Dep in $DepTokens) { if ($Dep.tokenExpirationDateTime -lt (Get-Date).AddDays(30) -and $Dep.tokenExpirationDateTime -gt (Get-Date).AddDays(-7)) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message ('Apple Device Enrollment Program token expiring on {0}' -f $Dep.tokenExpirationDateTime) + Write-AlertMessage -tenant $($Item.tenant) -message ('Apple Device Enrollment Program token expiring on {0}' -f $Dep.tokenExpirationDateTime) } } } catch {} $LastRun = @{ RowKey = 'DepTokenExpiry' - PartitionKey = $QueueItem.tenantid + PartitionKey = $Item.tenantid } Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1 index 99a861bfb5d7..6e2a704b9ba3 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1 @@ -2,15 +2,14 @@ function Push-CIPPAlertExpiringLicenses { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) try { - Get-CIPPLicenseOverview -TenantFilter $QueueItem.tenant | ForEach-Object { + Get-CIPPLicenseOverview -TenantFilter $Item.tenant | ForEach-Object { $timeTorenew = [int64]$_.TimeUntilRenew if ($timeTorenew -lt 30 -and $_.TimeUntilRenew -gt 0) { Write-Host "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)" - Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)" + Write-AlertMessage -tenant $($Item.tenant) -message "$($_.License) will expire in $($_.TimeUntilRenew) days. The estimated term is $($_.EstTerm)" } } } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 index b0c8056e1f03..66685982d956 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 @@ -2,26 +2,25 @@ function Push-CIPPAlertMFAAdmins { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) try { - $CAPolicies = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies?$top=999' -tenantid $QueueItem.tenant -ErrorAction Stop) + $CAPolicies = (New-GraphGetRequest -Uri 'https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies?$top=999' -tenantid $Item.tenant -ErrorAction Stop) foreach ($Policy in $CAPolicies) { if ($policy.grantControls.customAuthenticationFactors -eq 'RequireDuoMfa') { $DuoActive = $true } } if (!$DuoActive) { - $users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?$top=999&$filter=IsAdmin eq true' -tenantid $($QueueItem.tenant) | Where-Object -Property 'isMfaRegistered' -EQ $false + $users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?$top=999&$filter=IsAdmin eq true' -tenantid $($Item.tenant) | Where-Object -Property 'isMfaRegistered' -EQ $false if ($users) { - Write-AlertMessage -tenant $QueueItem.tenant -message "The following admins do not have MFA registered: $($users.UserPrincipalName -join ', ')" + Write-AlertMessage -tenant $Item.tenant -message "The following admins do not have MFA registered: $($users.UserPrincipalName -join ', ')" } } else { - Write-LogMessage -message 'Potentially using Duo for MFA, could not check MFA status for Admins with 100% accuracy' -API 'MFA Alerts - Informational' -tenant $QueueItem.tenant -sev Info - } + Write-LogMessage -message 'Potentially using Duo for MFA, could not check MFA status for Admins with 100% accuracy' -API 'MFA Alerts - Informational' -tenant $Item.tenant -sev Info + } } catch { - Write-LogMessage -message "Failed to check MFA status for Admins: $($_.exception.message)" -API 'MFA Alerts - Informational' -tenant $QueueItem.tenant -sev Error + Write-LogMessage -message "Failed to check MFA status for Admins: $($_.exception.message)" -API 'MFA Alerts - Informational' -tenant $Item.tenant -sev Error } } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 index 3537616d02ed..a02d2afcdc34 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 @@ -2,18 +2,17 @@ function Push-CIPPAlertMFAAlertUsers { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) try { - $users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?$filter=isMfaRegistered eq false and userType eq ''member''&$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered' -tenantid $($QueueItem.tenant) + $users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?$filter=isMfaRegistered eq false and userType eq ''member''&$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered' -tenantid $($Item.tenant) if ($users) { - Write-AlertMessage -tenant $QueueItem.tenant -message "The following $($users.Count) users do not have MFA registered: $($users.UserPrincipalName -join ', ')" + Write-AlertMessage -tenant $Item.tenant -message "The following $($users.Count) users do not have MFA registered: $($users.UserPrincipalName -join ', ')" } - + } catch { - Write-LogMessage -message "Failed to check MFA status for all users: $($_.exception.message)" -API 'MFA Alerts - Informational' -tenant $QueueItem.tenant -sev Info + Write-LogMessage -message "Failed to check MFA status for all users: $($_.exception.message)" -API 'MFA Alerts - Informational' -tenant $Item.tenant -sev Info } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNewRole.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNewRole.ps1 index 504bb3ea3153..8ef2727ebb66 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNewRole.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNewRole.ps1 @@ -2,14 +2,13 @@ function Push-CIPPAlertNewRole { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) $Deltatable = Get-CIPPTable -Table DeltaCompare try { - $Filter = "PartitionKey eq 'AdminDelta' and RowKey eq '{0}'" -f $QueueItem.tenantid + $Filter = "PartitionKey eq 'AdminDelta' and RowKey eq '{0}'" -f $Item.tenantid $AdminDelta = (Get-CIPPAzDataTableEntity @Deltatable -Filter $Filter).delta | ConvertFrom-Json -ErrorAction SilentlyContinue - $NewDelta = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/directoryRoles?`$expand=members" -tenantid $QueueItem.tenant) | Select-Object displayname, Members | ForEach-Object { + $NewDelta = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/directoryRoles?`$expand=members" -tenantid $Item.tenant) | Select-Object displayname, Members | ForEach-Object { @{ GroupName = $_.displayname Members = $_.Members.UserPrincipalName @@ -18,7 +17,7 @@ function Push-CIPPAlertNewRole { $NewDeltatoSave = $NewDelta | ConvertTo-Json -Depth 10 -Compress -ErrorAction SilentlyContinue | Out-String $DeltaEntity = @{ PartitionKey = 'AdminDelta' - RowKey = [string]$QueueItem.tenantid + RowKey = [string]$Item.tenantid delta = "$NewDeltatoSave" } Add-CIPPAzDataTableEntity @DeltaTable -Entity $DeltaEntity -Force @@ -27,11 +26,11 @@ function Push-CIPPAlertNewRole { foreach ($Group in $NewDelta) { $OldDelta = $AdminDelta | Where-Object { $_.GroupName -eq $Group.GroupName } $Group.members | Where-Object { $_ -notin $OldDelta.members } | ForEach-Object { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "$_ has been added to the $($Group.GroupName) Role" + Write-AlertMessage -tenant $($Item.tenant) -message "$_ has been added to the $($Group.GroupName) Role" } } } } catch { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Could not get get role changes for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.tenant) -message "Could not get get role changes for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNoCAConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNoCAConfig.ps1 index 17b5363a1c54..c9b8309963ca 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNoCAConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNoCAConfig.ps1 @@ -2,20 +2,19 @@ function Push-CIPPAlertNoCAConfig { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) try { - $CAAvailable = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/subscribedSkus' -tenantid $QueueItem.Tenant -erroraction stop).serviceplans + $CAAvailable = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/subscribedSkus' -tenantid $Item.Tenant -erroraction stop).serviceplans if ('AAD_PREMIUM' -in $CAAvailable.servicePlanName) { - $CAPolicies = (New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies' -tenantid $QueueItem.Tenant) + $CAPolicies = (New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies' -tenantid $Item.Tenant) if (!$CAPolicies.id) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message 'Conditional Access is available, but no policies could be found.' + Write-AlertMessage -tenant $($Item.tenant) -message 'Conditional Access is available, but no policies could be found.' } } } catch { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Conditional Access Config Alert: Error occurred: $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.tenant) -message "Conditional Access Config Alert: Error occurred: $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertOverusedLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertOverusedLicenses.ps1 index af90000fa4d0..d314a064a88a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertOverusedLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertOverusedLicenses.ps1 @@ -2,26 +2,25 @@ function Push-CIPPAlertOverusedLicenses { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) try { $LicenseTable = Get-CIPPTable -TableName ExcludedLicenses $ExcludedSkuList = Get-CIPPAzDataTableEntity @LicenseTable - New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/subscribedSkus' -tenantid $QueueItem.tenant | ForEach-Object { + New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/subscribedSkus' -tenantid $Item.tenant | ForEach-Object { $skuid = $_ foreach ($sku in $skuid) { if ($sku.skuId -in $ExcludedSkuList.GUID) { continue } $PrettyName = ($ConvertTable | Where-Object { $_.GUID -eq $sku.skuid }).'Product_Display_Name' | Select-Object -Last 1 if (!$PrettyName) { $PrettyName = $sku.skuPartNumber } if ($sku.prepaidUnits.enabled - $sku.consumedUnits -lt 0) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "$PrettyName has Overused licenses. Using $($_.consumedUnits) of $($_.prepaidUnits.enabled)." + Write-AlertMessage -tenant $($Item.tenant) -message "$PrettyName has Overused licenses. Using $($_.consumedUnits) of $($_.prepaidUnits.enabled)." } } } } catch { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Overused Licenses Alert Error occurred: $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.tenant) -message "Overused Licenses Alert Error occurred: $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 index ecb2aaf7b4ad..49ae4105071c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 @@ -2,19 +2,18 @@ function Push-CIPPAlertQuotaUsed { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) try { - New-GraphGetRequest -uri "https://graph.microsoft.com/beta/reports/getMailboxUsageDetail(period='D7')?`$format=application/json" -tenantid $QueueItem.tenant | ForEach-Object { + New-GraphGetRequest -uri "https://graph.microsoft.com/beta/reports/getMailboxUsageDetail(period='D7')?`$format=application/json" -tenantid $Item.tenant | ForEach-Object { if ($_.StorageUsedInBytes -eq 0) { continue } $PercentLeft = [math]::round($_.StorageUsedInBytes / $_.prohibitSendReceiveQuotaInBytes * 100) - if ($QueueItem.value -eq $true) { - if ($QueueItem.value) { $Value = $QueueItem.value } else { $Value = 90 } - if ($PercentLeft -gt 90) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "$($_.UserPrincipalName): Mailbox is more than $($value)% full. Mailbox is $PercentLeft% full" + if ($Item.value -eq $true) { + if ($Item.value) { $Value = $Item.value } else { $Value = 90 } + if ($PercentLeft -gt 90) { + Write-AlertMessage -tenant $($Item.tenant) -message "$($_.UserPrincipalName): Mailbox is more than $($value)% full. Mailbox is $PercentLeft% full" } } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSecDefaultsUpsell.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSecDefaultsUpsell.ps1 index 1380b73b4233..b89347a828a8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSecDefaultsUpsell.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSecDefaultsUpsell.ps1 @@ -2,26 +2,25 @@ function Push-CIPPAlertSecDefaultsUpsell { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) $LastRunTable = Get-CIPPTable -Table AlertLastRun try { - $Filter = "RowKey eq 'SecDefaultsUpsell' and PartitionKey eq '{0}'" -f $QueueItem.tenantid + $Filter = "RowKey eq 'SecDefaultsUpsell' and PartitionKey eq '{0}'" -f $Item.tenantid $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter $Yesterday = (Get-Date).AddDays(-1) if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) { try { - $SecDefaults = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy' -tenantid $QueueItem.tenant) + $SecDefaults = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/identitySecurityDefaultsEnforcementPolicy' -tenantid $Item.tenant) if ($SecDefaults.isEnabled -eq $false -and $SecDefaults.securityDefaultsUpsell.action -in @('autoEnable', 'autoEnabledNotify')) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message ('Security Defaults will be automatically enabled on {0}' -f $SecDefaults.securityDefaultsUpsell.dueDateTime) + Write-AlertMessage -tenant $($Item.tenant) -message ('Security Defaults will be automatically enabled on {0}' -f $SecDefaults.securityDefaultsUpsell.dueDateTime) } } catch {} $LastRun = @{ RowKey = 'SecDefaultsUpsell' - PartitionKey = $QueueItem.tenantid + PartitionKey = $Item.tenantid } Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 index 7eb8f351a6ca..9614e59d340c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 @@ -3,19 +3,18 @@ function Push-CIPPAlertSharepointQuota { [CmdletBinding()] param( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) Try { - $tenantName = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $QueueItem.Tenant | Where-Object { $_.isInitial -eq $true }).id.Split('.')[0] - $sharepointToken = (Get-GraphToken -scope "https://$($tenantName)-admin.sharepoint.com/.default" -tenantid $QueueItem.Tenant) + $tenantName = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $Item.Tenant | Where-Object { $_.isInitial -eq $true }).id.Split('.')[0] + $sharepointToken = (Get-GraphToken -scope "https://$($tenantName)-admin.sharepoint.com/.default" -tenantid $Item.Tenant) $sharepointToken.Add('accept', 'application/json') $sharepointQuota = (Invoke-RestMethod -Method 'GET' -Headers $sharepointToken -Uri "https://$($tenantName)-admin.sharepoint.com/_api/StorageQuotas()?api-version=1.3.2" -ErrorAction Stop).value if ($sharepointQuota) { - if ($QueueItem.value) { $Value = $QueueItem.value } else { $Value = 90 } + if ($Item.value) { $Value = $Item.value } else { $Value = 90 } $UsedStoragePercentage = [int](($sharepointQuota.GeoUsedStorageMB / $sharepointQuota.TenantStorageMB) * 100) if ($UsedStoragePercentage -gt $Value) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "SharePoint Storage is at $($UsedStoragePercentage)%. Your alert threshold is $($Value)%" + Write-AlertMessage -tenant $($Item.tenant) -message "SharePoint Storage is at $($UsedStoragePercentage)%. Your alert threshold is $($Value)%" } } } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertUnusedLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertUnusedLicenses.ps1 index 2bd58f8b6178..74be1a6e4030 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertUnusedLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertUnusedLicenses.ps1 @@ -2,26 +2,25 @@ function Push-CIPPAlertUnusedLicenses { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) try { $LicenseTable = Get-CIPPTable -TableName ExcludedLicenses $ExcludedSkuList = Get-CIPPAzDataTableEntity @LicenseTable - New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/subscribedSkus' -tenantid $QueueItem.tenant | ForEach-Object { + New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/subscribedSkus' -tenantid $Item.tenant | ForEach-Object { $skuid = $_ foreach ($sku in $skuid) { if ($sku.skuId -in $ExcludedSkuList.GUID) { continue } $PrettyName = ($ConvertTable | Where-Object { $_.GUID -eq $sku.skuid }).'Product_Display_Name' | Select-Object -Last 1 if (!$PrettyName) { $PrettyName = $sku.skuPartNumber } if ($sku.prepaidUnits.enabled - $sku.consumedUnits -gt 0) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "$PrettyName has unused licenses. Using $($_.consumedUnits) of $($_.prepaidUnits.enabled)." + Write-AlertMessage -tenant $($Item.tenant) -message "$PrettyName has unused licenses. Using $($_.consumedUnits) of $($_.prepaidUnits.enabled)." } } } } catch { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Unused Licenses Alert Error occurred: $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.tenant) -message "Unused Licenses Alert Error occurred: $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertVppTokenExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertVppTokenExpiry.ps1 index d18dd28dd11d..d9a2e70d6531 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertVppTokenExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertVppTokenExpiry.ps1 @@ -2,31 +2,30 @@ function Push-CIPPAlertVppTokenExpiry { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] - $QueueItem, - $TriggerMetadata + $Item ) $LastRunTable = Get-CIPPTable -Table AlertLastRun try { - $Filter = "RowKey eq 'VppTokenExpiry' and PartitionKey eq '{0}'" -f $QueueItem.tenantid + $Filter = "RowKey eq 'VppTokenExpiry' and PartitionKey eq '{0}'" -f $Item.tenantid $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter $Yesterday = (Get-Date).AddDays(-1) if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) { try { - $VppTokens = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceAppManagement/vppTokens' -tenantid $QueueItem.tenant).value + $VppTokens = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceAppManagement/vppTokens' -tenantid $Item.tenant).value foreach ($Vpp in $VppTokens) { if ($Vpp.state -ne 'valid') { - Write-AlertMessage -tenant $($QueueItem.tenant) -message 'Apple Volume Purchase Program Token is not valid, new token required' + Write-AlertMessage -tenant $($Item.tenant) -message 'Apple Volume Purchase Program Token is not valid, new token required' } if ($Vpp.expirationDateTime -lt (Get-Date).AddDays(30) -and $Vpp.expirationDateTime -gt (Get-Date).AddDays(-7)) { - Write-AlertMessage -tenant $($QueueItem.tenant) -message ('Apple Volume Purchase Program token expiring on {0}' -f $Vpp.expirationDateTime) + Write-AlertMessage -tenant $($Item.tenant) -message ('Apple Volume Purchase Program token expiring on {0}' -f $Vpp.expirationDateTime) } } } catch {} $LastRun = @{ RowKey = 'VppTokenExpiry' - PartitionKey = $QueueItem.tenantid + PartitionKey = $Item.tenantid } Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 index 30a4b2583cde..48b5ac8f474b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 @@ -1,42 +1,59 @@ function Push-SchedulerAlert { param ( - $QueueItem, $TriggerMetadata + $Item ) - $Tenant = $QueueItem + try { $Table = Get-CIPPTable -Table SchedulerConfig - if ($Tenant.tag -eq 'AllTenants') { + if ($Item.Tag -eq 'AllTenants') { $Filter = "RowKey eq 'AllTenants' and PartitionKey eq 'Alert'" } else { - $Filter = "RowKey eq '{0}' and PartitionKey eq 'Alert'" -f $Tenant.tenantid + $Filter = "RowKey eq '{0}' and PartitionKey eq 'Alert'" -f $Item.Tenantid } $Alerts = Get-CIPPAzDataTableEntity @Table -Filter $Filter - $IgnoreList = @('Etag', 'PartitionKey', 'Timestamp', 'RowKey', 'tenantid', 'tenant', 'type') - $alertList = $Alerts | Select-Object * -ExcludeProperty $IgnoreList - foreach ($task in ($AlertList.psobject.members | Where-Object { $_.MemberType -EQ 'NoteProperty' -and $_.value -ne $false })) { + $AlertList = $Alerts | Select-Object * -ExcludeProperty $IgnoreList + $Batch = foreach ($task in ($AlertList.psobject.members | Where-Object { $_.MemberType -EQ 'NoteProperty' -and $_.value -ne $false })) { $Table = Get-CIPPTable -TableName AlertRunCheck - $Filter = "PartitionKey eq '{0}' and RowKey eq '{1}' and Timestamp ge datetime'{2}'" -f $tenant.tenant, $task.Name, (Get-Date).AddMinutes(-10).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss') + $Filter = "PartitionKey eq '{0}' and RowKey eq '{1}' and Timestamp ge datetime'{2}'" -f $Item.Tenant, $task.Name, (Get-Date).AddMinutes(-10).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss') $ExistingMessage = Get-CIPPAzDataTableEntity @Table -Filter $Filter if (!$ExistingMessage) { - $QueueItem = [pscustomobject]@{ - tenant = $tenant.tenant - tenantid = $tenant.tenantid + [pscustomobject]@{ + Tenant = $Item.Tenant + Tenantid = $Item.Tenantid FunctionName = "CIPPAlert$($Task.Name)" value = $Task.value } - Push-OutputBinding -Name QueueItemOut -Value $QueueItem - $QueueItem | Add-Member -MemberType NoteProperty -Name 'RowKey' -Value $task.Name -Force - $QueueItem | Add-Member -MemberType NoteProperty -Name 'PartitionKey' -Value $tenant.tenant -Force - Add-CIPPAzDataTableEntity @Table -Entity $QueueItem -Force + #Push-OutputBinding -Name QueueItemOut -Value $Item + $Item | Add-Member -MemberType NoteProperty -Name 'RowKey' -Value $task.Name -Force + $Item | Add-Member -MemberType NoteProperty -Name 'PartitionKey' -Value $Item.Tenant -Force + + try { + $null = Add-CIPPAzDataTableEntity @Table -Entity $Item -Force -ErrorAction Stop + } catch { + Write-Host "################### Error updating alert $($_.Exception.Message) - $($Item | ConvertTo-Json)" + } } else { - Write-Host ('ALERTS: Duplicate run found. Ignoring. Tenant: {0}, Task: {1}' -f $tenant.tenant, $task.Name) + Write-Host ('ALERTS: Duplicate run found. Ignoring. Tenant: {0}, Task: {1}' -f $Item.tenant, $task.Name) } } + if (($Batch | Measure-Object).Count -gt 0) { + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'Alerts' + SkipLog = $true + Batch = @($Batch) + } + #Write-Host ($Batch | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started alert orchestration with ID = '$InstanceId'" + #$Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId + } else { + Write-Host 'No alerts to process' + } } catch { $Message = 'Exception on line {0} - {1}' -f $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message - Write-LogMessage -message $Message -API 'Alerts' -tenant $tenant.tenant -sev Error + Write-LogMessage -message $Message -API 'Alerts' -tenant $Item.tenant -sev Error } } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 b/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 index e4102cd31521..f302cfcfb306 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 @@ -16,20 +16,23 @@ function Write-CippFunctionStats { $TimeSpan = New-TimeSpan -Start $Start -End $End $Duration = [int]$TimeSpan.TotalSeconds + $StatEntity = @{} # Flatten data to json string - $Entity.PartitionKey = $FunctionType - $Entity.RowKey = $RowKey - $Entity.Start = $Start - $Entity.End = $End - $Entity.Duration = $Duration - $Entity.ErrorMsg = $ErrorMsg + $StatEntity.PartitionKey = $FunctionType + $StatEntity.RowKey = $RowKey + $StatEntity.Start = $Start + $StatEntity.End = $End + $StatEntity.Duration = $Duration + $StatEntity.ErrorMsg = $ErrorMsg $Entity = [PSCustomObject]$Entity foreach ($Property in $Entity.PSObject.Properties.Name) { if ($Entity.$Property.GetType().Name -in ('Hashtable', 'PSCustomObject')) { - $Entity.$Property = [string]($Entity.$Property | ConvertTo-Json -Compress) + $StatEntity.$Property = [string]($Entity.$Property | ConvertTo-Json -Compress) } } - Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force + $StatsEntity = [PSCustomObject]$StatsEntity + Write-Host ($StatEntity | ConvertTo-Json) + Add-CIPPAzDataTableEntity @Table -Entity $StatsEntity -Force } catch { Write-Host "Exception logging stats $($_.Exception.Message)" } diff --git a/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 index dd4acff806e8..1c7e177e3555 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 @@ -94,5 +94,5 @@ function Invoke-CIPPStandardsRun { $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) Write-Host "Started orchestration with ID = '$InstanceId'" - $Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId + #$Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 index 1dcd16e89cdb..e3682928503c 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAuditLog.ps1 @@ -4,13 +4,13 @@ function Invoke-CIPPStandardAuditLog { Internal #> param($Tenant, $Settings) - - $AuditLogEnabled = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AdminAuditLogConfig').UnifiedAuditLogIngestionEnabled + Write-Host ($Settings | ConvertTo-Json) + $AuditLogEnabled = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AdminAuditLogConfig' -Select UnifiedAuditLogIngestionEnabled).UnifiedAuditLogIngestionEnabled If ($Settings.remediate) { Write-Host 'Time to remediate' - - $DehydratedTenant = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig').IsDehydrated + + $DehydratedTenant = (New-ExoRequest -tenantid $Tenant -cmdlet 'Get-OrganizationConfig' -Select IsDehydrated).IsDehydrated if ($DehydratedTenant) { try { New-ExoRequest -tenantid $Tenant -cmdlet 'Enable-OrganizationCustomization' @@ -20,7 +20,7 @@ function Invoke-CIPPStandardAuditLog { Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to enable organization customization. Error: $ErrorMessage" -sev Debug } } - + try { if ($AuditLogEnabled) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'Unified Audit Log already enabled.' -sev Info diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index a651d072339f..67a480956b2d 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -51,31 +51,44 @@ function Receive-CippQueueTrigger { function Receive-CippOrchestrationTrigger { param($Context) - $DurableRetryOptions = @{ - FirstRetryInterval = (New-TimeSpan -Seconds 5) - MaxNumberOfAttempts = 3 - BackoffCoefficient = 2 - } - if (Test-Json -Json $Context.Input) { - $OrchestratorInput = $Context.Input | ConvertFrom-Json - } else { - $OrchestratorInput = $Context.Input - } - Write-Host ($Context | ConvertTo-Json -Depth 10) - $RetryOptions = New-DurableRetryOptions @DurableRetryOptions - Write-LogMessage -API $OrchestratorInput.OrchestratorName -tenant $OrchestratorInput.TenantFilter -message "Started $($OrchestratorInput.OrchestratorName)" -sev info + try { - if (!$OrchestratorInput.Batch -or ($OrchestratorInput.Batch | Measure-Object).Count -eq 0) { - $Batch = (Invoke-ActivityFunction -FunctionName 'CIPPActivityFunction' -Input $OrchestratorInput.QueueFunction) - } else { - $Batch = $OrchestratorInput.Batch - } + if (Test-Json -Json $Context.Input) { + $OrchestratorInput = $Context.Input | ConvertFrom-Json + } else { + $OrchestratorInput = $Context.Input + } - foreach ($Item in $Batch) { - Invoke-DurableActivity -FunctionName 'CIPPActivityFunction' -Input $Item -NoWait -RetryOptions $RetryOptions - } + $DurableRetryOptions = @{ + FirstRetryInterval = (New-TimeSpan -Seconds 5) + MaxNumberOfAttempts = if ($OrchestratorInput.MaxAttempts) { $OrchestratorInput.MaxAttempts } else { 3 } + BackoffCoefficient = 2 + } + #Write-Host ($OrchestratorInput | ConvertTo-Json -Depth 10) + $RetryOptions = New-DurableRetryOptions @DurableRetryOptions - Write-LogMessage -API $OrchestratorInput.OrchestratorName -tenant $tenant -message "Finished $($OrchestratorInput.OrchestratorName)" -sev Info + if ($Context.IsReplaying -ne $true -and -not $Context.Input.SkipLog) { + Write-LogMessage -API $OrchestratorInput.OrchestratorName -tenant $OrchestratorInput.TenantFilter -message "Started $($OrchestratorInput.OrchestratorName)" -sev info + } + + if (!$OrchestratorInput.Batch -or ($OrchestratorInput.Batch | Measure-Object).Count -eq 0) { + $Batch = (Invoke-ActivityFunction -FunctionName 'CIPPActivityFunction' -Input $OrchestratorInput.QueueFunction -ErrorAction Stop) + } else { + $Batch = $OrchestratorInput.Batch + } + + if (($Batch | Measure-Object).Count -gt 0) { + foreach ($Item in $Batch) { + $null = Invoke-DurableActivity -FunctionName 'CIPPActivityFunction' -Input $Item -NoWait -RetryOptions $RetryOptions -ErrorAction Stop + } + } + + if ($Context.IsReplaying -ne $true -and -not $Context.Input.SkipLog) { + Write-LogMessage -API $OrchestratorInput.OrchestratorName -tenant $tenant -message "Finished $($OrchestratorInput.OrchestratorName)" -sev Info + } + } catch { + Write-Host "Orchestrator error $($_.Exception.Message)" + } } function Receive-CippActivityTrigger { @@ -105,7 +118,7 @@ function Receive-CippActivityTrigger { ErrorMsg = $ErrorMsg } - Write-Information '####### Adding stats' + #Write-Information '####### Adding stats' Write-CippFunctionStats @Stats } diff --git a/Scheduler_GetQueue/function.json b/Scheduler_GetQueue/function.json index d0f59a682e3c..122f86c71d70 100644 --- a/Scheduler_GetQueue/function.json +++ b/Scheduler_GetQueue/function.json @@ -11,6 +11,11 @@ "direction": "out", "name": "QueueItem", "queueName": "CIPPGenericQueue" + }, + { + "name": "starter", + "type": "durableClient", + "direction": "in" } ] } diff --git a/Scheduler_GetQueue/run.ps1 b/Scheduler_GetQueue/run.ps1 index f14ccc274dd4..2e80dfd588a1 100644 --- a/Scheduler_GetQueue/run.ps1 +++ b/Scheduler_GetQueue/run.ps1 @@ -5,7 +5,7 @@ $Tenants = Get-CIPPAzDataTableEntity @Table | Where-Object -Property PartitionKe $Tasks = foreach ($Tenant in $Tenants) { if ($Tenant.tenant -ne 'AllTenants') { - [pscustomobject]@{ + [pscustomobject]@{ Tenant = $Tenant.tenant Tag = 'SingleTenant' TenantID = $Tenant.tenantid @@ -15,7 +15,7 @@ $Tasks = foreach ($Tenant in $Tenants) { Write-Host 'All tenants, doing them all' $TenantList = Get-Tenants foreach ($t in $TenantList) { - [pscustomobject]@{ + [pscustomobject]@{ Tenant = $t.defaultDomainName Tag = 'AllTenants' TenantID = $t.customerId @@ -23,19 +23,22 @@ $Tasks = foreach ($Tenant in $Tenants) { } } } -} +} -foreach ($Task in $Tasks) { - $QueueItem = [pscustomobject]@{ +$Batch = foreach ($Task in $Tasks) { + [pscustomobject]@{ Tenant = $task.tenant Tenantid = $task.tenantid Tag = $task.tag Type = $task.type FunctionName = "Scheduler$($Task.Type)" } - try { - Push-OutputBinding -Name QueueItem -Value $QueueItem - } catch { - Write-Host "Could not launch queue item for $($Task.tenant): $($_.Exception.Message)" - } -} \ No newline at end of file +} +$InputObject = [PSCustomObject]@{ + OrchestratorName = 'Scheduler' + Batch = @($Batch) +} +#Write-Host ($InputObject | ConvertTo-Json) +$InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) +Write-Host "Started orchestration with ID = '$InstanceId'" +#$Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId \ No newline at end of file From 9ec149fa2dedb4388761c436516e3b02470f0013 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 9 Mar 2024 11:40:06 -0800 Subject: [PATCH 096/243] up version --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 804440660c71..fb467b15735a 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.2.1 \ No newline at end of file +5.2.2 \ No newline at end of file From 2d20479b728517d98f2b148195bb782b59dac5b0 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 10 Mar 2024 21:30:20 -0400 Subject: [PATCH 097/243] Alerts tweak --- Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 | 2 +- Modules/CippEntrypoints/CippEntrypoints.psm1 | 5 ++--- Scheduler_GetQueue/run.ps1 | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 index 48b5ac8f474b..0e4b50c8f9f2 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 @@ -41,7 +41,7 @@ function Push-SchedulerAlert { } if (($Batch | Measure-Object).Count -gt 0) { $InputObject = [PSCustomObject]@{ - OrchestratorName = 'Alerts' + OrchestratorName = 'AlertsOrchestrator' SkipLog = $true Batch = @($Batch) } diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index 67a480956b2d..749a0a41a674 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -52,7 +52,6 @@ function Receive-CippOrchestrationTrigger { param($Context) try { - if (Test-Json -Json $Context.Input) { $OrchestratorInput = $Context.Input | ConvertFrom-Json } else { @@ -67,7 +66,7 @@ function Receive-CippOrchestrationTrigger { #Write-Host ($OrchestratorInput | ConvertTo-Json -Depth 10) $RetryOptions = New-DurableRetryOptions @DurableRetryOptions - if ($Context.IsReplaying -ne $true -and -not $Context.Input.SkipLog) { + if ($Context.IsReplaying -ne $true -and $Context.Input.SkipLog -ne $true) { Write-LogMessage -API $OrchestratorInput.OrchestratorName -tenant $OrchestratorInput.TenantFilter -message "Started $($OrchestratorInput.OrchestratorName)" -sev info } @@ -83,7 +82,7 @@ function Receive-CippOrchestrationTrigger { } } - if ($Context.IsReplaying -ne $true -and -not $Context.Input.SkipLog) { + if ($Context.IsReplaying -ne $true -and $Context.Input.SkipLog -ne $true) { Write-LogMessage -API $OrchestratorInput.OrchestratorName -tenant $tenant -message "Finished $($OrchestratorInput.OrchestratorName)" -sev Info } } catch { diff --git a/Scheduler_GetQueue/run.ps1 b/Scheduler_GetQueue/run.ps1 index 2e80dfd588a1..6d0553001e1e 100644 --- a/Scheduler_GetQueue/run.ps1 +++ b/Scheduler_GetQueue/run.ps1 @@ -35,7 +35,7 @@ $Batch = foreach ($Task in $Tasks) { } } $InputObject = [PSCustomObject]@{ - OrchestratorName = 'Scheduler' + OrchestratorName = 'SchedulerOrchestrator' Batch = @($Batch) } #Write-Host ($InputObject | ConvertTo-Json) From 502e3046d60775958b174b294cb05e5a12b5ec87 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 10 Mar 2024 21:32:48 -0400 Subject: [PATCH 098/243] update init dev env --- Tools/Initialize-DevEnvironment.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Tools/Initialize-DevEnvironment.ps1 b/Tools/Initialize-DevEnvironment.ps1 index 4f4f8f55aa58..e8b67a373ae5 100644 --- a/Tools/Initialize-DevEnvironment.ps1 +++ b/Tools/Initialize-DevEnvironment.ps1 @@ -13,3 +13,4 @@ Import-Module "$CippRoot\Modules\AzBobbyTables" Import-Module "$CippRoot\Modules\DNSHealth" Import-Module "$CippRoot\Modules\CippQueue" Import-Module "$CippRoot\Modules\CippCore" +Get-CIPPAuthentication \ No newline at end of file From 5113751dc0b7f6b612007de569f99f695b2718f3 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 12 Mar 2024 11:05:29 +0100 Subject: [PATCH 099/243] check for existence of upn --- Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 | 2 +- .../CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 index 66685982d956..6b933fbf64a0 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 @@ -13,7 +13,7 @@ function Push-CIPPAlertMFAAdmins { } if (!$DuoActive) { $users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?$top=999&$filter=IsAdmin eq true' -tenantid $($Item.tenant) | Where-Object -Property 'isMfaRegistered' -EQ $false - if ($users) { + if ($users.UserPrincipalName) { Write-AlertMessage -tenant $Item.tenant -message "The following admins do not have MFA registered: $($users.UserPrincipalName -join ', ')" } } else { diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 index a02d2afcdc34..e6401a7b117f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 @@ -7,7 +7,7 @@ function Push-CIPPAlertMFAAlertUsers { try { $users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?$filter=isMfaRegistered eq false and userType eq ''member''&$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered' -tenantid $($Item.tenant) - if ($users) { + if ($users.UserPrincipalName) { Write-AlertMessage -tenant $Item.tenant -message "The following $($users.Count) users do not have MFA registered: $($users.UserPrincipalName -join ', ')" } From 8fcf2f4a95134edca8416d2e7b83790fb4310d75 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 12 Mar 2024 11:53:26 +0100 Subject: [PATCH 100/243] fixes sharepoint quota --- .../Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 index 9614e59d340c..58dedd4888a8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 @@ -11,7 +11,7 @@ function Push-CIPPAlertSharepointQuota { $sharepointToken.Add('accept', 'application/json') $sharepointQuota = (Invoke-RestMethod -Method 'GET' -Headers $sharepointToken -Uri "https://$($tenantName)-admin.sharepoint.com/_api/StorageQuotas()?api-version=1.3.2" -ErrorAction Stop).value if ($sharepointQuota) { - if ($Item.value) { $Value = $Item.value } else { $Value = 90 } + if ($Item.value -Is [Boolean]) { $Value = 90 } else { $Value = $Item.value } $UsedStoragePercentage = [int](($sharepointQuota.GeoUsedStorageMB / $sharepointQuota.TenantStorageMB) * 100) if ($UsedStoragePercentage -gt $Value) { Write-AlertMessage -tenant $($Item.tenant) -message "SharePoint Storage is at $($UsedStoragePercentage)%. Your alert threshold is $($Value)%" From 55ccf3ce8943fdb079bdf992b79c69f42b85a2d5 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 12 Mar 2024 12:24:10 +0100 Subject: [PATCH 101/243] fixes depth issues --- .../Public/Entrypoints/Invoke-ExecUserSettings.ps1 | 9 ++++----- .../Public/Entrypoints/Invoke-ListUserSettings.ps1 | 4 ++-- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUserSettings.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUserSettings.ps1 index 76469b49b477..ab9092f13c1d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUserSettings.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUserSettings.ps1 @@ -11,18 +11,17 @@ function Invoke-ExecUserSettings { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' try { - $object = $request.body.currentSettings | Select-Object * -ExcludeProperty CurrentTenant, pageSizes, sidebarShow, sidebarUnfoldable, _persist | ConvertTo-Json -Compress + $object = $request.body.currentSettings | Select-Object * -ExcludeProperty CurrentTenant, pageSizes, sidebarShow, sidebarUnfoldable, _persist | ConvertTo-Json -Compress -Depth 10 $Table = Get-CippTable -tablename 'UserSettings' $Table.Force = $true Add-CIPPAzDataTableEntity @Table -Entity @{ JSON = "$object" RowKey = "$($Request.body.user)" - PartitionKey = "UserSettings" + PartitionKey = 'UserSettings' } $StatusCode = [HttpStatusCode]::OK - $Results = [pscustomobject]@{"Results" = "Successfully added user settings" } - } - catch { + $Results = [pscustomobject]@{'Results' = 'Successfully added user settings' } + } catch { $ErrorMsg = Get-NormalizedError -message $($_.Exception.Message) $Results = "Function Error: $ErrorMsg" $StatusCode = [HttpStatusCode]::BadRequest diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSettings.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSettings.ps1 index 274c5d8383f1..50781d922e7b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSettings.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSettings.ps1 @@ -14,8 +14,8 @@ function Invoke-ListUserSettings { try { $Table = Get-CippTable -tablename 'UserSettings' $UserSettings = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq 'allUsers'" - if (!$UserSettings) { Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$username'" } - $UserSettings = $UserSettings | Select-Object -ExpandProperty JSON | ConvertFrom-Json -Depth 10 -ErrorAction SilentlyContinue + if (!$UserSettings) { $userSettings = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$username'" } + $UserSettings = $UserSettings.JSON | ConvertFrom-Json -Depth 10 -ErrorAction SilentlyContinue $StatusCode = [HttpStatusCode]::OK $Results = $UserSettings } catch { From 872449094bf48a7d3294564f20343431c526f6f5 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 12 Mar 2024 11:44:19 -0400 Subject: [PATCH 102/243] Tenant Onboarding durable --- .../Entrypoints/Invoke-ExecOnboardTenant.ps1 | 20 +++++++++++------ .../Push-ExecOnboardTenantQueue.ps1 | 22 +++++++++---------- 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOnboardTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOnboardTenant.ps1 index e9e23c2a174e..41365297ca4f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOnboardTenant.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOnboardTenant.ps1 @@ -52,13 +52,19 @@ function Invoke-ExecOnboardTenant { } Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop - Push-OutputBinding -Name QueueItem -Value ([pscustomobject]@{ - FunctionName = 'ExecOnboardTenantQueue' - id = $Id - Roles = $Request.Body.gdapRoles - AddMissingGroups = $Request.Body.addMissingGroups - AutoMapRoles = $Request.Body.autoMapRoles - }) + $Item = [pscustomobject]@{ + FunctionName = 'ExecOnboardTenantQueue' + id = $Id + Roles = $Request.Body.gdapRoles + AddMissingGroups = $Request.Body.addMissingGroups + AutoMapRoles = $Request.Body.autoMapRoles + } + + $InputObject = @{ + OrchestratorName = 'OnboardingOrchestrator' + Batch = @($Item) + } + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) } $Steps = $TenantOnboarding.OnboardingSteps | ConvertFrom-Json diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 index 6c12ad723332..24d206b069c7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 @@ -4,11 +4,11 @@ Function Push-ExecOnboardTenantQueue { Entrypoint #> [CmdletBinding()] - param($QueueItem, $TriggerMetadata) + param($Item) try { $DateFormat = '%Y-%m-%d %H:%M:%S' - $Id = $QueueItem.id - #Write-Host ($QueueItem.Roles | ConvertTo-Json) + $Id = $Item.id + #Write-Host ($Item.Roles | ConvertTo-Json) $Start = Get-Date $Logs = [System.Collections.Generic.List[object]]::new() $OnboardTable = Get-CIPPTable -TableName 'TenantOnboarding' @@ -117,7 +117,7 @@ Function Push-ExecOnboardTenantQueue { if ($OnboardingSteps.Step2.Status -eq 'succeeded') { $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Checking group mapping' }) $AccessAssignments = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$Id/accessAssignments" - if ($AccessAssignments.id -and $QueueItem.AutoMapRoles -ne $true) { + if ($AccessAssignments.id -and $Item.AutoMapRoles -ne $true) { $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Groups mapped' }) $OnboardingSteps.Step3.Status = 'succeeded' $OnboardingSteps.Step3.Message = 'Your GDAP relationship already has mapped security groups' @@ -136,8 +136,8 @@ Function Push-ExecOnboardTenantQueue { $MissingRoles = [System.Collections.Generic.List[object]]::new() $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Relationship has existing access assignments, checking for missing mappings' }) #Write-Host ($AccessAssignments | ConvertTo-Json -Depth 5) - if ($QueueItem.Roles -and $QueueItem.AutoMapRoles -eq $true) { - foreach ($Role in $QueueItem.Roles) { + if ($Item.Roles -and $Item.AutoMapRoles -eq $true) { + foreach ($Role in $Item.Roles) { if ($AccessAssignments.accessContainer.accessContainerid -notcontains $Role.GroupId -and $Relationship.accessDetails.unifiedRoles.roleDefinitionId -contains $Role.roleDefinitionId) { $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = "Adding missing group to relationship: $($Role.GroupName)" }) $MissingRoles.Add([PSCustomObject]$Role) @@ -161,16 +161,16 @@ Function Push-ExecOnboardTenantQueue { } } - if (!$AccessAssignments.id -and !$Invite -and $QueueItem.Roles) { + if (!$AccessAssignments.id -and !$Invite -and $Item.Roles) { $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'No access assignments found, using defined role mapping.' }) $MatchingRoles = [System.Collections.Generic.List[object]]::new() - foreach ($Role in $QueueItem.Roles) { + foreach ($Role in $Item.Roles) { if ($Relationship.accessDetails.unifiedRoles.roleDefinitionId -contains $Role.roleDefinitionId) { $MatchingRoles.Add([PSCustomObject]$Role) } } - if (($MatchingRoles | Measure-Object).Count -gt 0 -and $QueueItem.AutoMapRoles -eq $true) { + if (($MatchingRoles | Measure-Object).Count -gt 0 -and $Item.AutoMapRoles -eq $true) { $Invite = [PSCustomObject]@{ 'PartitionKey' = 'invite' 'RowKey' = $Id @@ -224,11 +224,11 @@ Function Push-ExecOnboardTenantQueue { if ($AccessAssignments.status -notcontains 'pending') { $OnboardingSteps.Step3.Message = 'Group check: Access assignments are mapped and active' $OnboardingSteps.Step3.Status = 'succeeded' - if ($QueueItem.AddMissingGroups -eq $true) { + if ($Item.AddMissingGroups -eq $true) { $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Checking for missing groups for SAM user' }) $SamUserId = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me?`$select=id").id $CurrentMemberships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me/transitiveMemberOf?`$select=id,displayName" - foreach ($Role in $QueueItem.Roles) { + foreach ($Role in $Item.Roles) { if ($CurrentMemberships.id -notcontains $Role.GroupId) { $PostBody = @{ '@odata.id' = 'https://graph.microsoft.com/v1.0/directoryObjects/{0}' -f $SamUserId From 6d8ccf652d753afa988c18a11b0e0509e2bcc454 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 12 Mar 2024 16:52:26 +0100 Subject: [PATCH 103/243] update license overview --- .../Entrypoints/Invoke-ListLicenses.ps1 | 12 ++++- .../Public/Get-CIPPLicenseOverview.ps1 | 51 +++++++++++-------- 2 files changed, 39 insertions(+), 24 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 index 27c2db9767a3..03a719a7f259 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 @@ -18,7 +18,11 @@ Function Invoke-ListLicenses { # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter $RawGraphRequest = if ($TenantFilter -ne 'AllTenants') { - $GraphRequest = Get-CIPPLicenseOverview -TenantFilter $TenantFilter + $GraphRequest = Get-CIPPLicenseOverview -TenantFilter $TenantFilter | ForEach-Object { + $TermInfo = $_.TermInfo | ConvertFrom-Json -ErrorAction SilentlyContinue + $_.TermInfo = $TermInfo + $_ + } } else { $Table = Get-CIPPTable -TableName cachelicenses $Rows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Timestamp -GT (Get-Date).AddHours(-1) @@ -29,7 +33,11 @@ Function Invoke-ListLicenses { License = 'Loading data for all tenants. Please check back in 1 minute' } } else { - $GraphRequest = $Rows + $GraphRequest = $Rows | ForEach-Object { + $TermInfo = $_.TermInfo | ConvertFrom-Json -ErrorAction SilentlyContinue + $_.TermInfo = $TermInfo + $_ + } } } diff --git a/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 b/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 index 698d30653774..9f06bddd2512 100644 --- a/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 @@ -3,19 +3,17 @@ function Get-CIPPLicenseOverview { [CmdletBinding()] param ( $TenantFilter, - $APIName = "Get License Overview", + $APIName = 'Get License Overview', $ExecutingUser ) $LicRequest = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/subscribedSkus' -tenantid $TenantFilter - $LicOverviewRequest = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/directory/subscriptions' -tenantid $TenantFilter | Where-Object -Property nextLifecycleDateTime -GT (Get-Date) | Select-Object *, - @{Name = 'consumedUnits'; Expression = { ($LicRequest | Where-Object -Property skuid -EQ $_.skuId).consumedUnits } }, - @{Name = 'prepaidUnits'; Expression = { ($LicRequest | Where-Object -Property skuid -EQ $_.skuId).prepaidUnits } } + $SkuIDs = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/directory/subscriptions' -tenantid $TenantFilter $RawGraphRequest = [PSCustomObject]@{ Tenant = $TenantFilter - Licenses = $LicOverviewRequest + Licenses = $LicRequest } Set-Location (Get-Item $PSScriptRoot).FullName $ConvertTable = Import-Csv Conversiontable.csv @@ -27,33 +25,42 @@ function Get-CIPPLicenseOverview { if ($sku.skuId -in $ExcludedSkuList.GUID) { continue } $PrettyName = ($ConvertTable | Where-Object { $_.guid -eq $sku.skuid }).'Product_Display_Name' | Select-Object -Last 1 if (!$PrettyName) { $PrettyName = $sku.skuPartNumber } - $diff = $sku.nextLifecycleDateTime - $sku.createdDateTime + # Initialize $Term with the default value - $Term = "Term unknown or non-NCE license" - if ($diff.Days -ge 360 -and $diff.Days -le 1089) { - $Term = "Yearly" + $TermInfo = foreach ($Subscription in $skuid.subscriptionIds) { + $SubInfo = $SkuIDs | Where-Object { $_.id -eq $Subscription } + $diff = $SubInfo.nextLifecycleDateTime - $SubInfo.createdDateTime + $Term = 'Term unknown or non-NCE license' + if ($diff.Days -ge 360 -and $diff.Days -le 1089) { + $Term = 'Yearly' + } elseif ($diff.Days -ge 1090 -and $diff.Days -le 1100) { + $Term = '3 Year' + } elseif ($diff.Days -ge 25 -and $diff.Days -le 35) { + $Term = 'Monthly' + } + $TimeUntilRenew = ($subinfo.nextLifecycleDateTime - (Get-Date)).days + [PSCustomObject]@{ + Status = $SubInfo.status + Term = $Term + TotalLicenses = $SubInfo.totalLicenses + TimeUntilRenew = $TimeUntilRenew + NextLifecycle = $SubInfo.nextLifecycleDateTime + SubscriptionId = $subinfo.id + IsTrial = $SubInfo.isTrial + CSPSubscriptionId = $SubInfo.commerceSubscriptionId + OCPSubscriptionId = $SubInfo.ocpSubscriptionId + } } - elseif ($diff.Days -ge 1090 -and $diff.Days -le 1100) { - $Term = "3 Year" - } - elseif ($diff.Days -ge 25 -and $diff.Days -le 35) { - $Term = "Monthly" - } - $TimeUntilRenew = $sku.nextLifecycleDateTime - (Get-Date) [pscustomobject]@{ Tenant = [string]$singlereq.Tenant License = [string]$PrettyName CountUsed = [string]"$($sku.consumedUnits)" CountAvailable = [string]$sku.prepaidUnits.enabled - $sku.consumedUnits - TotalLicenses = [string]"$($sku.TotalLicenses)" + TotalLicenses = [string]"$($sku.prepaidUnits.enabled)" skuId = [string]$sku.skuId skuPartNumber = [string]$PrettyName availableUnits = [string]$sku.prepaidUnits.enabled - $sku.consumedUnits - EstTerm = [string]$Term - TimeUntilRenew = [string]"$($TimeUntilRenew.Days)" - Trial = [bool]$sku.isTrial - dateCreated = [string]$sku.createdDateTime - dateExpires = [string]$sku.nextLifecycleDateTime + TermInfo = [string]($TermInfo | ConvertTo-Json -Depth 10 -Compress) 'PartitionKey' = 'License' 'RowKey' = "$($singlereq.Tenant) - $($sku.skuid)" } From 46727f6d310ad521cf4ba44ac0a9e0d56afa728d Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 12 Mar 2024 16:56:13 +0100 Subject: [PATCH 104/243] license overview --- Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 b/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 index 9f06bddd2512..d4d057f6ddfc 100644 --- a/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 @@ -43,10 +43,10 @@ function Get-CIPPLicenseOverview { Status = $SubInfo.status Term = $Term TotalLicenses = $SubInfo.totalLicenses - TimeUntilRenew = $TimeUntilRenew + DaysUntilRenew = $TimeUntilRenew NextLifecycle = $SubInfo.nextLifecycleDateTime - SubscriptionId = $subinfo.id IsTrial = $SubInfo.isTrial + SubscriptionId = $subinfo.id CSPSubscriptionId = $SubInfo.commerceSubscriptionId OCPSubscriptionId = $SubInfo.ocpSubscriptionId } From 0adb85d0c4d1cda43bd472333bafb5b531d0a2f7 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 12 Mar 2024 17:08:50 +0100 Subject: [PATCH 105/243] ordered list --- Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 b/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 index d4d057f6ddfc..9668cd51b50e 100644 --- a/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPLicenseOverview.ps1 @@ -27,7 +27,7 @@ function Get-CIPPLicenseOverview { if (!$PrettyName) { $PrettyName = $sku.skuPartNumber } # Initialize $Term with the default value - $TermInfo = foreach ($Subscription in $skuid.subscriptionIds) { + $TermInfo = foreach ($Subscription in $sku.subscriptionIds) { $SubInfo = $SkuIDs | Where-Object { $_.id -eq $Subscription } $diff = $SubInfo.nextLifecycleDateTime - $SubInfo.createdDateTime $Term = 'Term unknown or non-NCE license' From 21a4119ac3b0dc5de9e80bced3a23b93084531db Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 12 Mar 2024 12:27:01 -0400 Subject: [PATCH 106/243] Graph Request durable --- .../Push-ListGraphRequestQueue.ps1 | 46 +++++++++---------- .../GraphRequests/Get-GraphRequestList.ps1 | 21 +++++++-- 2 files changed, 40 insertions(+), 27 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ListGraphRequestQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-ListGraphRequestQueue.ps1 index 82f12e1df665..1705df9a7f70 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-ListGraphRequestQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-ListGraphRequestQueue.ps1 @@ -4,36 +4,36 @@ function Push-ListGraphRequestQueue { Entrypoint #> # Input bindings are passed in via param block. - param($QueueItem, $TriggerMetadata) + param($Item) # Write out the queue message and metadata to the information log. - Write-Host "PowerShell queue trigger function processed work item: $($QueueItem.Endpoint) - $($QueueItem.TenantFilter)" + Write-Host "PowerShell queue trigger function processed work item: $($Item.Endpoint) - $($Item.TenantFilter)" - $TenantQueueName = '{0} - {1}' -f $QueueItem.QueueName, $QueueItem.TenantFilter - Update-CippQueueEntry -RowKey $QueueItem.QueueId -Status 'Processing' -Name $TenantQueueName + $TenantQueueName = '{0} - {1}' -f $Item.QueueName, $Item.TenantFilter + Update-CippQueueEntry -RowKey $Item.QueueId -Status 'Processing' -Name $TenantQueueName $ParamCollection = [System.Web.HttpUtility]::ParseQueryString([String]::Empty) - foreach ($Item in ($QueueItem.Parameters.GetEnumerator() | Sort-Object -CaseSensitive -Property Key)) { - $ParamCollection.Add($Item.Key, $Item.Value) + foreach ($Param in ($Item.Parameters.GetEnumerator() | Sort-Object -CaseSensitive -Property Key)) { + $ParamCollection.Add($Param.Key, $Param.Value) } - $PartitionKey = $QueueItem.PartitionKey + $PartitionKey = $Item.PartitionKey - $TableName = ('cache{0}' -f ($QueueItem.Endpoint -replace '[^A-Za-z0-9]'))[0..62] -join '' - Write-Host $TableName + $TableName = ('cache{0}' -f ($Item.Endpoint -replace '[^A-Za-z0-9]'))[0..62] -join '' + Write-Host "Queue Table: $TableName" $Table = Get-CIPPTable -TableName $TableName - $Filter = "PartitionKey eq '{0}' and Tenant eq '{1}'" -f $PartitionKey, $QueueItem.TenantFilter - Write-Host $Filter + $Filter = "PartitionKey eq '{0}' and Tenant eq '{1}'" -f $PartitionKey, $Item.TenantFilter + Write-Host "Filter: $Filter" Get-CIPPAzDataTableEntity @Table -Filter $Filter -Property PartitionKey, RowKey | Remove-AzDataTableEntity @Table $GraphRequestParams = @{ - TenantFilter = $QueueItem.TenantFilter - Endpoint = $QueueItem.Endpoint - Parameters = $QueueItem.Parameters - NoPagination = $QueueItem.NoPagination - ReverseTenantLookupProperty = $QueueItem.ReverseTenantLookupProperty - ReverseTenantLookup = $QueueItem.ReverseTenantLookup + TenantFilter = $Item.TenantFilter + Endpoint = $Item.Endpoint + Parameters = $Item.Parameters + NoPagination = $Item.NoPagination + ReverseTenantLookupProperty = $Item.ReverseTenantLookupProperty + ReverseTenantLookup = $Item.ReverseTenantLookup SkipCache = $true } @@ -41,7 +41,7 @@ function Push-ListGraphRequestQueue { Get-GraphRequestList @GraphRequestParams } catch { [PSCustomObject]@{ - Tenant = $QueueItem.Tenant + Tenant = $Item.Tenant CippStatus = "Could not connect to tenant. $($_.Exception.message)" } } @@ -49,9 +49,9 @@ function Push-ListGraphRequestQueue { $GraphResults = foreach ($Request in $RawGraphRequest) { $Json = ConvertTo-Json -Depth 5 -Compress -InputObject $Request [PSCustomObject]@{ - TenantFilter = [string]$QueueItem.TenantFilter - QueueId = [string]$QueueItem.QueueId - QueueType = [string]$QueueItem.QueueType + TenantFilter = [string]$Item.TenantFilter + QueueId = [string]$Item.QueueId + QueueType = [string]$Item.QueueType RowKey = [string](New-Guid) PartitionKey = [string]$PartitionKey Data = [string]$Json @@ -59,9 +59,9 @@ function Push-ListGraphRequestQueue { } try { Add-CIPPAzDataTableEntity @Table -Entity $GraphResults -Force | Out-Null - Update-CippQueueEntry -RowKey $QueueItem.QueueId -Status 'Completed' + Update-CippQueueEntry -RowKey $Item.QueueId -Status 'Completed' } catch { Write-Host "Queue Error: $($_.Exception.Message)" - Update-CippQueueEntry -RowKey $QueueItem.QueueId -Status 'Failed' + Update-CippQueueEntry -RowKey $Item.QueueId -Status 'Failed' } } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 b/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 index 3b3b4660a0bf..52cc2c3778dc 100644 --- a/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 +++ b/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 @@ -158,9 +158,9 @@ function Get-GraphRequestList { } Write-Host 'Pushing output bindings' try { - Get-Tenants -IncludeErrors | ForEach-Object { + $Batch = Get-Tenants -IncludeErrors | ForEach-Object { $TenantFilter = $_.defaultDomainName - $QueueTenant = [PSCustomObject]@{ + [PSCustomObject]@{ FunctionName = 'ListGraphRequestQueue' TenantFilter = $TenantFilter Endpoint = $Endpoint @@ -175,8 +175,15 @@ function Get-GraphRequestList { ReverseTenantLookup = $ReverseTenantLookup.IsPresent } - Push-OutputBinding -Name QueueItem -Value $QueueTenant + #Push-OutputBinding -Name QueueItem -Value $QueueTenant + } + + $InputObject = @{ + OrchestratorName = 'GraphRequestOrchestrator' + Batch = @($Batch) } + #Write-Host ($InputObject | ConvertTo-Json -Depth 5) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) } catch { Write-Host "QUEUE ERROR: $($_.Exception.Message)" } @@ -234,7 +241,13 @@ function Get-GraphRequestList { ReverseTenantLookup = $ReverseTenantLookup.IsPresent } - Push-OutputBinding -Name QueueItem -Value $QueueTenant + $InputObject = @{ + OrchestratorName = 'GraphRequestOrchestrator' + Batch = @($QueueTenant) + } + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + + #Push-OutputBinding -Name QueueItem -Value $QueueTenant [PSCustomObject]@{ QueueMessage = ('Loading {0} rows for {1}. Please check back after the job completes' -f $Count, $TenantFilter) From ea858fcf4aa55185afecbdf98501c8f7e0c2be75 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 12 Mar 2024 17:38:07 +0100 Subject: [PATCH 107/243] cleanup --- MailProviders/Mesh.json | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 MailProviders/Mesh.json diff --git a/MailProviders/Mesh.json b/MailProviders/Mesh.json deleted file mode 100644 index 3109cc8c4876..000000000000 --- a/MailProviders/Mesh.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "Name": "Mesh Email Security", - "_MxComment": "https://docs.emailsecurity.app/help-center/connection-details", - "MxMatch": "emailsecurity.app", - "_SpfComment": "https://docs.emailsecurity.app/help-center/connection-details", - "SpfInclude": "spf1.emailsecurity.app", - "_DkimComment": "No configuration found", - "Selectors": [""] -} \ No newline at end of file From 598be08dda54dbd666b4feffeb3e3d453c8849ff Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 12 Mar 2024 18:07:49 +0100 Subject: [PATCH 108/243] added hard exit fail --- Modules/CIPPCore/Public/Entrypoints/Invoke-AddUser.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUser.ps1 index c1d7512b14d6..41c1004a8cf6 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUser.ps1 @@ -59,6 +59,7 @@ Function Invoke-AddUser { } catch { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($userobj.tenantid) -message "Failed to create user. Error:$($_.Exception.Message)" -Sev 'Error' $body = $results.add("Failed to create user. $($_.Exception.Message)" ) + exit 1 } try { From 684f9fdd4c9cf61500d1b2fd44d85aa297b8780c Mon Sep 17 00:00:00 2001 From: Mo Date: Wed, 13 Mar 2024 11:36:20 +0000 Subject: [PATCH 109/243] Adding group members missing output --- Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 b/Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 index 2ff3c406102b..a4c66a07cb7b 100644 --- a/Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 @@ -16,7 +16,7 @@ function Add-CIPPGroupMember( } else { New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupId)" -tenantid $TenantFilter -type patch -body $addmemberbody -Verbose } - $Message = "Successfully added user $($Member) to $GroupId." + $Message = "Successfully added user $($Member) to $($GroupId)." Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info' return $message return From b2dd27611b0a4384b681a674da3d2d821e512b9a Mon Sep 17 00:00:00 2001 From: Mo Date: Wed, 13 Mar 2024 12:18:15 +0000 Subject: [PATCH 110/243] Add output for what group the user was removed from --- Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 b/Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 index 9567039fe8e4..54c6a33e1a9d 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPGroupMember.ps1 @@ -16,7 +16,7 @@ function Remove-CIPPGroupMember( } else { New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupId)/members/$($Member)/`$ref" -tenantid $TenantFilter -type DELETE -body '{}' -Verbose } - $Message = "Successfully removed user $($Member) from $GroupId." + $Message = "Successfully removed user $($Member) from $($GroupId)." Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info' return $message } catch { From e71c9ccb6f1cad34d061424ab23931fa602ad96c Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 13 Mar 2024 09:57:52 -0400 Subject: [PATCH 111/243] Webhooks Durable --- .../Invoke-ListPendingWebhooks.ps1 | 41 ++++++ .../Entrypoints/Invoke-PublicWebhooks.ps1 | 128 ++++++++++++++++++ .../Entrypoints/Push-PublicWebhookProcess.ps1 | 17 +++ PublicWebhooks/function.json | 22 --- PublicWebhooks/run.ps1 | 37 ----- PublicWebhooksProcess/function.json | 10 -- PublicWebhooksProcess/run.ps1 | 79 ----------- Scheduler_GetWebhooks/function.json | 15 ++ Scheduler_GetWebhooks/run.ps1 | 13 ++ 9 files changed, 214 insertions(+), 148 deletions(-) create mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-ListPendingWebhooks.ps1 create mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 create mode 100644 Modules/CIPPCore/Public/Entrypoints/Push-PublicWebhookProcess.ps1 delete mode 100644 PublicWebhooks/function.json delete mode 100644 PublicWebhooks/run.ps1 delete mode 100644 PublicWebhooksProcess/function.json delete mode 100644 PublicWebhooksProcess/run.ps1 create mode 100644 Scheduler_GetWebhooks/function.json create mode 100644 Scheduler_GetWebhooks/run.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPendingWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPendingWebhooks.ps1 new file mode 100644 index 000000000000..24c7020f0e31 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPendingWebhooks.ps1 @@ -0,0 +1,41 @@ +using namespace System.Net + +Function Invoke-ListPendingWebhooks { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + # Write to the Azure Functions log stream. + Write-Host 'PowerShell HTTP trigger function processed a request.' + try { + $Table = Get-CIPPTable -TableName 'WebhookIncoming' + $Webhooks = Get-CIPPAzDataTableEntity @Table + $Results = $Webhooks | Select-Object -ExcludeProperty RowKey, PartitionKey, ETag, Timestamp + $PendingWebhooks = foreach ($Result in $Results) { + foreach ($Property in $Result.PSObject.Properties.Name) { + if (Test-Json -Json $Result.$Property -ErrorAction SilentlyContinue) { + $Result.$Property = $Result.$Property | ConvertFrom-Json + } + } + $Result + } + } catch { + $PendingWebhooks = @() + } + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = @{ + Results = @($PendingWebhooks) + Metadata = @{ + Count = ($PendingWebhooks | Measure-Object).Count + } + } + }) +} diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 new file mode 100644 index 000000000000..97c135235cd6 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 @@ -0,0 +1,128 @@ +using namespace System.Net +function Invoke-PublicWebhooks { + # Input bindings are passed in via param block. + param($Request, $TriggerMetadata) + + Set-Location (Get-Item $PSScriptRoot).Parent.FullName + $WebhookTable = Get-CIPPTable -TableName webhookTable + $WebhookIncoming = Get-CIPPTable -TableName WebhookIncoming + $Webhooks = Get-CIPPAzDataTableEntity @WebhookTable + Write-Host 'Received request' + Write-Host "CIPPID: $($request.Query.CIPPID)" + $url = ($request.headers.'x-ms-original-url').split('/API') | Select-Object -First 1 + Write-Host $url + if ($Request.Query.CIPPID -in $Webhooks.RowKey) { + Write-Host 'Found matching CIPPID' + if ($Webhooks.Resource -eq 'M365AuditLogs') { + Write-Host "Found M365AuditLogs - This is an old entry, we'll deny so Microsoft stops sending it." + $body = 'This webhook is not authorized, its an old entry.' + $StatusCode = [HttpStatusCode]::Forbidden + } + if ($Request.query.ValidationToken -or $Request.body.validationCode) { + Write-Host 'Validation token received' + $body = $request.query.ValidationToken + $StatusCode = [HttpStatusCode]::OK + } else { + Write-Host 'Received request' + Write-Host "CIPPID: $($request.Query.CIPPID)" + $url = ($request.headers.'x-ms-original-url').split('/API') | Select-Object -First 1 + Write-Host $url + + $Webhookinfo = $Webhooks | Where-Object -Property RowKey -EQ $Request.query.CIPPID + + if ($Request.Query.Type -eq 'GraphSubscription') { + # Graph Subscriptions + [pscustomobject]$ReceivedItem = $Request.Body.value + $Entity = [PSCustomObject]@{ + PartitionKey = 'Webhook' + RowKey = [string](New-Guid).Guid + Type = $Request.Query.Type + Data = [string]($ReceivedItem | ConvertTo-Json -Depth 10) + CIPPID = $Request.Query.CIPPID + WebhookInfo = [string]($WebhookInfo | ConvertTo-Json -Depth 10) + FunctionName = 'PublicWebhookProcess' + } + Add-CIPPAzDataTableEntity @WebhookIncoming -Entity $Entity + ## Push webhook data to queue + #Invoke-CippGraphWebhookProcessing -Data $ReceivedItem -CIPPID $request.Query.CIPPID -WebhookInfo $Webhookinfo + + } else { + # Auditlog Subscriptions + try { + foreach ($ReceivedItem In ($Request.body)) { + $ReceivedItem = [pscustomobject]$ReceivedItem + Write-Host "Received Item: $($ReceivedItem | ConvertTo-Json -Depth 15 -Compress))" + $TenantFilter = (Get-Tenants | Where-Object -Property customerId -EQ $ReceivedItem.TenantId).defaultDomainName + Write-Host "Webhook TenantFilter: $TenantFilter" + $ConfigTable = get-cipptable -TableName 'SchedulerConfig' + $Alertconfig = Get-CIPPAzDataTableEntity @ConfigTable | Where-Object { $_.Tenant -eq $TenantFilter -or $_.Tenant -eq 'AllTenants' } + $Operations = @(($AlertConfig.if | ConvertFrom-Json -ErrorAction SilentlyContinue).selection) + 'UserLoggedIn' + $Webhookinfo = $Webhooks | Where-Object -Property RowKey -EQ $Request.query.CIPPID + #Increased download efficiency: only download the data we need for processing. Todo: Change this to load from table or dynamic source. + $MappingTable = [pscustomobject]@{ + 'UserLoggedIn' = 'Audit.AzureActiveDirectory' + 'Add member to role.' = 'Audit.AzureActiveDirectory' + 'Disable account.' = 'Audit.AzureActiveDirectory' + 'Update StsRefreshTokenValidFrom Timestamp.' = 'Audit.AzureActiveDirectory' + 'Enable account.' = 'Audit.AzureActiveDirectory' + 'Disable Strong Authentication.' = 'Audit.AzureActiveDirectory' + 'Reset user password.' = 'Audit.AzureActiveDirectory' + 'Add service principal.' = 'Audit.AzureActiveDirectory' + 'HostedIP' = 'Audit.AzureActiveDirectory' + 'badRepIP' = 'Audit.AzureActiveDirectory' + 'UserLoggedInFromUnknownLocation' = 'Audit.AzureActiveDirectory' + 'customfield' = 'AnyLog' + 'anyAlert' = 'AnyLog' + 'New-InboxRule' = 'Audit.Exchange' + 'Set-InboxRule' = 'Audit.Exchange' + } + #Compare $Operations to $MappingTable. If there is a match, we make a new variable called $LogsToDownload + #Example: $Operations = 'UserLoggedIn', 'Set-InboxRule' makes : $LogsToDownload = @('Audit.AzureActiveDirectory',Audit.Exchange) + $LogsToDownload = $Operations | Where-Object { $MappingTable.$_ } | ForEach-Object { $MappingTable.$_ } + Write-Host "Our operations: $Operations" + Write-Host "Logs to download: $LogsToDownload" + if ($ReceivedItem.ContentType -in $LogsToDownload -or 'AnyLog' -in $LogsToDownload) { + $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' + } else { + Write-Host "No data to download for $($ReceivedItem.ContentType)" + continue + } + Write-Host "Data found: $($data.count) items" + $DataToProcess = if ('anylog' -NotIn $LogsToDownload) { $Data | Where-Object -Property Operation -In $Operations } else { $Data } + Write-Host "Data to process found: $($DataToProcess.count) items" + foreach ($Item in $DataToProcess) { + Write-Host "Processing $($item.operation)" + + ## Push webhook data to table + $Entity = [PSCustomObject]@{ + PartitionKey = 'Webhook' + RowKey = [string](New-Guid).Guid + Type = 'AuditLog' + Data = [string]($Item | ConvertTo-Json -Depth 10) + CIPPURL = $CIPPURL + TenantFilter = $TenantFilter + FunctionName = 'PublicWebhookProcess' + } + Add-CIPPAzDataTableEntity @WebhookIncoming -Entity $Entity -Force + #Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url + } + } + } catch { + Write-Host "Webhook Failed: $($_.Exception.Message). Line number $($_.InvocationInfo.ScriptLineNumber)" + } + } + + $Body = 'Webhook Recieved' + $StatusCode = [HttpStatusCode]::OK + } + } else { + $Body = 'This webhook is not authorized.' + $StatusCode = [HttpStatusCode]::Forbidden + } + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = $StatusCode + Body = $Body + }) +} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-PublicWebhookProcess.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-PublicWebhookProcess.ps1 new file mode 100644 index 000000000000..99a932d35e79 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Push-PublicWebhookProcess.ps1 @@ -0,0 +1,17 @@ +function Push-PublicWebhookProcess { + param($Item) + + try { + if ($Item.Type -eq 'GraphSubscription') { + Invoke-CippGraphWebhookProcessing -Data ($Item.Data | ConvertFrom-Json) -CIPPID $Item.CIPPID -WebhookInfo ($Item.Webhookinfo | ConvertFrom-Json) + } elseif ($Item.Type -eq 'AuditLog') { + Invoke-CippWebhookProcessing -TenantFilter $Item.TenantFilter -Data ($Item.Data | ConvertFrom-Json) -CIPPPURL $Item.CIPPURL + } + $WebhookIncoming = Get-CIPPTable -TableName WebhookIncoming + $Entity = $Item | Select-Object -Property RowKey, PartitionKey + Remove-AzDataTableEntity @WebhookIncoming -Entity $Entity + } catch { + Write-Host "Webhook Exception: $($_.Exception.Message)" + } + +} \ No newline at end of file diff --git a/PublicWebhooks/function.json b/PublicWebhooks/function.json deleted file mode 100644 index f59adac3eb84..000000000000 --- a/PublicWebhooks/function.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "bindings": [ - { - "authLevel": "anonymous", - "type": "httpTrigger", - "direction": "in", - "name": "Request", - "methods": ["get", "post"] - }, - { - "type": "http", - "direction": "out", - "name": "Response" - }, - { - "type": "queue", - "direction": "out", - "name": "QueueWebhook", - "queueName": "webhooksqueue" - } - ] -} diff --git a/PublicWebhooks/run.ps1 b/PublicWebhooks/run.ps1 deleted file mode 100644 index 2faa35804e05..000000000000 --- a/PublicWebhooks/run.ps1 +++ /dev/null @@ -1,37 +0,0 @@ -using namespace System.Net - -# Input bindings are passed in via param block. -param($Request, $TriggerMetadata) - -Set-Location (Get-Item $PSScriptRoot).Parent.FullName -$WebhookTable = Get-CIPPTable -TableName webhookTable -$Webhooks = Get-CIPPAzDataTableEntity @WebhookTable -Write-Host 'Received request' -Write-Host "CIPPID: $($request.Query.CIPPID)" -$url = ($request.headers.'x-ms-original-url').split('/API') | Select-Object -First 1 -Write-Host $url -if ($Request.Query.CIPPID -in $Webhooks.RowKey) { - Write-Host 'Found matching CIPPID' - if ($Webhooks.Resource -eq 'M365AuditLogs') { - Write-Host "Found M365AuditLogs - This is an old entry, we'll deny so Microsoft stops sending it." - $body = 'This webhook is not authorized, its an old entry.' - $StatusCode = [HttpStatusCode]::Forbidden - } - if ($Request.query.ValidationToken -or $Request.body.validationCode) { - Write-Host 'Validation token received' - $body = $request.query.ValidationToken - } else { - Push-OutputBinding -Name QueueWebhook -Value $Request - $Body = 'Webhook Recieved' - $StatusCode = [HttpStatusCode]::OK - } -} else { - $body = 'This webhook is not authorized.' - $StatusCode = [HttpStatusCode]::Forbidden -} - -# Associate values to output bindings by calling 'Push-OutputBinding'. -Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = $StatusCode - Body = $body - }) diff --git a/PublicWebhooksProcess/function.json b/PublicWebhooksProcess/function.json deleted file mode 100644 index d358059b9e50..000000000000 --- a/PublicWebhooksProcess/function.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "bindings": [ - { - "name": "QueueItem", - "type": "queueTrigger", - "direction": "in", - "queueName": "webhooksqueue" - } - ] -} diff --git a/PublicWebhooksProcess/run.ps1 b/PublicWebhooksProcess/run.ps1 deleted file mode 100644 index 50bbde87cfb2..000000000000 --- a/PublicWebhooksProcess/run.ps1 +++ /dev/null @@ -1,79 +0,0 @@ -using namespace System.Net - -# Input bindings are passed in via param block. -param($QueueItem, $TriggerMetadata) - -$Request = $QueueItem - -$WebhookTable = Get-CIPPTable -TableName webhookTable -$Webhooks = Get-AzDataTableEntity @WebhookTable -Write-Host 'Received request' -Write-Host "CIPPID: $($request.Query.CIPPID)" -$url = ($request.headers.'x-ms-original-url').split('/API') | Select-Object -First 1 -Write-Host $url -if ($Request.query.CIPPID -in $Webhooks.RowKey) { - Write-Host 'Found matching CIPPID' - $Webhookinfo = $Webhooks | Where-Object -Property RowKey -EQ $Request.query.CIPPID - - if ($Request.Query.Type -eq 'GraphSubscription') { - # Graph Subscriptions - [pscustomobject]$ReceivedItem = $Request.Body.value - Invoke-CippGraphWebhookProcessing -Data $ReceivedItem -CIPPID $request.Query.CIPPID -WebhookInfo $Webhookinfo - - } else { - # Auditlog Subscriptions - try { - foreach ($ReceivedItem In ($Request.body)) { - $ReceivedItem = [pscustomobject]$ReceivedItem - Write-Host "Received Item: $($ReceivedItem | ConvertTo-Json -Depth 15 -Compress))" - $TenantFilter = (Get-Tenants | Where-Object -Property customerId -EQ $ReceivedItem.TenantId).defaultDomainName - Write-Host "Webhook TenantFilter: $TenantFilter" - $ConfigTable = get-cipptable -TableName 'SchedulerConfig' - $Alertconfig = Get-CIPPAzDataTableEntity @ConfigTable | Where-Object { $_.Tenant -eq $TenantFilter -or $_.Tenant -eq 'AllTenants' } - $Operations = ($AlertConfig.if | ConvertFrom-Json -ErrorAction SilentlyContinue).selection + 'UserLoggedIn' - $Webhookinfo = $Webhooks | Where-Object -Property RowKey -EQ $Request.query.CIPPID - #Increased download efficiency: only download the data we need for processing. Todo: Change this to load from table or dynamic source. - $MappingTable = [pscustomobject]@{ - 'UserLoggedIn' = 'Audit.AzureActiveDirectory' - 'Add member to role.' = 'Audit.AzureActiveDirectory' - 'Disable account.' = 'Audit.AzureActiveDirectory' - 'Update StsRefreshTokenValidFrom Timestamp.' = 'Audit.AzureActiveDirectory' - 'Enable account.' = 'Audit.AzureActiveDirectory' - 'Disable Strong Authentication.' = 'Audit.AzureActiveDirectory' - 'Reset user password.' = 'Audit.AzureActiveDirectory' - 'Add service principal.' = 'Audit.AzureActiveDirectory' - 'HostedIP' = 'Audit.AzureActiveDirectory' - 'badRepIP' = 'Audit.AzureActiveDirectory' - 'UserLoggedInFromUnknownLocation' = 'Audit.AzureActiveDirectory' - 'customfield' = 'AnyLog' - 'anyAlert' = 'AnyLog' - 'New-InboxRule' = 'Audit.Exchange' - 'Set-InboxRule' = 'Audit.Exchange' - } - #Compare $Operations to $MappingTable. If there is a match, we make a new variable called $LogsToDownload - #Example: $Operations = 'UserLoggedIn', 'Set-InboxRule' makes : $LogsToDownload = @('Audit.AzureActiveDirectory',Audit.Exchange) - $LogsToDownload = $Operations | Where-Object { $MappingTable.$_ } | ForEach-Object { $MappingTable.$_ } - Write-Host "Our operations: $Operations" - Write-Host "Logs to download: $LogsToDownload" - if ($ReceivedItem.ContentType -in $LogsToDownload -or 'AnyLog' -in $LogsToDownload) { - $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' - } else { - Write-Host "No data to download for $($ReceivedItem.ContentType)" - continue - } - Write-Host "Data found: $($data.count) items" - $DataToProcess = if ('anylog' -NotIn $LogsToDownload) { $Data | Where-Object -Property Operation -In $Operations } else { $Data } - Write-Host "Data to process found: $($DataToProcess.count) items" - foreach ($Item in $DataToProcess) { - Write-Host "Processing $($item.operation)" - Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url - } - } - } catch { - Write-Host "Webhook Failed: $($_.Exception.Message). Line number $($_.InvocationInfo.ScriptLineNumber)" - } - } - -} else { - Write-Host 'Unauthorised Webhook' -} diff --git a/Scheduler_GetWebhooks/function.json b/Scheduler_GetWebhooks/function.json new file mode 100644 index 000000000000..f30537d11b34 --- /dev/null +++ b/Scheduler_GetWebhooks/function.json @@ -0,0 +1,15 @@ +{ + "bindings": [ + { + "name": "Timer", + "schedule": "0 */15 * * * *", + "direction": "in", + "type": "timerTrigger" + }, + { + "name": "starter", + "type": "durableClient", + "direction": "in" + } + ] +} diff --git a/Scheduler_GetWebhooks/run.ps1 b/Scheduler_GetWebhooks/run.ps1 new file mode 100644 index 000000000000..9b890b878588 --- /dev/null +++ b/Scheduler_GetWebhooks/run.ps1 @@ -0,0 +1,13 @@ +param($Timer) + +$Table = Get-CIPPTable -TableName WebhookIncoming +$Webhooks = Get-CIPPAzDataTableEntity @Table +$InputObject = [PSCustomObject]@{ + OrchestratorName = 'WebhookOrchestrator' + Batch = @($Webhooks) + SkipLog = $true +} +#Write-Host ($InputObject | ConvertTo-Json) +$InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) +Write-Host "Started orchestration with ID = '$InstanceId'" +#$Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId \ No newline at end of file From 06e7763f3413edbc2eae6f55afa955830e998250 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 13 Mar 2024 16:41:36 -0400 Subject: [PATCH 112/243] Scheduler Durable --- ExecScheduledCommand/function.json | 10 --- ExecScheduledCommand/run.ps1 | 83 ------------------ .../Entrypoints/Push-ExecScheduledCommand.ps1 | 85 +++++++++++++++++++ Modules/CippEntrypoints/CippEntrypoints.psm1 | 4 +- Scheduler_UserTasks/function.json | 7 +- Scheduler_UserTasks/run.ps1 | 32 ++++--- 6 files changed, 112 insertions(+), 109 deletions(-) delete mode 100644 ExecScheduledCommand/function.json delete mode 100644 ExecScheduledCommand/run.ps1 create mode 100644 Modules/CIPPCore/Public/Entrypoints/Push-ExecScheduledCommand.ps1 diff --git a/ExecScheduledCommand/function.json b/ExecScheduledCommand/function.json deleted file mode 100644 index e4c27b23b985..000000000000 --- a/ExecScheduledCommand/function.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "bindings": [ - { - "name": "QueueItem", - "type": "queueTrigger", - "direction": "in", - "queueName": "scheduledcommandprocessor" - } - ] -} diff --git a/ExecScheduledCommand/run.ps1 b/ExecScheduledCommand/run.ps1 deleted file mode 100644 index d0031f771c5c..000000000000 --- a/ExecScheduledCommand/run.ps1 +++ /dev/null @@ -1,83 +0,0 @@ -# Input bindings are passed in via param block. -param($QueueItem, $TriggerMetadata) - -$Table = Get-CippTable -tablename 'ScheduledTasks' -$task = $QueueItem.TaskInfo -$commandParameters = $QueueItem.Parameters - -$tenant = $QueueItem.Parameters['TenantFilter'] -Write-Host 'started task' -try { - try { - $results = & $QueueItem.command @commandParameters - } catch { - $results = "Task Failed: $($_.Exception.Message)" - - } - - Write-Host 'ran the command' - if ($results -is [String]) { - $results = @{ Results = $results } - } - if ($results -is [array] -and $results[0] -is [string]) { - $results = $results | Where-Object { $_ -is [string] } - $results = $results | ForEach-Object { @{ Results = $_ } } - } - - $results = $results | Select-Object * -ExcludeProperty RowKey, PartitionKey - - $StoredResults = $results | ConvertTo-Json -Compress -Depth 20 | Out-String - if ($StoredResults.Length -gt 64000 -or $task.Tenant -eq 'AllTenants') { - $StoredResults = @{ Results = 'The results for this query are too long to store in this table, or the query was meant for All Tenants. Please use the options to send the results to another target to be able to view the results. ' } | ConvertTo-Json -Compress - } -} catch { - $errorMessage = $_.Exception.Message - if ($task.Recurrence -gt 0) { $State = 'Failed - Planned' } else { $State = 'Failed' } - Update-AzDataTableEntity @Table -Entity @{ - PartitionKey = $task.PartitionKey - RowKey = $task.RowKey - Results = "$errorMessage" - TaskState = $State - } - Write-LogMessage -API 'Scheduler_UserTasks' -tenant $tenant -message "Failed to execute task $($task.Name): $errorMessage" -sev Error -} - - -$TableDesign = '' -$HTML = ($results | Select-Object * -ExcludeProperty RowKey, PartitionKey | ConvertTo-Html -Fragment) -replace '', "$TableDesign
" | Out-String -$title = "Scheduled Task $($task.Name) - $($task.ExpectedRunTime)" -Write-Host $title -switch -wildcard ($task.PostExecution) { - '*psa*' { Send-CIPPAlert -Type 'psa' -Title $title -HTMLContent $HTML } - '*email*' { Send-CIPPAlert -Type 'email' -Title $title -HTMLContent $HTML } - '*webhook*' { - $Webhook = [PSCustomObject]@{ - 'Tenant' = $tenant - 'TaskInfo' = $QueueItem.TaskInfo - 'Results' = $Results - } - Send-CIPPAlert -Type 'webhook' -Title $title -JSONContent $($Webhook | ConvertTo-Json -Depth 20) - } -} - -Write-Host 'ran the command' - -if ($task.Recurrence -le '0' -or $task.Recurrence -eq $null) { - Update-AzDataTableEntity @Table -Entity @{ - PartitionKey = $task.PartitionKey - RowKey = $task.RowKey - Results = "$StoredResults" - TaskState = 'Completed' - } -} else { - $nextRun = (Get-Date).AddDays($task.Recurrence) - $nextRunUnixTime = [int64]($nextRun - (Get-Date '1/1/1970')).TotalSeconds - Update-AzDataTableEntity @Table -Entity @{ - PartitionKey = $task.PartitionKey - RowKey = $task.RowKey - Results = "$StoredResults" - TaskState = 'Planned' - ScheduledTime = "$nextRunUnixTime" - } -} -Write-LogMessage -API 'Scheduler_UserTasks' -tenant $tenant -message "Successfully executed task: $($task.name)" -sev Info \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ExecScheduledCommand.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-ExecScheduledCommand.ps1 new file mode 100644 index 000000000000..8e53dcbd8bd4 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Push-ExecScheduledCommand.ps1 @@ -0,0 +1,85 @@ +function Push-ExecScheduledCommand { + # Input bindings are passed in via param block. + param($Item) + + $Table = Get-CippTable -tablename 'ScheduledTasks' + $task = $Item.TaskInfo + $commandParameters = $Item.Parameters + + $tenant = $Item.Parameters['TenantFilter'] + Write-Host 'started task' + try { + try { + $results = & $Item.command @commandParameters + } catch { + $results = "Task Failed: $($_.Exception.Message)" + + } + + Write-Host 'ran the command' + if ($results -is [String]) { + $results = @{ Results = $results } + } + if ($results -is [array] -and $results[0] -is [string]) { + $results = $results | Where-Object { $_ -is [string] } + $results = $results | ForEach-Object { @{ Results = $_ } } + } + + $results = $results | Select-Object * -ExcludeProperty RowKey, PartitionKey + + $StoredResults = $results | ConvertTo-Json -Compress -Depth 20 | Out-String + if ($StoredResults.Length -gt 64000 -or $task.Tenant -eq 'AllTenants') { + $StoredResults = @{ Results = 'The results for this query are too long to store in this table, or the query was meant for All Tenants. Please use the options to send the results to another target to be able to view the results. ' } | ConvertTo-Json -Compress + } + } catch { + $errorMessage = $_.Exception.Message + if ($task.Recurrence -gt 0) { $State = 'Failed - Planned' } else { $State = 'Failed' } + Update-AzDataTableEntity @Table -Entity @{ + PartitionKey = $task.PartitionKey + RowKey = $task.RowKey + Results = "$errorMessage" + TaskState = $State + } + Write-LogMessage -API 'Scheduler_UserTasks' -tenant $tenant -message "Failed to execute task $($task.Name): $errorMessage" -sev Error + } + + + $TableDesign = '' + $HTML = ($results | Select-Object * -ExcludeProperty RowKey, PartitionKey | ConvertTo-Html -Fragment) -replace '
', "$TableDesign
" | Out-String + $title = "Scheduled Task $($task.Name) - $($task.ExpectedRunTime)" + Write-Host $title + switch -wildcard ($task.PostExecution) { + '*psa*' { Send-CIPPAlert -Type 'psa' -Title $title -HTMLContent $HTML } + '*email*' { Send-CIPPAlert -Type 'email' -Title $title -HTMLContent $HTML } + '*webhook*' { + $Webhook = [PSCustomObject]@{ + 'Tenant' = $tenant + 'TaskInfo' = $Item.TaskInfo + 'Results' = $Results + } + Send-CIPPAlert -Type 'webhook' -Title $title -JSONContent $($Webhook | ConvertTo-Json -Depth 20) + } + } + + Write-Host 'ran the command' + + if ($task.Recurrence -le '0' -or $task.Recurrence -eq $null) { + Update-AzDataTableEntity @Table -Entity @{ + PartitionKey = $task.PartitionKey + RowKey = $task.RowKey + Results = "$StoredResults" + TaskState = 'Completed' + } + } else { + $nextRun = (Get-Date).AddDays($task.Recurrence) + $nextRunUnixTime = [int64]($nextRun - (Get-Date '1/1/1970')).TotalSeconds + Update-AzDataTableEntity @Table -Entity @{ + PartitionKey = $task.PartitionKey + RowKey = $task.RowKey + Results = "$StoredResults" + TaskState = 'Planned' + ScheduledTime = "$nextRunUnixTime" + } + } + Write-LogMessage -API 'Scheduler_UserTasks' -tenant $tenant -message "Successfully executed task: $($task.name)" -sev Info +} \ No newline at end of file diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index 749a0a41a674..15a25671cc9c 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -66,7 +66,7 @@ function Receive-CippOrchestrationTrigger { #Write-Host ($OrchestratorInput | ConvertTo-Json -Depth 10) $RetryOptions = New-DurableRetryOptions @DurableRetryOptions - if ($Context.IsReplaying -ne $true -and $Context.Input.SkipLog -ne $true) { + if ($Context.IsReplaying -ne $true -and $OrchestratorInput.SkipLog -ne $true) { Write-LogMessage -API $OrchestratorInput.OrchestratorName -tenant $OrchestratorInput.TenantFilter -message "Started $($OrchestratorInput.OrchestratorName)" -sev info } @@ -82,7 +82,7 @@ function Receive-CippOrchestrationTrigger { } } - if ($Context.IsReplaying -ne $true -and $Context.Input.SkipLog -ne $true) { + if ($Context.IsReplaying -ne $true -and $OrchestratorInput.SkipLog -ne $true) { Write-LogMessage -API $OrchestratorInput.OrchestratorName -tenant $tenant -message "Finished $($OrchestratorInput.OrchestratorName)" -sev Info } } catch { diff --git a/Scheduler_UserTasks/function.json b/Scheduler_UserTasks/function.json index de2a7380d759..f7af84092121 100644 --- a/Scheduler_UserTasks/function.json +++ b/Scheduler_UserTasks/function.json @@ -7,10 +7,9 @@ "type": "timerTrigger" }, { - "type": "queue", - "direction": "out", - "name": "Msg", - "queueName": "scheduledcommandprocessor" + "name": "starter", + "type": "durableClient", + "direction": "in" } ] } diff --git a/Scheduler_UserTasks/run.ps1 b/Scheduler_UserTasks/run.ps1 index 802d4624473f..8ad06065a2fa 100644 --- a/Scheduler_UserTasks/run.ps1 +++ b/Scheduler_UserTasks/run.ps1 @@ -3,12 +3,12 @@ param($Timer) $Table = Get-CippTable -tablename 'ScheduledTasks' $Filter = "TaskState eq 'Planned' or TaskState eq 'Failed - Planned'" $tasks = Get-CIPPAzDataTableEntity @Table -Filter $Filter -foreach ($task in $tasks) { +$Batch = foreach ($task in $tasks) { $tenant = $task.Tenant $currentUnixTime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds if ($currentUnixTime -ge $task.ScheduledTime) { try { - Update-AzDataTableEntity @Table -Entity @{ + $null = Update-AzDataTableEntity @Table -Entity @{ PartitionKey = $task.PartitionKey RowKey = $task.RowKey ExecutedTime = "$currentUnixTime" @@ -19,25 +19,27 @@ foreach ($task in $tasks) { if (!$task.Parameters) { $task.Parameters = @{} } $ScheduledCommand = [pscustomobject]@{ - Command = $task.Command - Parameters = $task.Parameters - TaskInfo = $task + Command = $task.Command + Parameters = $task.Parameters + TaskInfo = $task + FunctionName = 'ExecScheduledCommand' } if ($task.Tenant -eq 'AllTenants') { - $Results = Get-Tenants | ForEach-Object { + Get-Tenants | ForEach-Object { $ScheduledCommand.Parameters['TenantFilter'] = $_.defaultDomainName - Push-OutputBinding -Name Msg -Value $ScheduledCommand + $ScheduledCommand + #Push-OutputBinding -Name Msg -Value $ScheduledCommand } } else { $ScheduledCommand.Parameters['TenantFilter'] = $task.Tenant - $Results = Push-OutputBinding -Name Msg -Value $ScheduledCommand + $ScheduledCommand + #$Results = Push-OutputBinding -Name Msg -Value $ScheduledCommand } - } catch { $errorMessage = $_.Exception.Message - Update-AzDataTableEntity @Table -Entity @{ + $null = Update-AzDataTableEntity @Table -Entity @{ PartitionKey = $task.PartitionKey RowKey = $task.RowKey Results = "$errorMessage" @@ -47,4 +49,14 @@ foreach ($task in $tasks) { Write-LogMessage -API 'Scheduler_UserTasks' -tenant $tenant -message "Failed to execute task $($task.Name): $errorMessage" -sev Error } } +} +if (($Batch | Measure-Object).Count -gt 0) { + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'UserTaskOrchestrator' + Batch = @($Batch) + SkipLog = $true + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started orchestration with ID = '$InstanceId'" } \ No newline at end of file From b7b29fae2fe946d744a4230f38d7b49fe3732042 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Bentsen=20Kj=C3=A6rg=C3=A5rd=20=28KBK=29?= Date: Thu, 14 Mar 2024 11:54:24 +0100 Subject: [PATCH 113/243] Some error handling --- .../Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 | 6 ++++-- .../Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 | 3 +-- .../Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 index 07571db760aa..412cc1103f8a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 @@ -17,7 +17,9 @@ function Push-CIPPAlertApnCertExpiry { if ($Apn.expirationDateTime -lt (Get-Date).AddDays(30) -and $Apn.expirationDateTime -gt (Get-Date).AddDays(-7)) { Write-AlertMessage -tenant $($QueueItem.tenant) -message ('Intune: Apple Push Notification certificate for {0} is expiring on {1}' -f $Apn.appleIdentifier, $Apn.expirationDateTime) } - } catch {} + } catch { + Write-AlertMessage -tenant $($QueueItem.tenant) -message "Failed to check APN certificate expiry for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" + } } $LastRun = @{ RowKey = 'ApnCertExpiry' @@ -25,6 +27,6 @@ function Push-CIPPAlertApnCertExpiry { } Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } catch { - # Error handling + Write-AlertMessage -tenant $($QueueItem.tenant) -message "Failed to check APN certificate expiry for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 index 82bcde9bb74f..46c13638e956 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 @@ -6,7 +6,6 @@ function Push-CIPPAlertAppSecretExpiry { $TriggerMetadata ) $LastRunTable = Get-CIPPTable -Table AlertLastRun - try { $Filter = "RowKey eq 'AppSecretExpiry' and PartitionKey eq '{0}'" -f $QueueItem.tenantid @@ -34,7 +33,7 @@ function Push-CIPPAlertAppSecretExpiry { Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } } catch { - + Write-AlertMessage -tenant $($QueueItem.tenant) -message "Failed to check App registration expiry for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 index 804750e60705..e8f15d6bbcce 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 @@ -27,6 +27,6 @@ function Push-CIPPAlertDepTokenExpiry { Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } } catch { - # Error handling + Write-AlertMessage -tenant $($QueueItem.tenant) -message "Failed to check Apple Device Enrollment Program token expiry for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" } } From d321b8de4926d43e38176aefc2efb77a0944d9a3 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 14 Mar 2024 10:04:45 -0400 Subject: [PATCH 114/243] CPV Durable Cleanup queue output bindings --- .../Entrypoints/Push-UpdatePermissionsQueue.ps1 | 17 +++++++++++++++++ Scheduler_GetQueue/function.json | 6 ------ Scheduler_Standards/function.json | 6 ------ UpdatePermissions/function.json | 7 +++---- UpdatePermissions/run.ps1 | 17 +++++++++++++---- UpdatePermissionsQueue/function.json | 10 ---------- UpdatePermissionsQueue/run.ps1 | 15 --------------- 7 files changed, 33 insertions(+), 45 deletions(-) create mode 100644 Modules/CIPPCore/Public/Entrypoints/Push-UpdatePermissionsQueue.ps1 delete mode 100644 UpdatePermissionsQueue/function.json delete mode 100644 UpdatePermissionsQueue/run.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-UpdatePermissionsQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-UpdatePermissionsQueue.ps1 new file mode 100644 index 000000000000..e1d72b14e867 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Push-UpdatePermissionsQueue.ps1 @@ -0,0 +1,17 @@ +function Push-UpdatePermissionsQueue { + # Input bindings are passed in via param block. + param($Item) + Write-Host "Applying permissions for $($Item.defaultDomainName)" + $Table = Get-CIPPTable -TableName cpvtenants + $CPVRows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Tenant -EQ $Item.customerId + if (!$CPVRows -or $ENV:ApplicationID -notin $CPVRows.applicationId) { + Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message 'A New tenant has been added, or a new CIPP-SAM Application is in use' -Sev 'Warn' -API 'NewTenant' + Write-Host 'Adding CPV permissions' + Set-CIPPCPVConsent -Tenantfilter $Item.defaultDomainName + } + + Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.defaultDomainName + Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.defaultDomainName + + Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Updated permissions for $($Item.defaultDomainName)" -Sev 'Info' -API 'UpdatePermissionsQueue' +} \ No newline at end of file diff --git a/Scheduler_GetQueue/function.json b/Scheduler_GetQueue/function.json index 122f86c71d70..56e4cf0cfda1 100644 --- a/Scheduler_GetQueue/function.json +++ b/Scheduler_GetQueue/function.json @@ -6,12 +6,6 @@ "direction": "in", "type": "timerTrigger" }, - { - "type": "queue", - "direction": "out", - "name": "QueueItem", - "queueName": "CIPPGenericQueue" - }, { "name": "starter", "type": "durableClient", diff --git a/Scheduler_Standards/function.json b/Scheduler_Standards/function.json index 81d53b9a1598..e071591357a0 100644 --- a/Scheduler_Standards/function.json +++ b/Scheduler_Standards/function.json @@ -6,12 +6,6 @@ "direction": "in", "type": "timerTrigger" }, - { - "type": "queue", - "direction": "out", - "name": "QueueItem", - "queueName": "CIPPGenericQueue" - }, { "name": "starter", "type": "durableClient", diff --git a/UpdatePermissions/function.json b/UpdatePermissions/function.json index a7fdc6ca8da8..7e97fe568d29 100644 --- a/UpdatePermissions/function.json +++ b/UpdatePermissions/function.json @@ -7,10 +7,9 @@ "schedule": "0 0 0 * * *" }, { - "type": "queue", - "direction": "out", - "name": "Msg", - "queueName": "cpvqueue" + "name": "starter", + "type": "durableClient", + "direction": "in" } ] } diff --git a/UpdatePermissions/run.ps1 b/UpdatePermissions/run.ps1 index 5707bb45734a..03d3c0e1cc41 100644 --- a/UpdatePermissions/run.ps1 +++ b/UpdatePermissions/run.ps1 @@ -1,7 +1,16 @@ # Input bindings are passed in via param block. param($Timer) -$Tenants = get-tenants -IncludeErrors | Where-Object { $_.customerId -ne $env:TenantId } -foreach ($Row in $Tenants) { - Push-OutputBinding -Name Msg -Value $row -} \ No newline at end of file +try { + $Tenants = Get-Tenants -IncludeErrors | Where-Object { $_.customerId -ne $env:TenantId } | ForEach-Object { $_ | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'UpdatePermissionsQueue'; $_ } + + if (($Tenants | Measure-Object).Count -gt 0) { + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'UpdatePermissionsOrchestrator' + Batch = @($Tenants) + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started permissions orchestration with ID = '$InstanceId'" + } +} catch {} \ No newline at end of file diff --git a/UpdatePermissionsQueue/function.json b/UpdatePermissionsQueue/function.json deleted file mode 100644 index 7fc4f12cef56..000000000000 --- a/UpdatePermissionsQueue/function.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "bindings": [ - { - "name": "QueueItem", - "type": "queueTrigger", - "direction": "in", - "queueName": "cpvqueue" - } - ] -} diff --git a/UpdatePermissionsQueue/run.ps1 b/UpdatePermissionsQueue/run.ps1 deleted file mode 100644 index 9b147478e274..000000000000 --- a/UpdatePermissionsQueue/run.ps1 +++ /dev/null @@ -1,15 +0,0 @@ -# Input bindings are passed in via param block. -param($QueueItem, $TriggerMetadata) -Write-Host "Applying permissions for $($QueueItem.defaultDomainName)" -$Table = Get-CIPPTable -TableName cpvtenants -$CPVRows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Tenant -EQ $QueueItem.customerId -if (!$CPVRows -or $ENV:ApplicationID -notin $CPVRows.applicationId) { - Write-LogMessage -tenant $queueitem.defaultDomainName -tenantId $queueitem.customerId -message "A New tenant has been added, or a new CIPP-SAM Application is in use" -Sev "Warn" -API "NewTenant" - Write-Host "Adding CPV permissions" - Set-CIPPCPVConsent -Tenantfilter $QueueItem.defaultDomainName -} - -Add-CIPPApplicationPermission -RequiredResourceAccess "CippDefaults" -ApplicationId $ENV:ApplicationID -tenantfilter $QueueItem.defaultDomainName -Add-CIPPDelegatedPermission -RequiredResourceAccess "CippDefaults" -ApplicationId $ENV:ApplicationID -tenantfilter $QueueItem.defaultDomainName - -Write-LogMessage -tenant $QueueItem.defaultDomainName -tenantId $queueitem.customerId -message "Updated permissions for $($QueueItem.defaultDomainName)" -Sev "Info" -API "UpdatePermissionsQueue" \ No newline at end of file From dbc431a84cf5c07552fd3eb5c5f0ebf9b55b36e9 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 14 Mar 2024 11:34:13 -0400 Subject: [PATCH 115/243] GDAP Invite durable --- ExecGDAPInviteApproved_Timer/function.json | 7 +++---- ExecGDAPInviteQueue/function.json | 10 ---------- ExecGDAPInviteQueue/run.ps1 | 7 ------- .../Entrypoints/Push-ExecGDAPInviteQueue.ps1 | 9 +++++++++ .../CIPPCore/Public/Set-CIPPGDAPInviteGroups.ps1 | 15 +++++++++++++-- 5 files changed, 25 insertions(+), 23 deletions(-) delete mode 100644 ExecGDAPInviteQueue/function.json delete mode 100644 ExecGDAPInviteQueue/run.ps1 create mode 100644 Modules/CIPPCore/Public/Entrypoints/Push-ExecGDAPInviteQueue.ps1 diff --git a/ExecGDAPInviteApproved_Timer/function.json b/ExecGDAPInviteApproved_Timer/function.json index 32b454a2a015..f8904bbb0a7f 100644 --- a/ExecGDAPInviteApproved_Timer/function.json +++ b/ExecGDAPInviteApproved_Timer/function.json @@ -7,10 +7,9 @@ "schedule": "0 0 */3 * * *" }, { - "type": "queue", - "direction": "out", - "name": "gdapinvitequeue", - "queueName": "gdapinvitequeue" + "name": "starter", + "type": "durableClient", + "direction": "in" } ] } diff --git a/ExecGDAPInviteQueue/function.json b/ExecGDAPInviteQueue/function.json deleted file mode 100644 index e51e66299d6f..000000000000 --- a/ExecGDAPInviteQueue/function.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "bindings": [ - { - "name": "QueueItem", - "type": "queueTrigger", - "direction": "in", - "queueName": "gdapinvitequeue" - } - ] -} diff --git a/ExecGDAPInviteQueue/run.ps1 b/ExecGDAPInviteQueue/run.ps1 deleted file mode 100644 index 1b95a443bab0..000000000000 --- a/ExecGDAPInviteQueue/run.ps1 +++ /dev/null @@ -1,7 +0,0 @@ -# Input bindings are passed in via param block. -param( $QueueItem, $TriggerMetadata) - -# Write out the queue message and metadata to the information log. -Write-Host "PowerShell queue trigger function processed work item: $($QueueItem.customer.displayName)" - -Set-CIPPGDAPInviteGroups -Relationship $QueueItem \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ExecGDAPInviteQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-ExecGDAPInviteQueue.ps1 new file mode 100644 index 000000000000..833b498eb34e --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Push-ExecGDAPInviteQueue.ps1 @@ -0,0 +1,9 @@ +function Push-ExecGDAPInviteQueue { + # Input bindings are passed in via param block. + param($Item) + + # Write out the queue message and metadata to the information log. + Write-Host "PowerShell queue trigger function processed work item: $($Item.customer.displayName)" + + Set-CIPPGDAPInviteGroups -Relationship $Item +} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Set-CIPPGDAPInviteGroups.ps1 b/Modules/CIPPCore/Public/Set-CIPPGDAPInviteGroups.ps1 index 407eccddc796..e2ae2dba708d 100644 --- a/Modules/CIPPCore/Public/Set-CIPPGDAPInviteGroups.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPGDAPInviteGroups.ps1 @@ -35,12 +35,23 @@ function Set-CIPPGDAPInviteGroups { if (($InviteList | Measure-Object).Count -gt 0) { $Activations = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships?`$filter=status eq 'active'" - foreach ($Activation in $Activations) { + $Batch = foreach ($Activation in $Activations) { if ($InviteList.RowKey -contains $Activation.id) { Write-Host "Mapping groups for GDAP relationship: $($Activation.customer.displayName) - $($Activation.id)" - Push-OutputBinding -Name gdapinvitequeue -Value $Activation + $Activation | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'ExecGDAPInviteQueue' + $Activation } } + if (($Batch | Measure-Object).Count -gt 0) { + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'GDAPInviteOrchestrator' + Batch = @($Batch) + SkipLog = $true + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started GDAP Invite orchestration with ID = '$InstanceId'" + } } } } From 75fa35998f987c55457b2acaa2f4d3056c93115b Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 14 Mar 2024 11:52:50 -0400 Subject: [PATCH 116/243] Cleanup webhook entry in finally block --- .../Public/Entrypoints/Push-PublicWebhookProcess.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-PublicWebhookProcess.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-PublicWebhookProcess.ps1 index 99a932d35e79..4d321a825f4e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-PublicWebhookProcess.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-PublicWebhookProcess.ps1 @@ -7,11 +7,11 @@ function Push-PublicWebhookProcess { } elseif ($Item.Type -eq 'AuditLog') { Invoke-CippWebhookProcessing -TenantFilter $Item.TenantFilter -Data ($Item.Data | ConvertFrom-Json) -CIPPPURL $Item.CIPPURL } - $WebhookIncoming = Get-CIPPTable -TableName WebhookIncoming - $Entity = $Item | Select-Object -Property RowKey, PartitionKey - Remove-AzDataTableEntity @WebhookIncoming -Entity $Entity } catch { Write-Host "Webhook Exception: $($_.Exception.Message)" + } finally { + $WebhookIncoming = Get-CIPPTable -TableName WebhookIncoming + $Entity = $Item | Select-Object -Property RowKey, PartitionKey + Remove-AzDataTableEntity @WebhookIncoming -Entity $Entity } - } \ No newline at end of file From 4b583940162aced85facb4d321947e014be8c044 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 14 Mar 2024 12:27:40 -0400 Subject: [PATCH 117/243] Licenses & Mailbox Rules durables Remove outer parallel loop --- ListLicensesAllTenants/function.json | 10 ---- ListLicensesAllTenants/run.ps1 | 28 --------- .../Entrypoints/Invoke-ListLicenses.ps1 | 18 +++++- .../Invoke-ListLicensesAllTenants.ps1 | 35 ----------- .../Entrypoints/Invoke-ListMailboxRules.ps1 | 24 +++++++- .../Invoke-ListMailboxRulesAllTenants.ps1 | 60 ------------------- .../Entrypoints/Push-ListLicensesQueue.ps1 | 22 +++++++ .../Push-ListMailboxRulesQueue.ps1 | 53 ++++++++++++++++ Z_CIPPHttpTrigger/function.json | 12 ---- 9 files changed, 113 insertions(+), 149 deletions(-) delete mode 100644 ListLicensesAllTenants/function.json delete mode 100644 ListLicensesAllTenants/run.ps1 delete mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicensesAllTenants.ps1 delete mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRulesAllTenants.ps1 create mode 100644 Modules/CIPPCore/Public/Entrypoints/Push-ListLicensesQueue.ps1 create mode 100644 Modules/CIPPCore/Public/Entrypoints/Push-ListMailboxRulesQueue.ps1 diff --git a/ListLicensesAllTenants/function.json b/ListLicensesAllTenants/function.json deleted file mode 100644 index eee973c7ede2..000000000000 --- a/ListLicensesAllTenants/function.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "bindings": [ - { - "name": "QueueItem", - "type": "queueTrigger", - "direction": "in", - "queueName": "licqueue" - } - ] -} diff --git a/ListLicensesAllTenants/run.ps1 b/ListLicensesAllTenants/run.ps1 deleted file mode 100644 index abc69465c094..000000000000 --- a/ListLicensesAllTenants/run.ps1 +++ /dev/null @@ -1,28 +0,0 @@ -# Input bindings are passed in via param block. -param([string] $QueueItem, $TriggerMetadata) - -# Write out the queue message and metadata to the information log. -Write-Host "PowerShell queue trigger function processed work item: $QueueItem" - -$RawGraphRequest = Get-Tenants | ForEach-Object -Parallel { - $domainName = $_.defaultDomainName - Import-Module '.\Modules\AzBobbyTables' - Import-Module '.\Modules\CIPPCore' - try { - Write-Host "Processing $domainName" - Get-CIPPLicenseOverview -TenantFilter $domainName - } - catch { - [pscustomobject]@{ - Tenant = [string]$domainName - License = "Could not connect to client: $($_.Exception.Message)" - 'PartitionKey' = 'License' - 'RowKey' = "$($domainName)-$(New-Guid)" - } - } -} - -$Table = Get-CIPPTable -TableName cachelicenses -foreach ($GraphRequest in $RawGraphRequest) { - Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null -} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 index 03a719a7f259..6870b020be6e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicenses.ps1 @@ -18,7 +18,7 @@ Function Invoke-ListLicenses { # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter $RawGraphRequest = if ($TenantFilter -ne 'AllTenants') { - $GraphRequest = Get-CIPPLicenseOverview -TenantFilter $TenantFilter | ForEach-Object { + $GraphRequest = Get-CIPPLicenseOverview -TenantFilter $TenantFilter | ForEach-Object { $TermInfo = $_.TermInfo | ConvertFrom-Json -ErrorAction SilentlyContinue $_.TermInfo = $TermInfo $_ @@ -27,13 +27,25 @@ Function Invoke-ListLicenses { $Table = Get-CIPPTable -TableName cachelicenses $Rows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Timestamp -GT (Get-Date).AddHours(-1) if (!$Rows) { - Push-OutputBinding -Name LicenseQueue -Value (Get-Date).ToString() + #Push-OutputBinding -Name LicenseQueue -Value (Get-Date).ToString() $GraphRequest = [PSCustomObject]@{ Tenant = 'Loading data for all tenants. Please check back in 1 minute' License = 'Loading data for all tenants. Please check back in 1 minute' } + $Tenants = Get-Tenants -IncludeErrors | ForEach-Object { $_ | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'ListLicensesQueue'; $_ } + + if (($Tenants | Measure-Object).Count -gt 0) { + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'ListLicensesOrchestrator' + Batch = @($Tenants) + SkipLog = $true + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started permissions orchestration with ID = '$InstanceId'" + } } else { - $GraphRequest = $Rows | ForEach-Object { + $GraphRequest = $Rows | ForEach-Object { $TermInfo = $_.TermInfo | ConvertFrom-Json -ErrorAction SilentlyContinue $_.TermInfo = $TermInfo $_ diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicensesAllTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicensesAllTenants.ps1 deleted file mode 100644 index 7d6c25d9daa7..000000000000 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLicensesAllTenants.ps1 +++ /dev/null @@ -1,35 +0,0 @@ -using namespace System.Net - -Function Invoke-ListLicensesAllTenants { - <# - .FUNCTIONALITY - Entrypoint - #> - [CmdletBinding()] - param($Request, $TriggerMetadata) - - - $RawGraphRequest = Get-Tenants | ForEach-Object -Parallel { - $domainName = $_.defaultDomainName - - Import-Module '.\Modules\AzBobbyTables' - Import-Module '.\Modules\CIPPCore' - try { - Write-Host "Processing $domainName" - Get-CIPPLicenseOverview -TenantFilter $domainName - } catch { - [pscustomobject]@{ - Tenant = [string]$domainName - License = "Could not connect to client: $($_.Exception.Message)" - 'PartitionKey' = 'License' - 'RowKey' = "$($domainName)-$(New-Guid)" - } - } - } - - $Table = Get-CIPPTable -TableName cachelicenses - foreach ($GraphRequest in $RawGraphRequest) { - Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null - } - -} diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRules.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRules.ps1 index a4ca980ba7d3..d1de06beada8 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRules.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRules.ps1 @@ -19,14 +19,36 @@ Function Invoke-ListMailboxRules { $TenantFilter = $Request.Query.TenantFilter $Table = Get-CIPPTable -TableName cachembxrules + if ($TenantFilter -ne 'AllTenants') { + $Table.Filter = "Tenant eq '$TenantFilter'" + } $Rows = Get-CIPPAzDataTableEntity @Table | Where-Object -Property Timestamp -GT (Get-Date).Addhours(-1) if (!$Rows) { - Push-OutputBinding -Name mbxrulequeue -Value $TenantFilter + #Push-OutputBinding -Name mbxrulequeue -Value $TenantFilter $GraphRequest = [PSCustomObject]@{ Tenant = 'Loading data. Please check back in 1 minute' Licenses = 'Loading data. Please check back in 1 minute' } + $Batch = if ($TenantFilter -eq 'AllTenants') { + Get-Tenants -IncludeErrors | ForEach-Object { $_ | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'ListMailboxRulesQueue'; $_ } + } else { + [PSCustomObject]@{ + defaultDomainName = $TenantFilter + FunctionName = 'ListMailboxRulesQueue' + } + } + if (($Batch | Measure-Object).Count -gt 0) { + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'ListMailboxRulesOrchestrator' + Batch = @($Batch) + SkipLog = $true + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started permissions orchestration with ID = '$InstanceId'" + } + } else { if ($TenantFilter -ne 'AllTenants') { $Rows = $Rows | Where-Object -Property Tenant -EQ $TenantFilter diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRulesAllTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRulesAllTenants.ps1 deleted file mode 100644 index b3909976d4c9..000000000000 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailboxRulesAllTenants.ps1 +++ /dev/null @@ -1,60 +0,0 @@ -using namespace System.Net - -Function Invoke-ListMailboxRulesAllTenants { - <# - .FUNCTIONALITY - Entrypoint - #> - [CmdletBinding()] - param($Request, $TriggerMetadata) - - $Tenants = if ($QueueItem -ne 'AllTenants') { - [PSCustomObject]@{ - defaultDomainName = $QueueItem - } - } else { - Get-Tenants - } - $Tenants | ForEach-Object -Parallel { - $domainName = $_.defaultDomainName - Import-Module '.\Modules\CIPPcore' - Import-Module '.\Modules\AzBobbyTables' - - try { - - $Rules = New-ExoRequest -tenantid $domainName -cmdlet 'Get-Mailbox' | ForEach-Object -Parallel { - New-ExoRequest -Anchor $_.UserPrincipalName -tenantid $domainName -cmdlet 'Get-InboxRule' -cmdParams @{Mailbox = $_.GUID } - } - foreach ($Rule in $Rules) { - $GraphRequest = @{ - Rules = [string]($Rule | ConvertTo-Json) - RowKey = [string](New-Guid).guid - Tenant = [string]$domainName - PartitionKey = 'mailboxrules' - } - $Table = Get-CIPPTable -TableName cachembxrules - Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null - } - } catch { - $Rules = @{ - Name = "Could not connect to tenant $($_.Exception.message)" - } | ConvertTo-Json - $GraphRequest = @{ - Rules = [string]$Rules - RowKey = [string]$domainName - Tenant = [string]$domainName - - PartitionKey = 'mailboxrules' - } - $Table = Get-CIPPTable -TableName cachembxrules - Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null - } - } - - - - $Table = Get-CIPPTable -TableName cachembxrules - Write-Host "$($GraphRequest.RowKey) - $($GraphRequest.tenant)" - Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null - -} diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ListLicensesQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-ListLicensesQueue.ps1 new file mode 100644 index 000000000000..f587fa65fe39 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Push-ListLicensesQueue.ps1 @@ -0,0 +1,22 @@ +function Push-ListLicensesQueue { + # Input bindings are passed in via param block. + param($Item) + + # Write out the queue message and metadata to the information log. + Write-Host "PowerShell queue trigger function processed work item: $($Item.defaultDomainName)" + + $domainName = $Item.defaultDomainName + $GraphRequest = try { + Write-Host "Processing $domainName" + Get-CIPPLicenseOverview -TenantFilter $domainName + } catch { + [pscustomobject]@{ + Tenant = [string]$domainName + License = "Could not connect to client: $($_.Exception.Message)" + 'PartitionKey' = 'License' + 'RowKey' = "$($domainName)-$((New-Guid).Guid)" + } + } + $Table = Get-CIPPTable -TableName cachelicenses + Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null +} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ListMailboxRulesQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-ListMailboxRulesQueue.ps1 new file mode 100644 index 000000000000..5c7ba40b2f06 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Push-ListMailboxRulesQueue.ps1 @@ -0,0 +1,53 @@ +function Push-ListMailboxRulesQueue { + # Input bindings are passed in via param block. + param($Item) + + # Write out the queue message and metadata to the information log. + Write-Host "PowerShell queue trigger function processed work item: $($Item.defaultDomainName)" + + $domainName = $Item.defaultDomainName + + $Table = Get-CIPPTable -TableName cachembxrules + try { + $Rules = New-ExoRequest -tenantid $domainName -cmdlet 'Get-Mailbox' -Select 'userPrincipalName,GUID' | ForEach-Object -Parallel { + Import-Module CippCore + $MbxRules = New-ExoRequest -Anchor $_.UserPrincipalName -tenantid $using:domainName -cmdlet 'Get-InboxRule' -cmdParams @{Mailbox = $_.GUID } + foreach ($Rule in $MbxRules) { + $Rule | Add-Member -NotePropertyName 'UserPrincipalName' -NotePropertyValue $_.userPrincipalName + $Rule + } + } + if (($Rules | Measure-Object).Count -gt 0) { + foreach ($Rule in $Rules) { + $GraphRequest = [PSCustomObject]@{ + Rules = [string]($Rule | ConvertTo-Json) + RowKey = [string](New-Guid).guid + Tenant = [string]$domainName + PartitionKey = 'mailboxrules' + } + + } + } else { + $Rules = @{ + Name = 'No rules found' + } | ConvertTo-Json + $GraphRequest = [PSCustomObject]@{ + Rules = [string]$Rules + RowKey = [string]$domainName + Tenant = [string]$domainName + PartitionKey = 'mailboxrules' + } + } + } catch { + $Rules = @{ + Name = "Could not connect to tenant $($_.Exception.message)" + } | ConvertTo-Json + $GraphRequest = [PSCustomObject]@{ + Rules = [string]$Rules + RowKey = [string]$domainName + Tenant = [string]$domainName + PartitionKey = 'mailboxrules' + } + } + Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null +} diff --git a/Z_CIPPHttpTrigger/function.json b/Z_CIPPHttpTrigger/function.json index 90c8dc9ea6af..815789ce62d6 100644 --- a/Z_CIPPHttpTrigger/function.json +++ b/Z_CIPPHttpTrigger/function.json @@ -27,18 +27,6 @@ "name": "Subscription", "queueName": "AlertSubscriptions" }, - { - "type": "queue", - "direction": "out", - "name": "LicenseQueue", - "queueName": "licqueue" - }, - { - "type": "queue", - "direction": "out", - "name": "mbxrulequeue", - "queueName": "mbxrulequeue" - }, { "type": "queue", "direction": "out", From 1b4d937f2bf8d1d2ef2e88198c8dc89799bacf3d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 14 Mar 2024 13:16:57 -0400 Subject: [PATCH 118/243] MFA Report durable Cleanup functions and output bindings --- ListMFAUsersAllTenants/function.json | 10 --- ListMFAUsersAllTenants/run.ps1 | 57 ----------------- ListMailboxRulesAllTenants/function.json | 10 --- ListMailboxRulesAllTenants/run.ps1 | 61 ------------------ .../Entrypoints/Invoke-ListMFAUsers.ps1 | 19 +++++- .../Invoke-ListMFAUsersAllTenants.ps1 | 63 ------------------- .../Entrypoints/Push-ListMFAUsersQueue.ps1 | 50 +++++++++++++++ Z_CIPPHttpTrigger/function.json | 12 ---- 8 files changed, 67 insertions(+), 215 deletions(-) delete mode 100644 ListMFAUsersAllTenants/function.json delete mode 100644 ListMFAUsersAllTenants/run.ps1 delete mode 100644 ListMailboxRulesAllTenants/function.json delete mode 100644 ListMailboxRulesAllTenants/run.ps1 delete mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsersAllTenants.ps1 create mode 100644 Modules/CIPPCore/Public/Entrypoints/Push-ListMFAUsersQueue.ps1 diff --git a/ListMFAUsersAllTenants/function.json b/ListMFAUsersAllTenants/function.json deleted file mode 100644 index 7bb9da79d405..000000000000 --- a/ListMFAUsersAllTenants/function.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "bindings": [ - { - "name": "QueueItem", - "type": "queueTrigger", - "direction": "in", - "queueName": "mfaqueue" - } - ] -} diff --git a/ListMFAUsersAllTenants/run.ps1 b/ListMFAUsersAllTenants/run.ps1 deleted file mode 100644 index 8ab611e514fe..000000000000 --- a/ListMFAUsersAllTenants/run.ps1 +++ /dev/null @@ -1,57 +0,0 @@ -# Input bindings are passed in via param block. -param([string] $QueueItem, $TriggerMetadata) - -# Write out the queue message and metadata to the information log. -Write-Host "PowerShell queue trigger function processed work item: $QueueItem" - - -Write-Information "Item: $QueueItem" -Write-Information ($TriggerMetadata | ConvertTo-Json) - -try { - Update-CippQueueEntry -RowKey $QueueItem -Status 'Running' - - $GraphRequest = Get-Tenants | ForEach-Object -Parallel { - $domainName = $_.defaultDomainName - Import-Module '.\modules\CippCore' - $Table = Get-CIPPTable -TableName cachemfa - Try { - $GraphRequest = Get-CIPPMFAState -TenantFilter $domainName -ErrorAction Stop - } - catch { - $GraphRequest = $null - } - if (!$GraphRequest) { - $GraphRequest = @{ - Tenant = [string]$tenantName - UPN = [string]$domainName - AccountEnabled = 'none' - PerUser = [string]'Could not connect to tenant' - MFARegistration = 'none' - CoveredByCA = [string]'Could not connect to tenant' - CoveredBySD = 'none' - RowKey = [string]"$domainName" - PartitionKey = 'users' - } - } - Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null - } -} -catch { - $Table = Get-CIPPTable -TableName cachemfa - $GraphRequest = @{ - Tenant = [string]$tenantName - UPN = [string]$domainName - AccountEnabled = 'none' - PerUser = [string]'Could not connect to tenant' - MFARegistration = 'none' - CoveredByCA = [string]'Could not connect to tenant' - CoveredBySD = 'none' - RowKey = [string]"$domainName" - PartitionKey = 'users' - } - Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null -} -finally { - Update-CippQueueEntry -RowKey $QueueItem -Status "Completed" -} diff --git a/ListMailboxRulesAllTenants/function.json b/ListMailboxRulesAllTenants/function.json deleted file mode 100644 index 776ec6ebfdcb..000000000000 --- a/ListMailboxRulesAllTenants/function.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "bindings": [ - { - "name": "QueueItem", - "type": "queueTrigger", - "direction": "in", - "queueName": "mbxrulequeue" - } - ] -} diff --git a/ListMailboxRulesAllTenants/run.ps1 b/ListMailboxRulesAllTenants/run.ps1 deleted file mode 100644 index 36b671ad11f6..000000000000 --- a/ListMailboxRulesAllTenants/run.ps1 +++ /dev/null @@ -1,61 +0,0 @@ -# Input bindings are passed in via param block. -param([string] $QueueItem, $TriggerMetadata) - -# Write out the queue message and metadata to the information log. -Write-Host "PowerShell queue trigger function processed work item: $QueueItem" - -$Tenants = if ($QueueItem -ne 'AllTenants') { - [PSCustomObject]@{ - defaultDomainName = $QueueItem - } -} else { - Get-Tenants -} -$Tenants | ForEach-Object -Parallel { - $domainName = $_.defaultDomainName - Import-Module CippCore - Import-Module AzBobbyTables - $Table = Get-CIPPTable -TableName cachembxrules - try { - $Rules = New-ExoRequest -tenantid $domainName -cmdlet 'Get-Mailbox' -Select 'userPrincipalName,GUID' | ForEach-Object -Parallel { - Import-Module CippCore - $MbxRules = New-ExoRequest -Anchor $_.UserPrincipalName -tenantid $using:domainName -cmdlet 'Get-InboxRule' -cmdParams @{Mailbox = $_.GUID } - foreach ($Rule in $MbxRules) { - $Rule | Add-Member -NotePropertyName 'UserPrincipalName' -NotePropertyValue $_.userPrincipalName - $Rule - } - } - if (($Rules | Measure-Object).Count -gt 0) { - foreach ($Rule in $Rules) { - $GraphRequest = [PSCustomObject]@{ - Rules = [string]($Rule | ConvertTo-Json) - RowKey = [string](New-Guid).guid - Tenant = [string]$domainName - PartitionKey = 'mailboxrules' - } - - } - } else { - $Rules = @{ - Name = 'No rules found' - } | ConvertTo-Json - $GraphRequest = [PSCustomObject]@{ - Rules = [string]$Rules - RowKey = [string]$domainName - Tenant = [string]$domainName - PartitionKey = 'mailboxrules' - } - } - } catch { - $Rules = @{ - Name = "Could not connect to tenant $($_.Exception.message)" - } | ConvertTo-Json - $GraphRequest = [PSCustomObject]@{ - Rules = [string]$Rules - RowKey = [string]$domainName - Tenant = [string]$domainName - PartitionKey = 'mailboxrules' - } - } - Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null -} diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsers.ps1 index 32314d2298d8..99209bfc9c8f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsers.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsers.ps1 @@ -24,9 +24,24 @@ Function Invoke-ListMFAUsers { if (!$Rows) { $Queue = New-CippQueueEntry -Name 'MFA Users - All Tenants' -Link '/identity/reports/mfa-report?customerId=AllTenants' Write-Information ($Queue | ConvertTo-Json) - Push-OutputBinding -Name mfaqueue -Value $Queue.RowKey + #Push-OutputBinding -Name mfaqueue -Value $Queue.RowKey $GraphRequest = [PSCustomObject]@{ - UPN = 'Loading data for all tenants. Please check back in 10 minutes' + UPN = 'Loading data for all tenants. Please check back in a few minutes' + } + $Batch = Get-Tenants -IncludeErrors | ForEach-Object { + $_ | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'ListMFAUsersQueue' + $_ | Add-Member -NotePropertyName QueueId -NotePropertyValue $Queue.RowKey + $_ + } + if (($Batch | Measure-Object).Count -gt 0) { + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'ListMFAUsersOrchestrator' + Batch = @($Batch) + SkipLog = $true + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started permissions orchestration with ID = '$InstanceId'" } } else { $GraphRequest = $Rows diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsersAllTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsersAllTenants.ps1 deleted file mode 100644 index 8123a963e1ff..000000000000 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMFAUsersAllTenants.ps1 +++ /dev/null @@ -1,63 +0,0 @@ -using namespace System.Net - -Function Invoke-ListMFAUsersAllTenants { - <# - .FUNCTIONALITY - Entrypoint - #> - [CmdletBinding()] - param($Request, $TriggerMetadata) - - - - Write-Information "Item: $QueueItem" - Write-Information ($TriggerMetadata | ConvertTo-Json) - - try { - Update-CippQueueEntry -RowKey $QueueItem -Status 'Running' - - $GraphRequest = Get-Tenants | ForEach-Object -Parallel { - $domainName = $_.defaultDomainName - Import-Module '.\modules\CippCore' - Import-Module '.\Modules\AzBobbyTables' - - $Table = Get-CIPPTable -TableName cachemfa - Try { - $GraphRequest = Get-CIPPMFAState -TenantFilter $domainName -ErrorAction Stop - } catch { - $GraphRequest = $null - } - if (!$GraphRequest) { - $GraphRequest = @{ - Tenant = [string]$tenantName - UPN = [string]$domainName - AccountEnabled = 'none' - PerUser = [string]'Could not connect to tenant' - MFARegistration = 'none' - CoveredByCA = [string]'Could not connect to tenant' - CoveredBySD = 'none' - RowKey = [string]"$domainName" - PartitionKey = 'users' - } - } - Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null - } - } catch { - $Table = Get-CIPPTable -TableName cachemfa - $GraphRequest = @{ - Tenant = [string]$tenantName - UPN = [string]$domainName - AccountEnabled = 'none' - PerUser = [string]'Could not connect to tenant' - MFARegistration = 'none' - CoveredByCA = [string]'Could not connect to tenant' - CoveredBySD = 'none' - RowKey = [string]"$domainName" - PartitionKey = 'users' - } - Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null - } finally { - Update-CippQueueEntry -RowKey $QueueItem -Status 'Completed' - } - -} diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ListMFAUsersQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-ListMFAUsersQueue.ps1 new file mode 100644 index 000000000000..89e9d1dbd3bd --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Push-ListMFAUsersQueue.ps1 @@ -0,0 +1,50 @@ +function Push-ListMFAUsersQueue { + # Input bindings are passed in via param block. + param($Item) + + # Write out the queue message and metadata to the information log. + Write-Host "PowerShell queue trigger function processed work item: $($Item.defaultDomainName)" + + try { + Update-CippQueueEntry -RowKey $Item.QueueId -Status 'Running' -Name $Item.displayName + $domainName = $Item.defaultDomainName + $Table = Get-CIPPTable -TableName cachemfa + Try { + $GraphRequest = Get-CIPPMFAState -TenantFilter $domainName -ErrorAction Stop + } catch { + $GraphRequest = $null + } + if (!$GraphRequest) { + $GraphRequest = @{ + Tenant = [string]$domainName + UPN = [string]$domainName + AccountEnabled = 'none' + PerUser = [string]'Could not connect to tenant' + MFARegistration = 'none' + CoveredByCA = [string]'Could not connect to tenant' + CoveredBySD = 'none' + RowKey = [string]"$domainName" + PartitionKey = 'users' + } + } + Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null + + } catch { + $Table = Get-CIPPTable -TableName cachemfa + $GraphRequest = @{ + Tenant = [string]$domainName + UPN = [string]$domainName + AccountEnabled = 'none' + PerUser = [string]'Could not connect to tenant' + MFARegistration = 'none' + CoveredByCA = [string]'Could not connect to tenant' + CoveredBySD = 'none' + RowKey = [string]"$domainName" + PartitionKey = 'users' + } + Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force | Out-Null + } finally { + Update-CippQueueEntry -RowKey $QueueItem -Status 'Completed' + } + +} \ No newline at end of file diff --git a/Z_CIPPHttpTrigger/function.json b/Z_CIPPHttpTrigger/function.json index 815789ce62d6..f5a94dad93d7 100644 --- a/Z_CIPPHttpTrigger/function.json +++ b/Z_CIPPHttpTrigger/function.json @@ -27,24 +27,12 @@ "name": "Subscription", "queueName": "AlertSubscriptions" }, - { - "type": "queue", - "direction": "out", - "name": "mfaqueue", - "queueName": "mfaqueue" - }, { "type": "queue", "direction": "out", "name": "mailboxstats", "queueName": "generalAllTenantQueue" }, - { - "type": "queue", - "direction": "out", - "name": "listusers", - "queueName": "generalAllTenantQueue" - }, { "type": "queue", "direction": "out", From 850bfdbc0198adaff3dd5632dfc9fa69cd941e58 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 14 Mar 2024 13:21:41 -0400 Subject: [PATCH 119/243] cleanup bindings --- Z_CIPPHttpTrigger/function.json | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/Z_CIPPHttpTrigger/function.json b/Z_CIPPHttpTrigger/function.json index f5a94dad93d7..a77f42a0ea97 100644 --- a/Z_CIPPHttpTrigger/function.json +++ b/Z_CIPPHttpTrigger/function.json @@ -51,12 +51,6 @@ "name": "alertqueue", "queueName": "alertqueue" }, - { - "type": "queue", - "direction": "out", - "name": "gdapinvitequeue", - "queueName": "gdapinvitequeue" - }, { "type": "queue", "direction": "out", @@ -75,12 +69,6 @@ "name": "offboardingmailbox", "queueName": "offboardingmailbox" }, - { - "type": "queue", - "direction": "out", - "name": "QueueWebhook", - "queueName": "webhooksqueue" - }, { "name": "starter", "type": "durableClient", From d3cdbeb6ae63cb53f9d5706eb032ecc7762ccb8d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 14 Mar 2024 14:00:28 -0400 Subject: [PATCH 120/243] NinjaOne Durable --- ExecExtensionNinjaOneQueue/function.json | 16 --- ExecExtensionNinjaOneQueue/run.ps1 | 13 -- .../Invoke-ExecExtensionMapping.ps1 | 116 ++++++++++-------- .../Entrypoints/Invoke-ExecExtensionSync.ps1 | 42 +++++-- .../Invoke-NinjaOneExtensionScheduler.ps1 | 109 ++++++++++++++++ .../NinjaOne/Invoke-NinjaOneOrgMapping.ps1 | 47 ++++--- .../NinjaOne/Invoke-NinjaOneSync.ps1 | 25 +++- .../NinjaOne/Push-NinjaOneQueue.ps1 | 15 +++ Scheduler_Extensions/function.json | 5 + Scheduler_Extensions/run.ps1 | 82 +------------ 10 files changed, 272 insertions(+), 198 deletions(-) delete mode 100644 ExecExtensionNinjaOneQueue/function.json delete mode 100644 ExecExtensionNinjaOneQueue/run.ps1 create mode 100644 Modules/CippExtensions/NinjaOne/Invoke-NinjaOneExtensionScheduler.ps1 create mode 100644 Modules/CippExtensions/NinjaOne/Push-NinjaOneQueue.ps1 diff --git a/ExecExtensionNinjaOneQueue/function.json b/ExecExtensionNinjaOneQueue/function.json deleted file mode 100644 index 058a42bd6db9..000000000000 --- a/ExecExtensionNinjaOneQueue/function.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "bindings": [ - { - "name": "QueueItem", - "type": "queueTrigger", - "direction": "in", - "queueName": "NinjaOneQueue" - }, - { - "type": "queue", - "direction": "out", - "name": "NinjaProcess", - "queueName": "NinjaOneQueue" - } - ] -} diff --git a/ExecExtensionNinjaOneQueue/run.ps1 b/ExecExtensionNinjaOneQueue/run.ps1 deleted file mode 100644 index 21720a79b6a5..000000000000 --- a/ExecExtensionNinjaOneQueue/run.ps1 +++ /dev/null @@ -1,13 +0,0 @@ -# Input bindings are passed in via param block. -param($QueueItem, $TriggerMetadata) - -# Write out the queue message and metadata to the information log. -Write-Host "PowerShell NinjaOne queue trigger function processed work item: $($QueueItem.NinjaAction)" - - -Switch ($QueueItem.NinjaAction) { - 'StartAutoMapping' { Invoke-NinjaOneOrgMapping } - 'AutoMapTenant' { Invoke-NinjaOneOrgMappingTenant -QueueItem $QueueItem } - 'SyncTenant' { Invoke-NinjaOneTenantSync -QueueItem $QueueItem } - 'SyncTenants' {Invoke-NinjaOneSync} -} diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionMapping.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionMapping.ps1 index 1e4c8c8677e3..f35e5a38c94f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionMapping.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionMapping.ps1 @@ -1,6 +1,6 @@ - using namespace System.Net +using namespace System.Net - Function Invoke-ExecExtensionMapping { +Function Invoke-ExecExtensionMapping { <# .FUNCTIONALITY Entrypoint @@ -8,74 +8,82 @@ [CmdletBinding()] param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName -Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' -# Write to the Azure Functions log stream. -Write-Host 'PowerShell HTTP trigger function processed a request.' -$Table = Get-CIPPTable -TableName CippMapping + # Write to the Azure Functions log stream. + Write-Host 'PowerShell HTTP trigger function processed a request.' + $Table = Get-CIPPTable -TableName CippMapping -if ($Request.Query.List) { - switch ($Request.Query.List) { - 'Halo' { - $body = Get-HaloMapping -CIPPMapping $Table - } - - 'NinjaOrgs' { - $Body = Get-NinjaOneOrgMapping -CIPPMapping $Table - } - - 'NinjaFields' { - $Body = Get-NinjaOneFieldMapping -CIPPMapping $Table - - } - } -} - -try { - if ($Request.Query.AddMapping) { - switch ($Request.Query.AddMapping) { + if ($Request.Query.List) { + switch ($Request.Query.List) { 'Halo' { - $body = Set-HaloMapping -CIPPMapping $Table -APIName $APIName -Request $Request + $body = Get-HaloMapping -CIPPMapping $Table } - + 'NinjaOrgs' { - $Body = Set-NinjaOneOrgMapping -CIPPMapping $Table -APIName $APIName -Request $Request + $Body = Get-NinjaOneOrgMapping -CIPPMapping $Table } - + 'NinjaFields' { - $Body = Set-NinjaOneFieldMapping -CIPPMapping $Table -APIName $APIName -Request $Request -TriggerMetadata $TriggerMetadata + $Body = Get-NinjaOneFieldMapping -CIPPMapping $Table + } } } -} -catch { - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "mapping API failed. $($_.Exception.Message)" -Sev 'Error' - $body = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } -} -try { - if ($Request.Query.AutoMapping) { - switch ($Request.Query.AutoMapping) { - 'NinjaOrgs' { - Push-OutputBinding -Name NinjaProcess -Value @{'NinjaAction' = 'StartAutoMapping' } - $Body = [pscustomobject]@{'Results' = 'Automapping Request has been queued. Exact name matches will appear first and matches on device names and serials will take longer. Please check the CIPP Logbook and refresh the page once complete.' } - } + try { + if ($Request.Query.AddMapping) { + switch ($Request.Query.AddMapping) { + 'Halo' { + $body = Set-HaloMapping -CIPPMapping $Table -APIName $APIName -Request $Request + } + 'NinjaOrgs' { + $Body = Set-NinjaOneOrgMapping -CIPPMapping $Table -APIName $APIName -Request $Request + } + 'NinjaFields' { + $Body = Set-NinjaOneFieldMapping -CIPPMapping $Table -APIName $APIName -Request $Request -TriggerMetadata $TriggerMetadata + } + } } + } catch { + Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "mapping API failed. $($_.Exception.Message)" -Sev 'Error' + $body = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } } -} -catch { - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "mapping API failed. $($_.Exception.Message)" -Sev 'Error' - $body = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } -} -# Associate values to output bindings by calling 'Push-OutputBinding'. -Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = $body - }) + try { + if ($Request.Query.AutoMapping) { + switch ($Request.Query.AutoMapping) { + 'NinjaOrgs' { + #Push-OutputBinding -Name NinjaProcess -Value @{'NinjaAction' = 'StartAutoMapping' } + $Batch = [PSCustomObject]@{ + 'NinjaAction' = 'StartAutoMapping' + 'FunctionName' = 'NinjaOneQueue' + } + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'NinjaOneOrchestrator' + Batch = @($Batch) + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started permissions orchestration with ID = '$InstanceId'" + $Body = [pscustomobject]@{'Results' = 'Automapping Request has been queued. Exact name matches will appear first and matches on device names and serials will take longer. Please check the CIPP Logbook and refresh the page once complete.' } + } + } + } + } catch { + Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message "mapping API failed. $($_.Exception.Message)" -Sev 'Error' + $body = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } } + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $body + }) + +} diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionSync.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionSync.ps1 index effb15af199d..57e44b3f946f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionSync.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionSync.ps1 @@ -42,28 +42,50 @@ Function Invoke-ExecExtensionSync { $TenantsToProcess = Get-AzDataTableEntity @CIPPMapping -Filter $Filter | Where-Object { $Null -ne $_.NinjaOne -and $_.NinjaOne -ne '' } if ($Request.Query.TenantID) { - $Tenant = $TenantsToProcess | Where-Object {$_.RowKey -eq $Request.Query.TenantID} - if (($Tenant | Measure-Object).count -eq 1){ - Push-OutputBinding -Name NinjaProcess -Value @{ + $Tenant = $TenantsToProcess | Where-Object { $_.RowKey -eq $Request.Query.TenantID } + if (($Tenant | Measure-Object).count -eq 1) { + <#Push-OutputBinding -Name NinjaProcess -Value @{ 'NinjaAction' = 'SyncTenant' 'MappedTenant' = $Tenant + }#> + $Batch = [PSCustomObject]@{ + 'NinjaAction' = 'SyncTenant' + 'MappedTenant' = $Tenant + 'FunctionName' = 'NinjaOneQueue' + } + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'NinjaOneOrchestrator' + Batch = @($Batch) } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started permissions orchestration with ID = '$InstanceId'" + $Results = [pscustomobject]@{'Results' = "NinjaOne Synchronization Queued for $($Tenant.NinjaOneName)" } } else { - $Results = [pscustomobject]@{'Results' = "Tenant was not found." } - } - + $Results = [pscustomobject]@{'Results' = 'Tenant was not found.' } + } + } else { - - Push-OutputBinding -Name NinjaProcess -Value @{ + <#Push-OutputBinding -Name NinjaProcess -Value @{ 'NinjaAction' = 'SyncTenants' + }#> + $Batch = [PSCustomObject]@{ + 'NinjaAction' = 'SyncTenants' + 'FunctionName' = 'NinjaOneQueue' } - + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'NinjaOneOrchestrator' + Batch = @($Batch) + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started permissions orchestration with ID = '$InstanceId'" $Results = [pscustomobject]@{'Results' = "NinjaOne Synchronization Queuing $(($TenantsToProcess | Measure-Object).count) Tenants" } } - + } catch { $Results = [pscustomobject]@{'Results' = "Could not start NinjaOne Sync: $($_.Exception.Message)" } Write-LogMessage -API 'Scheduler_Billing' -tenant 'none' -message "Could not start NinjaOne Sync $($_.Exception.Message)" -sev Error diff --git a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneExtensionScheduler.ps1 b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneExtensionScheduler.ps1 new file mode 100644 index 000000000000..02ac73202eb6 --- /dev/null +++ b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneExtensionScheduler.ps1 @@ -0,0 +1,109 @@ +function Invoke-NinjaOneExtensionScheduler { + $Table = Get-CIPPTable -TableName NinjaOneSettings + $Settings = (Get-AzDataTableEntity @Table) + $TimeSetting = ($Settings | Where-Object { $_.RowKey -eq 'NinjaSyncTime' }).SettingValue + + + if (($TimeSetting | Measure-Object).count -ne 1) { + [int]$TimeSetting = Get-Random -Minimum 1 -Maximum 95 + $AddObject = @{ + PartitionKey = 'NinjaConfig' + RowKey = 'NinjaSyncTime' + 'SettingValue' = $TimeSetting + } + Add-AzDataTableEntity @Table -Entity $AddObject -Force + } + + Write-Host "Ninja Time Setting: $TimeSetting" + + $LastRunTime = Get-Date(($Settings | Where-Object { $_.RowKey -eq 'NinjaLastRunTime' }).SettingValue) + + Write-Host "Last Run: $LastRunTime" + + $CurrentTime = Get-Date + $CurrentInterval = ($CurrentTime.Hour * 4) + [math]::Floor($CurrentTime.Minute / 15) + + Write-Host "Current Interval: $CurrentInterval" + + $CIPPMapping = Get-CIPPTable -TableName CippMapping + $Filter = "PartitionKey eq 'NinjaOrgsMapping'" + $TenantsToProcess = Get-AzDataTableEntity @CIPPMapping -Filter $Filter | Where-Object { $Null -ne $_.NinjaOne -and $_.NinjaOne -ne '' } + + if ($Null -eq $LastRunTime -or $LastRunTime -le (Get-Date).addhours(-25) -or $TimeSetting -eq $CurrentInterval) { + Write-Host 'Executing' + $Batch = foreach ($Tenant in $TenantsToProcess | Sort-Object lastEndTime) { + <#Push-OutputBinding -Name NinjaProcess -Value @{ + 'NinjaAction' = 'SyncTenant' + 'MappedTenant' = $Tenant + } + Start-Sleep -Seconds 1#> + [PSCustomObject]@{ + 'NinjaAction' = 'SyncTenant' + 'MappedTenant' = $Tenant + 'FunctionName' = 'NinjaOneQueue' + } + } + if (($Batch | Measure-Object).Count -gt 0) { + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'NinjaOneOrchestrator' + Batch = @($Batch) + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started permissions orchestration with ID = '$InstanceId'" + } + + $AddObject = @{ + PartitionKey = 'NinjaConfig' + RowKey = 'NinjaLastRunTime' + 'SettingValue' = (Get-Date).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffK') + } + Add-AzDataTableEntity @Table -Entity $AddObject -Force + + Write-LogMessage -API 'NinjaOneSync' -user 'CIPP' -message "NinjaOne Daily Synchronization Queued for $(($TenantsToProcess | Measure-Object).count) Tenants" -Sev 'Info' + + } else { + if ($LastRunTime -lt (Get-Date).AddMinutes(-90)) { + $TenantsToProcess | ForEach-Object { + if ($Null -ne $_.lastEndTime -and $_.lastEndTime -ne '') { + $_.lastEndTime = (Get-Date($_.lastEndTime)) + } else { + $_ | Add-Member -NotePropertyName lastEndTime -NotePropertyValue $Null -Force + } + + if ($Null -ne $_.lastStartTime -and $_.lastStartTime -ne '') { + $_.lastStartTime = (Get-Date($_.lastStartTime)) + } else { + $_ | Add-Member -NotePropertyName lastStartTime -NotePropertyValue $Null -Force + } + } + $CatchupTenants = $TenantsToProcess | Where-Object { (((($_.lastEndTime -eq $Null) -or ($_.lastStartTime -gt $_.lastEndTime)) -and ($_.lastStartTime -lt (Get-Date).AddMinutes(-30)))) -or ($_.lastStartTime -lt $LastRunTime) } + $Batch = foreach ($Tenant in $CatchupTenants) { + #Push-OutputBinding -Name NinjaProcess -Value @{ + # 'NinjaAction' = 'SyncTenant' + # 'MappedTenant' = $Tenant + #} + [PSCustomObject]@{ + NinjaAction = 'SyncTenant' + MappedTenant = $Tenant + FunctionName = 'NinjaOneQueue' + } + } + if (($Batch | Measure-Object).Count -gt 0) { + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'NinjaOneOrchestrator' + Batch = @($Batch) + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started permissions orchestration with ID = '$InstanceId'" + } + + if (($CatchupTenants | Measure-Object).count -gt 0) { + Write-LogMessage -API 'NinjaOneSync' -user 'CIPP' -message "NinjaOne Synchronization Catchup Queued for $(($CatchupTenants | Measure-Object).count) Tenants" -Sev 'Info' + } + + } + + } +} \ No newline at end of file diff --git a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneOrgMapping.ps1 b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneOrgMapping.ps1 index 0590894a8fec..f351d43ee039 100644 --- a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneOrgMapping.ps1 +++ b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneOrgMapping.ps1 @@ -3,30 +3,30 @@ function Invoke-NinjaOneOrgMapping { [System.Collections.Generic.List[PSCustomObject]]$MatchedM365Tenants = @() [System.Collections.Generic.List[PSCustomObject]]$MatchedNinjaOrgs = @() - $ExcludeSerials = @("0", "SystemSerialNumber", "To Be Filled By O.E.M.", "System Serial Number", "0123456789", "123456789", "............") + $ExcludeSerials = @('0', 'SystemSerialNumber', 'To Be Filled By O.E.M.', 'System Serial Number', '0123456789', '123456789', '............') $CIPPMapping = Get-CIPPTable -TableName CippMapping - + #Get available mappings $Mappings = [pscustomobject]@{} $Filter = "PartitionKey eq 'NinjaOrgsMapping'" Get-AzDataTableEntity @CIPPMapping -Filter $Filter | ForEach-Object { $Mappings | Add-Member -NotePropertyName $_.RowKey -NotePropertyValue @{ label = "$($_.NinjaOneName)"; value = "$($_.NinjaOne)" } } - + #Get Available Tenants $Tenants = Get-Tenants #Get available Ninja clients $Table = Get-CIPPTable -TableName Extensionsconfig $Configuration = ((Get-AzDataTableEntity @Table).config | ConvertFrom-Json).NinjaOne - + $Token = Get-NinjaOneToken -configuration $Configuration - + # Fetch Ninja Orgs $After = 0 $PageSize = 1000 $NinjaOrgs = do { - $Result = (Invoke-WebRequest -uri "https://$($Configuration.Instance)/api/v2/organizations?pageSize=$PageSize&after=$After" -Method GET -Headers @{Authorization = "Bearer $($token.access_token)" } -ContentType 'application/json').content | ConvertFrom-Json -depth 100 + $Result = (Invoke-WebRequest -Uri "https://$($Configuration.Instance)/api/v2/organizations?pageSize=$PageSize&after=$After" -Method GET -Headers @{Authorization = "Bearer $($token.access_token)" } -ContentType 'application/json').content | ConvertFrom-Json -Depth 100 $Result $ResultCount = ($Result.id | Measure-Object -Maximum) $After = $ResultCount.maximum @@ -51,11 +51,11 @@ function Invoke-NinjaOneOrgMapping { $After = 0 $PageSize = 1000 $NinjaDevicesRaw = do { - $Result = (Invoke-WebRequest -uri "https://$($Configuration.Instance)/api/v2/devices-detailed?pageSize=$PageSize&after=$After" -Method GET -Headers @{Authorization = "Bearer $($token.access_token)" } -ContentType 'application/json').content | ConvertFrom-Json -depth 100 + $Result = (Invoke-WebRequest -Uri "https://$($Configuration.Instance)/api/v2/devices-detailed?pageSize=$PageSize&after=$After" -Method GET -Headers @{Authorization = "Bearer $($token.access_token)" } -ContentType 'application/json').content | ConvertFrom-Json -Depth 100 $Result $ResultCount = ($Result.id | Measure-Object -Maximum) $After = $ResultCount.maximum - + } while ($ResultCount.count -eq $PageSize) @@ -71,12 +71,12 @@ function Invoke-NinjaOneOrgMapping { } # Remove any devices with duplicate serials - $ParsedNinjaDevices = $NinjaDevices | Where-Object { $_.Serial -in (($NinjaDevices | Group-Object Serial | where-object { $_.count -eq 1 }).name) } + $ParsedNinjaDevices = $NinjaDevices | Where-Object { $_.Serial -in (($NinjaDevices | Group-Object Serial | Where-Object { $_.count -eq 1 }).name) } # First lets match on Org names foreach ($Tenant in $Tenants | Where-Object { $_.customerId -notin $MatchedM365Tenants.customerId }) { - $MatchedOrg = $NinjaOrgs | where-object { $_.name -eq $Tenant.displayName } + $MatchedOrg = $NinjaOrgs | Where-Object { $_.name -eq $Tenant.displayName } if (($MatchedOrg | Measure-Object).count -eq 1) { $MatchedM365Tenants.add($Tenant) $MatchedNinjaOrgs.add($MatchedOrg) @@ -87,23 +87,34 @@ function Invoke-NinjaOneOrgMapping { 'NinjaOneName' = "$($MatchedOrg.name)" } Add-AzDataTableEntity @CIPPMapping -Entity $AddObject -Force - Write-LogMessage -API 'NinjaOneAutoMap_Queue' -user 'CIPP' -message "Added mapping from Organization name match for $($Tenant.customerId). to $($($MatchedOrg.name))" -Sev 'Info' + Write-LogMessage -API 'NinjaOneAutoMap_Queue' -user 'CIPP' -message "Added mapping from Organization name match for $($Tenant.customerId). to $($($MatchedOrg.name))" -Sev 'Info' } } # Now Let match on remaining Tenants - Foreach ($Tenant in $Tenants | Where-Object { $_.customerId -notin $MatchedM365Tenants.customerId }) { - - Push-OutputBinding -Name NinjaProcess -Value @{ + $Batch = Foreach ($Tenant in $Tenants | Where-Object { $_.customerId -notin $MatchedM365Tenants.customerId }) { + <#Push-OutputBinding -Name NinjaProcess -Value @{ + 'NinjaAction' = 'AutoMapTenant' + 'M365Tenant' = $Tenant + 'NinjaOrgs' = $NinjaOrgs | Where-Object { $_.id -notin $MatchedNinjaOrgs } + 'NinjaDevices' = $ParsedNinjaDevices + }#> + [PSCustomObject]@{ 'NinjaAction' = 'AutoMapTenant' 'M365Tenant' = $Tenant 'NinjaOrgs' = $NinjaOrgs | Where-Object { $_.id -notin $MatchedNinjaOrgs } 'NinjaDevices' = $ParsedNinjaDevices + 'FunctionName' = 'NinjaOneQueue' } - - Start-Sleep -Seconds 1 - + } + if (($Batch | Measure-Object).Count -gt 0) { + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'NinjaOneOrchestrator' + Batch = @($Batch) + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started permissions orchestration with ID = '$InstanceId'" } } - \ No newline at end of file diff --git a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneSync.ps1 b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneSync.ps1 index a168d291575b..df7d6f67111a 100644 --- a/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneSync.ps1 +++ b/Modules/CippExtensions/NinjaOne/Invoke-NinjaOneSync.ps1 @@ -7,12 +7,26 @@ function Invoke-NinjaOneSync { $TenantsToProcess = Get-AzDataTableEntity @CIPPMapping -Filter $Filter | Where-Object { $Null -ne $_.NinjaOne -and $_.NinjaOne -ne '' } - foreach ($Tenant in $TenantsToProcess) { - Push-OutputBinding -Name NinjaProcess -Value @{ + $Batch = foreach ($Tenant in $TenantsToProcess) { + <#Push-OutputBinding -Name NinjaProcess -Value @{ 'NinjaAction' = 'SyncTenant' 'MappedTenant' = $Tenant } - Start-Sleep -Seconds 1 + Start-Sleep -Seconds 1#> + [PSCustomObject]@{ + 'NinjaAction' = 'SyncTenant' + 'MappedTenant' = $Tenant + 'FunctionName' = 'NinjaOneQueue' + } + } + if (($Batch | Measure-Object).Count -gt 0) { + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'NinjaOneOrchestrator' + Batch = @($Batch) + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started permissions orchestration with ID = '$InstanceId'" } $AddObject = @{ @@ -23,10 +37,9 @@ function Invoke-NinjaOneSync { Add-AzDataTableEntity @Table -Entity $AddObject -Force - Write-LogMessage -API 'NinjaOneAutoMap_Queue' -user 'CIPP' -message "NinjaOne Synchronization Queued for $(($TenantsToProcess | Measure-Object).count) Tenants" -Sev 'Info' + Write-LogMessage -API 'NinjaOneAutoMap_Queue' -user 'CIPP' -message "NinjaOne Synchronization Queued for $(($TenantsToProcess | Measure-Object).count) Tenants" -Sev 'Info' } catch { Write-LogMessage -API 'Scheduler_Billing' -tenant 'none' -message "Could not start NinjaOne Sync $($_.Exception.Message)" -sev Error } - + } - \ No newline at end of file diff --git a/Modules/CippExtensions/NinjaOne/Push-NinjaOneQueue.ps1 b/Modules/CippExtensions/NinjaOne/Push-NinjaOneQueue.ps1 new file mode 100644 index 000000000000..09fe668a97b4 --- /dev/null +++ b/Modules/CippExtensions/NinjaOne/Push-NinjaOneQueue.ps1 @@ -0,0 +1,15 @@ +function Push-NinjaOneQueue { + # Input bindings are passed in via param block. + param($Item) + + # Write out the queue message and metadata to the information log. + Write-Host "PowerShell NinjaOne queue trigger function processed work item: $($Item.NinjaAction)" + + Switch ($Item.NinjaAction) { + 'StartAutoMapping' { Invoke-NinjaOneOrgMapping } + 'AutoMapTenant' { Invoke-NinjaOneOrgMappingTenant -QueueItem $Item } + 'SyncTenant' { Invoke-NinjaOneTenantSync -QueueItem $Item } + 'SyncTenants' { Invoke-NinjaOneSync } + } + +} \ No newline at end of file diff --git a/Scheduler_Extensions/function.json b/Scheduler_Extensions/function.json index f3e5317f409a..7474f0f13334 100644 --- a/Scheduler_Extensions/function.json +++ b/Scheduler_Extensions/function.json @@ -11,6 +11,11 @@ "direction": "out", "name": "NinjaProcess", "queueName": "NinjaOneQueue" + }, + { + "name": "starter", + "type": "durableClient", + "direction": "in" } ] } diff --git a/Scheduler_Extensions/run.ps1 b/Scheduler_Extensions/run.ps1 index 66af8649ebf7..58e228ebbe1d 100644 --- a/Scheduler_Extensions/run.ps1 +++ b/Scheduler_Extensions/run.ps1 @@ -10,85 +10,5 @@ Write-Host 'Started Scheduler for Extensions' # NinjaOne Extension if ($Configuration.NinjaOne.Enabled -eq $True) { - - $Table = Get-CIPPTable -TableName NinjaOneSettings - $Settings = (Get-AzDataTableEntity @Table) - $TimeSetting = ($Settings | Where-Object { $_.RowKey -eq 'NinjaSyncTime' }).SettingValue - - - if (($TimeSetting | Measure-Object).count -ne 1) { - [int]$TimeSetting = Get-Random -Minimum 1 -Maximum 95 - $AddObject = @{ - PartitionKey = 'NinjaConfig' - RowKey = 'NinjaSyncTime' - 'SettingValue' = $TimeSetting - } - Add-AzDataTableEntity @Table -Entity $AddObject -Force - } - - Write-Host "Ninja Time Setting: $TimeSetting" - - $LastRunTime = Get-Date(($Settings | Where-Object { $_.RowKey -eq 'NinjaLastRunTime' }).SettingValue) - - Write-Host "Last Run: $LastRunTime" - - $CurrentTime = Get-Date - $CurrentInterval = ($CurrentTime.Hour * 4) + [math]::Floor($CurrentTime.Minute / 15) - - Write-Host "Current Interval: $CurrentInterval" - - $CIPPMapping = Get-CIPPTable -TableName CippMapping - $Filter = "PartitionKey eq 'NinjaOrgsMapping'" - $TenantsToProcess = Get-AzDataTableEntity @CIPPMapping -Filter $Filter | Where-Object { $Null -ne $_.NinjaOne -and $_.NinjaOne -ne '' } - - if ($Null -eq $LastRunTime -or $LastRunTime -le (Get-Date).addhours(-25) -or $TimeSetting -eq $CurrentInterval) { - Write-Host 'Executing' - foreach ($Tenant in $TenantsToProcess | Sort-Object lastEndTime) { - Push-OutputBinding -Name NinjaProcess -Value @{ - 'NinjaAction' = 'SyncTenant' - 'MappedTenant' = $Tenant - } - Start-Sleep -Seconds 1 - - } - - $AddObject = @{ - PartitionKey = 'NinjaConfig' - RowKey = 'NinjaLastRunTime' - 'SettingValue' = (Get-Date).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffK') - } - Add-AzDataTableEntity @Table -Entity $AddObject -Force - - Write-LogMessage -API 'NinjaOneSync' -user 'CIPP' -message "NinjaOne Daily Synchronization Queued for $(($TenantsToProcess | Measure-Object).count) Tenants" -Sev 'Info' - - } else { - if ($LastRunTime -lt (Get-Date).AddMinutes(-90)) { - $TenantsToProcess | ForEach-Object { - if ($Null -ne $_.lastEndTime -and $_.lastEndTime -ne '') { - $_.lastEndTime = (Get-Date($_.lastEndTime)) - } else { - $_ | Add-Member -NotePropertyName lastEndTime -NotePropertyValue $Null -Force - } - - if ($Null -ne $_.lastStartTime -and $_.lastStartTime -ne '') { - $_.lastStartTime = (Get-Date($_.lastStartTime)) - } else { - $_ | Add-Member -NotePropertyName lastStartTime -NotePropertyValue $Null -Force - } - } - $CatchupTenants = $TenantsToProcess | Where-Object { (((($_.lastEndTime -eq $Null) -or ($_.lastStartTime -gt $_.lastEndTime)) -and ($_.lastStartTime -lt (Get-Date).AddMinutes(-30)))) -or ($_.lastStartTime -lt $LastRunTime) } - foreach ($Tenant in $CatchupTenants) { - Push-OutputBinding -Name NinjaProcess -Value @{ - 'NinjaAction' = 'SyncTenant' - 'MappedTenant' = $Tenant - } - Start-Sleep -Seconds 1 - } - if (($CatchupTenants | Measure-Object).count -gt 0) { - Write-LogMessage -API 'NinjaOneSync' -user 'CIPP' -message "NinjaOne Synchronization Catchup Queued for $(($CatchupTenants | Measure-Object).count) Tenants" -Sev 'Info' - } - - } - - } + Invoke-NinjaOneExtensionScheduler } \ No newline at end of file From 532bed35504dca068c40941365ff50e6d64ce5fd Mon Sep 17 00:00:00 2001 From: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Date: Thu, 14 Mar 2024 11:35:18 -0700 Subject: [PATCH 121/243] Add or update the Azure App Service build and deployment workflow config --- .github/workflows/dev_cippckdtz.yml | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/dev_cippckdtz.yml diff --git a/.github/workflows/dev_cippckdtz.yml b/.github/workflows/dev_cippckdtz.yml new file mode 100644 index 000000000000..6e0c53e9df0a --- /dev/null +++ b/.github/workflows/dev_cippckdtz.yml @@ -0,0 +1,30 @@ +# Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action +# More GitHub Actions for Azure: https://github.com/Azure/actions + +name: Build and deploy Powershell project to Azure Function App - cippckdtz + +on: + push: + branches: + - dev + workflow_dispatch: + +env: + AZURE_FUNCTIONAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root + +jobs: + deploy: + runs-on: windows-latest + + steps: + - name: 'Checkout GitHub Action' + uses: actions/checkout@v4 + + - name: 'Run Azure Functions Action' + uses: Azure/functions-action@v1 + id: fa + with: + app-name: 'cippckdtz' + slot-name: 'Production' + package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }} + publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_2101C7175BFB47E58240ABD1E72E81C2 }} \ No newline at end of file From 078eefdacc7857ca0dedc023fe911c7898b96e53 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 14 Mar 2024 15:02:32 -0400 Subject: [PATCH 122/243] Update CippExtensions.psd1 --- Modules/CippExtensions/CippExtensions.psd1 | Bin 11436 -> 9666 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/Modules/CippExtensions/CippExtensions.psd1 b/Modules/CippExtensions/CippExtensions.psd1 index 437cc32f8661e599f3a75a3a0abb378391030900..8a30d23c6ef143845bbf7f162aa4dd3128cf7174 100644 GIT binary patch delta 16 XcmZ1zdB}T%f#_rhIjPMiG8F;%-iNwx**56K^n3KodQ#V+`Qn2o}HF-09d9 z$c;EMPlmJo0!iPx$hHK=ldlYGaF>|5xO6R(QMSvU<{L4 z98}RoOYT+1r2u!6W z)|kV0+wOR6PNWAcdLdCCGRO6t!OZMCT&Fit<(Sl|G})IpO$xh{)SFQJO6qJPPaoLI z@jX0wyp$X+vlW~zo@;gfV$&$y!;i& Date: Thu, 14 Mar 2024 20:36:32 -0400 Subject: [PATCH 123/243] Graph Request - Add %tenantid% replace option --- .../Public/GraphRequests/Get-GraphRequestList.ps1 | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 b/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 index 52cc2c3778dc..49c0c3fa801e 100644 --- a/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 +++ b/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 @@ -112,6 +112,17 @@ function Get-GraphRequestList { $QueueReference = '{0}-{1}' -f $TenantFilter, $PartitionKey $RunningQueue = Get-CippQueue | Where-Object { $_.Reference -eq $QueueReference -and $_.Status -ne 'Completed' -and $_.Status -ne 'Failed' } + if ($TenantFilter -ne 'AllTenants' -and $Endpoint -match '%tenantid%') { + $TenantId = (Get-Tenants -IncludeErrors | Where-Object { $_.defaultDomainName -eq $TenantFilter -or $_.customerId -eq $TenantFilter }).customerId + $Endpoint = $Endpoint -replace '%tenantid%', $TenantId + $GraphQuery = [System.UriBuilder]('https://graph.microsoft.com/{0}/{1}' -f $Version, $Endpoint) + $ParamCollection = [System.Web.HttpUtility]::ParseQueryString([String]::Empty) + foreach ($Item in ($Parameters.GetEnumerator() | Sort-Object -CaseSensitive -Property Key)) { + $ParamCollection.Add($Item.Key, $Item.Value) + } + $GraphQuery.Query = $ParamCollection.ToString() + } + if (!$Rows) { switch ($TenantFilter) { 'AllTenants' { From 1a34d93dcc5727f05d60504cfca692967e85d8e1 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 14 Mar 2024 20:42:59 -0400 Subject: [PATCH 124/243] Update Get-GraphRequestList.ps1 --- Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 b/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 index 49c0c3fa801e..1117f95d196d 100644 --- a/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 +++ b/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 @@ -68,6 +68,7 @@ function Get-GraphRequestList { $TableName = ('cache{0}' -f ($Endpoint -replace '[^A-Za-z0-9]'))[0..62] -join '' Write-Host "Table: $TableName" + $Endpoint = $Endpoint -replace '^/', '' $DisplayName = ($Endpoint -split '/')[0] if ($QueueNameOverride) { From 7707162a21be4693ae840cf5d103ba78661796b8 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 15 Mar 2024 14:04:32 +0100 Subject: [PATCH 125/243] upp version --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index fb467b15735a..e230c8396d19 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.2.2 \ No newline at end of file +5.3.0 \ No newline at end of file From cbd1b16ddecb98a9a54d1dce875921cef8c0aca1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Sat, 16 Mar 2024 12:01:19 +0100 Subject: [PATCH 126/243] Add NSRecords to DA output --- DomainAnalyser_All/run.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/DomainAnalyser_All/run.ps1 b/DomainAnalyser_All/run.ps1 index 468962b0ec20..c9f0b989c04e 100644 --- a/DomainAnalyser_All/run.ps1 +++ b/DomainAnalyser_All/run.ps1 @@ -39,6 +39,7 @@ $Result = [PSCustomObject]@{ GUID = $($Domain.Replace('.', '')) LastRefresh = $(Get-Date (Get-Date).ToUniversalTime() -UFormat '+%Y-%m-%dT%H:%M:%S.000Z') Domain = $Domain + NSRecords = (Read-NSRecord -Domain $Domain).Records ExpectedSPFRecord = '' ActualSPFRecord = '' SPFPassAll = '' From 0b2f1e687397dbfd2c1df6bc3f95bb519b938d8b Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 16 Mar 2024 09:34:01 -0400 Subject: [PATCH 127/243] Fix function stats --- .../Public/Entrypoints/Invoke-ListFunctionStats.ps1 | 2 +- .../Public/GraphHelper/Write-CippFunctionStats.ps1 | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 index a9903b33ac16..7a0ca462e60e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListFunctionStats.ps1 @@ -36,7 +36,7 @@ Function Invoke-ListFunctionStats { } $Table = Get-CIPPTable -tablename 'CippFunctionStats' - if (!$PartitionKey) { $PartitionKey = 'Queue' } + if (!$PartitionKey) { $PartitionKey = 'Durable' } if (![string]::IsNullOrEmpty($TenantFilter) -and $TenantFilter -ne 'AllTenants') { $TenantQuery = " and (tenant eq '{0}' or Tenant eq '{0}' or Tenantid eq '{0}' or tenantid eq '{0}')" -f $TenantFilter } else { diff --git a/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 b/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 index f302cfcfb306..91d7ce2cd4cc 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Write-CippFunctionStats.ps1 @@ -15,6 +15,7 @@ function Write-CippFunctionStats { $RowKey = [string](New-Guid).Guid $TimeSpan = New-TimeSpan -Start $Start -End $End $Duration = [int]$TimeSpan.TotalSeconds + $DurationMS = [int]$TimeSpan.TotalMilliseconds $StatEntity = @{} # Flatten data to json string @@ -23,16 +24,18 @@ function Write-CippFunctionStats { $StatEntity.Start = $Start $StatEntity.End = $End $StatEntity.Duration = $Duration + $StatEntity.DurationMS = $DurationMS $StatEntity.ErrorMsg = $ErrorMsg $Entity = [PSCustomObject]$Entity foreach ($Property in $Entity.PSObject.Properties.Name) { if ($Entity.$Property.GetType().Name -in ('Hashtable', 'PSCustomObject')) { $StatEntity.$Property = [string]($Entity.$Property | ConvertTo-Json -Compress) + } elseif ($Property -notin ('ETag', 'RowKey', 'PartitionKey', 'Timestamp', 'LastRefresh')) { + $StatEntity.$Property = $Entity.$Property } } - $StatsEntity = [PSCustomObject]$StatsEntity - Write-Host ($StatEntity | ConvertTo-Json) - Add-CIPPAzDataTableEntity @Table -Entity $StatsEntity -Force + $StatEntity = [PSCustomObject]$StatEntity + Add-CIPPAzDataTableEntity @Table -Entity $StatEntity -Force } catch { Write-Host "Exception logging stats $($_.Exception.Message)" } From 095ed358d588e1b9059befe71815181842093112 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 17 Mar 2024 13:28:00 -0400 Subject: [PATCH 128/243] Fix alert logging --- .../Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 | 4 ++-- .../Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 | 4 ++-- .../Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 index af9ab403f61a..4d9f9e6d5a23 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 @@ -17,7 +17,7 @@ function Push-CIPPAlertApnCertExpiry { Write-AlertMessage -tenant $($Item.tenant) -message ('Intune: Apple Push Notification certificate for {0} is expiring on {1}' -f $Apn.appleIdentifier, $Apn.expirationDateTime) } } catch { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Failed to check APN certificate expiry for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.tenant) -message "Failed to check APN certificate expiry for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)" } } $LastRun = @{ @@ -26,6 +26,6 @@ function Push-CIPPAlertApnCertExpiry { } Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } catch { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Failed to check APN certificate expiry for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.tenant) -message "Failed to check APN certificate expiry for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 index 72b32568c0df..2c061858411d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 @@ -5,7 +5,7 @@ function Push-CIPPAlertAppSecretExpiry { $Item ) $LastRunTable = Get-CIPPTable -Table AlertLastRun - + try { $Filter = "RowKey eq 'AppSecretExpiry' and PartitionKey eq '{0}'" -f $Item.tenantid $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter @@ -32,7 +32,7 @@ function Push-CIPPAlertAppSecretExpiry { Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } } catch { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Failed to check App registration expiry for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.tenant) -message "Failed to check App registration expiry for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 index 3cf52c403f54..8d457fcb012a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 @@ -26,6 +26,6 @@ function Push-CIPPAlertDepTokenExpiry { Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } } catch { - Write-AlertMessage -tenant $($QueueItem.tenant) -message "Failed to check Apple Device Enrollment Program token expiry for $($QueueItem.tenant): $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.tenant) -message "Failed to check Apple Device Enrollment Program token expiry for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)" } } From b67b0a1e48fb77d02485a29bed4dd0f0455f6b7c Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 18 Mar 2024 16:58:11 +0100 Subject: [PATCH 129/243] Fixes issues https://github.com/KelvinTegelaar/CIPP/issues/2230 --- Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 index 0ecfd722c6cf..1d749a69bf76 100644 --- a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 @@ -107,7 +107,7 @@ function New-CIPPCAPolicy { Write-Host $RawJSON try { Write-Host 'Checking' - $CheckExististing = New-GraphGETRequest -uri 'https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies' -tenantid $TenantFilter + $CheckExististing = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/policies' -tenantid $TenantFilter if ($displayname -in $CheckExististing.displayName) { if ($Overwrite -ne $true) { Throw "Conditional Access Policy with Display Name $($Displayname) Already exists" From 781b4c2dfb974110479326b0da32675bfc69e712 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 18 Mar 2024 11:58:48 -0400 Subject: [PATCH 130/243] Update AzBobbyTables --- .../AzBobbyTables/3.1.0/AzBobbyTables.PS.dll | Bin 19968 -> 0 bytes .../3.1.0/dependencies/AzBobbyTables.Core.dll | Bin 14848 -> 0 bytes .../3.1.0/dependencies/Azure.Core.dll | Bin 327616 -> 0 bytes .../3.1.0/dependencies/Azure.Data.Tables.dll | Bin 389568 -> 0 bytes .../Microsoft.Bcl.AsyncInterfaces.dll | Bin 22144 -> 0 bytes .../Microsoft.VisualStudio.Threading.dll | Bin 416648 -> 0 bytes .../Microsoft.VisualStudio.Validation.dll | Bin 33664 -> 0 bytes .../System.Diagnostics.DiagnosticSource.dll | Bin 49528 -> 0 bytes ...System.Runtime.CompilerServices.Unsafe.dll | Bin 16976 -> 0 bytes .../AzBobbyTables/3.1.3/AzBobbyTables.PS.dll | Bin 0 -> 21504 bytes .../AzBobbyTables/3.1.3/AzBobbyTables.PS.pdb | Bin 0 -> 14656 bytes .../{3.1.0 => 3.1.3}/AzBobbyTables.psd1 | 12 +++- Modules/AzBobbyTables/3.1.3/CHANGELOG.md | 28 ++++++++ Modules/AzBobbyTables/3.1.3/LICENSE | 21 ++++++ .../{3.1.0 => 3.1.3}/PSGetModuleInfo.xml | 61 +++++++++--------- .../3.1.3/dependencies/AzBobbyTables.Core.dll | Bin 0 -> 17920 bytes .../3.1.3/dependencies/AzBobbyTables.Core.pdb | Bin 0 -> 12876 bytes .../3.1.3/dependencies/Azure.Core.dll | Bin 0 -> 384432 bytes .../3.1.3/dependencies/Azure.Data.Tables.dll | Bin 0 -> 388024 bytes .../Microsoft.Bcl.AsyncInterfaces.dll | Bin 0 -> 26752 bytes .../Microsoft.VisualStudio.Threading.dll | Bin 0 -> 433168 bytes .../Microsoft.VisualStudio.Validation.dll | Bin 0 -> 37904 bytes .../dependencies/Microsoft.Win32.Registry.dll | Bin .../dependencies/System.Buffers.dll | Bin .../System.Diagnostics.DiagnosticSource.dll | Bin 0 -> 154288 bytes .../dependencies/System.Linq.Async.dll | Bin .../dependencies/System.Memory.Data.dll | Bin .../dependencies/System.Memory.dll | Bin .../dependencies/System.Numerics.Vectors.dll | Bin ...System.Runtime.CompilerServices.Unsafe.dll | Bin 0 -> 18024 bytes .../System.Security.AccessControl.dll | Bin .../System.Security.Principal.Windows.dll | Bin .../System.Text.Encodings.Web.dll | Bin .../dependencies/System.Text.Json.dll | Bin .../System.Threading.Tasks.Extensions.dll | Bin .../en-US/AzBobbyTables.PS.dll-Help.xml | 56 +++++++++++----- 36 files changed, 130 insertions(+), 48 deletions(-) delete mode 100644 Modules/AzBobbyTables/3.1.0/AzBobbyTables.PS.dll delete mode 100644 Modules/AzBobbyTables/3.1.0/dependencies/AzBobbyTables.Core.dll delete mode 100644 Modules/AzBobbyTables/3.1.0/dependencies/Azure.Core.dll delete mode 100644 Modules/AzBobbyTables/3.1.0/dependencies/Azure.Data.Tables.dll delete mode 100644 Modules/AzBobbyTables/3.1.0/dependencies/Microsoft.Bcl.AsyncInterfaces.dll delete mode 100644 Modules/AzBobbyTables/3.1.0/dependencies/Microsoft.VisualStudio.Threading.dll delete mode 100644 Modules/AzBobbyTables/3.1.0/dependencies/Microsoft.VisualStudio.Validation.dll delete mode 100644 Modules/AzBobbyTables/3.1.0/dependencies/System.Diagnostics.DiagnosticSource.dll delete mode 100644 Modules/AzBobbyTables/3.1.0/dependencies/System.Runtime.CompilerServices.Unsafe.dll create mode 100644 Modules/AzBobbyTables/3.1.3/AzBobbyTables.PS.dll create mode 100644 Modules/AzBobbyTables/3.1.3/AzBobbyTables.PS.pdb rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/AzBobbyTables.psd1 (93%) create mode 100644 Modules/AzBobbyTables/3.1.3/CHANGELOG.md create mode 100644 Modules/AzBobbyTables/3.1.3/LICENSE rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/PSGetModuleInfo.xml (67%) create mode 100644 Modules/AzBobbyTables/3.1.3/dependencies/AzBobbyTables.Core.dll create mode 100644 Modules/AzBobbyTables/3.1.3/dependencies/AzBobbyTables.Core.pdb create mode 100644 Modules/AzBobbyTables/3.1.3/dependencies/Azure.Core.dll create mode 100644 Modules/AzBobbyTables/3.1.3/dependencies/Azure.Data.Tables.dll create mode 100644 Modules/AzBobbyTables/3.1.3/dependencies/Microsoft.Bcl.AsyncInterfaces.dll create mode 100644 Modules/AzBobbyTables/3.1.3/dependencies/Microsoft.VisualStudio.Threading.dll create mode 100644 Modules/AzBobbyTables/3.1.3/dependencies/Microsoft.VisualStudio.Validation.dll rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/dependencies/Microsoft.Win32.Registry.dll (100%) rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/dependencies/System.Buffers.dll (100%) create mode 100644 Modules/AzBobbyTables/3.1.3/dependencies/System.Diagnostics.DiagnosticSource.dll rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/dependencies/System.Linq.Async.dll (100%) rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/dependencies/System.Memory.Data.dll (100%) rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/dependencies/System.Memory.dll (100%) rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/dependencies/System.Numerics.Vectors.dll (100%) create mode 100644 Modules/AzBobbyTables/3.1.3/dependencies/System.Runtime.CompilerServices.Unsafe.dll rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/dependencies/System.Security.AccessControl.dll (100%) rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/dependencies/System.Security.Principal.Windows.dll (100%) rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/dependencies/System.Text.Encodings.Web.dll (100%) rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/dependencies/System.Text.Json.dll (100%) rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/dependencies/System.Threading.Tasks.Extensions.dll (100%) rename Modules/AzBobbyTables/{3.1.0 => 3.1.3}/en-US/AzBobbyTables.PS.dll-Help.xml (95%) diff --git a/Modules/AzBobbyTables/3.1.0/AzBobbyTables.PS.dll b/Modules/AzBobbyTables/3.1.0/AzBobbyTables.PS.dll deleted file mode 100644 index 28610eb68077ccbca8cd1f3b6969ce703c1428a7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 19968 zcmeHv4U`rlX!A$!B!h^2_`dfZ(UZ9HXPv+g21OJ{ zFL)|SUkbg@@TAuLLPPJ~Og=H}*n>`LD3MO(a&{rnZzY_OTq2W8Y}ne97_tYfw(9Ee zd{_0hPNHtjpn-F~AA7C6N*5*~+7hCT;Fya0l!a>o-y*(5F~N0ZH#69N`J4s>pFale z{sfEizw*^3nT5|@=-tXlktoZK82>pzR0Uo)3RaW{L2s&{+X~iA1<K#$tgtPrq$}I8;79D*ECl@2yghBE(AjmFhXuY*u6&F zE4m;Rs@-dpufNcfQ=wNkl5l{j`wnq!-G7KH>rwL%SJtDxLtI&p`VVnsJsLP9mC=nU zOALAgS6EYP6aeQW0h+_+$TTn`fz}#xWIC{_VC%}2Cm|ScP(Eyf7jBI>bAab(0KYll z{Ef$7eGlZEZQkEz$EBf07Jz9ynoaLG-Dt8Xaxg4xHv=RQf?>yDTiA?b zD?kzL_zpA3V?@m&>*An7tf`<91PrKE3_-xa@G6ENU|>WQLlBOOPr(yBLHF3S>Qt; zuLRy=>g-a}be1z~6<7s7;vix=9VMCBF2SV_AaJzmxFJ1kt#j3`Mu~k1fO8{i$pANN zGpckw5Oj@QgF+4@^AP*Yv+--N5zW;aHlP^^bmGDcLYNXdL)-Ap;=A%T0K-P=Hw_!E zHhuo&rBE4OdAk$@Dht+fL36>dkyl)C!$x-CN|#C5HDk-ds%)K6SNb87-+OY@Rdsa+OWYfMc4IR{(P^gQ%pL zYCRXe@Rm0YbG;N=%lP60`d3l1YZD~%f97F2fR5=nDodx1!< ztYDQZaEYq0x!eoY&S8XpWvxA2Ycq^lP~?&%;$wVwrug+*zjWx8c~eZi)>OR-lsocD z#K9`&t^-Y&8L}bROppGa63BZPwR-L0=e3!PWBOw5n4F`~JC$$*!F=X9VQ+ykoCjr+ zLu$4sB?uTu?5dg|V4yX{5Cjb5dc_a~49p|N5CjaEpcsOHk?UI|cYyeQ6KPmubh?A;9wIb|lvDP6gXa@LDhiM)mG=aJ_b^t9 zAqW`rJ%%7)EbthDfU(eH2m%IzL+KC%jHJg9WXh5tVP^B*5xIOPjE9@CxoK{_P?VrqTQ73($k&IH||{TH<@XRF|GP%J#OLSun{v!f&-i{txiEM(DK=Ur&(S@l&n?PTKNjGnOmc1h%9ZBix z3+@YrIAi=yTTau#0NRc(P+E!aUVJeQ!bcb6cJ)DA(Tsc(xUR;RRd8KIihS9AqT^xa zajj1W!__85LJW@tep6LLP1Vdl9r$k{lYSArJz`Rw!0!eae@Eb1;oL3wmH^kiI`nAR zq$jHxW&#YK2s6As%J2_?hv|{vP$Wz*RSiMUXZ**i!?Z2RcwFPs-$jNZQM$HfQI$y- z#<;D^%-bP3z5y7fLD6;zph>s*=fH-CP%BK26LZ4Smz%?1hWrUX!^2{K z4(*2N6<8jozXgobz13{Py%FwR%E$c0G1l;XY4MS&WAN4Oe%Aa?kT>bA$n8jrM4y)d zktoBGu_lnIUV(7~6V!f;5mP#8VBBGDs%{5vfD@y9&8F&3WNjn}P>rGP$Y!d+-8h$R zubEwAfr<)sY1QnSPH!?Vd%&+0{62$A|4#5rW53szQn$(QnlQsPHHM+lF(Ux@RU-m8 zORoW}H);%>KJA+V_`iHJOEOB*51ksFGwQ*2j0V8BbcWXorxSHOoot&XR%v37Mr@Bp zY@sGrY4mc1e5EC2{9<}YYc!_Ax2=G?1ZuI14d$;0XAW%y%nMwovCK|^w`f}olYU57 z8`~0aEghZt93o$%Yf2Qy;Gm*{kNA&*vR&$FKS$C{E;VX?44xV#J>%+y1Qf-M&6{Y0o|X?eggLiD``!bjN|p&yl~7)9t; zLOn}U_2)4I+Ad_t*R?ZIld5TlP{+xPjT+UoUnr%eh7PN;nct}TxKTq-tFoY8a}?CG zE)}i$B&Zi$sxNljh|xCdcb!Q)LSm~cJ;kRoPOg{Rne26 zXdc`7EDiZg%*T6#QkG4jlWy5!WUDFk$e6Nc-Lea$Z0~&5a)gf7{FyO@)?ph+^oR5m zGR$hpifuSn?av-sT-<} z(oFhOml~;xfqKZLeiQqmF^j(7QohpDm_vW- zQt_%YpuXo)k4C>})X|Sz>d9y$&PxB$r9KzE*Qlpoxzq#jbv^yFP|p(kY%cMp#`FAK zdRHjrdECb|iqFJLb1CRj?4`K`)A3P~7tk!XjAzFM)ZkJ)J1(Fmm*V-5pk*%gtq>n0 zU*b|c9~!8`rK-&ssBV|y*>NHDy3}`TVxX>bDV|mH$a1M)m|p{xbE&Uj9?hryF7?%L z4AdV=v|?d&So0HJ%cxX&2&hp<1+i3>DZXE<3invUDS(4Gu`h}{h(Ut@rrt_ zbf%(SE1h*E=hKzcO5b#;KLFK6zjUd^+Ka|wI_FY-pq5Ze3tM(8-KKrVSW0_@QgOD7 za&FnLupX$L-@XvzIUDzVaYeJv(xEyYyma8 z1(F(8I))*g`8SF-rE?? zKUbwuEg<%WfMHDV=a8S43S1?yU0|2Ms|4;6m;y9u6mS~74LAq;Fy@2=b^$g}2C$KC z1dLHe06rLA56r z_iJZ0Bl2z7))l=~J4M%5-=npN&5vo1ARC^dRndF2QOz-5!-1^wj1_%MJFYcEzNLK^ zmV8fpOuN784Q-8-&eHOJ-s7+E&(%k@Q_)rWW7@80r`}CZRc+UM=}2@ye_Q)4diPuH z!T{U<8Z10QO@W*~ORJT-_5LF8djBT@uMqqS;F`{Tfz8p+=pn(6YelSTqgt{0b0|%P zPU$>G4+Azt9@kI74^Qhs>^Hs-7^Bw!r_$?yGwG**b@X#RPCHP#h~hM2wqc)A?Q6qo zJ{@oltpJ=yYXO_-DByCs7w{4~1=vAP0A4Bl9>5Oz81#1_8@;CQ7Ch}j=AP_4 z6!=>M3_l_85rN+ks0UB!-0RaKc}Czf0?$gVvr_u1aNY#xkpRQ*2-JgbN+}s^Tgc$j zkips#!f6oL2>vGmjm9VGBf&-~Z8Ywp4Z(F%+AgpQGT#YwN$GCkqy%Qb*Mmm{KL-4; zc~bCGf}aumEbu$cvr_l0!Q=Rv@ZS^}%_p|`SSI9S+d@8;X%K$9z?8tEz#{@r2s|n9 zjKJ3flApC{0uuro1g;aMJR$J3z*hxQQ1l2~CvdmGqQDaZPYZliAcaI;U{T-+ffN?Lz;yz53p_3GRe=-{ z8G(!GIDL<%X*;xI+V8cD{s+3B*H_%1SK+T3e^F$I8k&YoQHRy29ytL=x z4H!o6b@-qb^3woy+@DMVJ_Ark&YT8(7NAbE!P96CppM<^EZ_?Ob(}n4{l)4%2Y3@a zs3CLK18;#RasLabW0%zcd@-O-OORhRtn>4LFM|$^mILZoXBGip0jT5rq7nFNKpm$S z&A=}O)M+jBX>=K&PV1mgqjo?YuQMzK-T|oNOkz3kPCy+mQ}8*><$yYEqK^RY0@QH^ z!Y3q~0d<^!Tmt+mK%KUu9gTVbb)1D<2K;J3ovuMU8t&uUQTwCx7j%*Kr`n(6L~DkA zg?_D$B#+X{&x;_ji7S21=sPgpvLh_lIK zHw~jV9p7f@*Fn0D-on?XT_^PA^vCp|b{BmO-*>c=;6F+S^k=|>iZyFj_4O_3TS9Ag zrm~rVRKZ%??=rY#S!GFQu8=8YtbBWJ;OdlI{DpJMDc|ZX&y9UuJkBcVi}7u$+l}3(F>3N4eG?dB>AhJrVt*DgZIp>uPT7|yNqaKyB3i$%6q?`fjbR65+Zl!JD zXpP6!r7HCGSkC@T+M)tStw*p<2|~)3u#QwNZ6Pag+r2!(J@yE~l<+>`r2OsHkiFlk zXo)(qR?4YlY_SehlB$MuoD}Y5iH(jur1+OxDxV+~mYF+-IeB`*T{$J%J}}_1dTqrL z3lv(B)~Jg!sGVmI(56&=Z$U6brbX-to=$>DO`+H=WlH2rQX7#wOT@Mm-nq08;XRg2 zOVKkntV#+eV^5gZk|Mb4?fE=1aduRyBlDLD_-I4M!Bn>$Rf^!~&*UuHx`$`Jm{6X@ z!m1dCaV6<7S%aWkDs0OPTbt|yZDVs@hwUi!J(J}U38wccnN(g4i$%T8DEyeW$Xm~- z6Kl}G0J2p9&k_4a3KpS{!x%6}k}9I1qNpUaBhNXqRAqzJKQcJTV_oKXUhT~kD%o2{ z3d1AP^Rj4f%0YB&M6otBfwgqc{#3#cp6ymPb(3Hf;qb1aGGz#Jm}Pf38QMoGwNKc;v<+ml($y|(cU;#H?*@e_ zYk+iGVdb8>^!RmQ;!440k6R~I-2$&KbcLPCkvjy^WVfA`uoPnRXjg8($Cx}Fxq*ZE z=MAiCjpMhieWYNk`R5g4YPkDZ>MHNk$cy;So6^=WuYRR8?kB$Gc+n=@(0&f9wmZ5^oJo=as%^O-zGD_2OtO0W6ykmqTWmBsj|rq*MJIZ$$D zo=S;HEdcLhK$}W_dBQ585~i3m`L^EfN9e|eUG&PX+l@TzzY)9ptu6dJ3s%Xaz&P)yJbcm-ZR5!I zB+5CilDnal`MilySvq#N>1isbEsv9SE!tmsdxsFm-T_`Og$?846IJBidNG%~GIlQ~ z+zE1PmaOe_bGYRhEOYB7D?L&`xR;pixly&7@4(Jx5Zk(PlE(}vZT83>?(4j91e3R* zY?B0~402IyiYxYdE>rEFC-Nt3;a&O5v8b2tNL(iSVq7v8PmJfWoR|JYphWPo%B*da zB8LiiO2l8Aa&#qGc)CQz2i~tJK|?fx*Eb53pneD^Xc#JN+7AT-pa;OoKv4n`d!?MI zVbtLod(mJXuz+hnURLA!7Rr?gqZ8_;q1nM7?tG+vTI#dLK^&-2^>&mWC>ecECHWu9 z(Bl37fBcDM3?AsG8%iGfS9r7d*?&9#{o5LLS64+0m3x>$uk&tH?FY^=X9KFZv?Q!K z1|9G=O%iz=TL~P3_TcAlWgoVHw+D3{H_FTHaeN*SJqes=HsI~XHpF|DU%Fh-PB-Hy zmd65*QmMBT-+3GWcYx0^OtW}~4C9-VxspRvt3FWivz?`B;B{-_#5y3I;g05@k|)%M z?^Xk(H=eg!HoDGk92GOsO}x=po}N_0U18dyn*gb`LpqicPPx-v(6U7=?1WrK9EsOY zFW7>52XKPT&e{MMaT+Ms(yrVA-TS0(2LKar54V;>EuQ`=LseRL5GU$~AmfrmO5UpR1xdtN_L2s7i}2=2OO{KcuD%>pJ;~)m14c5TJ8WFRcSnj zv4!S1DYHr3jOx~~jE+~6yOEVHjX--IT^hz82Q7~@*Y+ZUJ30(m3udveRr=-{9N;X+ z?Q>*$U8+p~UVGf3@l%&aTG=pJ`vant2gI`^k7p#@+XDVL+pNaZkj1dohJ$(14WW%R ztg=CI2o%8Mcp8Ef+tCV}^T63|Ud|Syg<;fLEEM-Wg++$Tc))piOAECa_0;rL2_hww zT9R6!hr^7o-axjF)6fbVRphtA78?|g&^)xwwwA+-b*NdG$J45?e0esdP)m(~7uxTi zti}gB>uLR0{;>|tz-u>t#%M(+`tL2@y{^SOVPzH`Q$1Dlb|ZK^DL9@eU9ROt!gyOb zV%hWmui1`5J@6+-Fct6Gfk9A1R1Qq9m;;)(LF`x@%}S${(p}@;eN~I60@LEx>G71# zYU*ajW16nJ!dx(ybYB=!{scie+Q%EQMid_-fc8lT<|9pKQ{ow*6t}|D;v+`fiVwvz z)i9<^K^*dUc_f~R53y(lRijaVK(DJkR1GuTcH_mDxXm4CO^?7TVaIofA-l?qUHGlE z4`p}j(Yp9lz4nmU__FF5Gto0Cgl#&WNG7x?+7uF@*8ppa_XGlZy!ffwScH7IMx#1- zRf5O6T*5B}LP&4xY65}yHSt|_(RlHH@K^M`X|k{CbhtMvXf!%2=K0a9j z!t6TfSTvIGX{@Za_;wwP1pZI%m_+?yj7)TPz+ZbvIbqkd+TtlK2;wm?c;|OW?t+FQC=Nf*b|W7;1z;VW{iE zGLp~|-%&<)`SA0>C`QifDqf7mpw$J)$034HK_}~@Xtu5{`1ONR-g}|-<*R~A|9a)l zhcDi;BKU>N`fjOxDZCn5@Mu|MpfkXW2E^|ikZuMIvo@xiQNxUP;ai9ARKu*twf2zD z#Mm%64o)=Sx&jj2K^X(YbOeYOizw)Ykc^WjzdL0ubzN zu?39AQ*aO_RFa~;B%6|iDGa6pKs$Jc7>fpzuCAblXY2f#%dgn?>eH`wQo~#9T~&sdt~3^MjLGu9EQTBp^Bs zKfoCKPy-Kg2`@(ma4c@6@DM_XrTC2#{_qPTjr>9oEmXGXFt@rro3#&Y##7zQFrFgy z>Y=XOUOeo@(Fo1f$iQuQ?ZjJXnhs_1j4D!5NYsHExaXc&gZnkZJZ{ zdR$n%lO2hL=cs$yHtA6)o?5Geqn5-6iM1p=?=Dwp5-f7T$~zMe(^=ta{Q`zDtd)8nXz4+qnPoE{(I*#G(#g(9Z8I> zQ(xjw^br5}mrQlQFfOA9cM<5hP2Oi+h(1BE|b`NABu*U(H*?J=jq4XTH?xMJeB(@HVu38z}Z1&nBVv+$hMS^)cAa0tfp>}S%Uj)^>-0&PvHX`b?{qry#3_65pH7?JyKg}*8f4r zA$;J%pDRR%*X9QFATM`p8EEuwd0Fnm=vsmmOe@*HQ?}Z?<>&1*f0p9zZ%OIPZS&iG z>@l_B&%yR=MGwx`X6fJux|7HT`27Of9270=m0|dUH~WKfhe{Ia+ojE|ESF_&2}o>voJ5-y09f ffd$_Hy?-6{{eR%kZuNggJ&kqpzdrx@Jn(-3rHSVg diff --git a/Modules/AzBobbyTables/3.1.0/dependencies/AzBobbyTables.Core.dll b/Modules/AzBobbyTables/3.1.0/dependencies/AzBobbyTables.Core.dll deleted file mode 100644 index 0349c1394f6f8b843c83037771005316f492c447..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 14848 zcmeHOdvp}%b-(l2+1=R(+7%!$5-d+INUSCC2-w(0NCFm+5R!NqW3k#Di8ZSoF|z_> z0+r%N?UT4RjqTR4-8@cm5|YMA+Bh*y;?y~bk9``Frg2V6W8*yAq$dyiBypTHwfno@ z%*K z8$3JzNom{J`TYm;c4E{rhpo&=BAY1|%~E2}NLXXVM825l*xr{IF>^*L644jAs(U(# zwn++o?cZN{&KvFfv>*|Znu%IL(H!cL9$XVR58x!K5wPso%>=ez93ManIv)xhxRXWs zf92|;Ov14UdbcxhfM|jPap5sR6b3B-x%vxvSHctMQ^gMe-&}>KO2)Ag@OL(&0Z;hq z+6_z`30Re~Y%2>)*meK_JGv5Q)v+Gam9mV22|>1%CUCN@H8`t|^+X%0Pyz0NUwp7_ zGWqCO6Vd$(i6lY&)0??+GD4&;yVkkN$_Z#vmtA!dcB@Q{f(t4_tuBN5+Gd63;|i&m z&xVjDEA}+V=xS3y^O-dOmn_y!z#UiKM>o3iQB`!X(05d}YSAjm8076Z8bwxZkaT-G z8r|0v)S~JI+G?9Mx(T|VJ9cGVYH|j&gyIq+!^g`vCTD_>taAs@rrWbFI}CjE(Yw$K zKD$2ZvN@Z(UWFzkn{#lnun9A7%>dEG1LMgh8lui+bk2z=TwTx$2qcbdVL0hCTZpZbXy{1 zR2qPc4>C5q)^+71@>yNHyl%-!KY-UY7_Zrjz*;=PoFv?93~Bz8!Kq?!PP3N?G3F#O zYNL5Ia9K-YOc+$#eDPSwx5zS5tCCo{}EHM^xty*keWh~}gVJwuDn7tI@y6`Tf zoJ3+)t4gpc$2;Z-@4}k8T$$M@%{hUISN#F)bq=TFUDa6r3;aU3Vs>NoSV-{du`pMj zcgzvqRmMVQIb&gIzUf%i^M$ojJqo7Q^N2a+`NEQ^7Qzn1W&J38<*PGK&aLi^TkvXpnd|G zt_EYi*R|$yZ=HLC-va*fZ=4Uu)FwaBR-i8gL(|mc3P4R!KOih!JsE<0Xqr+cD-IdS z+!*q6$!t7{LRB3bEE&y41;_GY4j0bGWh7zhWE!H?k2%VADyuW;2*P1lViMAJ$M(P}8Q@FmVG|B*ud0{UIV{Q;`7uQ+Vz2Z9C zdQ4oevOXoQbF8!CT5o+%TpO&Pi0fSI6>*&xw0`dZy5*BNtn)(FGzKP6*wkgaEI$u>ktZ?thSmVB;#QzrT?}?Y z&N>W86V&8J;3d=qDdaadG4BcRtaF~IxfwLS^?TrEnn805cR*Anb1NWw8yXX-p-)dD z!5S?|hU9kO;q$E#YYwoW*#k6a?m)ZTZ(RdYW5_`TC)vwvyASPc0cReFcG2?NsdYJq zN!eJ0+5{G#x(xdQB(T2heTv9Nvmc1K?|G4-TylQ%p_sctI*B>1 zPBh#nHG2;jizk@Fcj`v-Cg6^Grw_tf-3RwjuMcxB=;N5MQ8D*Hi!e8NGoWQ2g_n^- zDVvG4pppR_v7lr2en{(zc?%nXo2VXYTeh-5MYLerdpl`SJtEuaLP zPz-|Uce4Gf=VSgcR0AmzY|?^G((`@Ctp#yf-%D6MsDa2K*hY~m8#rRTFN6)(`^_AH zaKQ1aV#6YrQZXd1Ii!FS$SPyLa9;N}Y5uYmPCbfKdY`lQ-VSkCQ0FGk+axAa?NR9n z?80J**+>{&*F=Vjlu)dr$OUrnxyc0%PGxqQAyfMZgyJm8^Vm z*k*}Gq3eDbw4Hs_gc5+;3oYEVGmTwx!bz&8|3q^>w1D(!CgP%wxZL4S}|@CF#$ z3PSzknoCeeSe$enPPi{2KIVTWsL>kH{#Ii+F5vq_`!zv1sj-Id_+N$m`Y^W-Yux??V4c1g zULVpZ5tKpssNfC;UJXR)WMG-5(Wm5qs?j697a+4q38*?f7F-|F>8FwPp*X!KJb@8E zEWa9ukA^i`ptDu~37tCqJn(MN_rXq`P6gP0e~@9H@WqCtMtAsz z^(eJ#%b@K6^ty^HP&B$h*z+CX=^usW*MhA7$H89Mxl&`eS+w5{{9MuKn9l8;qWviP zE};AMCVc_@D%1pRVg1ptPX8gIF-@5W#_4+D-Mq(>!=vSa&#E$g+Qp7Uo`T*#x>!x{DK$j7`Gn&kdR2K&t)brt>@NBttf|1hd0M}UY$c9 za52sIx>`^FxY*%!_%yt^Shs|+NxTA^>6=f_3+&XaFYEJt3#jL6AqoFpmKV^Fz@DKU z!QaV?XxznCsf&F}=x%{ML^lQNl_cGay)%)cWhosLm=n*XsQJvh9rbCIZz=tii~X&% z&bN#{;9{$(-PcH0Ep;UKC|i6@)Z}7M0b5QtxY&2mFGZVOECZd_(AQn;F=%O~9^PnR zymR2S(DN=P%jx(lF2S{+XDavU%joRIT|lDMVQzavH8nB~ z;ts`>3S2Go#R$_^K@zsujD7%; ze-}AMr-l3^?F}3g8s3Ta!=c;JelC1Bot7FR_o4lD_&(9={b=`TpTd5g?U|1DyWl<; zei3hh84lC)YE)Vz;CrZDElQ`Q$0P5SRtn0~(op36pzPJ3lGf2D^zTR=^n>t^rKhFc zk)KIRrG*h$ZjrX(e%nMp^UHD*z2s-^UR{%)mR?l3eV4CJ-sbB6Tx7f4FW}SCEs?wB zn}yDt(0Lm2Pf7RiOL+OT^o#IMesRZRS`n5_-en34&^W|6lZAyv$EwEq7OV5ImmuBlZ zWm38`e5=v|$-~MSaL1KzVUz?thxVj$j+TV(R^I8_+z@$8Ny{(!Kach!K92uaB3}^l z8l9oB@L6TA{0aTr%2MeE;mT+-?4YY9@6ZCP>o)GOM+N+^sE8Z4` zD31zRi`__y=Flm$3+a7m8|jB=SI{5OUPpdNw$pU9TLrxjZ9DCwd0IQR*z>dl0?xWE zQ?it$McSmG{7AHl#PSP8+b-IyXy;HTjnK#Oc3`P=t+Z8IBM-|lg`T0a^xrf~Iw(CPeN#FwT`m8a{J8uDSypx`?^S-O{7z9PL?z&I>>hQfL)ci9 zkGbk;vGWP@(sqxl)%B=2+;fgcqN`QhaB=W{$2*$U3DhLs?^cev>N(V!skF7~LNSIa zMrI#~=Bl3*V=#mFR1U34^!20425<&(>NrCg!Os?<(%Qb2OJJmAy$9D?cTG6S~(jw{L84Bwy;cGDSO+E#=Lkh`L}2p_YM`H=7^` z2+`Iz6BPnNbQOzUDNvry)mIi2>`Mdy-7g!o%Vq|(+2h4*PiENQ>^smx-D8D<3#L1Z zVwY09w%#C3gQ{T8^5t7PQ* z$43p0+YN^X1~z1}hv4bPyiv#z2eseqEau2IN&{U+=^$R@6^)Wz$`o@MD@Sd&b!18z zv6lJ_>qtIp(6ErSZDb9>ir!2SK!4_t0c~8>gs=-=w20ZEi;0(97p&Y9b;}u5R<@() zNZvAwBSx{bD`Vw3Rmsa9hDD?*IZN!Rm(!HyYG~S`)8>qQup}UMt~)bgkU#}wBN5?i zTQ+Ns6-$DYse^YBw!|dh(;jX7gyO?Y0f( z;NZCEX*(<-MVm{d(cQ+Nx0u-BGVIuHxY>vc2HY+>MbmjlN!bet{ie&=Y2~T&Sjn&uMo~4O zC5Od<;hoIu%h**Uk#csUIQiLtv|16t+@(rkFKw`{6WjCN|p<&w&8w;WgbY+Uj z-CSC@TN-!hC9a(0M%4?pBgr)*)izc#owP&!LYiN+aOtAGf~N&p=ibVyZ)?OwK+Jok zx)av$X3V!?O{H}n%NnEXs}nvN}JlC7YX) zIqDh6_Yi8w1s} zo!ZH_qm)xD>7ZA(t8Hk9nl>zeaXVigyu9Mj(>`}n}Ef>KM3pz&!IuDPbmX`#aF2W)QV`Dn`X>Od- zA~{{8rw@~3c&io9fU$#A!auB6x)yKSuOVtl0ngANewQ*Rg=cq@ECC(GTdE@EfFFf) z3NSVi+(Y3LKeo^AK|c$$yf{rrY=z7?ex~gey*z9Xv=TV`@OFZNgW#F`E7&v-GN7jj z+j6+F9BUlGl^QOjnD{nqXx#Z z0rTkB!@6c_p|#*N<8wxCTkz`#$KDoxS(pn0a?-**;9fY^a(vg=iMIr7K`%-3F60kP z;gf$82}+6LLfBCc##qDnr2 zdC0&Q&Kkr#$l5a;#oB&QdGDba)s&us>I#B(Pkk&fom-&=H|{`oEU{^7m< zm1}$OH>4&cDWD`s@&Sm&7>x>Wt?HNJoxX%DMWf+_G$TH7Mv6~-DVD|ylqes;gd)Xv zMB@`*)BJM0GuDN-EwL{AP!pSYF5*u}u`U4Ngz5-=Fg|fs_p9-m_|AA|Llh%MHBwj) zhLodPLTZRMD4`ljnoBd{d(kSo6xGET=rVB@=3wjuY&aK7NB#1Qct(mFEE>;i4ibcs z_sa48@jRPdKWkQv3^C|}^{i2_=h9qB(}k2PpN|_%z$FOpS+tg1)(CWig-eZJi6^SZ zWWu6qLcL#$CuhXRV9$)$VJR>pKF(nLgcOZ8`2?x1SyExdi?Ai?%IuY*v9zi~Qit!3 zxrDy#NWR|jU|iTfR_%e04X(%U4{i^~!GMpiQM`xcVQUE}MpqMf=~%7F(T5Q@7MKay z(c=ujZD1N~@nXh=a->F_NR7<&vm=wjK`{^PaV+gRIEgM(9IW#zYzn&EBS(4GoNK^! z)QHY=r%G_<3QwoZ82f8P!)%k+8AwGVN6@HCAR0(hG(X`yVd=OLOLJr~5-Zd=pJQEm zLXJ&*BsOt6mJZB_O?(nL`w`CiT6`&^BBeir^9j5WjUq{*=@(cM6rXrSw7=(eQbNW` zxCAi;a5g?UBdBBG$%q_{`rRu;YIzp8?-L^1>+Ah&04q;O_4Pp@v5CjxlMQ&;jZX71 z)+smE6Q|@_q1&4WF<-I|j!vAyq}BUK##kY&seF9mLFjx~7`9Xl_n=s~^-(0LNI~?$ ze+0o90~VfOJv#U!B1w1|);pOqxr$2wd~67O{dnygXP3XYBk-4{`Fnqm>UcKL^5r$V zKDoMkRp5ayzC%6x(pR!7zg)#jR(x-y#XA)(mR7WesH{Z+c7ar{V|BXA(gU&7JP>Yr zAXb?N=Hnwlx0?}FHN*(RG&qGRjW@UPnrKwU#FCF82jtqagF$Z<$M=_^5llE{2kEe1 zE`uX-T|z9F_(-(DO;=9i29zC6|A{-1J$R2RO+#L}Ng`4P^NN`7=Zk>?A+Ql#WJHuP zID%wCo};ag=hXmA$5$QBJMg*u<8{A0bGMZl?KX?$M*wVD&7-yiIhi9$nhA3C zbKlG~xsNs1A8AcBLql|W`RUtz&CAasG47J^`XnG)CsF+3=R15|CXpY{$wr1h9b%*f zU(MhjzSoh+ClLG~$?wybI3~%kI?`4sm`A(D3Z?ug-naD2!F2H;9x3p8fnd3K=`O7I zni>yquiJVmgdv6#6}%eq{+7U@4d4YzN1@P#ojQ%!S-ed#!~-gG-&hPC7Yi^;Y zl?d>6EQIe;XkzN{&X-!vm!PxUW}JHt;BRTFehONoU=N9JLHn?O+9h^heb}9C$9``> z?D{qW=HpB1uU_X;jt*QTXytwNMt66W#_ntg`!qfliC+ES z@{ZZY?u&O-&W=(D(5KZqpj3i&m7VRynhpq=X6*Q!e=D(zMhq}!E&8@&G~T!I7~}AZ zcX3#iINIno{Gp8rY2MTGj?Z~+;O7JG#k)j4x`iHZ+zzoD%z~ST)@pm-s=j7aE2$ij zUC>wAN%MFu7{9rE^7wU-=g9H%goSGcv8s6TR>niEvQ^gu7~q{px;FI9Q-*5{=ezh6ptKB?Ao wVKghTPR-P1EWv%AUcWhU88vKzuK#auR*qAeevwMMOb~AR>x#Q9wZjMHE572M`njh=7Wyh~lF@hVTDBr@Lo12|Rw!`@Qe) zd-s>jsXBG))TvWdr|#7U9QiTJu`J8Q|99T8ta||Yw?Ka1`)4(R+j_s*X5H2N*z|jv z_J3^pVW%vw^_>~`CkMx#-go@5XPn`m-FMuHeZk5z`j(&3x935J_MPsZaN=NVYj*31 z^}%~t*8WY7HEY|i{xMGNMQf|RT+=Me`U#}UDE3#shr5sN6n`d)+g7=Wp#1W;0O7zt z^jZq}I_AS9<-ab|jowDvrm;mvNYkhYcz`m5#0&vgku63Bu{hL31iRcm` z1OGk^Q3uaH@tm{a|IMROzL;0Y-T2pMS;q_pwcvOlRW{_!gXi%^L8Yt~3*-rB#|2;hjyrEYl=*%wz@lo9(y5JqVm|PXI_&+e@KYM7Wjhn7tze z)SWHOu}4w6T?2)bOFO8?F;GC6>d_QTFN(Z$pc8=TOf$)`JaCyx+#-7vh2$FKyzK8s ze)Hov&c0$U5o}Ow7|wOvDb*uFo{EFJ1}p9qV+&hZgfn zRrSVT5V9pFfJ|qagW;}Da5Rp1W|nt|_{{-}N=7~9u3#qU)gw-`1W~i)PDN$QxnKwc zwL^eig_J3K%K88x|LpT1v#Vk_Hg3D6!JgTcT1z|rFd~+m3AXB)#o;d{ z3XT0pg(F>50a|x~@V2;m?ErbCdbz=#u@jYv#I_p>?a{W`5e$Q2gxh8=oKhO(H7VkW zTH~_(ZL$Ao26?BjVrDM*0CW3(2(W5`ZBRVf$~JDcup-xPnWNxKZ?sW6;bG9SN-kKD z&_f0?hYT_Alyw>M4|9?a&H)*W$S&~a+MAT|o{_(>q6H{&&w#ZCE~^gMW@k{>;~Wiw z;o^#=E$y~h2Ddo|KiOavI8R=SBw=2IE8$t+U(~2;eh%dN{z=|?gX)tt$Kgkt+wNdo z8iXlCJq&uNWz|d?JAPc_=uX>0CPE-+zy|HOosesBIw@Vl}w96tY z0ox@Z+odF5plPk=&_GQMhA%vx!lLC8`X@AcPNe4u+nfXlou5qLhNlpV@{J+UTD}vJ zFBrnS%{qwQsmC+>GylwUezP#gz|eWH$4>2sFk$NZc4S&>%fU5-O?Htm>?I1jzuGbo zT+d3d0%5DdX{=W#*&`$}Z@QM}bhTl#G5?B~ zuG6^%o_~4QkUvXmTZ;4cyUL*SPq*8p?+iW#$k1(WE zI|II~*KTj@La*7Bsrm5d?6iR`@HS-A6))|>h-9Dh{4)Uxo)6a9?l#G_LO5nxPTY~ zsJ^;k5^`SH2TY<|CRvG;bspn+b8m!9dCy->A8hCOfKG51YF&HUU-$>B6#x6j{jl6 z4K4ZRN;==Hk~{vz4D&a9AVA7zJC?};YueFP8?ptrvGzPI zE~`{iS9g;PV{Pj~>+X5#?m=I<7__4a`>00`Cz=tLYqOpg)bK=-tO8QE+&C;i>Nkg*jq z1{g=5X^Y*WfuQBtgO;b9_3uS}t6c^bYlyM^kHT3^2OANgoU?sew>4-AJ!TD)iIW3g z*4^Czp|m{e>skbdN81*{2lU1JdB|KdV7M|0sd}r+zj{lf%)W;sr@o$B{bV!7EY9E6b zt|G_mvsipmkkwq!V#AiML+~oamsZ&3N_fWynX8zO%?bhPV*O9l)-mh7WJ2pMZzhu< zV_lbh=k;Pq*VV~3v+=!Dk^ zbVIaYq|p_AR^X_T8Pq89q_2S|>q19E`F&2}*x?NVop8OtuJH2$M>W`>_K+8SNx9h; z>q2J(FW4K&>rDck@CyRn@MeKs;THvtDw#noB2W61CyD{))GH0xj$6A0XcmYR%$7=Q zff9^-i4cPV`lI=lppw~8DBhUWG~2(GG3FI&Uk1eV>nrqP-gO({W+|~uQ8%qFMWrrF{&Fi;)Q~*vAI7R_`3!_?$%TQaqYO7tl9kKee29*ZGLn2+Lb_a0&oy-I0 z6+YsiE#{rx6Z+m~TUKxcT9rZW%l60slEc9Dw0b*}oK&)!qsy0w3z9OVZwAO4JooB8*d_n<=4zASL>c5RW$cC?)WU!p^EL`sjhI$#r{t_W3}zkUf`dH&uQ2a9j5f%^e-j=huV84&Xf1`- z^7Kse=P7=No6frq+}fPEeEFPb(QLBsd_9|=R(JOYTe z(F5B)8Fjmx`DY3k>L^6(Zg2AEqwvaEaT}DTSNk#IwPd`i(^>XB^CVFHRc|1uQl3W< z792&_V@yS|#GxD%oHakekKhMvAEn}%p8`>xkqP{I1mcAzSQ+yhD5o?2;~*V~(_{gf zCm4CFOmJ=-xiM5&Xr#)i>B=c-|7RdC%wDFPf^`Y=w3KLvTdw9^DbtQrradL)sd79J z^9NRnmw6ljafJdrg5jBq;hC$$GuuZ+^HyR=(p1^WCTp)Fjj`Y_p~QC2+|RM$^hkz> zV;O9w>*d2Jm=QI9}5TK*kW_|P8o6VhQM*tYkdj268CUj&o z5jJ2R@>!X@OA!qqwupZ(#LqzdjEbKTAsQ8#u0h$XCeeK0pVqwX<8kFJP5b>N9#`5H z^33&&d?$*XN~r9pQgfay*>BS9_i1pthMJRYZT6o6$Zp6sSG;Hl41=xX$w8}mM{OsZ zM=S^bDd6vPE^#}TB&lHN$JG3%!KTvIpvr7HZ5vo24+gBw3too`dSs!e>K1Yv`W%=5 zbk*h9DBPE_yd@i)fen^(aOXy+l$JcRqrda^J#;=Q>R_EUjS3mp>^$-bi)A7A|v#>p*Vn;9V5g6 z#GDwR4#%!N$GAbTqs#F!Orf{tCCD4Kvo#D{VIM5@vO3W|xWDQQzz{wUyxqA3gN3of zn=CgZ`=|$9XwX-dMWoe|G4x4k_W2g(3$&A+9F*>jG`!AEgU02R-j0SGZEiS3MozdL zfg5g5(3T2!AWVg*w(yG4FhwL1&IN+`COIML2}w`L2!ui>eL3amg&bmwuoO}>&q4xi zLM*qQS)OG#$yNu})@Xc!mDG%wep_soc>!4eMf_le2$jdHOo=Gh3MElW14WYNDIidl zDvp{JC%6@K+M3FpSl~tJdFu6ilm=+4zqQTJiTxEg6lO0>Vm_S2j0j!^L9X1I_J0kB zQ}CIaw6@UK8)xq>`rA<|*SrG4N`J!f*@UAL5xfclHMUTQwx?UH$q#CK3ZkM)g*$;6 zN@^Z~8}1xwnqF#L{Lm-sI~vP4otq61GE(_JBGtVts-q^xsgCNXOm+gSsYDucY(u2~ z8l)U3Ws9gh)uCWQ3ahiz@$>keC_|ZuZpmeSgIKlS;%Ajk^kk6wJNO~9c|C%^C;Xse z`)|NepV_+pGq8;}EkpwKImL9;CCpF$0Lt)>_~HEIPXe9rO@VIsXMtVeTLMRw%uGTB z#+aQx^H=;RPnr#BC!PLe5P+XSPQ4QC*xsm@Td@sE8FsjNcdrb{_rd?g_&EJ>?I%D&na8%OT%z%vX8Ju3@09nIwe`k_&B&Na8^l#@$N&ANQ^5;!$CF5fi!DFl~- z$59m`HMO+2Y%H9>v=)Jp@ep21<7ZXWFMZ4!`d+*a@;hrrYf~H4WuXf15>@4039;On zK_paoqEX=m%le(N)`EV9luI+2XYmulzPWZSN9X=@ngvKawGsxU2}6I^i)}lWfKm7! zR`F0im`t=F1`2&+;gm#TR3pzW8q^-oPIb0n!LxNBC1a?RX=Q?K_%WzQo*g^}#w^ch zf5Wy;{dZ;CL=X&%QI78+P+KaJXtR_rv(0~_2O0>}PVK710R-BW%Z)bfv6ybuedtz!cYa2kvM>0IZ2Nx4j|BC6d?{E_KgwZ00M1IOx%8P zfH)Aqf-XVd92Y+dxHaoU@Dz)r2l>Ik!%RR?aj6x_H)UkiGM7$PEz#z(#i2>XwH28> z6*RD64j<%w7aX0D@@HcWNZ-BbO%xRLZ@EUc1aT!KEw%TBPw#&Q5m6Pue`vn|Z1#K>Y&6r9bxw#yd+%^LJYc(uFsqMdz3PGd^_RMGfr+vjMjJV_muGI z_aa2edULN;!rv!^lQ!o_LtH)^>9#b-#l8h9bgf?bK&QI3=c6+v7sSgp<`KP-=NFKp z@-|9y_VF-Q??zYzA*vjE?0M(^3%dzzSlVysw4Hf<)RzAj{8YPxDU?kb=9P3cHq5t` z;zX zh^!%67o&B32LEM{flSbLd<%Lsv>pEWkVIRzZ1gy;PtC}-ytdjHO{GU@wucx^O$*xf zG3fIuHP^@BlamiL$ie>d@!Aq&a?<$S(1Yp0k3R)J+q7$$c#lgfy!5DE$FxyTX zOk5O<5vK&R(Zs>TMZs(%{&XadesM-VD)FLeN<_kr^xQRqToEA&J2G=u3-Tn$)6tx7u7=J^1oU)d^VxadMbKPW zL+o@8GwV1`&`*sm6%Q=NN;n!(8GiubCA&Ey!HU;5f`ATj_6i}`qFjVXad=v)1<)CP zTM3tTfqhOXt{jRhr^VG`x3|=bi=KLM}M!E+?G+PtD~_1tKRqTeT{D;UG~sNk-`SGwHk1k&WM#Y-jG8Gf?9V zMh)245E|E?O(N`D(Cgz=R^2ny=-IB(vpqfk9b=rRlEZaTI^z8{4*cv0d|f0U<`S`~ zVE#^w9?Lb4o+Mv8kMr$99}e+F>Fi4Hq9{M};aPJg@?4L++qlRJ#z)?L%aLIixMv1C zZK3PK{HGbm+vMP6G_{+Gsl?bqM7I4s@LTB#?nYy>gWk4i*dQ^qQ!Zr72iu;%C+KqN z-dS@}>E4}Yx2JoLos&)Xu9A~rWw%gnDpvc08Hk@=^CXJS>;?K@9rTv-n% zG=QCRvm@nPovX&UI?Gu}`&%{6O4{6NpR zBwvJI7Z?tKu~VF;9>ZYO1vo*$i3-p~5qYu#bbIun!y`bKMR2Nu(-fSp0Bwk2z5-Nx z`p!}iD5xnoTLF4Cl6+9XhZLNn;9Lc(6kxJV%25TOf-wc>DOj!Gd<7RMKviKpj64WF ztN`5=eU~Wsh=NNMT&Cco3eb;}5{pp;mn*nJ!N(M=Q*fmMj0Q;gaRr}HaJ7O@D!7I~ z+B5WQVf>SKuru+gi5N6PxmZMXP=F_+=t7J%Tn}x-UyO1sqd-pqHfLZ~y)-rj_hV`I z*qF}}FVyrbr{`KGV$0T1lcT;5G8r0I>cI(t`b8#^eAShG=snFT_Thi$irGzO6d z)^r_n5=52kz#bh4UTiIr8P!iuL~B>_O4V*@rfnPxuAPX;I8ZJ0u;SE#R`z+EJq&Ry zB~obn>5F(dRl9(#bOu+Notp@=WuP$PI-LyXC_^8*h>n#iny0ww(sQM@HPZz{{M8PE z+^gA)f?H99!TtC#D?qrKZ7O(zxHl3U8(5Ib1J{cmr9&-ngYAjiBf+uh1&0!Me1c;; z3_e8MhZ7tdW$+2&?o4oOp}|wcy_MkDT!XH5;Hvo1blG-;y@@+2!LcC+D~Y=_!Ld~b zpC#_j1ji;G{D`=h5**um@K5539dR0L{K59{2JcUBv;@J0#C5j8aWml! z4oz@0W&uu$pBb!6aI|c}EyR5*!O_eGKPB$X1V@_}6pO&^h#%Dz4Pfwo;=%-XF>yB# z_dtT9X$)Q_?q3Oxb~2be3Ao+xqx@(zgXP3slHh1TgPV!_QG%m64c;KmnHR9=uH4-xD0Id(hDX+)Vsv8Z`C6LBt)O;9|S)TJvEy zX2J$yyAj*hZlwh~6$itNm=D5kIF)I|wLgGa!o8x}kFX8C9y_YJbZtpYfIZvKfPG2F zggb%PEbF6xqzK!tik7~PxFY{D1SO&aweswO5b2<98km7p$gr8H2^XR?~ZpXhE&I(S$i=&3!_N=)CsFK}juxGDSc4tHE&U#wR9J!Rx zQ_DH|Y1mwe&dC#xZKZR_3uH`~kRlSUC*)BAamW~8FXXHMy}Olew>VgECk?g-Bd9a( znq5!_I%`KjwpF&Fzzv7wD6AsK9g;&5pO2G>9pkTOp?^h5XG>ZDS{U79H!)K8*cTMs zOn^BXrQiRix2*>_@JLGQ;^5?AFfnDxI=O#i_ zX|s-5>edNEE?sHEaW-=8_TR@ERKP8r#fstah(f8MM`ldDS49_l&~IN^Psx(#Jcmsy7Ria^X9tq_PX#!l5~q@8~ySW#?4eZL(_{GZl$Eyti<)&G~6NmYk=W8D%9Dh?o6 z%LE|~Aif+U!~q0awNi)!2-Zf4A`T$F8Y9F3#MfekIDoi?h+jCBvLo}H-bu5k%bt4B z)r&sCq{?^hTK@Pjk-KcNaF zJPO2IIqOzhaZu3zB8WvtRL*^|9O8)k>m5;MIMiv6+=<}IWQC9a7-c7iz%UEP#68Q2 zw0HI~=q11v>lHks?^s7d{<(;+k*YbnhKYGLB&W^zG%25Has&z^P7>9V@qDag;Mizd z(#U#91@r1`>F7i>9T?zHHpMAj{H{qNCRxcjQOxTtjF}-H3pn0rKrvv9z48%OPp_Iv zSDVY&@_mKF%EPkvn)8qJ$(1)dG33_;3&=2WjZDbf$oss!7z{osL{DZdf z;o&;Z%)WR`3fk|37PE#Q2yp!~K@&d2_{Z5Jg!ah8^7}*l*3P0_C)p#6o6vRSQ7Fy+iC2nF;46`yU}wN$qtF)tVD?NTCp^?d6*sOoetbnE{IKaKGjkxL zUmO}_%po+021c_EZtyrumtzfD#GEzN*8F(Gp=3+Z-qMhn!1V>i7R0M893K-eY?-}# z(9>?U8Kp?F@>XtfXriq$Im3!;gP&QA{2IstrLJ(*lI%BN!3$$kXy8XcR=2?ri4J>2 z%0&vI;A19)F;Xtd+VhP{UPUGe%MtqKM+vwof0X`3iNDSDLtcA-_kV39{U2t5_V7iojFIBQ>NcNEW>L@MS8b*1}Ls}U1V(^>|Z<70Uc6f_G z+_@5nJ68fz;THwskn)$r(G}h(a8%=&>C&f&&tQg^E&Vwb-YzBurgEtK1qGKc7n!0$ zj;k+ZW52W;;La-JMU?ScNzx8KEzk*ZmH_t;yTVVYC>qS?CwR7$K2FCX-NGtbyHK}r zy7MuJu!6HtdmR}O1Q)^?2XbPt423F}FLYN!CwS5V3$q8~+`%^2OGDkr8S|m#5>-_x zfbpcH8IIG_C`+|LEESdHP^P3w4~ufrG)anac3X)Hu0`#;_eL&uZP3wYMHje-C(sE$ zC(sSo3+xK77dWb9W`^pDzDQTR*K-Of_ShKf+o40et3dxH{a%gJF3$I$xK!4qT>Z z2w48i8|nb-=%p6mCS6dd85yKG^z)VwI6scVBQ+a zZ5>}4Sp$-&85PG_q@r3RuQxl?+U6DyNx6HsxqB}=q~vskJ-!I#?wV z6EkVW(p4Y4vR){;7&g%7Vxf@*YmiucdAIvWe4UWk6Plrvt9Jp1b52EW3 zTR-69A&&hJ5WJ6}GIWJ;=KX>{Ank>cCv=P;vt`i7Np&_P#vb7>wk!OP0kzX-K<-s~ zyvwUadj#zQh7a>|T!`h&YwpJ-bZaa?6^Br}CFZ2)e2`bT7N>*U_5PKhET8UGRzw7y zf>CZs`d5J{B>!o(kHd*Yt-`gEM%pVz4ox$XBJF>IY|(xs(PETnlpIc8qu#XG*v2sb zf(zq7!LYkqtWk8FVXg)j4w@cC($WWu1KHx4%~JvQ5M5ES$^n|T|4GEj;w-miuA!*P z532>Af)C(Y0RPkcVa`GI82~xUjV+Axz&Sc0A(C^ksh~x09mwK)Ii1$f-g@+jT*vMc>fjxZQHn@xqSJgVUy+{De`imveh1;glX@3 zS)x=Q)+v93%_pc^rDyESx}sNHnptYFW{|yJ_MN;r8*n*MXq=C;a43A~a#&+J1}7tn z?~*srK2BN=ro;in6EQ*@99_x!g=t3OCAJCIx>>Xf{q{}_p8+}ayZ|d4&(c{8e@S3~ zkU>~o)0}yHFVTBSXOYu}XHE&805+u^#cPS)qE$aPReKIKGJJ|$okHy$dNA-}Q3-B@ zo?0iQ>&Gc~fEBgRK{Y-u5PIRy5k`$rO39@-fS{~`5C;&yh!Nrdg4qxXaU^{v>K1J# z)>^XRx5Xyf;dcZ&;dcdgh4%{_)nL=Fwvs-B#U1H0wf|kDyly0~yCset-XqWn?-ke; zena4>2AcupMITppc;+G={dUFWW6S)5MN}UO*Y(a)sFw*w#2b)L6hDSpR4IX6T*H;L z6?nBk5gdAkFOb3wp97#uUnXS55eE>zjuGO(1sV*76LzI+fsxP@CGv}e(5Yj+kAmWl zZ}f~C`>xumKK7M(=n$thaYTVaZ3^y5f+50-U}ul$FO!&=#yIv@OyhqxXzi|HT`jw6 zivY4x?gfDSYse#S9!rL)E_+1uB|;4kPSTKZNF8vK*V*8M{x}c)zX+k76~j@Em>0#( zJUj{v1!pFqv}r3pfM$kkouVK+!5#(d>=}VKgG&lADUqVPhQWk``JiX@HOYk@^xM=~ zg@Yl}j|5_&p99wSfbic$>q7-P5{zqDb%goU9B%*~YZ~^5kkU@c5M^69cKSSWmw~9a zfPQwrM!+aMMlF?*cQh+7avXr2_*h?*5+L03X4BTs9ye?r3&+xiI zPlAeV3@Z*FhF>HyGYyze&G`vHVO9EoZFMXT!&&*zE9ef#^{My5SQ7Q{hhpc7=}$9942- zw0P+=Uj>`e89{Dq?0ftS%O^oET(#sO~_+yL^$0Dq}><2b@p277OvD#w6^f-l@Jp3&l z@Pl^2zI=HtPdBO6h0p>qfIWnZ#{LBUwvJp6C7(IA9L-lUZ8v?$OBeEjEnZyJ!s7s* zEqAPY&;fh?FW@)BkqGaLVC-Lj&Zab{Q2RP`w3wS}sMfM1xzdxe*b4j;3W`)wg z&Y(te4V=r}ns1ykW%O7LbuX?bu`$P?`_PM}A|dwo9Ur)OTp$(8GWava>mGYc!Cw^o zRl(Z|{-)qR75rVnKM0O#GR$M>l$&m z7e*Pr(ug}-aJ7{LhuG#cK$HwYve&Kq9ZOheR>FG9eg`4WGb33D{+P5~8B{iWlgn@o4b^ZH-5Z_YvD%ipcSEr1r?a zkdi&JQGV(6??&BG#8Mx-M6k%(9^?E+sSBG*`M+UsFBlBiT_O4F9$0lpj3twVG@u~I z8+&&fY}26L-Sl9i`kd(6{`HaQEm3?-V6bE?ys)ys6dL4p>TjT`q*&NvsxhSsrYOh9 z1_H#?Nuh{T=bMP?H$;g=!cg@xsWmnmJ4NW)*u*+?#wM~-so+TpEc|E@$g*F;K2ka7 zErOHWv46$9U;ZH8x4^}mCuQ&7NB8;azMt+3)%|U{FH!e*=>D*{!*`hUwe|>Mr}-{I zDj4$10nOS2@CktiV*$o-i{@j9Sh_w{nds`nG#Qt>R#~jPJLY?Exbj;t>qw{Lmc-6z z4b^;3->kqji*YHJE4KM4coc`aG$1O>?<0+dIx)~#Cnn(1-bGxUp_;UQL`-*8vQ)+3 zq1A`LqS~t=6YwHp5=C+n)vGN8MkaUQAO#f;;O>*1n_WU{Y^(1;n?7tkg=Cz12YE6bvH95V~NSbwpqOi4hz^x)g124 z4%e{ng$uwMS-E<_y|7o2TREu5HdljNwcz#6)51Ws3xMG!8=6_2ab==9oiIO$(D5yfYw3c(b`7k0wk zmMSjY%SGHA{@eIJ75_W&AI&Ny6y+IkkOihZDdAhr+bM2>dNpixW|gHIwvuxyY$L#w zaU!7;P5{7urX9S2d`pHgY0Uwt{eow02OS^EdNo3ANaM(Q!JE_)twfLcF@CF)y&yj@ z9_0nw0#j|G&{rI4#qGW85?*;s$KQ=T z){dpAUu*vx$w*b#QHI@?jbWg~)pVb(@RD z2RWDGSzDu`9u8Sj8@n!seC}B!!czuPu90SU`ZfgiHWjFfrIbzOpBfwiG5EYll2(JN zY|Q}kry1~qyFgxY)8~`i+j1USH5%X69mm)(6CG~K&btPyEM5)EuKKilp}E$_8uc@% z^nB*3v!oen@q#`xPUAaaR%O8~N%z!|*)+H^9LY>Ai_BG=BHpAJ2HlLvpR&g$gN(P> zliU}(Hxnh;4kAPX$>SMJd)~E>1LHEPU6^IItc;Fy3NPw3BrvX%sy%?{?OsE0F`wQ{ zfJ9t8-*W)pFJAiXGd;$S?8oxr0$qD6FJ6-z}r5AJo=lG68eB~G)=c$Ty6-gG_TsXmK z9Q~-oI8YHzjNnN9KpTfW93MN+nEbgV&^yGnB{)9Jk7G9r8|iF}AdYM#!r7cA#%LJSXVdHge)3OzgxV z!C>Fm;{>P2&eD22SVxb1lLL)%dsJ;a3+@Cr5GxCb$D({zm5v)X9FjhFH9K$Vm(ZW- z`6Er7%p8mYPeshE*ENV&!MWZw8Q)N#aQY1ej7xeDAIp)R{|rLIDdIzWmvymlDw*T8 zP{q6AN5y>zd5l`e58#xpR2ZQ!$J3@1ePtBq1*B{n#_63YmvJ3^bB&gdb3KN{;r_D_ zC=!J0IuwmiWWovwl5#g5#DmBMPlS-G{^6FgsZ3q};w zFYh)m&22#21zOwnpF}pRQ{0tU?P@|L_Az&sJ+5D%G~*~@r`Uh6FOuoF%GrCu`?Fs6 zV9M(eQxRuwu=aE6PIAb-%3fwwbiEUJyr1cs$FUZVCixOmpKO~a8oW53u(9hn^l0gl zr)QRa30dUb9vyo-e5YIcGFj7)`M?6oILqN(b*_UTo&VUB@g9wgpCjYTSRmR*V%OL@ zO5#1aX*}ph1VV4<)t*PZ&1HG2A&$s`C06F$|1shui>{ksuy#reR#tH;NtRM0FHX+L zQmT0UN9bD=-GI0NWn^A~>Qn~X`WWQqpFKI80cQ4$Yd^)m-|l8MK+iz@Wf5Z>l zF6EJBXmJ2RVFV!#ASj6-!~q0l5`;K_pg@8U2N0zgAr39OdC1?=;d&9z+9nb~3 zm9i`ADso9-DbRXJfvzoHQXp%bZ6Ig#n2d#n6cfW(pKR{{Lj@RLgi?I4N1^psa$ePb!- z^_C4rm6%hb2lfgX>1DIYn^b*>%QvZh16F)YYHRUNHop~rx4c!YZ&9^6)mc-b^Ikzo zqoo;z%L#bK%3I&xE#FgG-`~@$QA+WnRSuE}7D${)h%-5g(~USiQJg7p9F&ZxEVjKk zT^G(&y<(p1Vy$Pkf;m*|rlF~Ep{q8D8--#`L?R<8a%N>9YeMoSlyKAv)@}CDC$N0b zuzm-ovGZd^JnIY4E0+4tA5b3?r z#U(;}gv96X2|0@`8@d_=apapjJ%v&xI{VpdZB-tB_VXm<32J#0EW$tIhwsb2CC~}c zufy+#e-+pjqJM{fRLS_!E$->k$CK3PeR!_*8<6+pL{G3sc%4D?1S2HzRd(((L%0prv*;@5u%KUmbXYz!@Cy@JBlw-cMKOFkCs$(8xgDa;dJ zqi6zY83*7ar&sAfC$xWY#c<6=h%l_YL|y3HEXxyJG}IZnwLy6+StnMDy#XU%^3nWg zM)0ix$=8PY*coC*MD``_!M?-9T>K!j)1xrW#Zz&dh8h{4k8HO5b2MKI?KKNgW2$LK z&p(zH;Y~=GIDDxl#vl*2bq30F1@n;L?Uh#`B4&l1o}Z!sErC^&)m1FXXFD(_f>05T0hvIo?Y#b>wb0?L%S(h^+J z5Y90sMxQ*Js^11-?y*ur;AbEd=yQWfHcEe((1hiG32jDbVRlO@*a_i!D0qTBE^sCS zFHHimx8s;B^FAeb0a)A5!Bbxcb5&C%>}ePbKg+hb_x}Kp)(IfnPqVwhPBR-vK=5#T*#gmCA9{9xLrPI;3Rfgd7@ZQm` zW-EGM&8N~m<_T8JSMy#ba{jVC-LO1_1y9O>l>r@lZ|u4VDzu~ZpgtbG)YYE^6R!}- z{5o0@l69a>mW6QIo_S1JZOGK=$Ro@bdAkaN?V$|G0M3xh>XT<$x0qN?gHy6L)soK4 z^wM284pGV!W~vMsS(P$vNo+as{4nyZa_QRERuaF}w()_G`r=h{Va^m6XDb?Mgq=h! z&x%FE;IGW{SA{uwkYkPVv6y|i#Z{t)#B|-&OoT+Z+=qeQqo8g~w#bWsRousSf}N=c zoLnlqa(yx00hx!M4`Y{|*a2$4$Mp)dU)U`(n=!dZ<@pC;3`a9RLP~pt(Qq>wd;-KCgjK9~=&{w2Y4M^-RV|%VGuIOA}Ga-Sa<;-zWe9gKUI zVX;CSyXq5M-A7egx?|^3eDuce0GX_jO~hEP6Q0r|IN}IZE2naARXNSX=M@QESCV@QM6%3*wgSL;uL4GF7b%a42>z|C6`0%Itqq~9L$`7LP zz!GQDdIg{qh3i#kPhKa}o8TI*R|>(KV zWM3n4N`#!%h@2WB7c?MOGry9{DCfnclDpNC{lVHaXv*)Uy4Z)(rkusPr^5&AGPQDR zNjl1X&@8fMA5@C&VbAOZX!d0lXT1FoFL|R)S8bc0y!HC z^oT&M?Jl;y&`p~?pv^q4Bkl=^z9p4bR|*IyLW-J6pj;)Db0zJJo$*i zaOn=)?wxSLu^9eo!f@EVt%{Ho1u;<&m{aPE+D+5SH6oI$P^;t2jm0&VXJ`;mZrDeOk3w7^Y)H#QjU=M`4S~0T->1fWSyN_ZHMUIU)+<# zeE{9*$wO1^QB+>n9^FTN_m$tp_?03DX9*o48!56-{P^$)2}j6L(c;JFM+8mgiWWaU zLIQ-Aen_Xx`CwBm>1#!J?6Vx5^SXD$c{)u|6HtC44;v%C<;4L3zRK5qCZ zqxNP#hJ4|{puuMfu_Ab;B9;guJcJ+>9!h}oNhqz_R`>}I1A?FNW;_n6>38%kVH*c? zMi@c#aRO|}D%y|{a;)&XlsHLwD#qg2E*+v*Rx0GcUM|fY(iz}CfQ!&~fu^O{iUo2# zW0&b2X!f^8V27LO-8FKi3b?i8b`7QSsjk6^a1FN8g_q*ju9 zJAm&R%0?cyjL7^1O9m~vc_}Y);rmI24k(uy@5mK8@SZ6ecFVOLt+1c1jpvZSIa6-S zw;+B?z9pZ-aQLab+q@KywSyO)Y0p$z(_q}JIV$gq4?&MZ%w=d+L$SP|xx}kx)SaGH zfXOK?)nj@CL(S>l=ujzm@@t%uq1|5D_|7{xONjz4t>BmJ%kmQ(ixGTn35)-576oQf zC}+8jJgokar4f8TAvgTQ!FtkxI^wX*0=|BQsT23Ocv68oTY_`Uv0yE+gdL*`KfIAw z8-Nz&y%Rq6jqx95s@FsH=4eJ)q@UR9uj08A`GOse$2&T~(HWLGj${YgBS%6m>@T3I zmVE=3I%nd!ixH_$5)R?EMOd{XqE}8?iQq+3I!uIw)-RC@CPMU$72=6dmrR6)I1ws? zpno+(%)o)eUN>JF>>0ym1d8K}ZU2@KAz~bW;2h)}E;`tk3D>vM4&;fjX^qv9ImHUu$`!_eP(4RXzvbnS4CKqnj$=!RIbKweYf_5x8D+liwqL|Z_>sK(<% zkrb3Z6_o4w*oU`PQ_c}qQ5-UU0o4@?U#y6g`3m_tRD3XTO4|P}94$DtYMTe)0{9+) zc@R;e?`wtK#`{%j`v6W>O$9oWZukC!zA99-wdqiA2oGK7UW(2z7G=W`V zx4=;)Gnkn(JM@`3h|b$LABJjcBlv;gbIiqwk9Hwle>;I!F!9)eD<7lqhY-0f)#jN~ zLC?cZ3sKQ=ih2tqwe2Y9@zNsI)At*&qdY~2~y!n1gJwN19H=mp@a-3WH_OOA7KZt)3huGU%OcBtgWV~ zr{io!fw^ zaDk&r&Z`;BCw+-b+Fm}QyrmC1LgLur`vf{6E_FhOZn#unS9qkrQ6)2wj6CVn_Hq(- z6j`X13>;D&0Hv_7K^DFrA!tb-AV`Hr5wL3%mb|i-O5cM{6ZgUYJK92>HsXsR4;S4~#q9X-8{#x5#uQ5=V8mF=2O zGsiQ28PkfG10Ot%I8^X8Z&yj1^X_S~nZS48CGZqmp5v(m10+_8rBV7yo;p))}vhfoOuqMzA&lZ>paXS`rc7-1lII8645S4?zca2G9Q4zGXj#j}(G{L3a8%=&LscO9w9&?6sVf@N@Fj{J)&x4?nF8JL zEP<&IgEUPe5Jy*dhQLvcXAaXe=&PqeoBAur|ivg~ZB|16LeR~5Fq%~3pc2QL{E|{}cgsPUH_={o1B3o4kFO(5z+*1nwdUK% z=X(9P5tag8kL(&o^A`4L@^!B!UV$m-*NjhW$d_S{>?D9K|fdof$#OMNQegg)Xs;GO+5ZY1iM3L_2+gB9$p z-w$SZ58gZgy;pGrdOUM^4p&eZSLr(eYz1Bwok$%G%Y?5A;D?{D!m1C|QbvbBMc@GT z2cW9Uh0~9b81?)t6K!+MgGkiz%tHVr92!^#!q`hW9ll{N^~3RxVVHjuesQER5fY1E zc#QCSh+oDBdzg@SEvu=AL+0nP80Ofui&1vwM@(Y9ZJq~=J|N(urbHhQ7z3$Yy99(` z$XL>sQkS2Aj&Sd5gaqaztOSl%z%nH5@ zdliWKt5XMp8^G7`KMt=WQ%ij^9CjC1RaANYC&+!r29HwuSN}Ualonrj_#tw;TIwF; zVIOxA;HN0pN~G3=(`-k2{wKlm@(R}i{cD6fpP5b>+z856aoFwJO>oGG!E#m^M=Ww_ zgAXj@)+!_OF)m#B#nn>J{0Fc&F|`n7SV)=Y;4@f7z^Eb~%cIS+j(!Hb!z-oA+2K_J zo$%uV-S86vQ{mMDyTWw>N0r!}0t zBB_3b@3djTBRbA>4EW<~P_t1@kA)NK@y7v#t5Lyh2kQ&9lVL@|^Wlx2M0kxn@CuS! zFm#$%!3$b}ctGnXu#+GnM?wG0H4Q7fV@L89Z;4keK<&g{5JXm{;QWB|6u zmUYD&m^a7Y9y~D~=k4^Ye*=El;jL$D!3?Kp{vxHzI2bWl>l<_o!vP)I;UfZ_5M37h zUE#w5M>W{Mny`7$r@Fn|HgAJxzxkW|ehtZMhQ>Zm32tP{PX~LkzTX5lFN|g@UhQV$ z<+s1U#|N_g#z9p77C3EV!5P=HD&+h;9i=uhvd_ z<-ag&L8lQMPTh&M#R*c5U&g39)HT=Y0sk9CcgU{!2Xax#;)upOa9~d$#dBU`HeS2F z6@055PNmK9zYJ%D!RV-1I(&CV%bE)7EZ_v_IeUoEg)<2y|aS z`n7e?O4f5i469vlguj)|3X-1=lpuc|OS9efHhNbgUhPhbco%-6;9Xcjz7Bt`j5F8Y zfCJAV-wlxQ@4@dtwA%dZ#?@v!x(_gH^+o5wSJ-18M%x_3>n6WP8T z$z1AZurJ{n_}yySoQ#$<(Z>0^;_%wlsHRyDZZ#*h>rh3_UC3@{?O^<_cfEptKjrjz zXEqytgoz_v)(sdi`HPk$+K?1X$qRJ>m|!&K+*B-G&JI#Tv9xvem^EG|l7}B9D2A6Z zO)PUVKmHDoiW`GzK-=W-Te}xB>nci?fg&5*))z%L8Q}0SiZr(K9t0u3>+mQcO(g}? zwuljfbqnYb`dx%NrWt*Zd>O$pUEqK>kbuUwx&_MDFRI2Kr8>-apcojwg842S2Rn)_ zng`(X4JCs0Z57FMTtxf#C8UK$Fa6h(sGPKa7%l=j;nM=ULJVx+AJt%krFq&v`l7z2 z2R7sz;C1W&2D!HtxixJbV&K^OrrKzS=@(6q;|A=2 zBT}Z|KLqd`Dw4M8bFGPOaJej$3WLk#UiKfe^{hM3a8-xWS9a8$|6 za@7-kx)dVyVG4M&J~$0^29?@1Z4k?oJA0+0<-;KTvO{hAO{f5-ooaZ{4vMI!W(7Ep zU5pa9<=6iK@=*IM?1ld@Ty>nb57&AfX?_K1+9RyN=nHmcZP&hFT+QLz8h8*UhdN}B zu7=eR&BM6(Cv8N6mbP**Mxy3=d>raK6=Dkq zMsS^CLv-vVFuum5>pf#mYKZAzJ0YzVemx{A4%Z%ojCv<$U*!8X+ zZD22b4Ti5gBbu*kzH)fo?SGCX^B-WDE%&3TJqZ^_BwKTVwG%IV$XDkhg#S2NH;A61 z1V4iWIB)yyM1rKAPPgV9s_75bo(Ab^)&^Q5npB7Kdu9@=4C-7;-iH1f%fHqKTz|^% zC-Aqz@7do0bI1QVc=Y=-VuUM*PBR4vbUn`?)EjwLet#jqzm(tS@LS`c5OVR&rqiGY zrjrUfw?j3Bw;Uyj&vN{GX{P?2G`*4Mney-07cqa8C|wLS|80pW@2*iir$Jul-(k@x z0CYnPVb~in(*Tv+e+iTw$hpLwAIDAmp9f2PA3^X9>6xi9$!0}P+49MrGtc4Snrw0v4G z?cWRmGI%lP(0ZDiDxEU=e?arAjgBX3-eOwjK2T+9D`VP8iL{a#DMzei;7RL3N7})< zh1M#;V+Gr*>}t-yOwE58a#wZ{cLRy8WM^gFNbaR^2quSZ{0kAQoWm9~Qtt4I9cj%e z4wpyq2M{15uZHr+i7*^jLqK%`PA1dH^mk;XVMmb|hLg)UjjrtcUqdduO7scVi&z=Q?5ZW=sY)phW77@m z+Ao)Wr$bLC;F6~CY51IQEo`z~dlj;Um)D(Fh;t$GYqnvgG5RARA*l#SLijO49!V1i z5bI)uIAC{Ns}C}Ayoimx@xwoC_BRgw{!LmLZpG_8v}*@|Kc+=_41aOP3&*>-kYh`g z3eJHE>+S3uyAlDN{%go+7N4{I4Pa#ozHI(mIAp!glV9^YYJyDo?u#$C)Lc_0JI9|x zRa{_?Ft|FQ9$X?G3lIibmHwCI!nKjFLnf4`j9XtuG1Kn;TA&lYBG3(A71$O2O5muH znKQ+HiBHF`SotoUR9rii3mApRcaE3&*RN*2bPUxbZ~I}4i@UKInLObGZFcPs=z+3w zy=ws%U(x>(+O^l2(@!uq3hm>BEJbku5e3Mm2Uf|ikyJR3*&X>p{g3b4aV-YJc|EA8 z%QLd9wF3BtgJ40dB+IgI#FIVs=AR%3`jiI$0-PK$>?W z&ER_WN5dRzEzB0kmTbi{C{VA?ne zi8N;%sx?mBZqCNh?Bbj^XF4R3-crJHr{OBL5XDYc@va-IKs6lyfIG*?XHxLasiqRfEjfmlmQra9hy4FyWW!)?CV6zNsAy`EY zRzUn7y-e9`PnE;N6Rpl{XRi0)794b!XO3E%y9W2O3(fL81iyA*(Bt512OAu0K=KA_ z6fKXZK;=CNM8L^n4@a!>UK9=I{bRzM-FuXf;j0UHI}}?(S*DQXDda597tBoA9jWr- zB*7FScBIQ)c0Mgq3Nnle!(D#w+J4%;f#gZL+ z8?kvhL5@zb&SBewH4yi39kUPWo>pt@-#KP)c(JSoYr*;$pNGFPGB9rV1z>rG21625 z-SCS9sqhxkZonxHX}Zuf9*kg+4~v<_jv+qin)q1TMi?D{+++;zS_`1JZ$WRYau`ql z4KnkSTmMPf4}wrxa95;LN9N?)k>uz(>DvC3Jzkf&PwMv*as8H>I?V zr=Rp2Sm&310}~0E&%Yk^7r)W|LW2!fx47OxU$U0&$amwRDok{loa1kYOzV?7_!KWN z{=+c2F@mD_4AznC}2AT|RajfQzXW!L z|0!@($xWbop-=U)7@yIFfVc>O()JJK>`dp!E1)OLGxKs{04q3H55`1%LE6VgdA0?g zjgc4s_1r`9da*K#!T|2#fbkG8ZH1A26cOXa&U+dcJCiqyb)Md8?Y~slXa{9*yqX$h zN66dt=zGCb*4-Rg!~8B}Z0J}qNslfL@EDM+xp9xg^ABV%>S&nl|CFQCxf!`)-P+8R zIZ`z%Rj>;7TqrZLiJOs;lWu(;f=sN!V(O8QWwl6xt)=ldU!>FaVOcPGHphVuRpaZB z8CByO1STNPoXp&4pK>{L{Q&Y|^DFIGd~C{KW#J@*XYom3M8Rl4KA_XO0Uy~(XgvQP zXhV3sV1#VV1)$&9jaOJ>9#J^<;TywIa#0#lI8GcigrjMi<>2%j%(d0D9R$Oh!}%Fj z-)&;A;oigQ!@3DPzC&*uEnppr zJx`NI?16c!dsdPR_e_L^eynN-d-VTd?LFY+Dy#qhyLZ~|>~50TGMfeoWtYp&Y$$<{ zgcgt{C`ADiq^l^PT$mxWnY*so5fCd<#RwL_-a(LN!><@n5Rt56MO4K8rMUdxpYz;1 zb9WPpzyEh$ues-`=Q-y*{XEU`Gz+?ub;!kSO-z+Po41k0_KV4^gQ&`Lh(eS`5V9s) zv~h~c#2goAWW@F12}yZTejdHxIbewqitku(#%Hb7+<#q3WFwUCYVN6fS=|kJ9tE#j zq;(t$&cQe;!?`kiIQC7qO!rk2xYB`oC~g#L+U?dOZ6YLU>-d}DJZ~f(Y=_J4?D56Ch6VzU_AusUgFl; zthSPNY{m%tWZIyyGdAH<2u{L_t7eHxbHswqw8)Rr9(7re%F-ELuVaI$!#i&iJ`QiT zs?kZ@t5^@z$CWK8;5vA7^kUuwNBq@!kt{D}Aa~(`Zxb18b|Vx=SYI>ewTO>2aS)2j+br9#Z$^C41-=P47p8 z2ehBS_P<%#8{LGr-wB&#+PwL8 z*C=htbIB+Z&IVEXp14uh?)r4G2_EjN+gzQKr0fSWYKXK-9mD+b? zq8+2V0u=>Mn)0Wo$I1s$FPiKa@U)`6rTgTVunwP)`O%3#0$?9XoTE z75&BA!OfCcm2EP?X@r*$bf@8)WM&_99<5|hODr_8W%8w_XE)q*l!H3K2cU-Lms79j zA%ys9W7oF6S6;4dm9gEnx;>9*CQ8$;&1RLpjN}Gkn2mD5rNl|O=+3Qz^exhFtRs)s zt8BVU+Suh#)&zVj-{}n&Ka2kkxW@KHZ{8t0RIK#6*KnN{;V1d(u}-0I5tMXjv+*Lo z%jWK_=$&1$%Y9d(a?tMQ{m6kGAM|SH!)#E7(tv}UMO~i7k}o@v?R{vT%$7RAAEoDV zbwam9YrNRcVo>XD>5OAW(;jd=;MQRVrXSzsxQE2^rlRR zSeR6Z@$ELxYU7d3oUSk28?H#{ zyJ>gjU&h;;@aX>Hb38mG4+%VVlJ6W^(p}+cSLKnm%sUdfz3m1PEM|i10ldtuiit+A zz%0Pwy8wLmgU@&Sz4LZHXq4SHFz5~k#mCbJVmCV(ZPbcf(oCAFZW^ z{jK|)k79R@F`jrVwcp?OJnCfYLXUbQPp(Tav45~wX}-pFC=DjcrVw8r!+Ql8$FHLK zV_qw7#_{rH9B-b`rf~puQ0;wbm2g2cE!Bfn_Ja7&Dn`H^^{;dF)l z-e%i-nJ-hf;oRG7sh435q2oLoIZfP8s#}qaH*rYcUPkf610wGeWN6)7=T43za22gKvG~z32Dv%HU^Zge z9C78MqYWZQG(6TYzRF#~O#H#@2O5>PRlmj7pptYL=7_j)dD2)VNx< zFrF=r#QE~WbiQP(Losf)O;_WDSgd^nQi31iWs57^u78}1=fbNB_3-d^W>zj&|2=JV^e_mto+IQ&SI+LT z|0S{xegYbshVamxUK?}b?&c=jfxJ0nnE2E76|GDb$A1ov{P@|F3{xDQg<&fHcPS35 z%H|3AgtQde&)ZPKwlN>+JW3c2VP&%8ORPL_f97@=xIdF`eFwQs$R`-5@R|N{bL3|2 zy5Xq~=Ca|A1V9%jyqtqFl&_eUOfGm#>0F&SW=94%TJuNTj1Ci>6X-oK&a!!m#^BG2 zI^F3na@sEyDtKb!K#$Am$nm3*(u6Xrz7#SiBqFT>W3 zQhVpFpk5|XvhKGFusSl{NOBbIB{}*eEY+9eH9R4o38ASRv7S~om2CI8(#;QD)YGB; z3x##T3SzX6i0SUE;@pdFA<}T!!g9Yqq25dmhr8itXpKb1I=kb5ymHz%>HSKy|3$Qa zcslJjY=ZXYblRU1?R$W2ctSoCLQ{FgOxjaqN`yU*7p{Wb6WhFvh#sEXxh|Lx;j8dB zoJJo7I@}AFxV|&4^L{Pbe=FLro=*FZHbHwdo%W|i``+Lio{-Ok&{U3EPgbVoPIvhd z!jvx$_W_ugWBQZ4fLP_lCWQYM@vtv`hTG`$=Z5>?;L1+Uy9TNmtCq$e6%VY8q|46l z#Y4MA&)E^SR5==-&d)RAXMd0nPsnFNC@Z@-S?k8OVv04DmZ52a4`@Cs;Y)G1h(?ef z9*BJ|Pl~9lyeFaccOV`+CsoLwd;vn=Je|=0h|q(;JUk(v3E`^*DMDvZ_Eu5$GEt_G zQzkeu zQV9vtT#dj5Rme$JC;X>fWwq>jw0cPMXiR zOy~1i@#*TVd?u9C|8>0;&T)NO_4df|Utq2FjH^u^u$^K|=rwk#!R2pM5B`kL*zx0P zmg6oscsmjc4nsi7HkO9fgtBz$Iz`undIi{FDVh=`p9x{9%+Cjh;}pC@@u^ys@CdBt zXUT*|VzsuU;GNOodB0Wq>Hr4ZYzF1w_@A(@JP^-ubp?*1p4zs`gt@`1h+niA&SOE6 zD;AgxF*ep2?b_C)=6`G}wl#@~vH9lf(i-cvC~?Buj8Zbg-DQlEi)3z=+3deRqGRL8d=2)k*UNcR@ zmJ0A{!UsnSQ@~WE)tYyLxQk~$N*p15mt=n|o<_LIR7K)AT#|N>>7w@t@{h+z8D=~@qceXm<#Gi<@H!f2)4;>kQ+jIf?65#QqH#{Mq3E{1*OmU%Zsk>k} zjODyFm`OWCKl*O*aDsSHTqDd6Pc#ntx9{nkjz(k zYGu9#C9TYV`*hkfqWv{SyL={ud^yXYX_=f_JH)jM3pdp+j0-(^5f{sO>rYBb1@8l` zUz}uWvNzI*UKhTWBzX&HJ@X@%=`$OZZO7j+oziTZQu#PaXG7^sLC+|rJ*kdK8PVHL z(}rCA*_q`yxBhDhRW1bEHPlP@>s+MHp1Vw37#DUcjBH#>_2G#)0+nB$KjH??!n|qz z^L07%{Ao@L*z;Uikan`3e_`B_@{H0DNzJ9)gAdu3^q7)rzy&HjuOlUsiIop(fF>}x z@Fbi^-=8WR+97Dxx$%QK{<`4x3N)E2P71XC@I(lk$U5EiSX?VHxjN?dw*Fpa)DH35 z8=yA9)q3rbwNoiTwVV0a;lBwr)I`*}+UcI>J*s%YDrR!%?*4`!y1Rc0p!WEOU@*yu zxO&i=|B5AGq`*}wsh5KCoKpKcKH(`4#Z!D4TN&1?L|MEV=5;DwrUi%}^@-0jF7P-%Rb$F6Td&2-^bMVq6Sz8 z)EK41n?t-m;m3_jXT%X}ikSHQ+4bCzob`!XZG`<&*F4FzZ6R?P)x18UpC zfji-)jTCy#NxId43*@5z6(E0}1ZqkuUqN{b%3sj@;W&Cq4)e#KcHkKY{^P)u1J62u z?!%&54Ds-4_|va;geZCfIZp^p?U!`*G-Qj{=o6fON#VT4;`q_W3}&Kr z2H8Jsa4`C)!KMqQt38ENHiuJ^JV*H^+`mL7Pk@`dT5!@P-nCREo?04Pit&0%Y5e?s5?Myfgy(`e+#BPC zpCR~lE=1*&&Tu>PK2P2ic~fB)B;E&gg@>AVL*BtmZ(b`3k2L?L{9hq|%62Py4-W_p zDy33^JBo8wj*$erb2r87_HABu?M}?ATw`8$O7ps`vJW@Euos!FgW@oZAOY(Rj-zng zS+{f?gl~4%{+Qx$!r3!rBWy?i4BET}^|#>4W~ktN;Dyw-1=B5513xa)nHXkcn2TXP zh6O?0rzxGu-^8zJt#zFxC36AC`eH-S3Gt)%wN^fq0JT&2shvWv+9~vCtRkV8w#v|3 zS$`Y&{|^56$>$ER(WqoX8Fas9vHE&H@Do=VoaU^x- zlhUC*G2TBVJ4;@>VBRi<&cyHz3`G~A<$iSR-ksSuPfSKuUN?VHr0p(S@K+1X6)i?a zZ)ICYNpEFwzPGZ_5!74hcQo}@iiKV-k$NX7o!2#***8nvG|tV0YwHBp774Do2_9B9 zCBhUA&5wUVtbc9HQ{y>!dQHMp?J^p=g-Ks;3|z=uq=V6fOF6d9&Bq3wvQ@suw)u{j z*tVeH4EDUi{9-SSh$Y*B@%a?dU^YJJ{1!%CDzKcP*ae47 ztz!>H4woP{7G>WDh&u6B?_zLAKbS+X@Lfn8$Dkx6iQ~KFxXgvfgcrCV4WS?1Z~Z69 z8Jlus!uQB$zf4d<_ZObaP$ZZqG+UzZTqJ|mRX9N4{ablZyS@{Gw!mE-F;2y9`ri52 zdkVE75ql_Z)i>2I1Z#he?RIigcrINmXzh&?3p`}PA{EVcWr#%s7IHY8z(BFf5)LmS zCeG+ki(|j!tXY1ld;rGV#8&3B_o$!-X+zPd;TJ~R={g#$}M+V-@@8iQm5Sx==XIFhM0Q(?<&75^q z*80T~0Goo%HGHpZvnrdFW`&o?IGcwdX1lDn=poBJMLetG`XLrdX0cE*E9SXK8v7d3 z_bYBUw^z;-=M1=Nn108_b6o<_`*U&n7T$nP4t)y?x0r z$8?L&@Ixv5_iu#12mDJ6|A&R2_jxv={PhX`zPfSO-`D5D4D=1SV$xYzNQtpxGFa*_ z4bJ4Q)0Gu**Ey}M^p^VT2aCu{Q$${}5s@6huOA^IYd%NKLUL#9>N{-9MbIRoWG>2bK#PgFPECCkC!nnBZRJHcnY%mIGQ-! zK6i$F-ZXo?0CUAk^ul8M@4yCXUpTHL>$#KQb*EO~D@*X6Zn z-k-X@rP{uL-oxnHw-YvKle`1@U&}wozlZ-y{(JG4-}1-#_|`;@>N#DqoEu^D7d}EN zICKQa0f&M;+dAr7&RW+nI%L-^j+Px57&Yd4d=pr|mRTh+25uwpD3S4uHBGC81~Bf` z!nV23IqvU;d)`)RbKf~y&mfjwwsZ?ik(Y$5S?=Pw?Jif}y1RHE$1r6j$1YdX9syHV zx~6r7IlM<}>vMWA&cxKy*E3aqtt7o4$ZbQct4{HH?6o>PKD_K#-x=y~FzF+xzdh+FL`C>{*V@J8%8iHKX z)^Ub!BmGXB_ux5<=knVXT3zRJgzmCw5S}9n{Q-qmclsQmV>Ztw8KxG85+%G6(e!s! z`Z*te6-Jvj#prOdF7Y>XiCuJwq(#JsVCRvkK8xKw=S))NKVJU(* zpV}J4_V-rGrQYybQ9sLtDb2EBD6W>~Bc$0&n!OvPSy@=C(?KLVY_#vp-9~1;cqUwd zu)7N@Zi6z1+4_^2)Htt#%?88kTB0k2nh2Uh!6tS6v-@Vd$<_QMispLe{0X8>i>qnH zGzZNCVq}^QZUR}$c?PmjWj+%w6M`*Zv42iwtTZRwQpS>_q_1Rm;-omkWowCJF|i12 zg1j3+&OwlKrU~*LU{^o5n)br$>{uKmj!Jf)VnYBNSLkRX(j>*_=98>75$++8xiy6Cpm|pVG%-WOCAE;>@dwFK!gI=$rDkX zE+4vlddjVEv@DRNE&X_7)=!XrC(@6f@%BR#ydPS#SO`aju~;do`H`{P=NUQ6y|{V$ z9r07mlW)ahwD#U!-4d&!?-q4v?;ttd`y#Q0%D462_6QU9F>l$i`6_4D-rcQn+uZs> zz1*&$sc!gF&8j`k*Nu$hF&%TxPfIw`$uaRWy-mjYF}mwxlS1BdIWBR*_ZZBYLz;qO zek(}g+$#2?2Rc6+4EiBuhSP1%$)v@^cq>rFE~*`rU+sI{A9@%bagmAjtCB3qUJtqK zk|*ICFlDUG$8w|Ce2mcoH%8GZ$9GmuL+Zv2{oees_PBvThDZ0y*l-o-Gj8hnem7nJ z0HFRE@J550(g#uois8@VG=ID9TK_7>#;+jSc`d(k@HsqNR%g)GM8z3eW4^&j;Hh@k z-rb5Wb%2u42Jl#$U{la{`17M7B^_%MkW`x{meEX)kU#}YA+Sl?)&7ELUJ5~`w)tKZ zfDbzUJ_Ly7#%K(pdDsr(thbXoVtXu7N0_73i&96(k_n|fB}o1A4mOmG_*fu#z7uD* zHmc;9Gw42;g+@qZ0SG87^ag4OS@isZ@VI<`8F|7eIKFGzPTB5*LuWli*4!;`-AN(* zA~9@(ox6tGo~Q1e94J(IbjWr2RaU>u)HUkrOxat!%&nQQC(>KF%9&NxNZMnj!MWiM zdzPuA5U{&~mG!nlg`-ya7DldYB8EuYID=VXAaawd`v?_wgP%>;=AG+vTTApE^ZjqK^UChfN!qeu( ztXKPUqtR)!9VOZ>bF^J9+O~~pGf2uBRF*?&;FWSx#DpY;+-Ce&`}3meG~_1<`4tZN zl|o*LksE|ZsqbxgCB|PRf)ht+$i;YD!LQ`M95b$DB!ICPE{WlGf|`T$QHEl@cU#wO z(}klb{tAwkTcOc%8xq2+-F*pA`fT5tRE{R933WQ>G2a?tS{nbJ7<~9 z8FjPan+HCo%jlyuo2t&vTxT;dl+q^>lu#!+tPY7wHDF3o86BDJ@dS$k?UZ}1bS}lB_J9i0 zdnAzgsxrndjnQ_3y)03IPMMxs*A_)L3nuZmPE$5vs8&?!rO4m)cyfM;q4gRJzBO1(Cf2L zKy(Fn2=@h<@J`_1(vDGw!)>e1h{}9;mx5eAegi5H+m+2pF!t~+)7F=7<25`XAHV)~ zRi?|wZ=4=%mv%7u#KE9h?T*H!sHaMEFS^gN-e{%58Kvtc4i*)T9#kOxg{2t!<2@am>4W~?SA>@?D4aN8IF&*dENH0%%;|i5Jb{*VJi0}t| zdMop}gat!?)&eoJ_@Vp`AT?gMtfOs@#KO0}u=4+rzqJ4zKS5bG6juK|?*Y zgCX7Tw1Q`CW`EuxX8R5}$NCeSrBLEP@8qCv*{Xbp;Z8nacX9FI5j)J8Lq8U%om}9J z?3IjlI=!o|b7olcKKD6y_KU&SJy1>G^do@XVZI&%cbMNRkcsY-^GWeKt=@MiMnB<0 zg!|>Ab*1moATvE@9bZnAEjqJecYe_`YivRCNTrwh$u51C-*|xF)!c?x65k&jE*eI^ zFd!WqC>C^vKP5mpxSD1jjiKLQ1Xv7yhMV+<4*{c}^WkaKhXu;Igt+LD?vl~`ieHn; za>hQM-&CMrk`I@AkxRe86z&QtT~g}8k5qQ{b=hJu+yQr1yh=IUC0g_sJrk3)f&KI; zB8~L1-Z+xw^{tb0c?gEbYlVl~-5oy5`4*>d7d-=(ZcNs%2yBaLzm`FI;oo2w+t)8A z@+jqXnO_mbpRWt2SqDNd{82=*;gu#tdG_c1rr^|I7cD|dmSFomt}CD9UE#@|{w}}N zWul^xIH5eMxZP-n{~&{O$B$tk^`Tbk#psVXwNo#W`ZY@Ze(}OO48@K?>J`$?f~O z{B6pWk)|@o?Xhq|3H~B9%_sPldV;?KCYQgc(Bw|)?#GzCPT`m z_?#qhemYVZJSmrz>ChwX$j=d6JgFj6-r{;cxFhd5&<61+hMECmk$Dt#qoXj&)I^ot zrLjp)V=u8~bBpsRbEjweKjYQU~K zCE4Y~IEO@XOF)G)3>DGErQ z1xe53y#9iUm!YxvoR#ykl)8cG&YeLAuJ9tggG$Kxmw5A3F321un+bg9FJ8Yzh;HNc zM7-ejwE%cMD(01kR&l6bf<$<06{BO8tI1<#wO+OfW`zxASu}uIP9ht#ACH-pE6fU{ zm{pV%vw3l4Xe>UrEw-6$J15L0yuS5)Enb!CG+vdjoYtZ2Ffmo1@nOJoPl!OT z76i+BA;je?mql5==74d&3K^{Caq*kzHj2vE>ta^r3abKBgRDxqd{q=!&5+E0AJVQBurWz8V^fPrkO9Z96B-ZX#cmYKqs4?h5v1 z8Lt#D@k%o$USG=f_SCOp*b70rO+U`Z=U`2dVT}g?VC@<#%EwQNwbgz@uCOMMVogzE z*233fRwXt543{C9R&LwQGt2GSZ*P@bC7mj_8QoPH^YCsA(YTZ=TnePPRFq9}X}Fp~GL6f&bHZi2EsEaL;#2WrK5Ohi5@_H#y4>77*ZJUw6}UsZ)pPzZZG_794Nk=X0OI zVBpMZOCQ3G-SshEMq{WyiamO{Y-mZdT-@+Y#o^g-kolbheHl06>x^Omh{DEVRQIFwr zNtw^P9KZM|`Eqd*&F2=F>>&o#$1Hr@d#~gBw1go;pdqNytRX1Mx|kJ5pFE9D^CUM# zWpeQ%chJdt;XZW1%ISB~cx$tFWCj#wtAtVgbBDJD>C=>!+|IK^ReBpUs+lhUx^m}3 z>a0OG4_Uxo^(TqXo;B?g_$^pB(~EKgsQ7EgG8sZ=u9XX3zwWRt7{!4eeBQ7LpPqqU ze9qZ~Pwzl~7O!`ty$Zoy5ZIp`=+EJGWyTM@mUDk3L~M$i7=+U8q@Z@vCRxVwavw8#ohWIcJkZ7l}sR4^1`ElRm# zPDR4TY~KbBkQRDkTv3>Fqsq3J{KhEX@XyF*y~>ttUGy6jIWnu$i#284d}sZG?pw2+ zMN5Ej?=EzHXSAI_lSZu4tbZRVX0xRKfbc&oF$ z&Vf%laP~s;`}XDrhMnVWF2chOJnF#h&hOt2{Mdnh7jMc1>3NA^S?Ius13y;~$&a0T z_6zQVGrIwy{zc?9!TBXFDVXl|A-P$&?=C>2X5l{Ea?^bY&h1j%)Si7rkZcQ?tsq&m zE~y<11$JCybbj!A5;*Vw2DFPAlIa=fyYi_4&bDscsX@k6c9_#Uk}_ool_Y|tR8 zP>#NfL!oh(eW_E~a-kuh_rb0tmL5tgmcw27+D^IMWME_!?2ch<51Z#G5p*8WRf0{9 z_u}sd*Q?6B&Tq(--mED&HMn_FXA}uEdxEC7&=rZUn7S#yHL5bqhLQ2cDuTND({}C* z_QJJYe`a}~xw%z;L`f#t+XawZ-o*@>N=ut@HD1W&V}S1bihm#qzi|zgg!w(7)2p4a zSjUs(Zu+v?Td^l0G}k+h>SWizxMlMrH8CwTB+>E?OA=Xc?qWE1XGX^2H+VABnHb2U@FXsn0D0ANIH{?oF)f7x+ zjv|3ZnZt=ymvkw++H#4rFxhg?WXzuv&z|{bpM7?yHDk3jEiGm??QCm1$Jw?Q<1787 z(|8#IKZ^f6%v-y;tB9SJe=G5yYx#FAUgY1W0p#Dk#9?HNg^{s+KgBoTcvU{hg;zQQ z*R;!L9KrXd^Cca-%jJucbk}NELtON(H70_to(;^PJXdYfQ5|}&DkqV2<|t1#Rdd9K zYR(OU&FlE8=G>^vIoxl^RW(O2l{tzO*PK>GF+_%din33uqO_emgMD2+aQ)0IZ>pyw z(Ge)!j2@a$MY4OLln*B78}UNUp9RoG- znnObl$FpL{#k(OfJ}>_#@Gpn^tISH?2go2ny%fXPUe;2H9m)GEg3ZtHmAo0XS2kQ= zWk?ueuo|PZk^_#>cyKch8Z{EyzYH$@Ug$8O@UYYOFh@&B2+M90x zLe6j^;zPi0B0f|G35E;K5)msEiTIm>&9Cv5h(9Y4uUB#nc}T>9Q-f@GavBoF0~1%G z6?>Pn_~1=T-#z@X-GbUy`_Kd%Witzo??`naR~u7Zys~jBg-ScR%G;M}5s|xGTWw{n ztIU?H2Nj^uRmu;oc5zGj~>tl&wNL9+&&uH@eJA~K>pf7-~BWhPnw z&%%^;{CR}=R`UEs3De!Dy5cja=VQvJte_5~s%MC5Nu)C0J(4F5mL!3kSPx9BAL!t3g3ZdV) z4R76kN4a|ySWMTtS_akeH5lTmEo|!NZWnCc%2)l|=Tz>D6FzNrq(-TOsv(I_plUUqd;G$yxgRZ){g&v_VqKf| zkC8zKrH*wnnA=LU5ZwV!u?(2Xe_k^93H)&Jvt&^4n}Sn=+az_*WKal>0~5XC16KLx zkX)GIL-%jZfw|WQa2YNHv*bIEPo!LOAwnV+$9mZBKe#J-TW7a00H=${!7uH=lp1Jybzp zr-?$UZ_9fp{impAP1JDvW3;70b9x$OS=J0A>v5 zVt4+FUK>j*)qC{z^#;~^aQGwXJydO+w0fc+h)O3djOD+a zJ=S~lce646dQsC|yJZV580?-OpqS7BnxTNbi}}J(q%39(d&qN%2HD*JhE2+a0y;|t z)JQcF*>~O^a`RVb#7zn($zn^_tCAH0hBp=I0p&3iD~P4#qi zKf=6NR~lGGME7C!%cn#?2D0PxM7s9ftZc29M?>DcGb^BJoe-r4r<%xUY^tqGHgDL| zhDu5qHONl{nm^<#H3)f7*>HlPmIwJDkQ$pR7I-vq=w43IVGX!Vck^C+gQJxftW25Z z7%YB6bgwC#vfbiZ$G*(C+Fo|z$!*QI4ja}Lws6X7p5)0cs3NX2taSkQLQW|i%WTNB@(rb~>i zPUV*lyY-Vo`X=0N=f4Ywt34CYs4CbKd*$LQlpOfc`)x5S>z+*hbMOdo6&)WTZ zi;VxD;|2eRa^oZ>E{NpI%PGGA1S^gGH$jHDK279Mj6-0|y&_W`ekss=n6IkCSHwMQ zxpJj02uuyqY&z~01te#HM4VYsFfC}@Fh_roPs4qGYv$ka4R*sXE>>L} zZcwqZ(TkNUHzyP6eyKBhOtASYzI~m3@Kv=mUo*1hp+UG{s&FYDeXa^ue_{ExS*izz zsM(QClBTHZ>kcoW5wGr4>gMJ9rDLV;^5yh4VzIi|=ZJD4q%qDrUWVFiEN7pH7bB`2 zMuXJX>kti;dWERB)C;0nb_4hr@5Rn4Gh(Tqj0QFOBQ&vH#l9xt?;v4&p=_G#U2^?4 z9}Z>=`V9%VG|Pnu&xW50wbevzsKRq_(i?!H)>{4g!}R{qpNQt=ht@E$_q-$c(`9&% z^S_kt#c#;lZ=~{KSE9$0w?0lzTlZVyyiYuNQ=91Wq7*%@xGpc)*h-12Y^acm-;hUt z$!`j#x?jtSlIwnFmu9zKb6kAYyrJ-1<sD-xN$u!>k0AZ5pQ1?_?x0!gq6pli!fBd`j6K+Zu5qb&laTsYmRJ zGp&oFN$X;io7ROzO{!(@=4o?1-nOK2oI*8>-n> z)x##n)fWwer$1NjpIe#BN*~W3Slci+jPPAon#;qVa}!sKyyMSOnEK~cwkFm*hf%PV z$eM86Fw6tPyb^b#@tX2aO1bXICH*!Cu?jQbn)(6P%n!IW-SV(B-*r~oYQXXWVdEYw z8NZ+=@j9t<9BiDXztZ?+XZo+*_%Fe{wbS{k{ZI9A8NDaup@*YPJb@Se_p7)tOxe7a zTgHIaAac7H#dvi!b6c{6gF(zc1)6{5t3k{+)Q!J^yUnmOh!IG&ZHfXC zDW-Z=`x9p?Xl1kcXT;9!?8esl_B#w_qB{*{qq__a zMz#3-VmpB)$b{6MD3t_}&XbZuHhM}R7d;K&Ig*p0&O93C-jK6B z_cgi%AK6ZUSm@Ilq3A?O*`o8iMu#7L-(V*Cp22K%x52^aI|iFBSiopYbjs%FWJNG0 z?HNam_MJc{g1(>3l`9DiZ79vffZ4YQOpSM68VoPL(5~3xuA6vS9bict& z^b>>G=mCR+(R~J+E?97@qf0hN*X3j+OVP^6oB&sK32=2+!C)?;fw4tbh0@}yf(a^| zpu!1SxKY1xKC})b=Z!kN`N;p>l7H}4JW#h>N|kfB`uUBw;lx8v1Cb&@iR_wezg_O9 z;b87rv-?f?x;?|Am%DVTtOh6ua#ED=9g0``S}TQPo%isVKQiiq1n*Q3XwvzP2WUT0 z)KRBdU(jAKS{?R+t&lpT(BK~0VsE)WtFil^F&7#P0E^X9p}}fMv5uy<*t4Mlib8{i zxHuM|{Ez{q9;)o(5EE&^*jo4LYkM{vq~5IgPuxx4P-r}Zajd≥0H`vM>)vnNu9o z{r-zq)!!}m3;4L8enaN)J$xo-(=iu$%OT(8&JHm4KGH>218(6m*1=nHOh_s=A-Rya zHZ!~kL#*Ky|I+YYjFaC)^;VRI_co$zU>ZvQD-UUS1*bSX63@dFk2&Tgxb{reHcB*n zpYXLw32p~t&*V!PWr#ex^0FAdA7j;@nx6_7e!ws;cDr;vB%7B1({P|5DN1lUhYZR|d=`;oT=GE5_T+?wfym@enP7<=4*N-P;Y zx2Cf~+i}PAM87Nh!787b9QC6KE&^!bifhlJ#Br8oR$|v7mNN^eqtycdP_pzAxdPp(~)Frj%@Yu0xRe936Iz} z1E80EH3xVxRZ)B%&7G8NH^VkCFc5x~$&ZRiSx=+6b%Bq_pq~FS4Dsd!VbgllBEjYY zzFLohgv#Wb*q(-6i&278gS#X}Mv*{s1!#IJgELe98Y%a7wN|?=1;b31Ur7`#V+1_)ML$qbXc){B?0C+p9Fx1{+UuYa}`5fREoGD%{lb>&+y|BUSwgSx&zT)++ zm{+;Nt3ZlZMM?2$8|@8^#U~@%ytbWZ@|xOvu2iS-dRr?WNAZH!DnR8~`8bBzwqhsD zF2TVu`+^xObTGS}K(oSE%%V)NjFl_Q3Z$4-loYd;v4+OtPs`Z0bIfd#uWx&QD_@mp zir1{ijNYqQzEXh2>y7|;Jsw5$+mS<|ahzr8Qk?z9PJF|UQj}cAUL%usuY61fRl9W< z;x=FSRC`wlHh18w+KX1Dvf(ZoKEELkRbauX!Ien`Ry;6$98A3kYZt7jN|tQzH)Ra2 z#l6aK%PiMn>Dgeba;&xOEdR48cF}SdiAR%(d1|3?EIinG5E}f3SgDSe3K(e~6RvJl zapkB}Ts5`0p`#LZ=*bR->}7|Z99P9?rD8g+xXR(X;_7k4amIS}C*ZBr*)w@sKczwpm3o7_5yjMe`eg(lr>XK~q#562V6KWh zRo)e0I#;*gVN@Gp7WgD+7kf~#9TzNwShcCD%X{JANpR~_ zMN97qdOzcTBkpCOesaH>KRuUsN6KA(v-sbQn-+f6*TsFKicef_+ndC9#gV4DHP)|E zj+v8u62V13vvH{(J!CKw{oG(Sdf4D#^q|3}3l`8*YdkHRUPYwAS9`97*DDfRX_prPKAA8dU^S&~x*71}bl2 zC*6yl=l;&#cwjaQRk;n!)EZuP;MAb@sxzzA{~L)rb7JPR&!Xai^aP2~qV+;kf#r;Xb{W$jdXRl5zG zqejh$wrppsl(m5tJ8lD2!njhk-3GpJ@QvEQU&H$Zl79_FDcuHYG4&(3pNV_A4ZH^T z$8cAHPTX;_Hc+bJYxt+yK#|z0pE|>W^2?)|GA4T|UKGjw0o1?4(_=EfaR9EtA$(l5 z%OD-Ac3BM4vE_jAQkn2jYi`5EZ|;Xh1C)EnS1pyvm99u2b>K)*K+=h8Yglb)EIv8d zg^wFnx1Ey{W9@Nu>a3B{O`RFbdT5Ni9gNR|@q*8T0PuN)#$zwT93PE)IY!4Qjmh($ z9}^-Ny&c;8=7Ctm=#OGX8VR5*zxIB!`c+KY1!O%j=4{G|KPe7?~0V-J>#j} zVA@YvK8|h(T``+zPry_?!*84j^c$?eWP`h)!YyNHk#{vVU7WQBIOg^~D7IgSUMtW% zo^M}=A21uPY`B;dI5LY9N2LW)OBjj;o>zmXvO8yBu?A@Eiq+xRGLN3u5n>NASLep= z-MCk1%0yy-{;)VX)T_qE$guRg0yK!l$^PlC0lG&`D_i>HoA2<3;<1jX&II3g0aVY~ zKjH0UvUwd|&~XaD^|QOq!_RNL9*1hfZ!m#JQmkk4SO{w?s^;-{R$H5%(RfyC_VIXD zR|p8BG&64$Y@Wndni)oIl??-iS{~BO2&M{$;(_T|q0DkOd^+hZ&vyBZQx)_pbU==Q;LGZZtW%}Mcb)1Vl$v&HJ%#}#fjU*k zKxgzOqQ?x-sWNn{OroultH#uVsp|)f`cAukVEL`=uB102(+ri#fL_T{uGwkrwsYL# zr}qTC3?UuGe;y3Q`6nSxYp2`!#~4xhR|ibXzteG0{+$8z8#TUeIQhc)CydHJGz+lL zV9@gK{&xP!L-{9|%0I=MmVc?FHKdI5Pp%=tv-~p)<)D>+BD?E1$R3&-vJDm zRqARln+vgwAV1F5%F7=-C3>e|HhLF;HIE2y$@g=9%y& zRwKhzEPI6$T0IQzM2zvh=Uelh@DVdZ_`%U2%3tonRCi|odk>XHjw}xQgN(dIOJ`nB zt@7~mpsoY4L^ohB=((xli0*;QcrS-Gbf@SOT127G5S`F=%95S*KzlLIAp&uuKKB>c zcihY+Fj#O2xX6R2*U>1u+Xui>k@(H1$?!m3oS!s@-PlIVn+Z1sUBWYK%yQ#+0bQJ zEIJ#y+MRUUIq9U6@k>f)s6W{Qv-7k7VrjL5zOmLwsp3J`4yR zRz0yn>LU}zXgeg zX*NhTG!~yh>hJJz-CEnZGx$BO?#^`0KHhv$Yn-N3Gr^+PeP9K_`g>b)0qlnH*T|_O>X5_O@6^+uP!D#t0pV zj9DWz$sk*J+Q>J_r(}P|W^hv^KUia&wm(BUH0Dco#%M9-cw8b$#CdtOUtdMs=wmpw zTCsJq@KTpRF1i-L099+khkyf(f^=&mNGJNE>CXJ?R@6AyIFaGI9b=2G;)e=e-IAhjwxhA7!oOfbjsX&S z2GJYWbclwEvle20lc<&EMyQD(AyxNC(-JeBqIHw345&@N8JjdP7#>vShxr(1L8bu`vl7b0y0aSZ>@Bl%t|Ma=rCe69xW?#kym6qx8) zD|de6<*3nKCSv~*FdK0nJ1`e@7-SCux4q*q7)`l?>f#0LLs3DMEjSN+wl6|;U=NoD z#hxuZaT-q<%tTKc%2`|9|rTA$gBVlbZM07Iiji8i%Iw zze9L1ms-xX*)Q3zy$R%Vgk2%k9BsPA`!y{%;wnp%$Uu`ZrTP#JF;abqs9=b}U>*T} zhOdSgzeIo=mKp`}V3Z+{>O&L@JnBPSVw@tyDHzqV^YbOCne1~Xd7CviFPLOyvxLRp zSSKZJV*)A=5VL=?2Ail3^NZgH+Eolp6M>qKZ7f&E`fIW~_%)JU(QiRaj(0IcI{m&@O~D zEOz(O*A+uI@|Z#6{B4lnURJ-phTrhmW+Q&kLuKK{*r_r)8TW$EaCao{!sx-=0^h;4 z#`DQ0(8$rv7j^{C-r&guY7W9bs=h6x5e;bgiq*cDNLod%`k_sv6Xq&iG@bd;2U33A zG(rPetagm@sH6zLk#;tAWDnO9t?J9oqK<80^c!D=4)8rmhHTpBDfyhZaU7|Id2Rk%cE;#|{8%%+yLQ#@? zF`tSM((Qm?AL3T`k8y8auhYLWR1~Ksm4bZ}EGDh)LMA+&UR^bK7o9^bDrl-r9D{kADMBaC>jc zO;2+YPA{buM^AAqjWKbN$Ri2dIgRdZm@L?Yp^14q2&kW}6tG2gc&uln_K?JT3Y?!8 z-b$nDQ@3z^yyY6*B*eMsn*yA32ZTJFR*Y`OB+;1*FM$@h%*R=ZScb>)BjXG@tU4<$ z4+WU-K-i5pb~bIVCegQin6~9%PnV)yDia7hY%ICN^SAee zf^p??&tK`xTGM79o41eEb)^+wD6fzw@c$)$?uO&uXWb2F)UtX)xbU-7w&**Ubd8!k zDyuj-E1%Ed)8jKJ_&f%{7XVV5yN!0yZHhBwQHF{exIV;7FvRhzl!37?IaXLBwKN)c z5vzJO#YqNhAkq{(<0#lYMM1C6(9S5xY?6YxF$I%jx_{0%bL3m{Uv=_}lXthwaeyt) zEpzJAG)B{pvwHS7!D82ab8S?b0GmWK0cQ8@bNf-KC6?56bFyBz64}^T{3YP#){(e8 zaFHyBEmU5tW!CN%grK(9IFv5|aKt=HP$Hx9A6$m%b;jN6e zXy1=#I~Buk&ZPed6fPplAVmtlr2*L-3Vk``X;(KQ?ZcoUeLpZ>*%D0*>F*I}evhw) z^uHy+4LbXd3K}Oy^#W6ahb5zW#RAU&czPJm{ts64*LlG5wFK3G&0S7AYdYzKTn&b!jq^=rLH=)MyJvw%ou?wR9Oy2(vD*# zSAQEh5q=YCPwwaRGRi&`OTl=%lwDw8Tn<=9lbePi&QxQWTMcZO7iiJw1;Vz*ey??H z)nOC@t=YYozuK)+fchow*J3YWzmDJ(N9k@n3W)b>{&O)WKk0Z-X?RcbUxJx%x-(ei zV%ogwRQ%8m(iX0w+GVQ;``PdsORk5urO;55DB>#Vx$*%iT1c`mBUT-{Cjz1v2Uze}~O$6+HYd znMeyLAKGWtLv+U80ag!xj3f2%egN~~C50wSX*@Kb7`kDd8}(IpUITHf*?@8Qs#;uLV$6?Xl2iier@C%&$q3QTjgE%+hkkGEblM>@fOErL{v^IBfp`Hu!oX% z?`L=++J^zi`y`sZpJOcOvf_OG8^}7El$`_E01jjG4SFOg_=)G!8|h@7%3hdhy?!Ck ze2A}FFXn%h$v1M28#_&xKuS!CLOw}ME5Zve<+4U9AC&4xR`vNLkJ5{DO>-#ZZq8BOr-1)9v1 zO{Ktux-xkT$NjLQPY_6nKv80SLX!55q|MCJj;$F+L&dSR_RO>G9G3^qdr7Z<(G@NI zi;|yK26EIn4v$a<9>oiuDdgh$&_d&StE+#+9_~!y&#TAKmI5JwPx1{usWistW9lM4 z4jG*A#0gdfQmiUgOLbz2NgYvWuyK?&LL+OvCBPwgbG<>X-=6Lo2e_R8vGD-4C{8CRSpZ-RJ9G8l6)6GmbQTj|=3YzX+gMe8ONZ`m4cw z^fw?kN;c%qG&e($rmfSv_gf+oH@0^#TF{lUTB1Y&ySYlL;VK8E*0&Kc?!5_)i*cQAMd>Z_Vk+7Dwu$tfYIU{Xh?}wfq zaDoZXN=M2|NP2$d99(0psAdtI^ch>ka?2dZxnvTw`(8NRb~tRyo;h%h<;Lh)es(M~ zQ0d4-|HPR*`j-F<{Tt}s!a50Ds6izY(;p8Ti~bp`Huw<_`oV7|;;}toHX1RQi+Irt zJ9sM2kc+l8!(gsT(yg5zP^c(0yT@$BZ-*&x@YAI zOFL(AOJuHxZN?Y($K-NwQB zgQtWGG;SQs%w0O$xy_5+cwKBLd57#}$l*{Y2VS5qMhrS(HI@SdPb}O9ZZI1$e8fH& zF+>G6UD)7p$F^*GAKK~bg_l9F^3?F+(Z;*TESYEvgV|`Y!NF)VgH0DU_>03UTY@+1 z-4EVZfEOWAs*qLA-V~&Oiu>+tPv^dr$mGH^WSE`P z6NSZUf4(}WkiiBK46)8m`?WoC;aYjbn9fQtotX|j15-2Ym&SBn3R5G&bgm4W`(yqP zkD5XB0^YD^f3EIxqfcPoqdozh7=3~T5x&r1wTQ;jh|?^q{xyng^enOcrhQ%FDH5fOV;1s^68Hvz z+Z)hgN0ue?b|%C|gRQ-2?miTWN%x_!#g-JF#HRaDo}e6UI8$d41d%2i()lWY{+ z0Tf*WTT;IZQBJU9UT4vRRW^jloOuxv3Ex0PmHsGa zcYUGppvvS4NPF1{U<^Iir&zH&97bmG)fHd)s23BZ;I)OuSFDjL%D=%xi!W0uz6udO zrO7BtQxr41^0oQrZWuI!-5nS!hm;`GtJwn00$)w9{;G!O5g76t@?eG~kh=0svB0w@ zczQNmML<f5Uc`TW#(UBaKrY-8)s#(A8$KODP%Zif3* z>@I~A#l!IY3%HmP!uY)Plip=p+}JbcEyk=eL|Ku@<9h&?)W5H?G6$DdSy{%3>EkFg zcH=njniTA8#}QUm`Upr_83a&Pw)AU9qE8%0Z%7dsz;T?OD?7Jb|CUP4TpU=D)$Sg@ zDNF4grhQaEw_Il@7^CHGLS$ zUB+rcF^NybN1Y^?M1{FXjp?R?xaKq2Yo;c&M8)73S)x?J#kHN34DZ$ahq1@?L20zw z&U;iJ=Ht?;5Bp`#Jf4a(tcx?W-$rl!^>Vi7?4_d$Qg9XQdJ_)wP4 zMXmlHQnirkXCri&e=Qs;3gRq576O z?{4yG(^|qw+{7LF_^0-5!thho#w*;-o1?W$TJdD~@O74smda;%uwTozc0bbUgs?Ff-8nve$jq~t? zd|Yxt2M!~eBAp!XJZ9klzis)N+TT&=9ECoZXje2nWV)JytT|M21D-0H%Z088{ce&A zUA|tHs%$vf*pLUCewu=*ie|ac<&KZdMZ6oO{T9-W#iZ8GZ-}n)DW>p>OQB@z+-;c8 z&{ttLyqEg1Ru#m}ea3V}@>&gE#x}>G(aqQ(1`S)rdN6z$!@yLg(lO-L&Nj||*1J;K zKQn8pv=5efjvmK}!q;B|5AMdkJt;Aq_>xq$dS;oYMcs$p3#=x^0jqd$VHm7L^YH3- z)p~59KIgdtC4=^4Ja;kte}@0A$bU;rmhA?qkq#79aU&(l1I+2{GiSue}lXfHsIk^jfahon~9>tG4 zG9(t}>*&fUkIVSl@_;)MWaF3TY6OH)jR3=air-ScY6SjQ#qSJ5Ee|yUf~iJ8@luUI zDq%GOEQc>A0CiX%HZY4;$idl_&%KmcdFrrte&r{SO$udya|`^C48KH zAY`b6`Ts3D)tWp{cCMqOaaD+<`(I~gD%%{Tsf^T3S^43ffq)D3iYs?hpTF2`QZ!-) zT*h0`O7<#RU%ruVQVplwe|{x}@Ou7>+x0|+G_EIZ?RNj1=dH2&!E{yiV-Em2!#r_9 z{vYGd61?{z@Sw)`Sd7$**Lx8Pu(yEIfW1V<22Nj5(UYo2H)JJvc}Vbrsd}V%Nj>UG(!7o|V@;e9L(LW~eq$Bi7gMuU6rP8oc`ueC zy7yGVs@aoOb?*|LcCoP_QFL-NCoUak>4IZ+1(PaIde0E%r(Rf?(g-~d>BlPX{wraA zk~A%Q8D8-WJe0Q;b^Bl|Gnh~r7#ogroGC$m#pfwAv0bf|DG*m&VUCt1TIF}5QQYuj zVvH_6-j}TB%USMpojohL+RCEc!H%)6Xg}h_rG(D@DU}iifFvjnb@qa(eaTizy6oZf z{?5w4^t7*0+H7R$?OL&pQXb3vtfVkqEAQETv Mcl01Hz#0Sso1ZJHdsdzX}XEm zkv1#ZzfBtNn?5bl9y6@+;AWqu;M5@X&0T(Cq|FMdLfKoHm8AM{rOMUU{XM0g@e^nn zf`(e`_qQc@cAabYcN2guGDojmZAgNG_uL$8PUid zDma&i?wb}&jg^eXk{c`a&q(&8B%8|k>VkBxYup*{ICNtukvklI7kc}-;CX0u_&tnq zH({)#b^)1PLH&lxSs1AcdXL@at1?qP%GINA4ABiOo#RSj`vLme!8R3dVHsL|;UkPU zYQMm__OvGAY-K3c3I}4!+j6C9Wu4`@;(4^dc8uHv7PoZPD3u0MTRArJja%SEcX0j9A*8_Aq1lTISjy^o9~AIf}K5F ze<`KYo)!&;X$`bs`3k~}E#i6&K{P;z1O3JkeCuDL)b(t*f!NM@D7aa*$!2taQMJ%u z?g<&xb^KNJ!|e=G^6G?+6l@;KSDg@Q#>(WGenYP6fdo@$a1;qNe*=xiWR4C|$NdN* z&Jh)S9THl%a9Bc?0Mqj;iRq4aww*V+!|;LMwDvTJuGAfdIa}X+waJgwILYrAfcAm- z4Jtnb9L4v=%0MV2gJT7ov?3;hXC;HW-;k?hAefSYA|*0N5`8sph~Q{Iq4A(pjW?x5 zVCfisM8F_D7D3y&Ghj*G_NFIikuLjWO9rAV6R@PN0NMjgJ@L4(k`DJcyi`}T=y(EV zdxBww<`=Quba^7zmaj6le6`}+@=rzRs{e%6Az}gr(bdDaEd-Oa2yzKo3ewqh^G1cpMsE_xMW+d{DIzqO zi%u78$i}l8G>g_y_5ruzFFoeI{73!ThiR>A*Qm*Ulo4Ly@Wq)9yXZtkI>c==L)_PL z(B6)WcPRMv<310F7~{N1O>n>u?xz4~XMcTXn2Y4<{7ey=$<~+Q9PT2K|6~tKs0FN6Iy%GMz|$GrOTt~j1AKK`NVO}^@zCAz z86o98fGf|_6Fal|I;P50r}#ob*2-KN*~{DRbg#$c#7zBy8>}m{`lqEF=Jlo8ZxC!< z<)D}kenc`H1m08l^Q``3%~ec6GB;3F>6|Rpru>3^ za0)5n#SvGGIG1Zh&35$mR7N^&M=$kWaZqe-#n1$x9ldAX2T~`VPA8uGCX1b%yG_Ki zmMA*U<(QPs$=8&;cR zsaYL1#vLbq@CQT_JVb7W6#&%e&A#Q+V;a0-A<)C05P#M z^G~Q_W*XVYzLu$G+CHN?H%=J{mCQiWv&%-Ci@M`LrEVw&K~ns#P~()}D5>erNqLmR zzWJ{8J$&lhedWmK;mdA0o_~WWebnFJ{nUN(UE>eBpgJK!VkZLQVD4c;kYEBxY4AMP6{b8q!n$HlD@WBcr)Tigk=x~ z4>o2H+TtlJoq|#lD7+(#vrLt7siTaNuVLa+8TuOuDIY!u!xMF+MVp^}4x8Y4I!TF5N~nu1k#gZaPWQ9_S!amWk)jcF{vls%onX(`6N~5KQelNg%O|!g-Rn_( zgLJ9Pw3k{V(+sL_VjW3=DRrqxHnK5Qd?@mTfrfGRNJG^-iR(c!N+SusjZkk=`saG% z+z58k`c&`XP_>PKQ(W(V))}dFRK5QpU)0;4ud27bRHHcNv-Kw3ztx)ppQ-m~1fkwz zR3cRGYIfVrAen6}9I7;FP=dO#Lkt#E9mkOxF2j1@1;M8SlPQqWr0d$;9!_bZLiRMd zLP|7&qCC@vcD1M4kOH0RqUKJ2%@{#)+9hZN` zaT)h#(DrMfqrSPAz7Agg^oq@bB#asB!M0hnrgpi8r^o4{<3 z5P?q^vGgXrk_IMu>+1bF{tt0KJ@4YY78aTEQ_SWBs4^?*wR4X$;j zLZp)b55v=s)2TDn11lLCRBcYcBI^FPQzg{LBdG!^5c}}JZ^MJ39yUBeN*}^#&>xGZ zsqo`r3aW-u!BZO!OZ@LT1n?GnRGNRR1AT`6e^%gnHQX+$sB&*uTHkG^(y9-Q(yK1~ zeLc=aHHxy-Q=eM=n^a#bu-|KL2`gc~;(bXyf!?0>*48!rsY1i0I{%14Fm|`K4z#sX7D#mjr8phIrTBV#t@18>2@_A2UI7c zBI8koUGy_!3nhm~6>zLjG{i~#Yj>m?D-~ZI`TtZ^x|06yRaF;+|7TToL*T(@k9H&Y z!`jp^Pkiu(TV;D!Rd&!_wYa*}Rr$ReE`(}(Wp6xzIt->#4@Ue=YJV`oxv##BhWQKs zpY5v^(5>hedJQy)?yJ~4C>F7s+F@scW zGvPd;vuv%41=B19sRdJCrKBR*aMuj4$79Xe67zQEK4j}yb1s;ag6YIe&VouZUZ(Ug zlW`Z%W6=c+CyOncBEHBA(n)!&=Omm1p;JWLTvA@Hj}f*Hkyb_yf>5Pg`cbcc&m$!| z-|Y??jp4bSq^KI+6T}u!)gL!*?^^xOI#_nkM|eY*Yu`~1_CXKfRPe1A1minF84K}? zhdwSMS~3n$9vO=eASi)`4F+KgI#4neJ9ywDom3mv!%VlB;#7aE6T5cosiakgRT|*B zA?0CBUIN#KbAEiL81FH1ekxf$ciw=jEI!R~yPR^Ot1O(OJ_qHp8`qm*BB9{x_4sL6 zu0c6fiWy`Z8{TNaEA~s_b+_TAACK$J=^pxj>G|65^b9T|aHR4I)OmNH7>E*!`Wa5k`M5s_bsg)lH{PvofUWjapLWTknq z79P0POnx^T-dw@udTef}5U=!jq*R7e-*8L8GsV1l0yQSyRbds=Mk>Wb@p0CmWV9^- zZ7t$~H?^F!>-c^>Y^rz}q9Q4SDN;8RDGAi?6Z%n~4n+OD zbp0q4^`jrB`caf;>c^>Y^rz}q9Q+^k`w+=JRX3Eb3 zHM;`FoAGdyXW>bCbq8=Q#yH;rTt^u=q-4C z9zk>ijDDZ^;E1U1;!`}Nv=J#$|Co*38qs5^S@eMZCWLxj4+drf8&=fec&W~3B+|tF zug$E{#4a#xb12>x4y~x(vEY(%iEuY(Dsw)NAcA|W?Qt&mb2UQP>Q%!q{)hXDv8=82VjNeM- z<3IrNN~6AD<6S(Psb96p=N>3mZeHCvXfJ{&?3XhAs5Mf;0!;jvVu_DGyKK{?a`3n6vQih>W89#7x$|da# zmA48gq5zel3izG^C|jdq#?SPVl0=EzCvUoPNilIgrZJa3SPGz2b4vK21Q#_>fA|;7euc&f(&Yzm5 z0iJzPwRe=kRvPKCP>G(n4u_>uUP5FW9(!m|M+MKI=(b3RysqI(^mJXKamwE;r*xGi z+4|`}A{swXZyQ5Kos^I z8UlLTm42W2U?ezI+G;yaNj_a^WpG_Isz&lFP`X|nHDfEhN>rLY9YlziPG6${-Fg4ucC;1Uv(;@l0gn?D*SH)CP2WATouER|>!=0rpq}&uoT{f+ z#xKZI*Att~_)tCfac3d{eeH;TpZH9Ds-9l9lSrvfgYv>TL;i5-b+ZnYy|_pJf9ZAf z1lxb~I&>8z{r^X=bM9XBP|f6Dagb0Cr&mThIc&<$w9(~iOs)1u(P@0+OHQRrm5)+m z{TX$>#EjM@Jzsx(vh~{cctoo#f4+$;TTV?b<1cxf=58&h~!4CAu+4aYD3iIoT^!CvU$oI!NOJlPhE za{&IMG;u>vq~pKSbLHQmW=_wVSa>fe^cbu=euW70D;7_*?ihyeT*KEk3+cF}Z{sD% zBLv{hUbx8y4qR$`qSvX%()L8B$V0pDoQ6lwOOz(7+Q5W$WD+cvCJBe9R&O<#O?|Wu217PU}jMd7o&y-ddil8j51z^L% zE6;D&E}hwzh=@$BREczSf0%J3g)D$Cj4LV^D;$-Aki`#E`W-5Xc^F_gI;=&i+DTCwrU zaZ@Pcq5aR%DJVaQ{x_-pImlsZAl8DdR^k80_#cY@$MK*3?BVs$0JK)5euAON;kYLy z7T`ZF6FB~8d@e!Q2K=u9zwTFmalgWODz9zbU?09e&K|5@t@Z%+&>F83;$qm)J|hRw z`7_!;gZ9&D%fDtuJO1^_XwAPfl$f@urkz@d)OXTb8Mbj~N;7#dUOJ$wu5ZKWY7OQh zZX%C#?%VE&fWGaCAN1|P_*6Jg3|?ToPt9&gc1yu^er=pOasX<@=O`WE(N8H-f^?4J zO}}bWA3UXqg&l7cPN8&yLcdP$I8r2>pmahq&y{dPm!^%1(4C5l;m%tYIle%_xp3;( zqpLfjsj*%hY=4UzjmC{sQtW)mG1fhhoqo3(-~Jqrt2j8j@IfHmVmEEmU^f@vrta7& z$;I{#nJwDI*WcB4fxHxmt9tLUHJ{x#h|+N0H;9<_4dS$6bGrUq2mJ$gbud5sLW(<) zzPP_r0bbrUCnXJ;XH*7aR*AgF%`@xI1R^is50gUf}!<)`_o{k>&pLV9K zVCP!&qjvj&ohy@_cd?yG06WuT7F-MuhjQ_-HbHHDC^ zS>j}CE)L$ag;*8mDO>+d`Zrq_Tralu55G8UT@C3u+1gd$2qkdC8fC8yk%wzrdbtp{ zj_QDTC#Q^tRD|@pa2u92X4sf0Ozjrsa_uZd(BY(o_bo|!65}6-NMG8M2ZrFVDljL{ zHXkC4u2o*ful}$NWe@u|q93(S7VKY@CLLTbr%)K5exCTCxay>Vq9BovkO;2+tCH2H z_~}$WOg;@r!3AGU#kj@oING5KOAX#Bkh9}_F#YhMhA(Os2kT>untQmv+SeJ+Ayud6 z=v@U}CsHF$S&lM=c=p_r&bB`|O5e z-fn_)oouJBk_{WuL^ilPUw{dza2!qK0)hFBc@AJ-7+=ZDQQN2HL(Sga+E_eWTGsHlyT5;_dl z>J{FnJAPY$4{Qc^9h*Fal<|kPjU4pFHc$6zfInn&+LQrZlfGBY_e@cBk&TBRT3LnI zhj0uWK4Dqzq4Y=>Z6T)N_b`6(^1FBoe)Mfl2hqe5{7=V!SQYQU(cinYl)|5@*cVX( z8~58H$^Dw$yMa{@D|}EW_yT5?j$|RI*mf-j&Kzh!^nNPAEo(T%IZ-i#qVxI=9LsN zu8n4w6!n%hLik22h5O`Eh^BgPJehrr7REev1Xq)WqX#G{UQ6$iJ_TfrO&;ngcT#nHAb%>ZpV+foNuvyRL@J}T}Ag& zB=s*r_LS_lolN0Px0CzQl<&8>iudEl{V0vf_E(r|awXBP0>zq$(z=ShTz)gE624n8 z7%7wytvXO?BWK~u)uP40PN}ZqyIj(@)+YDb5OTNnC3hkBpIuhUeKShsE1IE=d__CB zuA&2%?KqbDZ!flI>EOHf9H;{i)iHNzbqH9O;-;bv7P1{M|gEik9 zL(=j~OB}$MO(7i@Yf4OMZr}ae#F!T}V1=D_Q1CwoEX$+E<)QS8s~dh3)+L*iO)?GLGCC zY?JYDONtI?k&>b+*ZpcZrFL=x+2H`YLz5{5m+>iaf9YBr;oj0YjO;uklH8pm$gMt| z+&8+A+lXhCcY3mgdr}I$_fsn@-^jWoX*MR5mkkJ?Z4Va?o)cABpIg?JWv$1S2w;7P8F13V~$RBL2#af&{hz zHPwW}IOxZ4CBu;!R6@(#nPzIDgS)p_#blv%2*|?ZLRUFKk%K4|v=h@lPSX`vIT z277pm4`&1f)x^`sEjV7EWJ=RVv}VnV-AS{&XwRCL+(}kR(2B=fyyg}Vgr_G&FOIi# zHOZ=qzD#Eq5Y-SdTJ?gOmn$@wZtr@JWaVwG0^OZ z`s8sAA0daapjAxgw^N#R#5y5sc#Dil0YQ0q2X`;WYZ5}TCgK%X!dq0GNz|NnCIR(j zYAZfx%~L36hzJm0h%Cs~&nL|Qaf@@fkQ)%RQ3i-RY|mpO$eta=cPwkW@vFEb(FH_y zS-6yFfWVbj&`&eIii^Pa@7yG{!@#_+;=TsaIf}RNExtq-O-XGOH|9uS z5iC}psqHwTA)*P#do=Y(U}w1=J2X+BFcuvNOcEP$50K(@4kXPTVv*8ZcqH($*dx|T zs*y_)Y3>p0Ilm2%5pCpntI{am3*tqT(_4ggC)rEl6)tta#3O-UivsbH%!KT%`6N3H zqWmJaQ@qoBbr-phJQA2C-w;=&6|$u>N%pq*oy#(BAH{o@pQ*%HL4HZ%17S6&9bV>m zS4BAtKyNWEnPgw%t}*5JE$4SfG&86U-vpEFThY>>x`(F|6^V{ap<5MoW*WAE=svy~ zLggH`n9A~_7{YYABhgP{tU;DPJ%uzMiJ1n~z2Yir~mK=U0aDyb;f^qdKMgYANGmABcgp%eknaP@EtfVv?ipJlP)8#pn`fe&HNo2~8 zSys5~c0Ymse%+)#_(#9n{T|5K@-E9>*?ha7)yS6jm@NHo_e&Bv(#1mKVe=HC#j?DG zawxk{Q4I^_&Xkhy7 zepTdJ*@Y=*_w9Z`##-6ULRR|WAjMlNam5(4YaY=q*`GCALsJ<0WDrv{=YCLzGS%W7 zUXsxk>IJc*ZuiTQN9ACa^#%DGN99naL!8QSIhiSx>6Dzov>9YE-jLZ$2NCZr<4rl2 zsplRl%Ne=QLiV(AyfbnU=eL;YoLt9s-<3<67v%vM83$f zU$RN|nJlnSpYMfsC<2{?3_Ct7AlVlZ&u*bc-S!jxD6et6&*u~UB5!cKv*W&tF9LnX z)V~AKAM!qHiUpe%C*iip?-m;Gx7;VE7J(jd9lqHyIW-9v1EmYqsN00esT;6GOGy{9 z{LLAYQ(wk~Jztgu#F3_tQI~1YVAAw8>M`9+CaPdGa-kmbV;*T%GFm|<#N2_CQ@<8f zjgG9DwTU#J(=?p(t7~*;+2pY#t7i;gYRs|*MwkngI$PVZamF4e%@kuFQ-7=~i^Npp0O$8QW}e14jy&(ky_Lu^US!P;$RSD0Hjc3D z0A3kR61m0+rpLJc&{xbeUdPQiZ$UH=^d`sq3JcF7&^gxZgv&tza*6R4(+|UFAB3gG zJ1(bL{K0gX14q%KFiH{5m z(|ET06~mQjBIj_^uri@jLi4`i!Swxl+y#`s7+y@-8;E|#Lp_wkGN#9dFO!uu|1>It zgg8GyU^Vf?sNw1f&67(hO^aE>)dTcWG?BYmhvU(+07b&fZ0KtGd5cjM$Vz3+#!lp8 zHg%%%W($sY2Fv;)QOU%Iu#u)G+pLD!j%h4g={Yli=^Z?>P$cS`9hr`C-TlqZ_>_jX z*mRKcYj1XCSpi!j!0gVlPsfq0tJ#xfz1S{Y&E8DQIfnseU#1^9hY+(r(>2Z^(j3Ti zjLR8s1~K7+B+8OxhA`o>J7~Na#$@6Ir$|gOBbaJ3%`_vqELXYr%r&E#-qjSt^!`vP z=Ug+En|a!)_gE}%vaAuO>1ru-l6hOsvrN^!jO86CStZN6EW?`u$f1hm5>qOt@|@)Z zE=v<`m1dU9EW5;-%`6`|rPH zJdXBSTDTR@8vBS4?-egf^Pr`T6CJnoVETcrd&)A9ses$4&=SOy$gO$765>Q3Si+dL zApPYtrby2Hu4M$%Y;N0M zEu)xxc-DAg8N-wV3r;rNT*fhtX1ln%q=K-MAdYxni_$J>ocm&ofD+P&2qkO5cJXzY z&V+}hP|m6@GnhiSezjd@GEL&LG2db_nxX+LqY(RoPQ zgzQ2{n~)Q5H#IyB_xaTq5k5ELfYnbdTJQz zA~GZ4N)b_q@{+a5wu4)@Mo5FMk=5)@tU(3!& zZOhpDW<=(OYUI{N3K5xGkwQe~hXctyTAtiS%gKGNAGyI5$lY3s+)Am%t+``gYowN) z+8T8^w(qt_Q*mx?6kfbg<@9XW2jSzmM&(d8Kk>VN$bjI?!<|m|Zz^iE8Z@A(`0BYK zaQ|fYY;E#)Vt)zt4`Tlf_6zp6Z9qB^?3Qm&exG*amTf}rD{aZ`&mqaIzmVO%?7q%A z8(HUcW6~^O%^EDN!?|2%ozGcX&7X9BVgF+ek7b?h>@UON4cYyO(;3bFU)aBh{T(=k zM0S7Xe4BBZ{aI%My8~JCQD3MdoCay;WYv>;ZooB6aCTdO+}SvbCGhEKe-#4 z&P5xYO&E%`er{Dtd1_ti+x^(R&hAlmYqTMq<1H2-wTrD5ILfoBA;nrXXF0;vs2tdS z1N>^lO>RadY>3%IiskLE;kn?*W|U631|bNiQrUa{*%4dOyAJLrckkw{NPlPdT`1d! zzAs=DzX}(le)@id_nvwX{wgC6BZciND7C^({;PcT8gm~$-SCD?(@|t$B8y_dvn|kt*C?@0`|jw()v7V z*97?nXI}Rqw;KC5@(lT1Pb%}xAzwjrmF*5(-?l|)wY70SA+MON8{n?8QJb!4eFxzq z+LN2XZeAnu=QJeOs7r3oR^;A9I>DKjXVPq32-i=Q+XrVJVs{(6bJ_LWOyO1GO7Wl;)z=GiFRU>@4wT~0KIFf+ z+7sBCvq{z`iY-f)P(;g`@e5VA-mXrd&oi5$YW`B zwD=Wn@g6Z$$NU}K6JqE%MHcWA8A)}JLPk>kfz3t35wnrYs>O{5HWg`|Tf@!WNoC7N zTQn7Gs&^O|oGCoW9aDnb=u+hN@g{dy=?*Au7^G7C4yhDbkV-KUQYqXxd>Mx)a`@In zidB*AR&g=)-fh|B{P}T2&4`ep;*un{ zp!9dwquQ++IvH**+~CY2)TOkzHDUU|(&7d5Qa{nB$1F&fFIs>U-fgoKwHr8>VzutE z68@umk9mh?x(%gT+-|dWU@P&m-zI2o?!SFtO`d!GMBV-eq2CVkkDnNVwnJX*((H$} zZbftQr_GN+=Xbd1|2!+w%AvHFwd6Fy?*&nB@o!QHzemgW(a)pOXxz2OQJebq6_mW1 zFO9ETKIHzzZd(p1$!>3Uf8y|l>@R@pC(d9*`-uQy*eWE-X2xXpP(~!6wPdv zwoy->)#X=&^sYg%e&&%&DF|Gusmr7j^dIx7F@jN^ZDWJ4z zREv|NWT2nezku=`vHX}f*~Aqgox7Do`g<{IU~_gaW%I~|elYiwVD2Zunbc4G#Hfaz zh&8dPH{4%Z`9Q~t`9C=G2cG}yZlk`jVf1Xcsc`KpKvm|@5me5VQ3sLx%-NNY!oeA} z;CjxX+O0!>E-lI=P}yn?2*6BRhTZxD$^R1jmj?!*#WOqF0!xd}J2Z#;phHKv<2&|& zd$vOu+-n^Z;11|G3vS7d^WfI)xC!oG9bbT3zEfCWQ*k7{0RE~=-azikstvk6h8@yj+iJ{R7T>cB|cNNxhVciD~L@EG=g&F(aISFpQ;-RD@R2D>kE$U$~Ha!7afmuB}8 zyAL-|F8kSi7cSrgf(=iR!I*9770uOuD0J}O1-ZEtd~x@>eR&rXhe1g1@-4#cE&en7ZE4LZUXLYBdy71I zM(5LD(%IlkIx0=2>F?zpEXA;r<>0z{A7Pt(3)d)J4Iu-{T*i?!sVv!gpeY+ZvwA1u^@L%P%F0Ffu zt%UcT&}#SKs#c&fOYw(ipg*=@*yEx#Z58WUFU2{X~=2H3zD5 zG$}gIqmgwkmFj4p6R7TLhPf7V5Pg0gR(({$r2~s|bhg6*=s(P*qlUA-y^UUm)SfbF zs??OGz0XiwrN5r%kh0+>+(4Ya*sofMgxe@d zweH`+&0c>W()N6&a0+M8u42WahX|pX($O|02(Lm^C4c_nKaf`*TwK-Ja3B6naOo)g z*FTmJs~40i*^A1MQSv*uKb4~Mk*h9cLZ~lQ3Gu^Kh&u4o^&*_zw`h!Zv0GSKqd|zW z26kHY@`onXu~>)tZ7i<6kljdAS-zp?F3yECT^F`O_=4>AaGy@Ohfdkqde7?g)jBF) zKQRY3#2(<&15uJ5IW&8397(hKyqQ$~3%C}9m0KFE56AMHf057B)HzyJKI%D_LAB$< z+%V*#T2r-SmKR;Md$%Oz@^vXX8XBc(4yj+}u5M+TnWI8{MLBb@Q@zv?c{oDI4*zsS zuI~9OQrOJv1X`<5I%AMd89Biz9kRT=Y}1}8TRTrRe;&6{+?j}5*>Elc9p5u?rb#W5 zjkvSB(((QIan$bW_)hs!>pPD-=Nu`Pvo-d3((1QFDJpqcZ#t7LU0U@b>g{dHs3Y>T zsi_oHEy$`=9@jwJiSVLpGUZE=g`e(AR0jK)nujtJ$Hm;@wHR&jO3BrZ7J1-pZwsmm zjks2&HbC0m+qooUjr#qbo^_vHsnXH&VeUYbaQ;kM!PcL=3%RS6%-j^p@#z`hkVC3U z>l};H`EPyPt?)d?X<}8T?+x`Fej+3yGdhFZ2l?a%rICAg+6ic$YcAyvevteT-0J=4dUDLXui(GEn%2@aeTvXe62wm-685AFx%EVy5Z z1h}1D5(53iyFE5^!1a(>r{L09!?{CG5nAlO?i60FqdmOuj7veq{wSyL1s$cx9q)n^ zYK`}Rd%3AgXz~0&Evt?!eWqT->V3&L>ZMD)Xa!5F<$u=1>h3AcizP~hDt%nF-qpR6 zI+h{j8RbLCK2<_#CDu9!&nQ@0JEiG-wm28D=xotGOZOW?b9hg7ALg#bd6T;rNiUY5 zb0zz%PO;Ri{fOmWL0^TxXvKWkZ?J_UwFJaWkJ6(WH}3;w8n$2}~fj3TRV%w4?CQHkk{ z`;Vh@@xp#hra5d07lG3w{1F|(%fRZd(B+re_i(kUJIe}Xi&d^GT^JLbVRPG$HVR@ynGNP#>>u-StMmf=uDa+~_ zgy$kfes)174HMK)8u_2vCF!zzfyn%)3a66=_5%TMOj533@cSMkIr z^Uk|h6{naAL8pys;%iN0iR$7fO=Pp`c!^e(x^{eZx9VaB(+V*y#6PTtxW$ww#^5MbFi9y3-FDm?V4t# z6YY0s`r!STPnZh1HS3EXv}V8x4}78GS52=b1clXCpH}C7772=dj&e}(8j7Eo$Yw*r z8j8o7-T*Zg);gp~HX9x0FCv+gm2eML6IrR5SjI$km=M-XY*u7-4>@Eu7Y8);iAuq{ zEw4Bn(bS ziZ;$&RNUbsdWzj6SVoP7K2Mt4%6T3RB zpYX$AI0wm`Dxk<*#J>b(<_h-5X}_961XczN#L)rL>tT@#YEP1 zkPBINplHYORBH|t-84~a28#ZgsLuzAtxRg}!2?zNS6Jds6_RPQYBd(*f=p=6V-jZn9Zc}8!r|x zspHCcvHU67P6r+GAFm1~=(rNxAXyw?nd-?C#R;aHvT5dJF;SdRG8vTVAt#Ctndq2P zHGHDDqT^A?CW%{`sAMVPo+6C?X5lH0{2EvG#s}NgU!lvRoc7_V!rFvb)nT&mX3DYV zcJ38ESya%pzH>0hPtzgD(nLK?XCX@y%@pxinIhUTWm^x7 zrhKcpa!YuI*rH^j!>&EyGsR_1tEavgo+*O-sqQ&q_0;3xv&A8%Y*9W|ifnOQlezEp z@NChwDQjA*Eh{wUh`yTkb}ayfC_?VuVvdM)&~DecVuXY4*U1%=9CSW>zL@Et_rn*7 z)lAt)A2r2<-4J7SYa(A0H9gNQ98z+Yhrs^4}6pzT2gPE>x>Olz^M-l(MV#Z=dy~+19NYeIs^>VVVwQ1cAnB@=hNVv0F^m)FeF)r2fvj97-D&vByE5Z!0Ia};*fZqNsXMt;sYkNDmg4} zG0{=fM;sO|ttk^~+a(b%if&9f*7@i?$3;I)Pr4C>DotzqncE|dix^EVD@Zm})Af0K zAsfr2N_Jc=Z&9Aur^ zQoKSd&DSSIS0)-&??s#xnM%e-gxAG5IId}CaLGV87K-6K90Pc#*kuRG{t;nqRrM@QdJL@7-_RPh#{ zh+0h9R{y-lgFY1vG!Ps*#ubsOX#-vxxgs*OW=7v$;aA06O*wsoK}$4kD_>w-6Zx86DDN$p1+F}O}A4I4EjUN))bWa+Mvf`r6%v#TAqK3 zZ4TNz=!rP2X>3d{&%ea$Oll<{=il9gN~y*FcT6<7JZgKiFT zl_wQh-x^(DSY@H6>Z3n$x5`UQYAtM)z5}>qg60W#S&u2tnzG>ALGIF@Dc_o1{voKf zre#bWHGS+$vL2eMu&lqPZ#+mAs;Mr^qBY&(c!`>RWg4mJTz`s}tmzY`G)?bpAz6l| z=1g-mMGYa@LQPLL6D`*i#F}e0b>p&Z(G4ZcAUy>O}klEq^S?f9%x$5vPYT@m7tOt1F8M;tqCl1 z*Hn;5GH*?nnaXS0&gHD8={J@=r|B5W8fq%Rxi{DJ3g^&H(73796dmZXUR*-j?3dO$QfXK?yKb&M);^N|NkyYeurflnn%kPS+ za)FXr?=3&>QB|&B%C}~&3XH5K*D>W;7p)2hZDU#?K3eEitGaxiNv$rb%M%WYjjS#& zFwxO|Xk-l;AHgNFPT4#zvZfrNY3}9}P>!ZXS<@qH$t9Xr@5k#eGGEj1-8rC5n$mVJ z0_{=6XA^h}l_}dw=Q4Gq9K^NdbD6r*gGpJ}Cd+Cf>(-N%HPIPnJz0xM*|VN(!jx}K zOkELKPqxxjG?J);raEJZx-+T1R8K}~nYnUpWPO>yMD4yMvVlx>(0TWUavqZ^StEH~ z6P2v7yuw87zB{t9{94l+Abj?4Ts{W-r-D(-%R1 zh4+%JG@TE=D|*W=OxYqW81I|NzFJ0W_TDl?$*gq7-do0K*{f6iqWZ|8n%t)m-PM*~=s{3I1fhMZ^V0lAnqHR;7;^ntW21<`gkiR)7 zJ8FommniU;WBsLkUR09o%2a6GQ|+!ulChcw4kH?+DPtQ^nx-?MMA@2NP4KWJ$z_^q zP9)l+sma7GUP&@!2<2BO!iSxxGF;BnXtythSUV05xIUK5X(QA^Ns%ce)#D_NWerrl*$ST8?tbN6oqh`tpOj-Cm%o|ae z@;p)o8Y*wLwv zrVnxUvPi~iTFEqwDa*QjlM6H_D4EDydLwGF{7n&B`eV67_8+Bk-w^w;Tqb{D$`QMw zzl&Nfe^+GvIQFhsA?0Y5`@PuX9xLQ?n&#%XSXRnLOj*{|IS<@c%2ryIm{@46k{z{d zTB3_sC3`6ua=#yyFC!iFThtoqIY#ABXH}uGUY6Aqu*wB{R8`TGf?0TjtgUGQX5kI8 zk*3#H28C^uEj3+SDWf;aj+%z}-W8i?Q-x~RnD{ycd@_CaHcHl;tt0>cFANd3q@IW%PE?MqAa^*CX*UD zdt|mI8aaF9GEFpA_Q(~QXsqm!>ow6>*&}yoqOr0^x{af6|24^X$N=8fyT-a8J4Vw#>z2yoGD9eiSHKu zn%p*lWO?G$;?U^Vb3xPNe+u#hyx|qtDCw4w@YOwhVC4+~{}ZYNi#UMBw`9 z_vK5Pvihx${y?79lmPlrexl<|3)vQZS>DmKxZmv_7yKj zUzhhZov-v&^iA1`FQ?~;8T%eY-;xvy7IaAqc@%wHj%Jx!seUU{nF`&Lhm?%@R<6}F zWk@;DK~0A`RF1hTk7|0ggCFRmrd#W5G2h8TP50L|2C4kcx+JIhhyOm}uR)A;!~K$8;O_Y_`XE83&luRU9wlBvX#KSM7PoK68+d zC}G^uG&W{fL@DD}O~0Z2N*k_|sc1Q(&iwQ4WsP#0rs582Iir>)@7VM1zD83;)63j0Mor_Arkne`MNI>@vpB!>gaV_Mk*R4;g14w;++mty z-J5V%)HZ(BibSgwAysP|Yc%Bz zDO2S+<8@6Q`+dZ7#@i11Fs82Yz(JqK)HlvyhZE{Oi&3&h#`_NXST;89Iq16>e`8rX zX{u`p&5XzyL|N7@eeYr)#vO{p)*%vfkV&8M8Rs434OzJij)(E^OH6a4p&~JH)h{t^ zj60g9g%lVa@X2e|6if4nhG|NUaf$6z!8uSb<0Mm#wbg)uvAv87n&>)8FXMAfXI6(nc84k3I=Jgy(aZQn%kpuq z*2}PDQw}-SN>hl+Xlghv8u4mq>fW1V{!CdSW-!qMCS}21#$zVx^TQC&XAY%#TfUz< zCbqZX&!k2`A7g|j8UcNcX-sq#XHslmBS+KA`=`bBH&$zU12oXsuW8`uX|X}Z>zdp~ zOp6UMKGf6+vM}S8rXPn-i;XZIE5g{!j*T>G%%zg$i?omhu~9~ErX10$>x$SIBU4lJ zt{Y+p8~d5^MC_6su?fa|ngW)L=`_^1t!c#SF`bf(QaO~S8k-{w8sEOJr%{a`Y z>X&9vx#-w$+53KMn&CH(NF6Pv8uge~SYPz}Ja($#&r~Q)TqB!mOx08>3Yt!5yWp#pewvJ(Q#;Hx>S^-Y zxv9cjqnW00kmVTdG);#r$LOZXrJIP$HTr2P+07Lcrm5GqsU7ASv6`Z{ZK^QONMg#i z(o+iajd7a3TU;V;fiYESQg4l0Xq;rC-da6wk#U(xUGZFE)Luk2dedyzzh2x@BaA5< z&lkKHzSP*klqF7g-5Hg~{l(;Kzgx=CR~hN+b%ip%N0Ydf4vOy4I&PJNf_ij|TVq_} zRC27#_V%c}&iGUlU0+&f+)#v)^^aR;^jb`*<_L3NYSacJfoX+k9Um6A(U`P^WU7~M z<{YT+F02$AS4@+~jE&oBOlM8ileZhQnWzs=iQ8^$anQ`ToyJKA<;3kVt|_v1o4Yjb zfbq4a1gs+u7)6@O%_n-O=@r!BfFYJr$@0a~s7B@iqdQX$--CYMn5PK2V{a2jcodbK~UNg=+Xbk3}JDN6h8q?`@!@5GHvTxPVxYI@( zO{cq`jC<2a)s*b_cHB8*y{4-pK8SnU*s1B*ftv0Yj6<4!9dRY@J>!BVTkx&8_l>ZX zl*0;9rbkiSN5)}IThjlE`^0#A70IZLDh|G4{Kix$I&Mvkx@P$2+hsKdUpM+QDcKjs zC8m7QtlQKwH;fvqNi$!x?e?O_O(T?Pg%~@yiPx7#lBQ{(uZ$^7g(6{Rox!(^wM=T3 zx@~M_QnS=;a~boO$`NYzAVFL#YsG|}11J>#4vI(sQHKGsBM zFFzQ!G|}11eZzY#rI{ygM7J7z->AW)%K4)a$E3>nvoTU>^8M7Gjn3;-yt&mo5B}Nc z&y+8o@7EnP$3guDKQOL3C~WXAM%a3aN1E}2e>c20*lFzGKaKkiN*`>P_cz*Qiw0ZG za+~e6d2lIn#1@du6B}ZW3@&eO)U>z5slk=aqndVrs+#X=$__0YT;06SlrPS%cyDkm z)7UETmnRm5b{_nkS&9g0u1dNL3Sb$Xg?u)+jv4Eq8-web^O&+Aa}o8--rFdZ9I+fn zy!z(bOzP@#ee-=ybZo3|e#)d;x`BC1#X}$besBY`&32VaPTH@78=H}u{6|)I^Ec1$ zAeoBS)clG`wMtX-JElT@>Z+;vvnF~fsj2x$6FrsG)HHWeDuq^hDygaIrHRg3o0$zX z(OGLVvn^AOxU$SeG&j3yI)dk+TbTVcMQwQC*3yh}khf@Mj%6yu^++jNn=`eH`e18w zg@gVa+}7NqiTZVW^9!c4g8FU;vq%&5&yHr5T~z9`+~+%*y){vv?`#fd$`ge-tp;~B zQ<#)px|xfZXioksyqo#JLDu;0CZz~Vl=waPklEWo^xSA~bH{FyjWT~@I)nPPj2~sMyUUu2%j3tI{q|FSl**R)@#biz98P7DIY|?x zGRd5-$yS|cwx%wV5`89_3z+b9*wO>>lgure?gt)?PcdKCG$-yr{ABZjrhw`f%cYs0 zYZ~eIdbz3Q9VV*ZnsU?4>Idv4bN9(K!1DQe@r|d zzr$>#>9dLN$L}&bG35!rN!Q}{nSHb@q1NsA17?hp@e$#mIhIM~chJmKgg$>S{&{ne zroO>O!i(lchpcSEQFE_DRzKkt^Mt0Wl>!n@m=#{&a*A~mViHc7-8EgUG&$i-bBjZ^ zD&d@Yfr;AaaKhWB|BDol=v=}@oa_+giS0YTNVx21BRUp;Vt&K2m7?#C?-D*UA2O+x z+!garCS|27rsqqP3em3#S4=-e)^>C5ifd*)O+C9Ujk{*HV8XM~c~26qnf^yq?yv52 zNxW`GY6^_;O#H$;z(i?!C*Cki9wp6uabth=#IH;nQ=YiAzi#5!W{jqnw>D0^ZDwlP zy|rcHH|8EDwMMyP2EDBE6V(F}zjf4heea%$-Jtqu2~1?OcM=;~QXKSQVq?o%COVJ1k?3#vfT>V~R{lA$h2@&2UP~=QT3PNh zospkcE<2=+<^S>aCg4>R%inO%nWZNS5FkJTArJ_%MF9!Q683;BL6*b?2ntz%Kmd^t z0V5I#NHi`n5!oRSWD9PfqJoM9t|BU2@G26yA^}D5iW(I(>RZ3+J~;=_`@i@9e(#s( znX3L(RabXc_w@AiOy)Fy4JDKt*V6j4n>9kC#^Dhu-K~il{S+T}dk-syK^<%rD4ly`>4cQQRxu+r3I<#2 zYw}GZ-E%d%oUkF*(Hb;8WvKNXqq8EUq{-+6>ms8A;-<&42u1BdUC{RWDZ{K7MyU1d zl$))47!`^ymfoK-!dj`(j=4)xMq0--y8pq#lu=f#*Wrc!rzw6}N}?6ZsEAeqB`HbP z*c$Xq%I(&@8ufeR&6H%TSfjbwM^f&vKGtX*p$V4z27DHYS&vktq*-$qsTIUTYl%jM zbI+zsvf8`}OBJ&Wt3RVc(c|IoQ!=dEGo*rPnl=UVYFD(@7Xu?UMpdrD(}@MLsIXv)@f9=ZcOR|>upB#c6>s5>I2qi8qH70 zOkHS&mMfoi6XvGoS;6~(3Pt~g%Tgb-vNW2Kcin`Ctty4M?FANfIsGjaU&ZZAEwDms z(B9NXt(+S4Vd@iBRSi0y`ji#(H*dZlQ2@Y14ajEzxCHK zuUO3(snT~_t!vPwt<3szmvroC>JF)9?l-0^DKUduhgI+0zn zH|;I!DMn|Fv)kWJ+h^_4sBw$EY30`66$)6ql2NZF8PSiDMqNv$+QEO^LO|> zYs9DjEA61whY{*>G3}65z^G6J-D#!2Z~evy`GV3vup*8kpSnK$-I}Zs`u&*oDkE5i zrT@eFr=RW<%RJ`GS7AjnQdfkN*8LhimC_>plvS)z>?3W{Ker-2L_QVW(^eZss#i{1 z9T}llx}=}Bx-wF|a@u;)FJGm#SLs|lo3FIWwI!aaS6c6CgeUG_Sbx_DPu0J)jxkc@ zeQ8xNLi>88e`(Rb9nhb8s{WOASR*`D|Hg{_2)bPH`uYLs-&v1qG_tQDey}Punn_RU zf3VJJRIq+{`VW@%vGR%cW`4BlE5z^V{A@MX2yYwwY+b7n-Y@vs>aG#qFZkKINh7>p z@UwM`Mqid3@LaS~HM&@0i;LDAM!CXWPv3jB-c&l#kM4voS?@7Y@9A8!&ND*WZ%hBh z3OKIni8K5+tCdC=1%Frxj8xwm_GU)3TM;on-Le;a!f|m&lzk={cnx`YG}q5a-s{Z`#BjUxUJ%HnlfvG=HEO5NTh~=w5nn zCerSD68TU9eLch;dKpS&gl7dC(wo_17~y<}q0PrR7k+79>(s7SOOGE26#qcj>vsGZ$`k&0k@ySqk+;I(!Fqe8K1 z^q%w%c7aA`XxFckop4IfU#__2iMZRZx92fZebm`r!U*TXrR2``8AhsvSo?xTD1m+u z`*Y<5Yrd{_GNXNFL6ZaNJ?u>yoh>?&-qU`W(SD<3+ZV~b?Y$ZuiTEVFuYH(NuIMrG zi{$?HA6hqT^D|Ne4jqhZm1EiD>vC;8eO2P#UT4Sjn*&C8a>$VsL@i= z4Y3C?$`#Ego=YEUFJn|JdTkUF6YP$astwT_111i$S20@bmW~RUc(Yxq(Z8lPBvhtR z{l_8*?No@O)Pm44M)U;kvBH#*cI+AWRPh{TCo;l#=`eAWeP0dgF)_(5VN@jc+&6gQ z?RL3FZC8z&INA<93onbs4~<7p9AnSX=$^Z?Cf;e6Gs+bQRz5T_)lU9GS^g4MGBLw` zlTndaw{q9S>2~os=!(RaChtw0Wq+p8KYD*MG28C*6?99*E8|X0oMTrr!g}zliSz8x zub~6_dE)){dPa-g$LP)5MRpmZLgDtaCoQt;pNHjQ;UqN>OYGJ)=&_`S>=896Xi|Ya zPoptuO(s2NKc-RVwe&S@`(=&l4J{9R!ak_cM^A-_BKuQDYQ0-*f2(zqqdsp_Yz z=_=Mw+F_TW0!B+k$o4jqp0o%33zkboi|rjJEwim}6>3@7ZPH5nZH*cg_L;QG&bpv< zbrWxzwAv2-PN8OrH&0q?S7_8~T*pZz_N(73-FJQ6mZkP#jYi&e>!eb9#1BfBl9oPc zqkXtaAZm@1k~Hct zKDgxzb|xc?to4&#urDg)n)F8GOSZU#e2Z!KZtJ9%>@kd%iaFDEPTFOs)}S{gy=rIH zprey^+jBG;+2V^yuiM2nsA|$1_H#Ap*GX^MhiZ^Jd9VGYM!N>onf#W0p+?ty@;>{= z8q|66e)|_jg&$=;?PQHQrU0dBbapLJ zrbY)R0A*>kr~kakAKEz@9cPrM5Y_Vm(mhjy9-4gIu4IH~?5igK)6V)G^;B;@d}bGG zgs1AK>^B)Lb{Ax9n0(4E{zF;fZJ*ESRWXAgM(gIupW6#-(9X%H?QM(}x)lo#PCjez zV1#Ga9};?#k&47w`)#G;n4Psh)M!D*XJmPr(E;~t!WWaju<<*usOP}7wWGhVf79sM z$ZsZpY1c87?%l-d$zR)HjOhM7G9cq$cA5oUq4=n@UdFffc=|dL(8j!oj0<+CqtKIM zJ-7W}=g~KHpxd^neMXgiQKO$nb<6nC&UB$GqW_ufm+_OGM&H|k<@5AElNW8PjzZ_l z5;A_VV;QOSM715qs7SmiZq2B+mub}6o{;gIy-g!e(5)H2+lMsjT6;>yA9hFjW|oTX zybR&Is*t;K(c%oldCN~{I7ezwVTQ-~!Ozlmer2R0Xgg+Iug^^xwo|VL?Z|MP?u-_? zofo~65#aP=gdRIaXgDL)V*$=>O2<7G;G}7^Amg88c{iiQRL`>+fzCWes`NnT0Y(em z*YkcN-9rk|=n+$b9BL~49jJw#uH|ggUj9~EdrB>5heDzjz1d&ODQBe4+d59ydT0^; z12%L@9cKX}bry#>g^bV-O{Ro6PuHNRDfOJ)H7I6E1Lxfu)Okunr$QlWL;RF*r;?Fs zL%4Ik#&QVheyu^bPHF74tdF`Zbju#goYK^3&j=B`hfr5WDuPX&K1#DoJ@@#=x+wJak4a8!6-)|?%Oub ziW(F(rJb{r5oWiLsnoMdf@xvsNw zn30+XJ3Ad4!slWa^E`cInEwvgv$jP|^+z{O?c%2!IQ0f+1m{!t4_%#cjF!4ZB>3A|a}Q=<3|1QDVu&sok9?HA-7GV`^`wOr!erZJ)l*E{!^j%AVTa`9h;vD`!j{ z+RubQ^iO%_-6-guIM) zc53tsc}aHO)TkYKxx+c7(fm6fojSphVXC}_8=st-=Csr(Z6tl$%ITm{!4oT|PIhk5 z=uETj5t&YkMgs}WaAs( z?DS@IK;VmK1sD%NOt#1!$kV>V-5K){Mw zqR@kOG@X|2)h76qc%>84TBr7OiUXOKoEWVzhARinLRxx$&O z(d6)TVvTc1Bh+k-v$?siW^0^X8bP<#DUR~#);gscLATCX(88x%=RB?vbR|w^OP{X9 z$>{91WMh9GcpJvDV@1L7Sb`H9A{tb;=l>G6sz@#5TveMwNb?{!43{Q_Uz>+#U#BSZnBV z#c#B(*yeO$bSmKJ@>zs>Dr7V&f-YX`9$oPZp^=Q}yBzaHW|=cuqx$n5LMaMS`{=9o zP9`JleAUX_?vybqBovYPyi?u=rQ>@LtukM5-esiLFE2XBwC>r+>oZ?;LfgU;E33Yl zuQ<~gA>WY9SDo36RK7jV0!C_l?s3xEskUQ$?s4vB1k2kpUw85t9T0d|^9|<%Mp$2` zX6|*))S$(g`y7Y94vKo>&A4)>fkt>U?tl}`C|A5-B#(RB>B?v+y>r>gJ?Qk-XbGc% z8m+t;x?vh!GXW?`qXy%E#%kn=1WM89xurlE8hyP6=q`;~%>cSbqi5oQ=4*7E(ISoB zxf8kqjkYi<(&)iH(5=wuSwK=0f8OXcb%ac;eV6fbw+7~{m=KE z(HdcA_OLTvBkbB9aV9Cmd!xsk=^9~g^q4bSBkcAbb855q3(C zIfabWsQb`a#Ym0151rC$eWUI}XQxJ(3;yAxb@1u_;bdt9-AB%$jy~N-PK8F$ee5i| z-lzN6*{l(C$DKA^e7fUKSB;?i#MykKPxpzlOC#t`I0@Z-x)V;aM$lC_%i?^x3TLxM z(0%GG>*>>d>TK2sx|2>8eLvWHML6l?X$0Lro!bZabpLcFYXseA&WM3N-Dl1nj1b-Q zMyH%&MhED-enn$HcS3K1_eHZ9KlG{Ge8ca zuL^tX86a=h2;(zQMi2Mt0%fd5&;`km5k6gzY_1V>!Lr&<7c7HEDof~U$(@P5e6{3T zj1Y;BGHc6YjLsU%!cS(_k!_NE`RdBBTYUNI$~KH(S=qUs?9E8Uvw<9>Em2+rx$Aac zz6SDbji75N*Nyh+8p`K1g07KVGRCKCB$sIfU6{-p>(hnFVvV2+m+R;odfs@3%jYzL zuCW|{hfmj7-lY+AO=NSL?Y;S$$c`F87a=1i_;e96MkDB&%CHoluBp6+k%~m5yzVk| zgF^1P#~vFODSK&jbLjz3q#Rmf`CVqDyh|Z*Au?-pa~Yh966oCnT5Cqh$&A$KiIVYY zzS5&)l18Xm3mKE{)3uOs8bQ}mUYzLDwUo{zE`dhDFPYJ@qe9~Ca5=5DEMSx?5*}zY zt-U;)0ZaNX-muQou9dM<6l&Ud(6mnSaYm|Uu`+L}uY_1xtPx7@B9~3~>AJ|L8L61v zAYWm0fc}fH$=Dm@VU6$~sW-^e8sR@uZ#;4TOdBAh8L1g%fb7Z$ zak-0hk1@$@>PxSM)Dx}fkueSVEK_oh|6I486));@DTZn zMreD244tLghqm7=uhj^x9WDnjQrDy5GF2nAZ@9dRk?PIiat@<~qNjE5wBfR-MrVse z`5Ys4$B-l=vQQpI&sQQzX3kb|!5u@AT%r-~7?NZuqf-I#D;}PfB+C@yJBB2=L+fzI zkR;#Kx-<807<-GXldVd?_f2n=VH#mX-X<&NC>_@9x5@L2ur4p0cDu})3*BP3ecsw> zV`L5^bLmFpqg>Hx&WpiQWVP1e>Hjo2{(ksWUkR8gr)h+> z=}b9KBdkVe$_F*VYILS7)(ET7nR2~C{51Y<`79&#H2!W`&L~$jobbxDS@JtZsP!Au zvSbKdbupg>G(I?Oj?Ak;$EV#VFKG1WonK7Ll|yrtWl{4>)0W85jB-U$^WUfC%L0w= zZemY=NLJRM`qLkgaStG0u6Xp$sOgW(rVD`zMf>@kr#~s%Fj76XRJK_HomwR4No z-n69q^o{ZfjYcjRKxm~xRCd`X`4v)m=W^0V9} zzt@&8n`zT`$saX(Ok_@fP5!J=oH2X)>++IDImUg{-;~uFtu*qc@0EXObkKNs`aWrF zLW>rPuZ_&<`=zPTPoARbZ%ap`0p|MY@5lg+D$Ko}Lo!&SZ^X{&@5wqE4Y7AlKPKxj zLL`1~aY9BYM9&*v>RBP<8J#llgt0=-&*)_Th7PR|0%Cih;;K>{8Pr) z=(0MVl2dAQkF_`@b8B=br=OO~Yjj@{DpSY}rT=3%BP$r4HQbh?dYzGCiyAK;LT6<( zqs3y_Qo8$;;~C|O)zcUB`a(XTbW|6k*O#(XA@=!|JjO`*{7PQb2tL1-5nEM@hApM< zdCS`wDWB)%LrOT+Hx$d@2ccsMr!u1lGZcuqGs zv%HZJovEgn@v|JGQGg|8T#^sgSlZ%OS;k1Us9J{Y@YT9nMrd?tzB}VLxj-X_cDnzN z-zpSPu)NU>;r^_3*y%Q0d#Cb(ooGs!tc{hH3;|1Gmp>K3xO%W=4zM!}Rt>L-$sV@YUId?j0IQMiUjHm^Gi#(7jLV zayGP|5$-P1=-UOI2tA_FK1NU0I_3+K1LQcXQtIwYIripb>OYZuvf+ zF3LTo5p*rwhyy-d3%4Dk#cqd{ZN|2Auh*#m%IgUA&i+1~Kgzxi3y9tcSMM~od zGg`S%X@uRa*6v1S$t`N*KF3I%IfVY^E4_{TIwLh&+q&;D!ruLh!R_2ijqsJKYu#!_ zYNguAjd@#nL5r?;bKdd!yxuL)2)fShmj`{i&hABxpo?{54*7JkZk$HYb#W)Z=hJm@ z=V%1o4ep@#eYzW5`nOr}#26p#IvDA;V?iUQhJ+YmC{d5dSc7!rRLK8$0QB1w&`;S? zY(ZMl-^qjLinNEczYq4*$W^WeBalnc8^*$<5EA7_(faow z@5r_I(m+uGv~zPHfz~U@9s47SVPw{qo`CNGrK7ZC<4{#mnT= zx=bFN@AH7PH<$m2Ql%`PjZ)5TfW0s6jVUr}`qDy>SR z7jSNR^Llh&%%yQizkb=@*J@wd6d`nmT4KOcAtAOHH$Q}a?M=1u2R;XDm-_OKqu83F z4xb~?sxwISwYM#(InJGs5VK}n!Sb)=_&v4(>@#|+Z$v%7y}4;PN|a$CA(jZe8Giib z@M($DH>2jMSIr@R6}P{VFV8~hBd7WL#V4V)07t`rMnavH{h!TF-ucScI^VqNopT`h zv-A_(Uy7<+O`nG4UDOxeI4il=1|!Ei5_~?dZfORcp&o%RV|vffLDXI~W;|j!j~q3Y z=J&o*t}N9os?uuq_Mc<@(?=daS(hF`51!_0jXL8XxqNJ=w13Tg=eW1+ zN~=mAMk9oN0iNmAR~G;J_@|YJ`#Bmb8p8w9H2*&g>Rc z;~%q!hi9|P+kW}E4;xkDrs2MkfOE$yuT5tM%|#I?9qG&Kp!%iTJlNcu46QG1il&o& z_OJ6bJvq}S8GR?x>WVX%TIZo_F?#&7HIQE^vHojI<#`W#165ZmL!2&#e^9SP%~$U? zMCrE^wZw}==|7VA%!S0%k}GSaRy*EUA(Gx`ujCoYWn^v`AuHmdgBSLf0}kWSHWJ_^# z>y`LCctoEB*g)b-X#FGef0I^o)Y0`Ab!kiCxpp7a*4JJ`+(dQu zh`!W{|4Dl<$Equ@5a7XUkACq_o8sC*khpB4EEWB$w)kJQpN>au)f!%1l|JSbJJKHE zOM6$I|9)gHq7}uT&CXxnTK9Pb>{ThBjy1^Uc6u5?zo@J!BLDrp@CaWtbZ^l^} zI|h+CJsArTUUVy~g%l9=yTFtsDt>UK2YCH+r%V!~!sBF|Y{P%Oa()xR=Lsv{g zfO^ETT9>Cykx}Q*B$lAhe_fVKSt_|Lw%7fiw2tUr|39;l;;aA4(iP8zV!Yi#AEfq( zUuq%#57fczm%()&J{~Pq^O8#6&9nC{9D!db0E z7x>{(_&-yC(NcZYRVVK8IyqDqA*R#GJN3Oq`f0TVwy2q!Q z)7_0ne039Q^(mdRmZ-Z$4`kA+^AS}2DTz1j+n@1T`XpW(tW`X`lVgex=&V<3o6EJT z6lgD(V>Hq`Nj20X?zr1m=U=CxN1Bd8ol$?A>+f*=4bd<0N^hzZRUegxXOHO85`MbT z`DJPU-V!k*sS>>s*sI=AdH;9y@sFo3V*gnT{qy>_W$RzG_v$vH{`6}m6iIKil?~)R ziMQ?k5_(oaV?$ltJVMPmxa#@#=%B^^5+vSP(I0fO1UAf zl>EQ6RMAF>Cb#|1M)H+fL#SL^HzJoBb^degNS<4MqPd0M1j<7kCiX|VJMA4A;(f|R z?*Y(G9j(o1g+^!k;R;t6j z=cae zG}IsM>rR1I)#u9E{*~OD_y50Em^=o&_jKwizc&FjS81%B{L`kGScJZKf_q=}avQe4 zGX2**4trIucbur5Ugbfh-(QP3r0;QEEt6t1@DDMMT>S63yU{7Rdvb3vk>Vr<}ZM0wamwe{!`KAiWp zaK)sn8<+e3T8zer7GgB2{jRIyfas|>&~E$&-*`K_0eRK#y^5qdqkS>Cd?r-8YRbkx zJ%ZQF3+a6Kjz&bD_AZEe_mHvgZSu1NOLU{2^7b{(T#uN`mMYzu(k4qR-J+}IlPH(B zMe5vFHjsPk;5-b^!%5=pclG4rIM-I?QZZCiMc~gzrbqnm<=&Qhqv{=3-g^2<$CU_c zIsc~;MFm*nSKVudDR;4^Ay-9s^rSPAPV-#Wr?MfRyH27b=c)T zy{k1fe*WNR3iB7h=C302k@Bm4Ka2MYzlamP!v(} zmOl9jU)ndjddH+XyVZJCJ?ZpoxI)X01~-aF>KrT@FL$s31u zLs5S<+xVwdxxU>A|D6i|v?}XAqc^uiyLR&WIXDwhZB6SFL#QhSt_26zyiiQa!2sbNQd;+OP__kk{tCJ{!~_pYF2Z z8NH8HnRgwl)4t^I%JIi73cUr+zEy3(l{;>@Kw^PI2t)2@_zBk8lGu}$~3vx_3iu%5yCNm<@AK#w9_KUe$~80I z>w}H|`vzCrs2TF#$M8SbVpZ?G`b19kJsVZ4eRU(s=9gao>beX@zqd0+x?2~Q>QHm<9O7Re6+?gO zTMhoVPk#)(Zc+CsYF2C(k8X|IJ>?%!UOR&{%rMvf^4(%81d8hTb@^LpM9?~Ow|{m;a!&%ys$;=TV>ZB%!) z>K!4>{2qZjca!hjy_Tw0m{n-+g(7BgP3SYM)OX%%3a+yz%f0>Up9{6JxaKy$;efV; zgh(+c4Ib2d^(ws?qW%n#Mc&kU)hmI2?+R9VPNmhC$xjJUAKVA|dsFemwZI$gNdpms2lSuRlsbE&-kmj3dq{rGDw_Fyxm=a^KJzw&dn zCGGYPKr05_5Bl%!XuMaelpMra&3m}Y(=WNv{}dTw38(*WwD92d?BCaT&yylR&n7(L z9M5C^=_^+w{?7`%arjSG9sh~Vzn@$D>+GKnq_u~7ztj{BXh(>?zD2F@h+h|A%wSGd z`@M$fRf@Df_4lLFYRoIDuD@qD_^z6~^&k+^Iy=0d|$Aco>vqWt7ET=SmBTTHLa@Uc~I zo?W7`*hOfUXh_EvIvx?P(D5oAuhFrajy-g|PRCx+kB)A}UaHf6!iVU1kB;~0_<)YX zbR41M?{plc;}{(u((w;EKBD6!<@+b`({xnQafXhwbbLX_m*NR=j`&yfZOX5SpQqy+ zI{rn+w{%>f<2yROr{f1Yex~Ch9hd0%m5ypUgn>s^UFdXNLA)FBzJ_5uB0R)R;uaka z9g>bfI)dq_O-BeFb?K;2M<^W)=x9Vo7#-nsL{R?b2K77njxzd*DDoXevQ|c2vz5`n zyoUHS#9I?@O}s7TX-7wUvTaYc?aB5!qqexts7J?kIvUckg^ou=2cs7qU5pM!cjDcM z)0iT8CpxaDqca_`babPmI~_gf=t)N(I{MPlkBnMVA7Q|A# z@Lx#b{9U~W5qp1;cX2(AQSQTu$eD@L#nvJ^1gzEViHN!T(~; z^lYd93(TSa@eMTcSYAl>t&Q)9hKRZ*{EQ|VB1T(t7W~7AHBis{V-Xao8>;R_SGlYDbVKcZVG{he_wm11~W(YJ04&)1_vL_F7R3%8=ez_*erjAc*G zB8o31J?}IdG0A+ziN151`3{wyWgc-BF1^pJG`fy@+AQTS_>~G+Cb6IMB;ReGH`c`L zHLJNtjI_&D1Ggn11-Z7{51W4nrH5)yREjK*r#%>Zk}@+AGG>XUxRL60m+H1 zM<|WHuBPv)1{%R6pG9TaPoTuN?r6XsR+G2)2ZvA^_J-%3LTK?{^ykFNfjg{l&&7?l z6+tyTNi9WW3Z2&q4_PsulcPQ-+Ij7HqO;R}v0~Zg9FLPY4=m$6h)FzKCV2jJ&oDc| z^W%eKiK537JS!4Y?RfSO&mNN4CW&p5JpCsV%!iBQTT4XBJ6pkwy03+c}hehJKg$x+Wn`0ry=2Neod;bf{C{L4RFx zb|sH>E;$)nXE>`^zRJ@$aId+_^G>Y|P89X;Ca07or7S7qbeT@yRp+F$llmpl*v;{e zGAbKYJLR5lHq8>{6rcL0AhM%u^n64`vkv`QXBDXw8+uDC>JR-hXt*AMOF9``&@*oA37w}Smwa=XrR zySjPW^vrO(d9K;8$Ah}fa4}A@U5xw&qLk0*Qa+4FWou_+|J`=HSt}mSvug9O|?+ab5(oeK1K*n!zT{FU%e-0!n!H=*HT7 zPv_F>0zxT$(u`n9U(=3`4|qou-8>`!aT`w5ES?+C%`5OGBJwcNn79SCfnTc0_A;Uj7^q<$Lyl?*Q56^Ee}lM zT*;iPjN_liZOJrW-g-7L&0LW2U0|lU_?BNOou4t(Ni$`k5tL>=x40HjjHTV8YRgw5 zjq9Jo<>qj?yXjYCPnv1wFS8A?TU?XhlI)jmZW**&oXu)W=@AP$5e-R(1T@Xe9D7qx zrunx;qk{@e*cUom3nmkNt#BIASH~al6mZ=NsH~Pj`JR`y%_Vux(mkGH&P(5BUAi#{ zV{B_sG1sS`U0iTW?c%xd2Iz_hOZNht44P-N-h}CA-Ieq zTxMdnFC+VtW+(Z{9qov|M06)ftYA=jrbuO-G~uCv7%3kaF+8|{&jNV1MS*8mycN8g zYiKdu&AE1SJT0b$&ilzZ!6W6G^x;HT_iHT6%@?AU1RHEwZWb?nBKQ!cF9aFp=E$#v zVctih)G+b&O2fpLfeaI01Tsu~2NP%LuE27$ENdgB@eNJGtk-xurSad_hKc{W9xV?} zeJ6N=OryEWF!8;jW9G?Gl|(UbA2VmCRRveDq=F?CEWuUD78w%P&`Q=;vbK`7hS_Fx z|5~^b4XZVm&y@32=P9+$bE~U(ES=}}Rvqcq4&huER;!#meqj763%fcA8ER5lu zd=6Igxe1^9sFb@Ge^_g@98&sDa0Shfbe>wMf3Su62V1CrC`&?F63P;szqG31x*am( ziVk>i^`~Ee;L;D7&*4f+?dn$oTS&Sz^M_k<+BNVNCbJ+%j$<`DY!m-%D~=$&g15M4&UN-@~{Xe;PT z+xC+UqB_{Tk$z$4l=Ie<4=69jf3$^FLA13XAeh#n`=O62<>>E7|(jJtsqwtsfsePxSMMmxqN7c$xq;8&FZFE*HdINxfNN~ZA)q9u`rKO zDfBDwkl$N3ON|y2-+swqZC|E&7UtMc`qq2Ppa|ng){AxDF><3`t9wqMrKcQY?KgEn z1M8ilan+1ykFD3$i?-g{*0)}vb4~u+0mnVry(ia0-`!QOn{0H)97<>Ro?kDP*F~|s zF2dDnN-c|LON(d70;<)zdbzU86Hk+$)Xewm74k?fwDDV1hpg58UaUJ(PRGncd56`9 z|2g$BtK`9jzCC7PPOf18l^m1vx~zj+FV%;HzWKtD zuj1HNacpxf^kX$?mxWea_+8^_3%_-2+4%L|V5(a{1Ixy5_XgX)Op7KOLF?X7t}{te zyOS2b;T*vd$WM|sbL^M~p*F5-mW|&Fwrq@H%kE3R4;*b{l^AXR_~2YhqsOCd^mq)* zV^|(zV`Uh_+8EXb+xTVUShk5}n^+rTCYCHeB{}@WvSl3EY_Q|lCXQ|5SR2P$%T9>d zZCZBEHZO-*_O-1+v4*$o?>hxIw5a}d8;nf-trAhSnxr1ax-cDzC}!zQO2$1uwH zz5gChyp1uO!1YO>vTkjdVE;Oe*1dLPs!sx!n7}2*+nC4VZH(k3jzco%O6FY2lxuE- zWX_e$xso|o8e3*if9-6T!Tps%{k2Yv^z@$cX2Y4*Ymvtq=E{p3KczJ4gR|pnO5Z+s zk7uU!Q{ImaGj05~Os0)90_(a)jbc5x0$$>~l`QVBaM^M3O^pn?dZstRiZPSu#qfI@ z<#0dd5nWd=%l;yAQ=@ZY?)H}(<09K;K&qkWS*zk=7dc!R?sY6V&0Zh z5VqICSD4Pp)F}_x&s!BGYr?*hCr51zE0Je1%EFFtUmUUGp4b(5#41_{`r7v0VW+H% z^u@(<)}exrDIJphcEBk*(|-?JWn(o}YU4^&O0lhPp0dVI>l9wbZ9HO)P8}b<)8;ii zTOP6U7A*-6aL-3R8XoRqogC$EN`5uuxYa)I$?#~t($UH}t1P_SHjDQV9W&)b_#uk< z*R{*-p?&^E63pSpY+U{67k=ovf6T^pyn=hS!cH80(mcdAhseHnol5eP*7%T(l?=}G znT^Y-ZWm}(Gh)HI#^1Un~cA zD3)_uh~30;cGe9bin|-j>07^klVArUq?&Tslnd*hY92G^#N%5AG@0oX(Jy^f+gLeU zv@ROj1eUmST-vLk$w>RHZR?1J%&evn^47MkO+v}WpleX0;xC%)CalW{ElJH|UI%dJ(vCHH#Q*zCXL2IoN!QucQ-Z({+dJyGLxX z-k~qtY_V_^J1*MOZ(D7#y7gT{lEe3|3ERTsA%aR@SMRuR?t7Nx=rzN{*TqMA=H;3J zhKb)nG)(;BVLnCdWJJFGWdx008*R*`QbNe{_?A?EnvLr>1q~;P-~KDK@tc2x&HGcn zqAUBH1%sLnHitd6$Ah+vYC6FlLtmd8Y@Qf3zUg4MG<9~Z7Llp7wP2k?)x@DKQ-ot^cY^N99lk4fFsnpa-z-`Zi8J)kNL(q_M#gd+;vAg0@y;lt zJTl&C(cpce_=a5qYZIJ12YeS8M``qC(amQgC%C)sJx_j?_WCVyr2P{0Y!X{eaNnL( zr`ZJewzbWO#x-i!EZNyNkaj}I!{}ydH8yjbWwJbtFSxV$C92`%<~y~Y)}?vPceBk- zvYEx>^KkR>no_EpPjFk821QM9cRU$Jbj6*`i9U5_`>11_tDJIWL{+eTB}*!}^z$q^ zCoU$u7gfdb^CS;zvD_Wmr!CV?ElS+AEf0FC9bAR09bA!fZOn=mT{Y&l2qyYii%@x6 z&ND3{B)-@dP3ezY#Bh3oaa+!X7IhuWb+Kgmdy6gZ+GcLcE$$B~!7bzDwez-z6d0Jv zvzR7Hq)R!yiuafDn5Idb#XC8jNq!!uy!idFw(_GTFSmT&{bP=iJme%xSy&b$+T;#Sw7R5 zzWS4EKu>>^s4t_Bv*yVZH#oe(**NcN)Mdc&de}Qj#}Tk-1yf$n~7o_Rc&D)HeVcNld0-sT4{B`>DL1m~q}p*@RaoI5{aa+`SfwwyU_68M{ht3FN@xtf&}NH)HFml2 zx8Plr#(4hDjU92Y&3A4*{TFS9@mium+F#<1wn=hJXMIj|%+ix)l8fEx4B9O}ZzZ`4 zGOe~rF808a$p8HUv!zQC?1xXFUXE&;Of4GMHjQhQ$+e2{pgx&gpBN83$9Uj5#)Iz< zXR&<_+vl-;f~Uf6-Y%YV<#Dcf&K1wO;yG6m+Z4DJjo)jRT$8S9m&WO2?vYFnc7QWI zk9CP`pXs@|Q#&)0jjhw1OljO~b_Z zjw{LYJu&CWbAC(}d#*6yt%|)>n23LciTGET@OF%~$5?)h<;PfF&3>!^_z4cc$f;z@ z-~f!PO17_L`%1PC4M4dOY#+_`p%%)GX8TYJ<%U`)H`GG8C1zF8)@zT@O7i(@kMrGM zFxwwDF*0M=TP%BvV{dWnCz$;Nv!7u0bBb$qitBTV>SKsgT%UOMkiZ_2*h3O~h$qQ2 zEs{B%#x|L3lf^a>T!$>yMsQgXTvh~^l@oye&10Gqfa^$J0Ok{{rsj8`-JvG=9dh`$ z(ejw)(62{+7nsMtAz5W$wP^%g+<2}-K>(gFWLmxFoe#;hFz09TeRn3`M<-Zw#s+mv zux==--!Y9>O<6<-bxgK?2^vn4?zAo~raEVJT*Y-xwkqt0J0@|>S8>ft%(F$$cFeMR zM!ndvG~hM5nj~>slDI8N+?FzG`?$6{$ql^yZJLN$5j1I&dbb*Wd z$FO}2+sBao+y*ghAH()BY#+n+c*-{92GCn?s2gxLKKX{IfU?o zB$4(PE19F3#y&IIXC`|aY_2S5XBKmb$9Xg!x1R0! zd%Cc$Z3Awc5!n^@Zmmc{Pg;p?O&QhnxOHJgude5K&3~NfC2R8&!@FLxj+KD!XSy~L z>E{wbu@0$gSFX6FYhC+;eq)K^`~P)q_^E3jDwseNcMw^DSSLrxpCV>{!4jN?Cx3<06a5rgbH$D*aL$rhbD(Bc9 z;t~&WiMs=_CM=wkR&2t}G$q82gN;dJc6CIq;ls zM~>SOR}qLcPh}w1Jo$F;gTIsg2Tk{QUZK0iT0JWRvHr=oE1I_NS-~DExK_{8T~%Vw ze5&nS+TmX@WK7R|yWY_8MEMKf_PdE4Wj;MsnL(0H)93UYNlyXZY&g>FTsog5j}3w4 zE3~FM&pyuw;{K%@Jqs)7Srz!+fK@$%`Kfv}Y0F50Z&z0b-gN()L{U#G2z?YBbo0QI zJ%fXq(ls$O2>lfiL~-jCP1D~7ePq@B|yjjx7_|GJ!1<*s>GfQ{XPOq*pfw zW2_V1Q_%lT1c;~q-V0BJzwK3JoX)E5#ZL@HLBNOw&3h*WZC}xeD59N7-#L%(ohg@= z()x|px0$@|jpJ4BOlw)+VZCQsD<>uP9vyJ&(9ylIJ2av91WHfs9Ybq?&9r*tJvX;* zQ`&iRv0{vIhthg7#tjHY`h!~O?PJ_mRxIkBEbv=)F)mha#hj~{a}~Q-!xVF_V$M~} zxr#Ygv5PfKv5W5yCv&vZIKr76naTi+#!QYzR#4u!XZvIYVZSje2s@3H0T`u~0T`u~ z0T`v&582%(C&(;5(&vLLCO!}~i4W`(WzbxQ zy6q;Ltd8YuQ_eOOyy7~%QXtxeU5hng`JRvO8s6_5 zrRgmT51#ClnDf)h`-OY(e5Z{4lyTlN&RfQLE4a3mT;h2y@jRDRkKTC+h_5G_GL0hY z(i>Tzv7&aoDY}aK@wG)9(>|ghrQ=0YqJuWX!qMr3*118<)ab;U)d)t=gv7G}giThLFX6Ad<7l4UKEqsO!p)4oJqG01E+ z&=m=0JE9}Z4n%JuIejy-c*Zb&zPZ^###3mUB~WG1+Q*lPmHp)MSZ;ny<6sNm6Dt z8Wdj1El@Z zMxO>d-`wO8J)Nqd)GrP!lbzT>wMCjUgXm=E0iv1ClSJ=wwi3;9-XJ>1`3KP)=bJ(G z#C;A*S>XIml02u*;96p*bN%4j;t+c~@ARPb1!ok|DreGQioeXEbVrH$#7fkst3-VU z$p}PS=90|_xtMH{We@V4CLbP5edMB)Hf|}&W87!q!7V2m>mDcC)%}uaoGXXWm~@*H zjdzR4evmtW(h2Suq9fdyLtHV3{J0{=MLZX{C^65SNAe}^{X`4gJfe@g`DFj5`zWQ$ z+460+JjB|=q;jqM-rjs16YU|03Evpbqs;$AB=R@qxpM4hp=B zXhL8KovqUXF?#1R-N|m^UDUs{F6zIz?)^jRi5J=O6{epu z{jeT945*L1gF-`IBbl@ptYEWGmT=}mT4!Z zU6__I-N>|QByx=;+KOI!ZXpgQwkBRg^Zs?jgEX%%*53`>L~LW;QXFL7UL0lKS=^Wf zeGf66d4G}5e5hE;JW(8EK32%tuuBz9m`@cWn9mYv%O zJ-`Er(`)A>Kaq%k*Jv!9>c?S6FXgj7SIZarap-|Jh$X8Q5l6d=h{Ino2+mA`ZW&iEj}9SapWw zClXBq`1~rHcnfhVF@QMo(ZdCnw_^D>iTxRSR@3s2?7m4HPaOVIwLG0T>NShGlf965 zJBlMX65<>O;;`SK{BeK zxDZD&D{TWmIwA}#B6PZ)|h{G;j%QH02C64kI66g47eTn89v>Y7eZ`6FBmV-n74)G$R z)=KaeqSeaNS`QBWIhJ=^X;?Zg#5pd+p|>@sUvVKnJywFZ5J@Yeh;uxM!@ecUPbIcu zemJo+ah%r!G#*bJ?VLay`BI4^A2`ZM*F0D27iv8?^oxii-uaB3>=NSevw=ALfWvMh zaoFu(>}2m_z2eXV_b{ff20z%eaP@xTus=#1^*u!#@dD>~5pPHG)2u&{2;Rfky7~<3 z4=0{uxs&~a=7x=Y9aoyfkq;dH!8aIxUu_ddJ?b-evZIJ2uHYP3;v84v99QD7Z%G{2 zg;vDjuQSV??7qZdKS0Y9wS0n>r)&8vEvLs4T(5$F`7 zagH}*iZ|;i-o#O#EsUM)9h&d;&JZ_ydQ(0mNZ9m@$nyzaoFV& zho6PS;RhUci!?9M`VCqS4*f>r$iIa++PRlF$Avh@g*fc?5l4BSY5gh9g;e$iaa^Cl zk>4cF@nQLiL`&;!jq5X~xDe;~Xn8Bm+cJM6u`h9s4{?r<*7qll`V7!`JaO1f&^(nm z?7>n0bj>rEzmYhLxs$zsIP&FczKG=~67!kAkyyl>&TFmTKpf+JBg;=DzDbqIKaE^<{JD5A!dx@jmeOkX? z>yK*vDXl-FrWhZ z;P3~|<4NO0=Cqz9&T%6S`&6w5hkXWd#C;aaX*>~cNB(jdzrh^&7qXn<$#R;uLLj{UmCf&Yaef8ZRV{cz`2+9&wbrNaG^rPWDEPcWAtiIP!rb-+s-HYW-)dr}IL~ zf6#I>2>Ix`MI8CSQD0l*`pli|RvLHKxIc03XDyG{@~tOe4Un;Xug3s{D7mL8#Uj-+{u2EIQ;C@d>?U+2kR*wnjd9O*L~u!KTRBV z;P87!^BnbSN%9PtOo zc%ML=4&^(~3R zA2{@_H1DhR12mqXaVl}xgTo#i{?iyc+38xofOvnSL3S>2jt_B;kJc~Jd>!%r#_;SC z;v661=#PzBzk@l&MeFxzJvhn-NBR3TKFXZN7jgJIO`PMU^_5zGM&lneHfrm55l8>n z#Nod=am;&BTHlf}#Y^k^FsADiag2w)#8Ga4mecqn4nG4lA5Wae8FAR9Yxx4=Xg4^I zE3IG1avE2};Rk$!xOUAVjZ28b&qj^+YP^p)+6|6;`!zqxoZ>^A<3k*FmBg_Q2gf@6 z3~}T$>L@#tIPAb7w}@liZEIYgIgKmg@Y|9&?7?9lO&sfPaICvqX?Y*w{f+$WzQmEQ zKXK#(N4|LC$On#m1GGGmIi0t}`x|?*ClE*ebgf^&^6#?2Ii6a-kU0E`REl-v;8a2me2my$5_$Rr>#b&YhBkkkEUZ6nYOO)G(7tz(|z@Q4upkW`Haq z!I=aI3QkM_8#b(fGLhJIbyr>2f=(nBbSxbpf`zhlOFi2Uf$Bag|FOab#b*oeWc^-{+8L4BStCg2I|5QVBAxGfX0x(e zHxsFRVUXevUxOc#?6 z3}?For1R!0`>8@V>m?xNPo(r7aIf5RJ2726a=TaYRACKB>1#oXPo(%enL+l~GY^5( zZiy7{PG*Sxjm+oSepK<OjqILq4 z-0eiF*PS564}ui$5UA>l?W9xr?qod#QoKgy5s=PHq^JR-#-QvO6*=i5NaH;tJAQu&D#pGfgCm5zFiBBgUer~HW&pGfhE zv*q;L^T2fB+MmyUH%QMNk)AsuJuK16zcyddSblUWZ^yh9-6dnel)*?t71^h8QW zq;e1`{_|`<3ex$Bbp9|%`5p)9x`~vYNa;Rd-O@+fZ6L+Z0Lh=J?AFc1H8}rprDMO6 zX$L7^BBgUMoyv}S1693&s@_1#H=pfpkkXZas(#o`I>qyVG%geA{52rOuLUVSk@6=} z{zOVw4^q5CAhib~`5W1O1f=xMikLruv@b%WbjR6`f4V~1iDb8dbiHY;XDA)}AFMlB zC#vfPkIUlQ-5|A-6800xU!#b1Jllz6uLo86+1|+d5!S=39|x&DwJ2gA7XKa)r86

En5)5&y!bUkj?OPB$+*MQWXh}52llz%Pr5c3H0I7sC&;ot8ennBtZ%>XIgXl1Y7 zZ)e>J()o#W-7dD5C_A1PFkNMX;P+lgeaV+PrOh#3MYUm~6Nh|;m24N`fU*-s?@ zab-vUF+i8YtcY^6?f}z8*?uSMc_6i`5>V|UfT~`YhnOMd$G!mT$C)i4l|v5H=}b&B zNOl`|-$3+RY|miY$v*`B66*z|Bfg9E5~hdkrOW`^YngRy53+uU8Dbt`HiPOpVf{E0 zFBO$tf^^*`knW$2?P+Y!V7r5Lr}E=Iv+ib=usy(fE$cx=%vV9mpGfr{V*3%c6UlxY zr1FTtx_l;(^dwN#D@gO347S@@ce0)bQoI7Do9!jcQnm*`8jot&Uds%EPPumrk^J>w zx~Seyq;ec$-V4%sLLkL!Wcv|jGf3^1Nd7R}k2CSvkFIx++MkW}45pLq1)yplO2_lW z{s8N>tk;7S?-1+vvL0f+k$HsK#QtX1!>kkOI*&73K)NsZ=cH77F@fZ_v7W)Yo#|jY znJ%WAS;8y@XSJ+<9_CsvH7gY7m{zmp6QFinXiWnEzA7=k?W(!FB zE@GIz4#_kz%^>-0tfw(En0BUv=>(}==Yi?s#O*G&moNj&T4o(c@q(-$0x5ln^&_k| zfmDuWwuhA+<3H=d#_fk`W2S*rKN+msnGUu)L27R<#b*`iewIKd2H0N9dXV))tRG<> z1?fD;SvRHW>&S>AwHqgN%GU+b^H9QisfvgDu88rI?T460m|^xGXWf*p^GgHOb+YbY z-3ik5m9V{r?X|2QVjcmhJVdJh<7_u&=={wf?LQD{{~-xf=VO1SvQOIY1nGPQte1e4 zUkymtUCVl%^1o47&-O#iM&=Rbai+-Bas ziK^b1L6GiKJ?n><_kuLvYgEL39NUjDo0(zd$GnjB<4iF^pGPuHOdB(enZdL(9ZVMW-T+w3^ALT zVzfSwjX4^m^V?Z>F-yU8ad3Zt^&m6EY-ZwORQoc6)P9N7er;^eWIK`UcDB2i9+2w4 zR1xi#?LlUU+01MKDgFsX)Z19T9;Th?V!D|D=H;NeKdje-=~#z^SZ`E*%rjUQ<2Zk& zo#|o*m^I9LW+O8UQhAB=9G+lZjOTnoYBx64)4+7GcYgut^58)?NY5pa($_HSnT^b5 zkn$m_{VKML30iLiDSb0D%oG#3985dY4N|#-pz1F`Y7ZgS!yx5no1|%HxvqH3c{9n-b$0#$rw4KoDN^`vF%cy^HD z)hQkGMApOX$7lD-Z)4h-E@psP2hzGA$a(|oA=Vq2%}o4rmO5Xiof!bBd_mSj%rH~V z(&^HeE>Oi+e6}zM()uFAb|UHS*;KxR`)fd|uMkN6cq2&HFXw1`8q>jaGi#XjAhnxD z#lP$iGh5g%=W4%M(X~HK@wxpD#n<<{*$w}4b$ zBJCH69E$hrmNbz1y-dYPisZK||E#SJkkYxC0cGF1wH~DFZDfX(AM*j$vicQD;d4@l(=uwKIqGV7TkW+Sti8D>fcm!D~8 zx|jiGkQrh&GexdWZw9G6M5Y#q@yczJgAA$Jl5T; z*DJm2fd;lWg0zk$ri zo0a`oVVLds=XllmY|J!}uGh`1Q^Yu^{8;a?y+IM{Jl31pFIMRDn?WjPnj+Q(YX`LxZ(zL%Ocy`g-U4P(I{?oF?JIRYc_5X~ z#kvQictna<1JZNUz;+_pTUaNOo_CJUCje48Ym|<48%XV=p7jvxVb&ez>g&h@>AXbB z&kfRf>)1{tdk|Fj6{Pcom`xz14}(-M_-Eu15A6jc-3*dHQ|Wl01X8&i?5|lAL}(P zwu5w?^{h8C!%X4Uej?=~nKot`NYAUCbq7fOfs6G3sPb2K%+HwU6kx|XOA-6Spi^$# zmIhLNJD4H%hgp{;+MmX>gLK_)*6W##%rHpxAw0SqX`srVSp$;4k@Yas?A6zmruaso z3#99CgOt988D@XlTF#eQ&kTcN0@2rb$mCd&ckd{_RIre z#Z!eX%8vO=Dd(@)?|?%Q@6|y{?_qxpvw;}`ACV7kQ^a%7sO%VbK)Nr)N96R26yXm; zr~K0XK<5h=x)o0qdKB^9I7t35`^5&`Ud*6skF2LD9rXZG{5tkGG8@Xsj{PphV}(s% zy2w1x!gje)r^^H>UkB?otcO6SyyBuT+eJC)M=!D|_PIC>r1NGfVq9lEp#1KO>)2io zQvS`#{@}&3LZ?e(I+*n!#cNPH)*+x%etvP2vg3X!JHEGIzuctrF@vgJKzgpy*q*8E z;X*sxT}%(#10dZWBBiTQcI>;do_QhVi~9r8b=ENJnGMR1_RhNSQF$}Bn?Y3`rLWzd zsdU^Ykn(Xe1ImBT_8Qjf6tP}V_RqK1vpo!|{QUa4v4QG3K~?`C`R#0Xu-(PFoAm(e zbs)tLvR=>r5J=BulhV;{Sr4_y3RCEU8l0&xx=M+e21I;0i~y15(Mcw8bFHQsQlQc zV#+PLoJ6WeJJZDsfRw%lr0b~zsU6g_KcxJ4u9P4B>sDPpH`4=B{2JElnT^b5P~E?3 zozB6`1F5_&&?%Q(;%0jdvz{3OsU90yZ)QErdJ9PTh;2Ha1nD{)Ag!B-bp9Z-UimSe zFvFm#=ZkcD2T1krVx8!eH(%mrdw}gkr#yB^4ci-;O(5-q$%}P9W{}3YG{rXxGg+@; ze-KpTFYArUkNyL6$|(V{ofrt%LAp;4P(4>nk0PFHkghWXQhl|s-LXU0hld#eo$`}F zJ?l+O$0a)7JdnOWaDjz#M2(y6^~#R+#d?z>=9d9Z2U0!OuwKt>QpCOj>#|12&s4;G z2&D2l*zN+={Q{lRTT{>W21Pul%6_0G%yxOH&d;of=M7ZlV0#_g>sb%8zlH6NTAkj_ z^ni5zA&|<^$o6K|!>qR`;(4#r>1`mzPh;KAx`TBW>u%OPAeA!!()AP7b+aC1J;ZEg zhC#ajEg+?rJGJfr)pfJp$i$x|LOp&^BSA`6&ujoGej_u?_7>LDcI)_dkjj;(bj;UT z4=@`*$|uBnBS_~7Gv#I4Zv(0Qrm^k-DV~e%jjV^6jhE~5$}4m{vm)kwpi_>%G>z?< zY&?=BIXsW*D!;iQ{I26c@M>hAEa{Bu-*VtIht6P zSL=9bOb1Bwpc=(V`|H?V&umb{I#Ln$4W#c@#Wi%^PcM}q-KR8A%|lstD}C;P8pSgY z)GJ~>!)#UD?vI>n&R98c2M;LN?&;(4^-EybngL=BKB<+u|8wg zD{el}$ZP`Dds?OM-QU7Gk>1AyuG96`0KS6XV>g3Nc~@=b_4<4vkjl}-dKjeow(sTg zfm9!P;9hAQB&LfM2ivbSKSM{tn zu^wicZ`A%YQ02qSW4l{1To?dVdttqf{Xw>em`!XCgOnfse3xpk5~OmNnQoB$HOwGL z^;OS$gQ9hFi0wqDTvpcvQacSRh6`I*7dPwlHqa>#)#ZV7-(5=ozRs<5tVh6f>~q(! zUe63Gd$>^CqOa2dQu*9Wd8^jbm_bnOA2OSnVxP9#n3*7z!_K;k=>e%e8kixFuD_Xy z%2s+NsM53U0_nUSP^D*vK)OGT%rLWs{o;U5Cqas5V?B*^JL?YCU97u7_583s!1fwt z$NmWG^{j_jZ)S?yxIUO^Al0iKd`o8Ubh91+Rr_K+2vR>sBzuV2%nXB+kGx&e22#8< z*6pl2Sa-1=VAilb$a+2NA=VpNmj^k2&?$3w+CZv*yV7^-;l8ist|+KR46E z_8QiMAk}*V+r=F^J^rYmN*823%)0%MZl?}V<;x7Py^-~_2JLq+^FS((3#980Fzb{b z{T}Nfkm`>}@tT#6c_2vV6L)I64Wx40nGTTrF7~@w53pVb()sJz-o$z{`&&RYj^Cy8 zF@vPLSr33zt{T>ZAeFBHRQH4RM)tR`-FCN*mj+V#GC_)O2dVrHw!2slFwOT+eCuW# zNc}{n(s8{Yoi~sDF4pT<53$~)bj-W%)#VO=luq2IX$R?gT&y>MbiNSldH3`E0x6yc zr2V4+NcjYr4IuTeA=aCj<_C0snIQS|Sa*SRJszb$TUf_zR(8yDK#HIFAfF$kdh&o& zzB*;c`9La1Gx&vkd1njz#UDw(b(a}b^{4a;c4vZ=uU+ZgE^{e{F7qfmzNc3Dj?06J zldcFUetAU`Ncl7?{q`%xLzMq{SJ@PY?y)Prv&W@)%hdtJW!D51dtMt-eDB(3#jCCp z4^#S_>urid_GW^Vzg_9S?agD|rSwm4Xkgv*C*BYKv%ZcXc)$4e#s-kmhrmIYmxxC+ zZA?4U#SAcm%mz@UXT6yz9@Y7nLGs&JcQNZgnjZ#PZvd%%G_&5qe%oU@pFB|Q+p`{I zHh`2*Gf4Nd1*G$dzvy;CB)bbNl%sC)faDK=biF~Q?QyN!nJ#7kRPB{1{;Km0F!9Gu zRX&*@mCp`RdkZR}A6IsKuf;l%^2>aZ;$uJYX-QYyXSALP_JrTV z41!etW~S{~E(b{0=VCp`Y-ZX*I-ZN^0V#eRNaqc*y_wmsW6B zDZgeA?^|yQK1bYtlQ^R5#SGGU?5q>9PQ1wjs&cSD$o}RiI_1EdZB1N%AjP+{o(EFC zF4hCgAhQ9a_)Va?&gb=YgkGR>;r=jfFLM1bgUlvST^H-NmvlTkNcYibHR4fvR6t`hi=5plT;f z*K6cQ`v5850P953>t3hp#5$ju_lDLRn9U%i#~`yZb@SW$I&GkeuXOxwl-SWq&7 z)%^-<<}p3YI%Wei^Isefr2T^i)|;3uO!INhmzl@(Fzc8N%*+3^0St5VHlO{B0+=Tuc|!1CpOe`3Kk@WHx|wexfQL+wlj3)OEU;bs*i> zAnOgRH!+*p-oiTmxVNfbGf4fojdeRSkL@0i@(r-Pj`bkx4XlSi>K};IE}Ph1_oco* z{1I_|Uzh=A5Ty7aW;0WKt?f3D#s#8N9@rNIsXds#p?oo3fTRbR4Qy{_-S#cl6SE1V z`p)}~t{eLROwWI`y-5-M?Mc$HPsFTaHZYr*Ell(G9G~f7)-hWYai9OI&tv|9&hOe^ z2deg`_-vv1N3Cc6q*=#oVVZxYbeRV-LArhq>kUfB`s9@M=Yf=O9n<^^rvu5}@+*J; zaauF;H`YPA?gnNPNcB|rKemI^545mu7E<{=Af>BgW=gH+F`JkzAf-1O+MmhHV|q+v z$NOzF`nUAFq@c(!YaBf!k?oTLaY}_rZm$C(;22Erq!l8({-lj zO(#r?%y*lgGQVXuTe@2&STk?m1 z9F=r#(v?YvlKzr(B56&RWy${JE0PZ+|0((L;lG-yhJ#|8AcIpMGm8pT$t5R=Ey*ITv zwOhCIyRGT=T(^I8JJ#)+Za;MUwOfzw>D^~_U(|g?cW?Ky?pwR>?S8QPv)%vK{oEeA zdtBAy;U3TRINjr%o+UkZ^?bkQM?F93`E}1BN}q504C|ZOH@mO5udnY-eedY|$G$K3P41W8Z(_gPe#`q^ z(C>|YU-s+Qe_a0s{TKIN-M_SdRsY)l*Y|&<|B?P5_n$N1;DDD0yfNVC0hWOy2Idc} z8Tiz|e+=w5Xw{(VLAwV1dC)V1ULEwopsxq@A3S#O)WMFyiwB=Oc*Eez!B-8wWpLBr zHwL#1{&w)MgUv&dhYTGuV#xR*Gl!fzq-@C5L-q}MddPD_UK{e|ke`NFhV~dbWN7x# zGl%+zUNZE?p?44ce(0KE_Y5ntJ!9LOmYqH~y)^wmdMN#c^v~0~XAI7ml(8Y>&WuMg z{+{vgjFTC?GY@Bekoi+)((t~+|2+K5;bO$15$BEwjd)|k4ktas=9zA;W zWuu=Qoj2zCF*C;c#$GhGe(Zf?A069uT*0`z#=SD`n{lJYZy0}ieEtOQgr_H1C*D5s z*@@3j{QJa@CjM{YfJrY+8Zdd$@>!&_5HD%hl(`u%DK5g0bP1Cnd zzhnAm)2-P(v(L_6lf5PTui3_oq#0vpRL!`4#w|1QW}Y{5_sqLyJ~#8@nV--60e@xUTqMT!^z?;v;w!!rc`#KBN_hrwgR zGnxiZIy@P$W^X1)Qp}bctk@tyZ@_w;GK7fBy{y}kp{Ie*LkKtdF z|1172`Devi*(lb_=fof6OJak3SzIDN5%3GxrZ!2DSMY?6fQrLnUv6H4NcBrK2H}ubTw<+pbxVAKXsY_0zp{E`1jJ z(mdFkmDKjTRlQ~WVF~P8t|)@s-H*NvxO>f zM^Y%QM}-^R6n;<1yH!5Fs_;`P+(V^0tYZE{$#iA^NXdL9Hz@g)O4VD152^gWR zR@Nc>-FlK^%1G|8QQC1zeyikRCFk5g_cU$i6^QfU)g-HjP#f?K*^96~`#Y=1Qdoa8 zEECo9^|!MqH{IIb-g+DC`<3N_I}RZ{V>9LX+nLk`iVr;qsY}&oAz8HdRKG_Meqbo& zv)n_n<_?lC6_VWNrYE}OLXuzaBFnp~?cJ^9x95{(|E{Nz!*(~F>)abj-lMMNtsAHx zsO?K}uA8gUDogaaV$X8A-h+%hxgRS#)k)L! zEeId2C;6U|r-~{3Xd%f%LrGq770G-%N!@FO>M3p6K`Qf*`zidei{yhYD(%4gNlJBH zH!AtfedNtQlkDO=3KuW_9J%Sc^U}@VBD^M-y!+I>o3MrA*wVD)vdY*W3{^R-mALwBaazC+3J&fW-La0gj*zjx@~fe7o? zvS6nTVUJ4N|8hFlVO0{{J9X9vc2{jl_rRTn#|@+F%J&UN{?T!wd-72G#OI2TjQ#1gfnXALatX*+jT#@y5tPlFWXrJ`Iod}$R{uJs_+I# z-HM{yRdl;ey@Tqo=m9$WU(zl_{Ck#ff&9;g?U4PhsfFCDp237PinC$v<*?|MaIBQ- zaJ{fAMgykb8 z_mtj^aC7YgkUG_#(#H|5U-}H>Lpz&VrM6`6d_5}W2g)0U)ZXXnzH1GC-tdd^N?*kL z@HGhtN6yj{VV%EDTfBP!EK63?cbpIHY|C@XMC|Q=^AfWQeTli z%N>;77NtLq57TzNp)XaCCX1+q15# z6_;&6oImZOTGgrgs~J?ZtS`T`HBTLL@-3Iaa`I-9I@NEgZR>eLvYIUf4qZoa0yjgx zsN{nE)a%kHV_<%7!Wtk2bAJPK`~=9JnD-l^ms%SPhDTz?p8|^wegiZ79As_$4WwqgOG*@qKs11LmF6ZEP%WZD-%OJffa^<^~Pezr^Hgk zc^c9Xhq20#;u%OoJd4$aAwpsW_;FCtWM5F_<2Y}ynri~;zdY9yoD<^uuWbJ z`8KZA5buZ*$ajSo@))k$5Fg^Y4e?L00rKBsBjgED0r@qC6e+%eG{m>UkMMVphWL-D zLii-4ffdgdg#Qa^VC7Sd@Q;v&_(@!Z@XwG2Rzuqn{sq#&-_E)O;nR?Y_)XLx{69zo zLt`zZlsjQDAPuaUc0;Dh%VFsTX<+4aC1ek*jnGcyHITjJb&%;;B}tJ1i57y@5?TnP zftAzE2#izRIH*5F%4@d z11qfuA+zN}kTc|;AZN-)AZKAkg|;UjhnypyfSfCzg3OVJA?IP8W#F%YH9|V%5y)Km zJfu^;2$?63Lgvd?Am__hAs5KkAX=K`y~+%@9lF zKOvXNFyvYCIOKBq31p%C46;a`fLtNJfIM4%1-Vjw1Bt&g26?VL33;CUFXSruBjow= zXUNs^7sv~+0yIRi{2!!CN{MGgnjqIm3uK8*fW+S=gIq812c+?Li&G%C$ZptG+X`uj zYS{zfZIF0^WG{pRkcOy{eIPHD{UB@Q0NCpw4Y3PrODT3k8d!f0f!rg9L0*mZrXdc> z40wZ(hNzdr5xxV`z+ZeAiEsm?A?}o;5xxu35O-rmD#bmJc)sL#gztki@Gsm=MEC(n zLp&%aBm755Lp&s>Ap9_-fnS|WgM3tGLp~{ILOvyD!}~NOow|#mJp;N8l?l_ z=O7JnL^=^}f;7bQG9Td=APw=NT!8RPkcK!a3lM%8(!iI43n5>Xi(z>U5>KUEitu}o zhIn6|h42TEhWJ<(LjF^(fNYj4A;a=q$bZRIkjLd}$QD_Q_@6-HiIZ-~Ut|g7uhI+q zX-GpD#yW&ekcKcDr3hOf4PiAlAe;bch%UxPgp(n$J7ZKJoC1j_(YO%dZjg8q4L`y? zAPv#is6x0Oq#^nnTM!-qX^4SFHRK@UBFMqUcE};dC6Ggn8pIg}iRaO%MR**fA;ud! z5uN~vXVch?@FYk)LB{0>J0S4{8CN3ggv1kM>_Ipm63>Nk4Z=$x@mv_!L6#YNAvYQ~ zLY5mhLsl5KLT)nlLtbdy2I(^nLi&w*$V%f7guK@{3VEOL3gq*~tB@}kuS33R{2lTG<1NTz#@mn|8t+1W zWV{dgv2hIYQ{y9)>N806=f*z~J^^Wn&y6s`UqBk-OXE1gUqPauH$Fl58%Xr?#%BnB z2Z@$roPa!Sd;ytg`U*11^bKSe(|3@`rjw8oTX(VK_c{F62c`RhQc|2r> zc_L({d9s1=0utkec?!ZKAb2%x=j4m`fl}n!S+Uo7X}9*IWwugLwnwujY-Ar_B|R z(sCiBVevznELD(Z%N9tBr5e&|xd^hWWjkbd%O#M#EH#k5Ewzw+EIT1bS$0E?wOkH4 z&T=K>M9Ut?EXy^JQ!Lj(PPOcXoMyQZa=PVa$QhPfA!l0lL*`m;gLGOBLe96;Ll#&L zL7r*36LO*DZpcNJdm)!u?uR_f@*w1L%R`WbmOnwBZFvOpT+3sS=UEBIF*+QOJFkS0EpEPsc5%JLTE z)0Ve!rw&6J;tk8Ykbk$l5Ba9$801@)k0AeH`6uMtmN4WymgA7`T0Vh%&+-}M`<4@s zA6UMCJZAX{@Fe&XoRnT zG{h~|v5@<$;~|6AiI5LjCqq7LodWqM>omweTeA`W5lGaAbtb|eLSnSC&PMnXNVL6# zxsWLd^C0^sI3NcnI3d#$@*zhhEP$MxPym^gun=-?!eYpRgr$%R6V8G>C!rAX+=La7 z=OwI!JU`)F$khp}ATLN*4Y@I)7-uYp#8{BvMtBpXP4t(Acsr0|6pAy&OXfn%vO|_a zu~poWa8*K3{FYRR`MT(`1)suZb}1Bhi8YY-iEAMr5D!ECRZK{p2stTvGGtbA0p!%= zg^<&eXF|?Mo((xGc`oFfJmm0%n2#Ku6lWm(q&O4dr^F(J zpAt(Dep)O;_-U~m;lrW`;ltu=gr5=TApDFt58+1fhvb!zWy$A4`jSf^E0b44ZcZ-7 z+Td!$d|q6On12)hM)+^ybA(?NUn2af_!{BY#J32)CjNu)>*9NaUl%_h{D$}m;Wxx7 zg#V7elQ|LcH-z8BU(1{bX>^^8m4+GNw}chpf8Z}?PK4}&@Z0$NnG+#X5q?K>NBAAl z6XAD7Z-n0!eG&erI0xZ>it`XYE;b>2T=)=f5tRtHh|LIpBDNy@iP(nlr{ZFSKNUL= z{!9cA{!Cno@Ck7l!Y9NP2!A22MfeMGJ;Gm#8xa0d+=TE~;ueIz68jMTS{y+5YjHcm z--sZ>--tU9{#G;~{H?eP;qSyf2!AK;L-;@90fhe}{)q5N@i4+C#h(%WQ9Ot6kD>|T zpTr9Y|0G^Q_-FAl!as|@A^eMY58+?L2MGTvK1BFe@iD?ej!IbxIVR;?$Vn+!g3GLw z)sRzDiXo?`U;{wTNGZhXXjaNZ$T=yKu{z2_*d*s8Y?fyrY?fytY?X@;w#p?4C&*<8 zC&=XpcafJO+(p(Q+*MwMa94RX!m08mgj3}$2zQr3guBZ-5bhxx5bh!GLb#W_58+<& z0fc+YKO)>)K8$c5`DcXt$VURpL_=4{xXDcfB78317s7z1LO+`+hl6$7Rc_Y zg(6K3Of43pWl`!x$g@)?!R!7@Qs!ZJZ_PMrd|HFX-~w$yCM zi&JMp?ns>t8AzQAd1>lA$huSq}*)6px`Vcpgvi2jX97%fI37490qA zI@Txiv647fu9sV6Kwd7dmAB%J-Tm@Wd04(6Uy~ooPvlqf2l<<{8r_WkMw&6km}1N^ z@{J|NO2cK88b0G9qt3X=xXbv$SZO+Fdd&2i>1|WG`3CdD<|F2#=J(A5E$NmSmVC=L z%YI9vELc#gqDeYC^Y#-Ntp#?|x_Zqut->p4B6-$D$s=9{2RPw&%Zk ze$n&io{7Es_Zr=6cCVaXclLU!*S~sw(JRpVn%Y$S&cIaz?;H5HfhPw3 zXW*PcO@r;bI_%|P?+^QBSQnekHqn-E^V#mU zePH{>wlu9WZCBbuY5z?tPWPqnPQNStujy~3|1156^idfLG8SeOWvtG)B;&G-2QzkL z?#{e6^VZBeGVjlPG;_=F!0^k5Uq5{R@P^?(4$m9m9r54@^T?EuBS-p1UNrK$kpo8+ zjJj~trK66GDjL0h^o65;9&H`dYs?E{MvlE@?CWFS9sBXvPsV;fcG$SAarSYW#$7sY z@3@5VspI>MKXd$9#8nf2nz(M#j!92V z`gYRKlZ?sMtlnAaSL)70)$`%a%U{l)2TOrM@TFMECV&DpnS z-RGK{GRFj-NSbR%q6+JVorI^-kdS>w%d2vud&}{f7vb_m5%L>eU7IbO^#O`Esn1o6LV+eraA{X zGo0oCIz#O6(SP(6%{u3!OY#0t=~`UioIa02T+$PxH^Xm zobxK%Y>{{w_mhpZ$ayYs{=Hu$UYqStdm=V71@PYm&hPBR$FY0)R~%1ZSMo_5PvL8Y zr*Ry{@eGbKiHjLCZ?CND=Pj3Wv^hV;T9*y0+so2Y#Azs3F3P*9gjA#E99DlR4v13T82@y3_VU6Mok|^ zOCLr_A4W$XMnxZX1~+40a5HuVH)CYniV?9IBVjdm1Gixm+=kI_8}F{c#MyF%Ua}gK!MSF$Bj@9K+;3j7tYFDjmRX;sKF? zBNNAP93yay#4!rTXzUq|!7&!!UyQ?^;dtx=PQd=(L>a=U@g7Et_c2O*fYIR?MumT4 z|L_!c4^Lt5@Dz3qPhoU8g;C)YMuSt>F+7ctAW`PXB=pot(vHJ{BNvAg2mTR3)c}Wz zEY;Q~F|(L6m~)spOgl4|xlGZF-R^(iO&PjGE+!iI@`3$_nD;RsWIoD#jQJk(1LlW{ zX0#b9Uw^b2T~52yJYOEYN#cn+Uw(H5JvlC!Q%>hCXa6Q9{;^GUeOsB^m=`m5Fayj> znO87xWj@V(hIy3v3iBV#cbM-nKVW{yY+-)NoMZ5HF>{&onP)H;F_$pUW}eTyfH~Kq z^BZd=_7~$7@eZE#X{=`}n#F9^=P|cfGc8n))gax^YU}^HkbV*C7eS{!=_2d2RI+bp z`*yZ(hux&?Z+0X9CG5Y1{g<%+66>4Ys2{t;db~TutKoPx9IuAs)o{ET#G``MSV#7x z__Z9rmgCoQ{92A*%kgUw->TxT=|$;wa=M+IZYQVP$?0}-x}BVEr*#ee8CIn0*_+be z$n|tHb9I8Q?_#E#S;Dj=YX9ye&C8ibn9nm`WWK_Do%wg>+g)^ff4d8{cYNEx`n#;Z z&-(k&_lmcS8*%IvVdGX|Hr)trwcccURJ52r5kt*G0_Fil5hGvWueKOYB7yUU2SrvzL2ys)oUupu`RWa zX;*5#>H5?$)POwElgi+>YK6Jl%A24@M=cD`fkP;>*y|iSOt-{~$DB_17)RpRlEh!fZcp4dZhPXh<8~(=A9rKo;PH1R z7LR`{@o^lVkKdg*e!}j=nG;@2Ja@uliFZy2C;o`TGcla#!*S!p8xtRyxZ3mzj(2e! zpD2@tnpc}Flb%ajJ!x3dt&?5=rzIs%KAn(*V=InbI3{JCPFR$6R#G{5fQ~7r6UI)h zM*BFOaQ4)0iTB|65yygQx5&|!E0Zpqb~@oP953T|3rBcbx5S~-yCu$;er3|F(~l;- zkK^?8rPi+5C(Y+)A4|G0`^uyTa5UpMk!?=QpJ7gXw3|8cwHa3?88fd;nvP?~%+m?C zfluIgd#1(IGV`SQTO7a6oZTg3*6c15XI+`(nYBA{5BT`3%aT@FUrhXD){BYXL7y=D z%A{-@t8x4V$4fXq#qs^@7Zbb8nU*wVPH~sjIIf;^Sniwia?+#Ss*@hc8Dsrh&KF&V znqN%(H0Q;{+4D{$+%xaR#Gi5Ww7-}*7Dt|aX7Vleg5~g%2bc3Tb`7uXv zmv_8uAGwM;=EG-rZRW6v&`-HYwJp1X{9%3 zU2(ArEUWOBQgP3AmsNTF7jr`7K1Jo;{`@GdueC^Y9vw-Qcruk3Whn9b`Fg0Z%Bl*h zLMZIYDNbD*s+_I<$yt=%;qf>sD}AMFs!&8qudFJ)3KjU2Jx>6yh z&xig9$uixpgkg#0?=2LX+ z#1M^2i2H*oit5}Ziz2w%cQZxRo4nMyz(MtgegmQQwH>c>L8N#O$dZckB~@i*QO^hE z8}lUa$!5^GqS_0YXQ0+P);QU#l)b1zKlW`E<{~FfFgc4to!8y;-*?Y|dwx}U2|!i1 zw7jgk(0gH(x4gs)Q-QjzMQ;BF-Tq)ArEN@UH7|3oqXepa6n3vEBb_RRg9Vhz?Tcvq zfaquiDqTAhZsOX~b?7xbPB#jpa*2&qkbhy7yOQ&4OG1ToY{38+<7vI1X!pv}%Jupz zWvW;De~Q%c9E;uMRqnFoUca}pHNCDL>h_}Q0#P>MVIz}@7^N@8c&SQ2qcBA{tIAtN zR98+<8WmNgilnAuL`86yL21n<(v4FDpU+*rtfGSat#^8pyBuo%)=fT)k>~-S6tpIW z61kJnwgT0cJIhM(h|PD?Kvu1u2(M37Bi}Z4707{}D4lOxFHL8O6rr6}T_s)6VsGX8 z3J+&XxzNO>wN^WN3*ppFV>8OcT^OB&8b=xCD!S!)eX#xht&SU|^+qf2nf{7$G&DU@ zsgv;FTS3{kYsjb?n9ygh$GDD=x&?*absJGiic4KNF;W+-N7_T4cTLs0vrD~O5NCn6 zLZwD95*woMrNXOPsr!|B&E)oI94%-M*Bj_xT(YyOgoO_8vd8V`*M z>_go|#x=H7R#dvn3UM{8yQx*uL&^F^bw>&-eO~uQHu{& zUQrs|Eq1L}@$@rL;%B3}*F~+We|<$&nP<7TvdULZk8UK|CZ4u&Dm?6}1B$r4ky?)! zN-85EbibuOjMdJHs`AQ6Nh&Kh@%?PgP~BbD+|<)>n1(gfdfU>XZ8iY2!>>z8H(L*N zS$Z(a(mi8Q6_zfptVk!4g~yBLk-G1R^bT2Kp|@Jq%QAPV53!wP6;+;mx|{i1F%O`A zt#u0Thrb}NRCP*jJUxhAQC?Ez^C5OSbL&Id&Z-`@EOE}XNi&_8s+O)*4LwVgL@WA1 z%+e2{ZmZ7qc#M`*_$t?H-GTLy4_%YniSr_$t@OB3J@Dh2#gA(iKb}!p(Q}Z6hm>Ns zJ*3duDmrQnH+f2jncI{pq6oJ5PmNk~!Mhf>+~ZtMHxgQFo1qT0qN=jM)4{R0?ZHCy z)&~n=4;FkCe)Z5mQx6fR#S#$rDDueb6O~o0TZz6310hFpmy}d(tir&I6_bv#(Y-Z# zv_^aPVNJqLZo8_;t*sJTp3hy{wgiTOW>!;lbDI*~+@?gD+Z5fiPT`()ioT&!1l=Y| z&$kKw%~0t%jyJQ-nkw=zL&m0K!&8;US8;AU~Ejy*WyQ6)^(l`vIb?o@r5 zQ`Kcs48F{%xJ;-q6V1qI)iw-FixaDzm#T_as;%}cq{=V%B^m^Dp#ExV`S^5&Ga}G7hApYVnydc?P)S1wY$(M(?t<%QMCq5 z&j!4nw)!Dsg-3PX2%@pZEE>^O!xLRUP+RM;s3I2~ov)f&d}Qv~S~f(CX+6i)ojva2+abvQZ?RdhXos&Qqyz8TZi%|MdQnqRgk z%5H07+@`3d!5VWxG50H8q}Hn;Crw?V$_`V~^L@4x@W0dbOqne>+NGpow z&k#j3I^I0$Z&1G;JPp_kDJai%muy()qaMDsEJ*WzUkxHHbNl>lqc{vvcVD-p=qzy` z+TVg1`YQgP&Ng{woHDiMPTtlg>Q@sZ=YF`B~ zv=&1(ulAK4oqNYSi==T!Y}gl9c&f_0Ibvb1Sl|@-<(nPYUhq|HtzM+GB^6Q18JLlE zQ2kMQB;|_elv-&`*{150(0Kx|Xuh6$Z{37>U@kQoHx0LHA+;P%EF6llf{gFV^?eAgo34!v#N9Q>}W-y($xH^y$S1Utlae+ieu5TpuHtuEgDo7dd+}; z_d!jZi;Kk~_r^6IxALjH3d%jDTID?243xG_TT!^6V)NOhzICPLoPbW_@Ux;a^F~{! zODrr|@7?HDH5R3=Lj|hr99St;l)EF9p%-`)D5ff)3Q%pgS|UTGGW-Dx)5xPp+aAh@ zhN(A>BAOzWql#+DqeA}T{EeF`tJ`{S;fb796|JCRiyMzoi7H5ee_7QUYy?LN+O~%G zPgp>ElW?_;KDfg%qq_1IRpfK;Bd9-9j|t6>qK2II4^m98CH{{`T6A1~E-iPi$7wsvNDIh4}qvKXSEtiBE4aD*RN>6LgSsZ0j0C+mp>c)z!CNCoLSK_f0!oyN-w9 zq@rvyr;prSR`amcq_@)95E+%l{IV+l`qmS5TA?~dYp$IR-nc(}o}!AV9-i-Uv<0_M zt#EbD#c0`4YTFE4rR+Fart6Qf#oQ8|bDSIBeySj%hgGccTBiqe7S&1XS3;^J(Q{D| zGmDG5kG!T5QTxuK-Oj9PLb`}c%Xx%GI7=XN1uh(cv!b#Rw>Zzc)?HOr+1{Z#;CPN= zELx+oqznqH*7!?&rD{hDXDRl#*C|Sox7=Nh)wIAuMF+@=UIfhmR`k@ZVREQ#4cIBn zx1Y6h7W>;9^e#!8jSAk;mS3{IqNA<2L~ZT1C2T8Dn{AUSV4Gg-)6-Ed3~nVt85w(Y80q$8V(SOY+GS=3~d31GM|dz!JptN@fNII;>Cp4 z!_Vg#6&Ri)CUl#qIP8mJEz)XK1#$Zet4d0A!u8P#U(5374KM0b)G4Bx06qIFd}aCN zB^7jXyeLsr;~tv%g0hM=*d#_E9O`lAu7Ma%S4Xj$ndZyDa&;p_?2ju8eEo(?&7FzT3*leSC8onOR9EwTU?sPgRK)9H%5W!{b0-l=Y%B*v^`N8a8= zBA5C*S|}d2j&i+v{|J?WZ5KRat!mr4Xt{SSx{URD9V+loJZ#{g!;fKCEo#s|;P&Ar z_#>g>^_Yp%I!maKUj=ncg}fyR#nQT<$TbMw6I8ZvOdEMnX6EGFi zAEqGx|DSoaORHYvttj`q*LtI~)D5ET6r|%tOq&7Eew$Jn6?Ru*A+m|8LB0M3ag7yQ z3f8vYa#V|NIQc~C6{UW8$WJPK^Gmlv>e_7k41qcZnyVMAE60Xj>&`T8fJc4z5*;&g zC)74pv?DUS;bjEfMvqwH-LjwxoTFDeSvebui>Wc=*32*UmchaAOJW^So71t*n4Rj_ zC@MXjHqJ>qTNuX4C9;Z(b+upk#roA^t98v6>uup^^#=6?ACu7}IMp|6PdQ@q=ow{jtrgNxU71X@8NK zPOPWH3?w#!o&xcM6)$g^U&JQEWFgjwUZ8ab5bH%(-r4vWFLL{#FJ25Di{iQB4t((< zb{y{F#py88#YWNNO{_h-SB&*8EG>^yhw7y;Zv|D)r!Aq_l=>xotbMr`U;p95!I<_z zpMd!{#dXm{CQgciwb&%XJ2>oMmtsN~n`Ob;73CZMk0`X=wYd~;PH3sEK52|8nG-X- z*v#{NKKi;co(si_lOVDojuX;nk=R2kswgNgDXWSXc~M3Ay3)${F05MOdmLq*c^2c{ zSLaUm*57gRd%c)iq5BnEE0J1^@5O_RRQSX%zMG~n_$DB}Q}tqT&PeaLV#~n`Q4D`- z7>^%G4J`RpbU$Kqpw7B8pZZK7rbZ&y9^YGtEmB&L(ia9XNmVz^yDVx^+IcjdD94Ww z<)jH`?1}Vr5+zk%0L1#2ySH@ijC$uCn-YtA+}T*W+HHw7<3#i+O=n*94MQi+s12>y zd|R7XCy8mZBR17?e7X_OPE+u5?_zgl$@4IY|wrKVD2(f9~rh~D*!Y!qh+q}Lqd?ngR{tLYLuDrau6R$dZY_=;F zcH&rwHtg=iHy_Jpd{|9y0Ah2@^|`l|mUZI9b|yaGifYXIGh8&7QjdE0uxVAc29xL5 ze3$x4u>i(*(J@c(io(2#Jf8l=@jCK5^O0pGBw zIdW_k9H-MfqGo;!oKRVvbZi95U{kS?~`KFQB_4s5$kRJ z9<#%1^4OSBw}!gg*a(<9twYBh&qW{BR4=Kb@AG5RMMeqrI}VzJ#f_tu$-0nv-b%dF z#}{9CeH~% z#rWFhsIfl1ae;5^eD2?i*6z0raZf@EATNIjM0374<)D{yamMwjIDsk%13?473)?Lk2rZR$CDPvj7!`Q$IOpQZ1#BIN;k$yfJRWg z4!d}EM$0k>gOQ&94<(<0u-CAs}{F!!~g6L*(R+ZOR-P$R{ ziB{;>Pe!#WUz`ZbDzLp7$4+kw;+W}^`>Hs0nwskuez6yU7d-T1tXRhaZyaNRUq2JA z8~)gNj!jzR_F+>o*1lAIqaACf&j|I1+F1-;p^?EC9qFRdjiqtUpeLD~IQd5YZk$|v zJNCN~I1}|XaVO{Dmu|7wsT*3X9c=_#hp~3P-dIQEy-TMN)B~))c#i29X(KK+OEvk6 z@6xlo_`cT3TYPux#%k;dqo>*N6QAkEk2~VKFgf4iu8!|(Es~l$d*fbh)Z{vTgd!}R zW6Mla%vkG+h4Jm`{Cc6%NrbkwNc;$@2I9MP4aE2HHe+l_@x#)%bpb8MZP< zc2|{BydjcXyCu5X2UTAZ#4%$utMV?Vol;c{y*a8Pb1-rS>{;U{t!%_7qP9NOuffpA zqh{HIk)sojezzCNjwTnJL_6C5UY1?-6(9#A3Gw*hMIknaTYqoL5m2TAj~)-%g0gh5 zVEigZJob}@IIQ6}ru2?fePh5Te&Sg3=`RUbYhNCM)lh= zfiL9!mDtB{`|u{dViSF_vJw+R*g4=wv6tcHDZZoEH;s3$xm`sx^&w*+?OWq@EB)MY zsc+?aeA25;`eiX*zywpnml5hG^VYKOYbiO((k>ITKS@HljcT%mv5 z+m^aSReqaJMNzFu6ygIGFMn27fEU8FT4t5nU}*^!<6aE6uoiE^udeA)r`tsa%B91O zy#7|F{VqMn>##A;F*{l*Pu&t#1P=21;;2;>zQK#Eup-g%7QBP0<2z}-FnUDr@le~3 z!|_o?oS%$~==Z~8n3HQ);*)oQp2t4=l2$k-NXP_1TlTVr05(3dH3qtXizd=rO` zW4#KZP_1EAA(6Kx!rK}u&~N1Ycngoj6pI>Ll~$MFlfzbpx{fH--{zrI^x8%DsT7!# zv!yulDTMN<@kNF5yd@Mvf5Rh+H%3nTJ8x)2rP`Y(!b))s42}v7xs$ zg1!z=0V-RjRY5; zpqo_0?Qhq7BUU{is9#D7o{&deY7B1ev2_%EUbWW~i5B@FtX1F0Wu&WL?#36m0z(}K z)E6}cuTyvUX=&8Az5H7$>e5@k_l^F1#z|jd2|OFE zAJnj=L^&{lC@9~I{y^kg5-Ju`$o{g{L zRVNC}Xku)-lR}Un}DNsV|NB*Tqo=Od$D3@~uBo zR_AN8s|ingr}}a~y3fLwJFUNlN40Em>)*|bg2;EjDo^a%seea9DY)kUkGA&#lKZ&w z`+D}@>@Ki_odH1*$6auFB27{zKvJSkluYUf0uYH4KtKd2=^QG{1$F`K5sL-)4+-dw zm6_R9ozEqe$ugBt2`?qtRQXh)W63#{tyotjJI4x@;w6?NB~o&7NiMoVouw+ON~)Zy zq&T1Nd)>cZ|7Ledoa#(sXS!eifBpLPd#_*j99qN)d=AHx%PENPx58nZPNrPD7ituf zVK+iFr*i6zQMW$gpu2F1`##|#i&`ZF7=WJG2zCS1Xk6Qsz`D?NWY%IITUd5EB9dbS zXWZ1XW&G6Q>Ox{~1~?<(vI1ev7^C#^8z5eHG6QU z1TV|BWrb5OghB&|^MD`h(g|{CZkD@D<}YkHW-eVa99`B)&6)EC(|A9KU}BN8DNxi^ zYIHMk)lgGz#X6tXQwSeTOx0y`-WqeZF)rK))k32#PA1_!OW^Iz1JomHo@ zBJ&(PTOMcgf`KbkR-Q#(iN#IY(#&x^ZZdWfuG%Z{OTGhn;`BwW3w71c$6Zd+J(IZr zr}WDXF-iNZNe(zn%yH>?F2YrsO*%6A6Nna2by>!;esu2iNx7V^MELZwx1q8+T(@>D zfZPoSwV)CoT{(jVZO-DHu6ZC*!KuYXZJR}2Xkcl@Vw$=#rg}hu*tI0iO0Lb|bfL^N zyt60Q2UY-mqE{?h0ZPYW}sOF7lYDl z3abA&=ouJpaaye&G1qtH=Xe40YV#w-T0rnj};<$iLUyA<5 z&Q3Yj)=han=a$dRT$-b@LS7aJiqdfpgEcmlG=eOf+K*d(q*W~bF|#}AzeNt?c(GSp zk$0yHi_1cjMaA}<&=fc}^Tb@dZe$6@#x0aIM5*f)fJ@2-(wroYR~D~84xV3JT;}Nt z-wP~L!4WOyo2&Yw+8~|_Z2r)*^^ThZ^O|wj+YL5@%wmDmLDHWvfXZhMB4N377Qw}Q zb)l>>n)!=TGEW!#blMy2_SQydYPMcCQ7lc3-Zp{(wx1q zV*w!}>x;p95N0qPr^37qxhLn(agwE&a+a~_5rk?Hd@9QQvmcV=$>sX57Po+p#F3s_=&1>ivpLTN`V2w8h}kwaUi}gdq7A0=(#9mDsT}~9c;rz9Qg!Uw}=|$0V^SfrqW-_aL*t! z7cR8FEZr}Z78Qz@dGFZ=G$-*6ZmD0StBq2q96A>y)F?L~kQis2_3BfPx@O^?7gC%N zlwK40gDIBw(Wjr5Ck5j*SvKD3Q6s*Y1snYtmYUqm&Z#+>fe#jEx#3J11P7%^DN@T~ zhjFrBTzUYHep9Jz{|#s5(&ItlFQP@H;lSfb?)Iozf8zG)kYn?gi-29E_1L{1xNBPC z2fba9jO#&7n>))HJCN6$<7eig2^~R9>2P|wMy#;7Bv6QvEK_`jDk<4RmEkZx8?#(b zDhoypYbo7R%94!D`OaA8e^k;gZXFUXWR@vYiqNBaNU4aS2(B_nJ%DDa)ACW&^wmlZ zd(i5fYRpQ-2jWUd&kU6bNrXN%zmnG=Y(<&FMB=;vy0y(jl(2e|c*q5H3Q;$cv&t;u z>4mvdkuph5I(I8!$O7^n%W@q*EfqG099o=P#ukhc!vjr6&X$G!%ok6sg*iRjQYNq; z_^ptc3nlQ_%$3t~GAWdxXkk908$;EU0~anVK3xT|lu-i-X@;tQ6?ZoszY-uZ#&r}JHQik-$ z99$95=;5+mz*@`-7M5u1_oi9QLULHwnlTSHjAZ#1d9Eg|+YEl`*(>rA+XP+dzX`^mvrf%q)0N+gz3>-q3Rh)@To?Be}X3I7JfW=JQEaP2ziR@sE=EDp{wW(rb>$I`#~NQK%f)qs_vCHZ|tH9-;2b9zM7wSR3fc%!&J23GtRpcqt*+&08N|v_9Hj->o{%_~?Q~qN zGAMod6EO#uj-KT;7JFi4?(*@oHdMboc$CgU;0Kp3oHe0(BXrv9$TJEnhtYF&$`HSz zehN&CF(5&mLs4B6Vvyu%!P-2|L*E|TWG3>$Jm~0|@X#q*Nj;SBy z;n7q!V{5#4yQoL##l;Z+S5wd%estyRJua48I>^LvqY6M@h_77PBYUYPP7za)BE(BI z2yC(tA2`SE8R2@g!SlMRqmE=EvIU(-;GlgDDmH_*8KxD7>4xbGd`NeZ6#~LPear%) zNl9q&LWvP`9`|(5s~srbFEO$-rN6XBYp&EV?OhvmMSYQA7sd=NKg?b$3HAaZ=Kb2!6b zx~*doyE$VaRI-)x*;O3_a%LZ267@VxV16OTfVp#ExTsf04IFRTcsbQ=q4J82MYCHq z7SDYB0*YO#YH8l4oYiN!c;6yUv>>Mz_33LwA)`12gs`|?6kYPAqo6&PV3J!Ai|>#r zaaA9B0|piz7WsPsbI}w2Ds;N5gXPK&qiL3{2vIxp0x$AtW;Uj->c=YBwtH^>Sa+{J zw@g^Ga5cL*6nJnMC!iv#h6@`~0d=OfRK%U3mhm&GwzDZv*lZ+0ffH%27Bp64uYv^g zhX&`i?MIT|Iz`)$r=Gr`I@MELU3kF+1kdUzy(gl*KUp;mq-;7?_WbE72ZNXZWT6Ag z_O+sXZhYb$jb&_bm4|#kIJ4mq@q&kARj`LlORlcPgOSJ>R0d6EA$R1-5^U={$!iZ~ zouWJ5&B#FyB950Ctc;AJvpi(e3$KEv&y>XwOyKR9uoxf~A!7}OpJ)(e2P~Xn66naq zS&2I-Dzv6MW`UQp?XnprEI)cj*DPOXOM0k#MHaEbR#iZt{+=h8ilpqNr2?id0jmh{}$45{Q&QcZg zdRR9`gwae;$c}ZwbbQA<%Ne;}glPMzLXrp&GpH*%erBJ`AoiOWju&TQF-^L*kfknR zN?fr0!UAyqg-9@A=E6BpuyTF@DQlh&d!+0n&(+}8G`qMU3%z}-7D=*rkzxdy=U4~Z zk^#;-^!Q2c5w4s?JC&2z{K6{VGnegK?n2g$;;tlnt36+I{G!3(Ok#M%(3D~*D*8RE zNzt^7tSEl07g6KR(xe~WM*w^e^-71{`+;{)8#$y~mk!QeT?(1Qm{_@IC>}Ws z@-EQWB|4XCfp0aO{yTidQsZk((tGe{;!Uun#ZT~!BVe$T6Wt{Zm-WiLg{ILikDv9h z4Zb`{sop=$&sBO-47u#}b{SP-`k_VXkT%EhIzohK>-Rk<#MK*Qg7Fm_kDsN?rJ!n# zdS|4V;$EwZP~|;WOW(|zi+G@4{E(mqtwO3Y<8m|_J#;cyq^Jx6ZnGE~LKb^euTf`l z^%Z%^OrOqcix^5x3 zzqMj#KIk!L&KLVP&qrbHE~CX`T^VRG9ZYTXPJRU6MHrMfgxHwHgoHz@G3gX*vowu! zjF!hpD{dhl(eKDfq4FwKNuHc&W#&Q!s&^hMfHPT@X;bw_^Wsl}C15gXB;hBUGdnon zUrk6R8A#l8N!5dNLb(Ck(;zTz7npM&BxwG;2 z$O1oll>8}tWtS^AOM$3XIb|zyPGg$NqR~jjw!=PKffql0=f`)F%(HYPSE&b8V7YL! zoB*?!m&0m?2X@gXD>sh^K?#y1T*k=2)e7n7MVSrf>EQ^n1aHYnhv#U_*1$oSAcwve zHl%=U)}4t1Z}ViDxG_W)^AeG;1EbKMr8YGANwTncFCw|$Q~~rW-bK_#?qZ2;b#CNY_w`WOT zxN>}T<@i~1125BDaoQ}Q^t&!|duPk|fph0ziL8zc6dThaNePY9RiLL#kpZrZnT%RS z-S|<)u}hVaG^`RLs)?8^fpf{{L>9#2eA0;d_{r?V(jdjzah_n7fOzT>jTu7N154!h_?&tU_8pGfODD=@n)qloPa}hUm*=;p`O1;sq8(g4$LMS_+aD zt!y9$LB8kU)`AOVQ0qfhVuKeliN)XmY_gn|F2>Y&dSi+6>gC^_TUrb&i(IXmo4aIU zBVrtP6T=2^x<{1lQ z4iRxFc+XM&WY6(~HJd^+QOCGj;^5XX&WT+SrasPp=a#5mzws97GI?yvDCF2?GWBRu zj3lixM%DWm6qiKOjQ-lu*qlnG_uhH6)E`w&38q^~A)_NQ`-{Y4wAgoJTqdj-JnsdT z{LA=$ybl+S_?l#Nc0UeQopt$B+ybUlQq#ieR7EZlbWDgHi{ zUCK$mXbI*^CB-6!nfV0Cf9I-d9^+cm%JlT<*hS>JS%i_fS)}?ibLUw9Ul5~5@J4CdOLra9EBloa~+ZIHaM0E@w z_8N@nq{x`D&-@xvtEZl_|-B{yVYJ@`Ns+UuF=OwbiJg?ODj}Pb+~= zYoW4~{2b_^xeM(46}=*XTs64{NK&y=o_yz^nlsM-orK*5i~e!; zfFZ?&cjg_0aET1EgE7;vE)&LxQ|r91PRnMd6Bwe5Ont503$;Q zE%=vdt0eW#hj?2`L+>afG@0NtPkXzG58HX|Qm`YAC9IF?Q(|#OMEv5xEFQ*y(?CrH4A!R_`dXF~xCEOT3apg$i_~7lP?QzLkDr3%CBTFj5 z;sqOk;vgG<)63~~EaUhl@>v@mN}Q@1!)C4pVS6X2T`ofD0;MuV(Wz88 zi=UsV{^SLQ)ZU-G5OHhQj~6XfTjl1Z06xcAj<;$rX4|}}zj__~um)ZHtC!2fa*>b= zQ&&+}LM#36Y1j_JvyRw;wmGsNunuSaHUf)Es__1~)jDn;jBZp&)tP4`l zNu<_KC?UJeEL*g6G$@`}3wngnf2OR2si?$jURvW)wtr{CF0U~yCj!YqDxJrD!_6UQ zOzO=c*;4|`=2nBf2Wx|O`;>kZ_SihUWmoM-c$rYw>RGp03g=IoK&ASXdr+1=ipLqmt~+IM z>1Px-BU#}OnYvVYr$xYs{j#S~D$6Rg8S$TvvFl5QRMSnetHn+V8=)#JeR(-tuusL! zRaYp~wZ>wdB@6KWgAynf&mrlazp}sQdW+AfV>@#@iQwX5$}$^lerJVoW@*dv?J!@b z!ml~?CIdVOKQ+?KVCp>+IM?%2$6+S9KKr`ibP2yHMwTQM{B%&P?G;1w3Uxer92eL# z=RGKX<{=K1_2ac-1|E=5>ml`_@-Ct+!YafLqa7(GmU_2hu*b`Hxnd`XdDIB%b&R?4 z8Y551gzk0Aa2ycv5I#gWmgr zyQimD&d(Qwnr&E^<+!lJ;n9_4(#!p(0v0Y$&7XM!8pHg~mjJ8@LejrIG|ln=5P5pf zrorJx;rrsn^SCO><6<0{pMs$*PtP1_mhD2Kd3AWbQ9}#G4;b4@#^J~ zSsM&S0UpW>7zFesekm)ICBee&txP$7cp#G?ilwyG!1rf4Onu5ENd%}Y)oRtH%?#GF ze6ti+gEN3C&!VK`Z{S*Z2DV0Y;^B6ji;4<;+LR~$vFl&W%( z91}>_AX50yyqyN)XOJM~N^;&z(8$NS3FHSQaeXFsnxgTzBSkBA(})o_8#-r>#zBU6 zK7rG!_U(opGFb(MgJ}5!=dME7<#lHwwoRI47`Ni`37iwj6ji3ft}8#1l4Y5eUA}rB zJ4*$%)tH^zWgro?3m&HPXDOQh%~KLJ^p>y}d3aIX7(>tdz+t)iUa(x_E@4~daLv?{ zbc_-T!OAaXiZ#vWKc2?Im|qb#SL_8_lZIHWT&!o4xv;o8YnwDQ#32vw4`UvaoMAxk zn7>QR*28J~vKG22N~Mt+6aWWt(PT*El7WOOd%PI$uF}=mA!dt9j>HZ+uXm0e6{c|Y z%0#YnRes(yh)G8H=9~W2|H2ys_|MT25gGoGr5-k@z`3YewMs4raXc5bHCS&HThR!ks(B zNMzhGcGj+(`DrJY1l;fh;mFp{8Fh@Ob6H3up3sU&VxnzVU=2QQPg2WG9=|-Fet)If zuJr1%-$aiP`XB-FBQ_FA^}chiJ(48#{~013oWb(#3FKUul3K<&2;)*A9>vxQ4$ z+&mZ~#B`t-o;Jt5q|aa&=@T`rf!jKb&!U_4q&b(v8$Mi#xUM=&GlQp?#D_t{;x z;049)%59LnUwt(8QyTcqL@&oAxm95O5ZxcbZJhB-oUlGR6OFr?F8mqeaxveY;NOrW zY`Pn7menq?cwFgmx9iQe2{;n_CMl|?=h1NMRxeCvJ>2opv*kF@oPqsST~93`+RTzn zR9N{pbh&(f+!~Ah%AnN_X9*W#59r3D7&3VlB%(N$u=-M%$ui~i_)>!CcJq=PxD!C* z_q`*&2NffK4ZQbPt4X{!mPEaV55&llZE(1TJgS4f;yD=rM-j_%z?^=@m^ID^+wrn~ z{hA*ijeNmk8gy~#j>|pZXQp|tL#`C@4YWldLu@f`#=hHYfl`jxNQyFE zYc$2}kT6Bu=#*l`y$bQPSWOZSZD-Xe^&{)1Ar)=}u)d15flbp~5L3RMn(PK+N-Iwi zqr4VzBa>?WIzcJwZ+zd&dsCqS2brMl!J-eCJ}?DuQY0e5dbf3QaRsxdT9?MRE?3DO zo2tOJE~+LgS!3}W?v&5PN`5QEPL!gFR+iY)jU!A~7yG zgrkexS2P|}u#6P1a8mOdW8K@catAKXCO0yk_VUulaqThBlms|mn)~#4y61XYqc|e7 znnYfG9a%P$^^uDYm>J1nZc(zJupl#x5rzdG)H%`og6xEX!(8*I@^j+=;*#0MhR!d` zI9d6h}Hez(S2h!?O^qth3wS=4W+F(u2T zIfd=o!I87>&Zc+0WhgXs&dnZQO1W%drpQVhsy(HNv&d6(vVkSjoQ0EWBzT2AXB;f; zGdT$K^MH}~8y=tF1;*n$Gyp?>@xHK?0vb1II0$YG%USl)RnkgE*)J7~B1?)EOS=H* z24F-)f@y2RPtA~%V3G7v^o%xfdi7LXYnX`{PmIJLBN2dK!qzWJmuXs*ig8WO=XlY- zd6@ZOf*1LFc+uuck8oHPv(fT924|k|&@?)q{3Sd#v$QmWf7|Tb87}H4-t`;Rg17UUO_)IS^mI+K1A|CUDDInRTQ+qlN(bm3{ zp6Q7R4{()XZpkjmibqG54bO<_dG}6oN*;e+DzCQk%EQJyN$T9B!eWuev_w3zLq(7V zYjYXnn)^H+4HG%YH=^Rux~SWhc{;O+&`WY1x`KC^n7~CsYER7@Nn79)Xfv?B)x5q> za-242x5*T<*WmSN1&>CX2duqdQ930n#VorC7w$_TaAA=#IZY4@4>Jo2Z1AYXQay9Y z3SE3UhQL^PQAJ5w?>cW+_-OjoNkwwgxTPi$Ek=qhQkk_?9yn_k`K~Bl@?@hrfu^6} zgEbKE002m@rNHO0sh(ru^ep-!!Dh=mt!;%Ca5|50$jv@2*aFHGl{}g$!?|;iO_3~p z`u#M#4|Ip7h;rcM@cHF}=8ofk?=Mu~vO$qjeeuDrvuKow^-0L7z>>?#~?9ZBpLBWW6BB_ ztiFIu8;XFf%2H%yujj>n~iUprG(^c?mRU?eXdhXeKq=GjV`Y0bQLvG z?|gUwll@`6X2K-^Gv8li;d>06=43BPu@aYnnASuxn0L!yKWJsi6Z;}GD#6RPQOg{<@hcIkDon7`emnV4;|qLHat{5h2^he`8!xzX`Zf) zFtay1@RC&*La09x=E9W_MlOb#us}HM#7#P!3yQCV)vzR3|AYKJ#NV%nu<^*+FHVK?R52BctXg;(*dmo*unJBaY%V+rMAc4F z#Uh{Y%nZn%r@eSE)*@7gxC@8b!(R947zWPifz9$ci?VdN|+i?kU=)V|ev$4S0@ z+Lpun8HKkY9Dc;=&`2DvHpAGx^hmRCA$%Z&BWb2ozuHwz^Ryv6pC`7=H;)!>9JhtAdt*zMU}|I&E@ONr{(?BXr-F!?M2E611n5%Xg)-EhMF9YK>B|-ga^|UtLM0hSSevk%PF7U zvym(`Gp7lQkX4iL%E<2P9a%|ekB~?6sQ#Q_zC=c9AtSp;`X$6kKTMt?FLyo2tuZ9> z^#u~H7Y=xkh#XU)#GVK}G!I!B$G$;E9-*$MEzSE@wifnmUX$wS#Y<@aiq57US)M`!o8fIeN z{V<4E-Yl0&dw`lv|?Pn@Fn z+6^^cVPuvP8bR2d zLenrFXC1#0?j}cK`3h+*QfjwW8oyf>+t6rj+IOWo%6*!eZ%ELDFQ22L-W?+8)8Til z#+49O6YbNd(eV`kK=8-a=UGdX7*MphQ?Aj?Ft%PU#e=6(@MReC2So zc&Y^N3^0w#d4ltuQl2bFxIfgMOt?ss^q(C43#r8;wv;6v{->PmeW|%bGvXYQ_(aD! zhfiGHr&Ft1D_m2nwXJocuu5q%C3%)CH($5C(=HOalC93EpdR%KStW0(vVBc)wdZLK zirAbT-(qt4(^jj~zBo&Dz4)kHz!CpUtEB9?)<$gyzluw$h)QBkc=ualFW>JRBe#TF z`@eD8-+C|e&C=C?&8huA1(Ixlx4hN%U9N#}?f}DgJxkJ=HhAsKu7V^UkVN%fHtjNw z$V|j0<|IO@)+T8QWcBm6aDj|6jma8J%AK(FdX6k%@OE~8kTqLBlLiWR_UwSNGmz1 zJB}>jL({mGIObwH`+EDIZAK~O!le<&o?7Ie zJV~8eE!y!ml-wynL?aMoYXX*0WDizgl4egLx}?&UXGhr!ONB{!-Aa8|rI$*d5^PMQ zD7<m8~@2qNt*c$pbbsd75-ipVx5n#*$@=MIEkq=`@>XTNG zbbn}jcbRhvrcuE6RA)3RaeXf>WTked`N{I{N?5Mcf4$3(64k}ubLt9{2Z3pqQCctU zgk5>bVsyK!WeObbSVguiM;@Awh7VC^IqEQ`9I4-7ho`4LhwD>HwU4%*Zb-R$`xw{9 zj#M_S&@z9qLiapjt4!mlwh*rWP?6GGf7n%)%Eq=kFOiM#dTkTJs9NZ0W%7er+J<&^ z=Owe2_Ebw{ZQZz$W_wzE$7b|;uu1{%c)MEQZJW}4wI1VvyJYO$Fz(%th6Aj$4I^%P z?vgWwohfI@mBNiBE@U^}=vDaA|twH#l7e`xFDw!);Bc+k?csw=7R87})-nk3Q7He+E=walq9<@z$eEd8=aYgTMmzM)#` zBfaT19&bx3yl5(oC-v?~f;VNHl_Xn8xXhGBq+aUt6jUnnR)BZQl&kYLakG^F4op?z zQ`kB0+A4=+Xw|pE0h7z|!t+9??Q&eKaHyr4-P{@OIuQOgGVUXA;Az@F9FFpLjK5RB zejC^!WRa6#_yJ2f#A#r)#3Q6h&3QOHxLNN0yEuoyLVLqy`oj+(@F_J$2Y)W{?PH9y zp|-C~KV#!|jBJtnZo4xx0PG0Dgmz^cb(gc07OITE=kpVxihPObP+V2xE(O-=J&8%a7+7|{&OP$Hmh zT&Aa@OJOWDkFbaBV~#`@>Q(I>38K|lnjrTv9?`MJQR6H{rNsHv*GlsJVOFEz6X$^se-C8yCsMF^zgb#s^5cMu7!qW> zaE&}2@Fd+?Ca_DSU%^7dsnxtNDKngUFHCG@IF$CS8PVyA9}$U)By|gCvtVzTI)&Y` z25}snm1_ROHc^nD!G-snpuL=bZ8U`E98NgK_}^SGDiqDHQWNWG=9I0a>haV@%&Xtt zk1FO}o3EZy`oV|fE?JnuZyvQaHByZutvtnKmGHy7H0RnOv_>>uH=~4`AE2-K38?Tb zE$Afu7Y4;q!#2@m98+@3?Ryr$G}WF&(m0Z>50YYd?(L+)kM?&C*q)@CO@Lm zEc@Z0R$4Ob zTl~X$zgm&)S=O}PzJ^61O(#d9v4oiNI8uaAMcW;=p4^q@Z&9w7dhaus__6m>gf?#@ zQh&qYjeT(b`VjlyDf|giPuz0mlOZe%cam;Z@72`e7C`ro*rJyA{3@dhWBG|!s6S}3 zQ>dRnsyfBmJ;71(Neewh$^qo5uJpj+_j- zd_`LQ{YY-OD2<$F%qz@h*p@=2qfyDp+DClfTULF$ zB@arPk?fniM}W6KomQNfUvJe;rb*Zkk(E4RbJBV1ZlsNF^UknhKa_g&Ac#F;szo|I z+G=<*P>Ty_3v;%t0YWbQ)Hm6SFfnIwtxJ>%7?rm|S=iZYs3!l%Q}3=0SKcpeMDG5i z4XWh5?x2_4?C9?k8yCsODf7c&EqX1PITOVaGs#`5-fG<7W#`74L%SpCE~gM*%Q;bq z%lOI_mvOfS=R3~3lC)P2Q#Jbfm4u~EZ-sKYb(^-cd=h(yp=mZ}gB`xF-w`FW@Q&UA zJxo8fW+gxQ#uxVV)|MpljVY;gc!z7ua%k+G^rG}zs@`FX>HZJ>vhpeTIm4`0k@w)NxmM@70yNgWMvtqTIo&Ew}ZI zZ(N=a=F9W&)wa+(ua#Q<*45V1OF`hKDNRT-w*Y4qwFgcYwv_qXpOK)QXBRndbnnv^ z{}C#cM~<`T10Ywz-aO5uV_)YU8k$rrR}5XikT8&|z!LNinVG$}yLQ++s3TY@yPu#Q z)yG2X$6awy8+q6@16)R)ClEcg)0S-AfXHQ~1X8cgxvz_fe?*4BbCY*FHkG{g5>r zDZ`0tB}pQ!HzBgrxm<#BU8L0VLDqr4dQC37YfCb3>EC_38uDH^pG=aXTX3{-CVuNK z7g~+7{Uq+D-uIs0%T2Ae@9NuTtjF`*PJ){W+Tu#$_zTd0Y-kb-7Kpnp=ST9!ryt!| z-`4t3S?dfm@D{aJ#*}7Nlp`fbL@a7df5drW6g_K3BV?*S5Arz8%M`SIg8O z3rwg_;o1({7}HvRfB2X=w}&0_r7Go3mzKpd#pJ@ygGRl%_j8y(6)C86!*u>DtxAfT zG#u?V+QZAaye0CO{c+!y&yPzai3)mWwPsHJ>YuP1CS4{-<9Ub{q_>I2>FHR`R>O`5 z!0K^k?j&>lNZ=ji*k{p4Y4;Le5~oW&NP3uNUkqJ!%kHAtm)MqS(cGwYpL2~ld|bNa zOi{*lH0gYz=c;Z~@>=O})im{B6F&Atz6EGbG>-k~BGMM*g5_&xKN^ec9tREP>)_Oe z-tGr0Wp7pAB3xJ&Meuwiw;vw_i*9>P`rbjbp(B)knAJ0F-^uno&5AnC{~xmSlTgnl zc)D3V&)152>YHDwtOP9a)scmFRA=Ai-9&M*=k5PfhT!r#gBFvk_SM3g@^VtWl3qi$ zq;*Y2vdp-ilKb%Wb}<>~lA%yjDH0J9+;Q8PTiJ4&tlnvqaZ64UuI#Z9+_({u$E(Zs zh7*ic%*olfEI4`J!;PLUMy0yA#nzkS=Hv8M>A3+w@qDtvuB6gV)4l}O%Mz_P>XX8J zm<4yh4kdKlp!g#&O)*;3<6Vh>rfFM?^JC-;yHkCeGVekTJ}`;C6jutp}N1C?=$C+^vs&o{`A9SUjYwdUr$)2)neX3 z@00|RS&q}R2@5l7Mi`aoDav-%R$T?IG&z0mhXV7~PEkg)>0Lx*Xu9xOA}Z9MrY#uY zHVs0DG53Vp@e=dC7F6C1IL?Afqs+tf*y$w+b_b}(DIw_w;oX1rTEZ?#`$+u5RyJu_$(`@xU& z4SlPA@lFg;Ct(6UO$#JRyO7MGB`By^sN~rLd@ClDNlG|rli|peu5fj=Y*u?-Q)vIe z)m7Bnoe$A1?G}HXUHQXbtt)=A$UC@Ts8<^J>+IgIh^eE7sVDwgG4=O;HB1RZlJ$Kl z{59gnyjOTrDl#D1=c_V@w!M?I`!;#-8dM%xdtHCfxdHMbr^G#w8&4G*!bx%{m+K;F zD+w3^Bu~b3XROq+|BE4nJ(7l(*#sres+=?_rG@LgF3G691RpZyCW+9`8q}KDn6RqN zwkj+3)=^n`Cv(a1FdO^{69JBxzk&n;ZPdLoqw8Tu(EpE+Lmmyf+$E0(6B{DiN&19@ zks0_1WB!}MgKn;DCB=&k3KyJ`)?E@0W7@HFhOQHvutPETwXhmTij)y&Zp<-e6W^f2 zeg9e1U_@oUiF-(w|2!nChKKGhLhm8;aqOd4SDKu=q^*hG)O*c_+7CC&o2rCz`JPxW zZwThEqU}{0n{ej6*NMiWL7=={zI=OVYu7O--A|6PygOV>Y0H zUQD>&& zu1h2S7uVh{*c|F~Tcb{VA<@66xoU9iZA0|nho@RO3g6A&=9uDgcoHfl?unVGfGgdq zBvr9l@gxE!v2m-8Yap8Ft-9_e0UwqbbGD_LSQ0m$*^)WOMKg8@63{|0bNRM}Fv^;% zm&nKoTMNt===*V#x+}c5SiW~*DoGF)=X>8iS7Hj4a+zH3E=n44t*(2jMyD;LOg8ITLv=8){L=9DhxYZR!zE17!$isSG~h7Va+!Y z5u!9bj4V4;Qu*AaKkO_`QOS5#yIxMqns=3uvxA7v&17NQBgAA_rTtxHSvRH#>TXIh z2CCJt;}O2oHFx484^gY=Fx(>c=NrF1_nFY?nriLbt3JA z;=I~tc<_`iw&9u(bf{|n_xbo$#mK+Jy z<+n>NTb9r5NUFh=0QYF~^K@B!)lyP(#glR^kDC9cNarc~q-7?RE3egS5mA`C$VacH z7h(?XfpgV;IG$##im%?@mUwm2lj5yjS4YX1q6eT$MIsd)PS@_J*1ix~Nm4!~Rm~w= zB#U0SA-63Eq2eafXc{0=U=+zreeLK_A$W6E|0*KH`eh}`E+xuyFX7yC>gFxLW zvuZhztC*I%$UT_t$enXlH(crP=CvKB#Y7+{sW&Zd@y>G_7)RJy?YR_yaD!m^LO*8l zf-65*jk^kQl01G@R2DxM6x?{~vpEOU8Jh0v>wqoXQSKi5O>|Vdr3J|?CnZ)(yWIXL zi26eSf*>qiP~h-nWkTEpU|}oACIVU&hS?D z#ISUu+z=$-$?mXe9orto-XmlGDJ&zhJIca{;lKU&9-*M7Mv`Uz8jO}g>GP0yqH?;;8a3N(YbCqwrI`xpAAYWy1DMwB(5ti*?R7t|EyNo$~mxed* zh6bUIxRp%mfo~mYz*=i+?u-pzWvu>++MObl#aiu8k1EHm*6#rsog(lIf#w3xXCicXD(q^uKU3=)mK_rlbSW5gg2DXNdX|8+dXTm zb2ou5IJbam>D=Rp*((H*vX|~Mfqmrb{4vR&15CiX`6sGVfV%+jy>@d<_(`qRU00F2 z2)wAqIx#?&2x0J+WO<%Xc@(fb3Ru!hDMJWvCwA;@Un?oP7nFiZ)d^s5oa-WLV<)SaI9*{# zohRwgq%Due2{dzzgao1IDjq~nlWcg6l)CcVMvJG;CK`ULj&GMw59|ua&zU^d-oVU?Xgblzm zYcZ{L)C<)ho;fk$i(;>RrWtXHQ6Yr^SQy09ER%gK}HdYkBSRBpH zA!`qg%fANXP2R>psP)krt7n1kq)h@2#C!>Vbh$pz@Zzn`YFwto2jDS%!s=d4=r7f+ zwc%}bmeUw*ezG>mY9k_YT|Hx z$0RITWriDl&Ccgroi9+Z+4&-kr-jLk5!Po~ovAwpnwaRD6u~Nw4QG(?*7~3(`tW)G z`l8bRq&6WD?9(Q55n_I{q((KD4kR;6EcETHF|jP=Z4&#|K5yAP{DoLpSW#h73EYx( z0w#u)r`h@UMIH~aihzvotg%Li`{8~Q;{Khl)Ee=N{`L-I z)$2$cNQB;hg@(0dFEobx2e_`-PsfQNXh>`vt@ll~)~=g`Z;DNRm85%x2KBJsZ{R*S zgVI=ip2-6cs4@-1E5r^=&Q(yjg$a<{m}m^uVff!^H0wwMPu5JP@eg{!S}bYE+Af(~1dRWEv8yA{a;oDBD?_@C7VwM#3YE?5Ue zhOjiv^Jv6rd|Pp4yVJAvS>m0VKreo`0q!2rzBJZ{uxGjN_1xMNnrrtmM(g4r#YX98KVlI5 zVhXecftF#%01MC%-s;{)vts+ODbMk1lKvp57$wYN^dt!xMS>HalcW-gT-%^bTCti3 z>-}H>ik%$v?j8~e`~b9#TZa$X81C18@dNGd^kUM7a(|r9(H(WITu@I%;L@vk$Vxvn zTpyx#{V&8FHOBW7OFC+-{F}zuVV6UrHMrmNmhF@_?H_ntNIPZFk6E#gS@O;vA68k7J(buP)>^w;58$xA5N<)Dg>Vp-*>?H@U{hqBU6TO>j z61ka9115pop^|*99+x3hY8QiOb$788x_eZU3e(`wDD5=R&{`DfNp5a{s5KR2S(mjm zBt4hW7K?Oz6#2OXY2C&SjWXtmzMbj}@*qM@_eR^yOrtl5WDQLrsFiwO8ntasL*f!_PRD^NK;GwnrfmaG}3zVXe*;ogP>Q^3kymyq%Ko8TlX97 z->O-Ch_RWrtlg`>ZcA5Np;(m1q0btDVVA-U+ zZy(Kak80K|M+440Ldzo~eS2$A(TD9IJ0D<760W z)VF5DNVZe3nV!{wWCC}tZ_|-Do>K0k}@9`6^meH!%a zP5i+!2&pO1w{2AYVlJWxy!NaZk$ooi{=7k))xTh2=?%@b7cKnab@l#ccb0)9!A{&* z6KLTnD$LdMM0kTU7p(-gXHiiyBl0U~8vUSb{!{}iv))zt>tMNF4j3}kBBtc^*hb>Um~SCM207?>0iev>LQ1%h(D7Hl=jBV}K@h1kG{O2)hT=$j#QsjwuutIIQB*NiYhu zx`#18{(F;sx`&A&GMVwK)w$wE0(vK*mbh)KKUC+H^VkqZyVe?t4I9lD(-wR{S-Z#d zx%Lwq#P{RkGzGP}_I(4sZX?rYtAm}=`LQkL&f{i>WB}*{X6d&AZ(4yjE&L-3{|K}| zO}83ax*w-onE0FB8TzA7@V7pojOzo+0rDkrto11Y3!6&Y0{o^u?dFz@i7j`#cyK5?_8O|62 zi?kbDN0&_&l@7eM+CLf<4}ru;H3O&Z$Sza@a=}*xOoCtEZfM@VyACCKA&eGXZRA$J zxbdHV^f9yPvJK)`xdRIf9%B5=B)6G`84HX_|D?P0S=j6Z2jKbWE9l zsBR}SV-~bQkcx8Mn`=BNPRUdt4v)GtagA`${Q^Ab{#I8?41KV}kPoXjt&M4z3DK{2 zis)M1?SuyR)VDR)uW7YkZ*`t!$EKP-EONh~#!(yoE2>H8`LY7GkeWN#vfO^Rvw!En z&cR9bZ_9zP2B_9%w*4*5UH6MSF{^dIs72jc-!<7B%+Ws<`5TdcK8c(mA?vK(1 zSLl3UNGj}bV_O(PR*_J$cFfk@S6bb#AWl(%XSbEVK4IN4%f|Yx7QWTa8y1Ybqxlna zhF1MVqlKZX`)D8RuGRf&tNSOd?j*)DRCulYJFU3XJ@PPmKAQ{81vU>I3~rx-15A2& z0_kydwAuNFm6LANT)$@wZN2-7+QEYIWtk(ouUPsaOE>*@{eBCh@xrt*9WWKx3NeuN zx4PfxGl^_?7;cJ!>7X(3agwZ}qgME6qdp`o^RIzv?~q$*6*aCT1d3w5fM5r&TfcFf z@Nj*wPu2;}kwRyYf$S~rD!-4ycm$M(n$ z-G0_4k+mhMEq+<&9+$4XkL^>KfBe?EBwc8+;GQY7fkXtILwq{L%vzyYI?Q&=#>o~u zIU$3dwl&lN=OR)UhW!){yS^0V#63Q|c+D{C5N$F{AS`Jpnh^N*Ig|K3|_hJm6b)xUn1RhN>{gJ`PEp4IYm zi3LBPU#|>rQx9U8P034mQj#6W#2C_;yntkiSI`<`0go018d)Z3Q(miOY7|Y!Ox9MJ z$)iSFzm)E`I;;u(CA`e}*e{8&zjlA3EhL_fHztOeo%Q=j5(RdDw$lbx&2nw(MineO zxNu9oKl6Vk7#RC4et&2<2@`!DH`2hbTcyB>jFVn|Y6cb0$b((9jM5y8rpPi9yhKQ`B&O+c|X0Zmir{2VYC zBcsl+B%A!4RPFUj5hLniqhiNj8?>A%9diP4Wk@N?xi%shb8SS;wJn#VGkLaftkuUK zrUH1`OU9gDvhW{S_>U;jZIka>j&;zCx_{K_zR>Ev-0FS_gAv7LQ@1R*F=%q+MDZ+U zRthEX&U(G4=& zV!T*A+BeusF^zq~;?KwLm!0o-{}`0m@f$~4sh(%O9%0I=O#!)y&>=@68%e~b@;saJ zn3stlFH7F(u2U;p-Xsjy%&wDgbwwv-oe}ZT{m=LzAYy?QkcKplvZu<6Q#tAyc2tq+ z@p`Md{w3;ebzf?ApSOwj83*`xY+Q6GelvcP;TgAm`?$ds|9k=jhhEt~lc?&$^g&r6 zjm`pw0g25Trq`DOFEZ=3vAgTrhsU;$HrR~7RH|0tw>Umi$?c{aKv0HMksE=Q38`%b z6P+fi03_P){;>*ABq$v-S}|t?$EEn0aBAXbbTMgY!|KqxJz#+h>+{NB%20HWDl61- z1JNbmSpz&<0$w)2%M#t=dP<$O_5a5sqlu(N+$==MUh*k|?htHdcoJE0Kr!?}q79C; zso)RMbl=B6@GB}*AOayF#Z9PNdtY4Q_?-*0kiTS)H zzYvOD8?E{L9v;+^@hql(ZK;N!(ke zaa=o!>bL2@gqU$<@!Ye?j17Q3>)=J- zqj&b1=hpb%+78(=Z9F~_@$U9F?ep8h$G5Tl@)^fzQp6R8X*GS-Thf>2vi%&&dd#SX zuu+&EYZ$@-UaYc$mMgA*_Vzfo$m6xm8SD7tvwgAf_?V|$%Uzn(mXhUkCV!h}bsQrR(NA5Qxo`eHU%>JUB z3CT|8U*i-uPB;4r=+);p1`hqFRK{N9X7jGv8LbW zP&8`oej3wWJBg{0)2Hr#EFlKOeGH{gX1U?!`ZL>f;_yv6fI%wF?#HfSrB`V!n*}Ps zWdg@2x8>S#$@XE9g3AF+N;z zfch3&iNa5HHCrTB3bVr1uwVl zVDD~qzF%NyJaF``?avRs=;+sFECy2{*4BuX^3M6PnmiYyCSIR3{Lz4zoIcTZ-czcDHY(Z%O_Rxpwn(tM5lv z-;XT(2K|B$QilQGxWTrHH;^MBE`5H+KEF{zl(?1gXe9yC7cgH}E=($abL~gBm^{k0 zf^X~WybW#P??sw(c738`3o(%@-ZZg88JcTvB15*i&zNG&m;4((uTz;;x8vtV1e9g{ zGoFPArZp@d92+dO*55R9-hX*-DSRGjp+^~Q?xO4Icq#=aaHzH&A51VAgNf?UqP zTlmVDEJ^0>LUaA|P*VbE9;_M#tX?A&58`n!YNiXxp(gCdfJ>`DtW2jpbnI z&C>ip_NPX2KNTH*63-Und?eWn%SxU0GT1!aST-}Ce{#UW z15!m>-B&4gllNQ^FMaQ)UBgp%&vjz)b-MNCJ)WK5zl^6;IL zB7p8alC5uNO%%0OtJKX$2y2)_LFB)#Il~wFVZmIodhZv?Vax0HzY}8`CE!I;!^E4@ zT7sN7a!$Nk17J(-J_<0+*P&F)p$VxuCUd0M zDa4#I-qd}Jy?Yb(lxB%~v3NcAE(RHBAudi4wgocT}SuxNE*wv6ET1v9iF@~aTay02(|ka^QHq=k>+nO^E{6L(zf z0F;bhG@kehltdwqG8wY%cD^W+uaqQ?*cub~oarn`b|qaQ(b<&Zx|=tG^5YkwU4s%# zd7j~0c8D~aUBpt$!6mmy@h_Rj)Y>Wya}OfM7O{KG|ABB-0X-u(zq?=Lz478NTb^>aq$j zQU1+X*1yF7&4OVdmLuQnAUe3-jXoPbGAA zzS)p9uw(|2zCW3k=_dz%9UVY75kZlCea64OVP71l(GRg6f$?3L98^S!&W|Ps?WTbh zMvlrO+igLtzuCJWJ~=-8+VAfCkAJrBdmnCpF5DEtKs$uzd4yxAj}PLHoIG$>7{Kd* z|3^OY?RWl*zxW3~`1}jEJos8|=;ZOa|Lrf%)&Jth^S|@{Gym6LwEykRt(Eh&fAso) z@pt~8%X^>vC;#QxAN-H|Z~n*)m%jAx{_k(Rd(Zd($)1^iwCA;-z4UK>f8?KjG_MZf%2afzfpee%DC!g|neD;TH^?s7xoqEcOrC(+l&ad3#2P(E#;}0eTZgwWQ~T-Y#ERTCdXR0Ux!X2Yym7(y07JHh+WXsZB<> zKlDw7f$KyKBGcMfZFFE5shi{buO9BeeWM zB2kk+sJ|S3&F6BnA6#n*YkG$#JzBUNCj3dCl8(-SLdEn;WP9KGXVb2|gIvm;H-AU? z8^`F)+yCOz0H^z5;LBIu``->c{lEN&PY&Go-~ZEpHE_p&_|`20Uq1JdYx~|AZZ98E zJYy8)^W6Jm2K#L6*FIvC=RX%x{=BOV&mWB1_-iA7qijG}*ecrx|9YM&dw*|hTDe#E zv%#&6KLXJ5$CUD40k|eTMpgl)-x|n&9pKuOv--mX*QUJH-z6B=>q>c@)|7K~Ha`hf=R8pLi^DHvDO@^mOXpGS6mJTvsMn%iYxb=&n|wn zfoVNoqi5vGSC9Q=wrj<;^%z(6k>la?M(_ZZpfI3qXMhbHOEn+Yl<(h_@2?Kjl`OOm za33}dY}3bfeT?a&p^qKdMm0h1;i2te(Cwf96ATS57THF?aF4GiTm= z`mT4MJ$q*MU9+>Z@40JN?Ns0R$tUJ7QPcd{`7<*sR9EXCnjGvK8bsgnmz;Pn>S*5( zS2wtnjQGzvxqN@5#bKF`Pap|`dFOH)%GoY zye`;L!E{Q~{*IKu&MQ1!rEhyPK^dl$_NMaxNYRev(t8P>i=$``Y0N2sPi}{TB5UFo z$~~Zu?fSS=y}DhYoAmLdJ{I)x1tr|0(A{YSuL<-J6>S6DZ4#i?*8TiFWTQ1Z?-0(M zxAhH;SnI{zR26tkndA@HP_3_7NA3Qph3s-C32Wd9SAXFt-J@fSzf_U$EBOs2|F)uU zs$BQ87=?!kX?DSw)n%7(2AITEtH$liMamV`Fs_e(tdFns4UOshRecB(-ADEDFZJ;a zeH_(?75X#?=sst|&@}_#>zAwrb8jCm8hfQtLOtl7^xM?o=;psy;jP`Qtr2;E?^3=E zPUCj{yz26<%F}HH_4sG%L-es$zc2er7&AOTu-z90{hUyTjRJ4ZBH{ToQ5s>F%XWF< zOGUP4i_ps!!h*K;zGC3-W0tXYKpZR7(td%nirhVDXBKtsugwH-3&a-c58Uk!9hiqD zm|EWIh~Gv#V-~>?$GmBNASKwGZ)m6kkvBWCewihaj>T6l1pcw*FFjub`-x>SZw~sN z-lMRfdxS(Zq6I#mhS`2zExllk;448jYnOnmwZ|D1R%fb_J(AG~x^7dLp!Aj17?b{v zuu>G@y1RO?4`%YL8W3;M`7JH0<7k*Es?p$M{&+dg{;- ze6`eJQia2=7Ww*{3Mp&%5A?CBkL~(+QUq2QFwLy#owJh>YfmWakar!7bDSZbDTdYR z{DNc+(xYARnl8+xxy}bi0(`9BPET68wk62jf{4io6TGYiNPK7gUWM%AM5?j<957sI zd>k+ul@gcb(v@M($b(^E8de#%#;Tt0>f;q-N`)yn)!Kc9#PyZf17Fv_CxrbF_}U&q zYm=&9Rz4t|nzH|~(jM2xtUk``b?Y1s+LM?T{{5hGb*do7=eDF7&$nbk?A0e)`F>ONH{SlC~5q+ zt){yTZ2QEvBW@~ek(8jUI|GaBUfImd8g9l&xdV+i#HjPZ(PH$C{5>`N!;jgCEJ8p}6z9o07F@w>q!$ zL?1>{+>`FC>C3!^wR@ZC+xBsM$Qiqx#Oom-t(xWn*P{!d4%xY+E4YH&v7VVBSQjMZ z$Lx*slptkdSoyfa;RaMFEj^icjnL9I7tazec32@?d1XrFs)`R=JHL$dE@^O1GBur=7fDid+JASUBP+ygt;aD^5p zeS|Lei8X;sb+upggINQZOLk|W5AQj3j5{g1^8q3jwgso*&+&zIxSz^#59qwkV}|y! zC3I7Q7#3IWpP}suUhAQXK6#Z5gFoJ;YpwFg9RV`H#lPnDYm70%7fu~?lNa8e>C-(` z5Ao@OH6z|q7;^fSA+60rn<6gE;je2ZyLxhoO~dXP zJE&uiM|FcI=wVUBVe8I!Vt2md{ovt+?{I>q<<-}?37mHxV@%OM8FpDlj2i%Hv3zOCRN@3@sve9aD0b zYFyOMtvsFn3^)2|$u47qkRLf2cZOl6)NSqt2=>PEbOc2U^zPfDNzNtvc1W9`wvxoc76vPB#aQ9Ml?(lCv`m2Qh?>im|GG z{9ZZzju9Xxa*4xf7P$dGutWW|5UKQd$JBsmlrB#Wj^pq%8f1vqKl*Gawkq5QiY8&# zT)Z@AAKNN$Ek|wlxK$XTP(Z8mvj!KWS!VF2=fOl%T$)an5WS+2L&(IvP6NRkenE6R zMj04#BLE0r{0NHPgrA`+`DEXzdF|Y;2wz49H+jlUmU1hUh&si9>K4F(Lc_Yr#%&Og z!mb8S0!kPW(uQ|ATbBf{rJeNh+*4mekGyp5M)TuE#31ZgTB-;5%_yS~~LD6bCNuJQ0iV}}vS2QRaToh28 z3mNA@*`+LXKUC*Syv;a+##I;9Pi_;;26ciQOq2G0oCHR65p;~#WCSB>3%c8Ez)^9J zX*QBnqN6e0pkM-0P)q@5a(l>-p=r}0ipq@0(5SOJG9Qg?`qp9~j2L4Vl=K{wUQM$* zQpzy^K>yP!%W{>g!6X`hK)-T>S(pOKMMH0Ol{2V$+k=t63W+hEn}iDQ*V8yW;l)T0 zrl>=`AvD4qA{p@<3bN%0FUQt~5!QI5i?6-7{`L1;U~k{{@qvLD+}qz69~>+qdk4nH zhlaA~-oe&5Cv>V{FOPHW9oRd#cjy}V4^}~Y>)XOWZG6Q4hpqDP*8kt$cfd83Y!BZX zdPh(M1dRm+X*blMqJp5HfJn8WhU8KN5=cT{ltk>J*cBVNVpr_guwd`K_p`8X5SJiqAsiDd z76Bw=G9Z};$V9aOQ8asiyP*OIA-tywau711GGv0)4#(!f1XOm$OseP&h(};$5U;fv z7HY+0b5-RUG3C^9no}sKA=p&djz+uFC>n#Rf)#p=EbOn|wD_tbj{2mkX{}zf?kgB4 zWgl2-I5$<#Rzne}0XyZ0c@bssH$2K55O>3E4lIl0K8QTFHo!JEHYjK|;t&NcFqMIV zPgqb8Nfr1)NnEY)3CJFl0$&yk0?c?nEOKt*5kadWq?gfoR>UxHb`RpMFe$KGLFCKO z3(%#wJIXY?0(%nIQNB{9L9j88&^jC@3pG`C8J7oEVeE;45SUi+%Z9S zK>nipO5n)DG?5!JU;UssQx)tLDBTad5%?hv9x#a^C=_~;1~3glLLo;stHnxYN#X3 z3!fnA4r5$60s6~4Kv57JioP@28oI8&1_igRat(?fp-&Jk0W2Bx1*Qq|7dJ=Zf}ub1 zs6cKVA9OR=@u;7N%E1Cq7X_k_y#kXOWxyH#+62k~^eoU}YQPy6z%W3Zb0A{rVtVds)CAyNbvB?FgiL%gUVn-b01I;wutL9 z7*qn) zz)Be9V}4u3Fxo0GO>uGgMpQ|@5f~3XQ8mmFVCADK2$Fmw%p1fPV4{?O=N~Pj;TD&y z1eqP62`HEhjKBs?!#Fu%rboY@;DEtGm?BtAp@{&ojgX>2@qbFdV68WA&#ce`2JV)l3S;f_Z?(-~q47m}q43Vjv~>!5OkZcrz5w3?>1LBph{u z6&MILv_LMri&L1n;D*&*L{0DmTPwvAx^@NDyDC~foQh&=g5s*5Yr%$?=89aPH1;n5 z-b#UwESOp-tj2_vB1ctLRss_P3oP^oiELzrDQT3USkKFMH!4a3+`-XcCf{vigHm8N z*ccm|fYw1yC(M$_2Xqa~#+pFRO0d{qd9MBvPPHOkgd+^duc62VV9vvhc@#he4&5ffbZk^K z1`T)`I_!u~cOkT4T?Fx1m3b(f3Z@3iW4vIBA{ceqDMcRQ5pcLccYskLqzK6TA`}~i zi3fmA&jFM}3^4SCoE?qe!U0@40W8r?e&AVo4wzGzUvhw5Aqk5vhRgA!*TSnXRR*kt zkh;RAf)VN;idE7GhNN!H5@1Q7Z4sXL6jxGT12 zRGowD+Rmv8o5`oCO2Bh%iQ4W@!;iT8({T5v>6$3uD;vSyCfqZyHc@vK{lvnv2zUW{ zgF|H)86kQIwQ{cQDO1z)+$u_`eB-)?M<=XibG4>`=g5 z!dN}moUnqR6>5dRCDj}x_du8|Sa=`Q#lA$CBFOGUA>vUQj>7}3Oqx5~Z z!uWsJO$UJ+(A=u^w;5!hW;D4pD4VnX4v8-lDNj7xz3tl$H#yku+z7vLytU?7? zMd6kdNoH#TE+3`gVJZM+jVN980!=5-6zCQc@|z(W7ljT*x)n{M!Ut$VLU)jf2zzdL zq9PZZ4T>%a!oLmJBr;I;@WV^sG6(k_TDBfUK0)y5fB-j!cVJ9pAnlBj;9f$hMr`y8 zR>(C4DWtDad_#zHj<~((9khv&N8xYVK+W2e3~B>RMhe7?H0{9#V&Gy62Sx)_G{#q6hVm8GLv4|1 zxCp3z#Y<%gJb+mB|pLKaUFvVneiaNf+Nn+QIlXo*y!cI3>LqTDE`L~!ExuHk~kkd!9M}VQy}2SyZLx=xo$q5?(SS(f=9f!7uU;+a!;VW zI3B!sfv2Y@P5ICX@jPxqJeNzO1SbKGx$*ftnijax+yt(hdjijgrW4!~1OjNACA)Tt3D1=6P_qo}M0@c&;ZWUcim#cqMQJK9KaFXvpF4q#egxd}YIJO%Nd6wk|tM{}Tzz|%wE4R8QQ4?(=UfXnmY zcya(#JU?DQ(Sn5dc$&}SxlueQ1$DeVJbl~+JVMG{snVS!PR$|HZu6MtE7 zNQ{s6;j;-k5p*ie zlh6d=P7*FP%h(MTbz%FZrn1G!iAhokTTDx6aTYCrpGWOP65dfs$r3jFFHNG^$!Y1S zbQ&#`;s)5F1e}Z6g551O8D6l%lhf(cWFa(YP7=l(7dLN;a&dEa@uDbqIN?qbt|-ri za^%9OPy#yM6KD;?#&P%Z<_O}wDcXnj=Ec)oA1=qs-IJ>T#I%9P!;TE-1vfoNqD5_2 zzJY-+Nf<@Y=^{z8R3y%g7N@pPl1kGh9b8=#lchhDL1EP02DhHFyu~RHBS=wDB?j}NXMOhKFBpr^0(ikKH}8Aj(w;Q%w@QB_?x5L)%xY_M(+h9jx12R#L0$5F$zUcH9N3*1?+Ii_3? zoeEP*eLMriyyRLuVOZQq!nxt*nEB?|DV!%(n|8o5|7sN=Hdhv5=SQ51P@jQ*^q3C#6B{N;7MjlmlGTizK@LxcXP(^eZvP0fztEV8JZ-+h76D zA{GDRK6Vq+Kq8fSh(x3tT(YTEYFKi7Mc;4G7Mk@ViB8{Z_WL>q5%fQV0A&0RA^Zj6 zp_{kU}`vi^hG(6$pvv}kN<>0Nbu04`8Vrc_d0)Tq_tLk!t06+mMtO(2&U+daB)s+dv3D6B>vg2w%=z5H+ zEa`$;RVJ8fUv(O6f-sT@{#K`zwIiW5SUn3xnG)q71q+3=xc*21H}xP1{~v)WN_`CN3eO#KdG_;bC6Z`KD4zBQH&RqrNBhih>vRsc@;cGm^TVz6|-g*X`6T#|5a zxa(5!HxWi1_9O}FhZT|BS0Rd~S_D`|4b@_%SwJ!`Q7DptV30U=V)V3vb-VMDQ)z)p zX{%sD=fg>&*S`-k6eJETfmHy3k-o(Z4d94)tD6WcFrivEfjDr@LMtH9Kf1?PqMBJN zNtkshve^_F>L!0IT&=9d2vk%(asRKw0F>Z92)K_Sd;<{`ovFCSsYY)Xn4El=U@n1K z(3udhZ{Zf^-+O6O3q#ce9HNYM6m;kM^Y|%=Vo@g8vDZNrC6`aCv5wCj}G8s zqzWYP`^msFg=CZ41PL{?Hb0I9iIxG1jN_C+-{iKC}hCT zH5-3KZ4}zz=fe0eQoDxPxcR4XN4Fnq^^tR+SS%8weFN;f{?Yv01c8};0{YjLE-f4E zL!DW=i-cd@{O9?mF5Zsc!@K@m1+(G4C%i~jh|0P~`Zbbh{1aeY*M14Ai*W?aERtdI!%h&3(iGf+ECO~iT8}7H0l5Al zf(`i9v74Wb%(EM?U;PtwuPzhytlPa{*n)*%Jv2KgDk?k@ZD61W=oZuKuezMglQ6Ot zcFha#k%Yxh*TFt@JBXYDv;ekX(s((_2@kvZ$_~OFj&g**>MOSYpr10>+HU$2^t0~F zl0?BV1;w&a43i98IdF7A>4^j`6ec7mW-|NlY>2YNPL{IK=%I}*UV1vLHwCc4#ph+h z78XBKA_dm2t&Iw%i$z(#%r+UpJ$53x!YHlPFjzT{DJxI|c5v~SFwSA#8yW=87nPNVT4z|JYJ9dHwR9FEg{;lv}RAKiz>_5T}jsd0d)EuJV!Tj4{0v*#y zBBdcb8`^bIvcF=QIx5o&D*Fj|>9CEiw%rybV#ZHJXkfUejJHmk*(=x zwNewc;ZA_suMsGmYint9E5=+Txyw^UK401F~DMD!q7R4}Zv z@VP)XV1yr#1)~lGpQY$Qi_qq_i{e`ihy~)}C}T}@`coe_>x^nZHtM5tlR!%`&+M33 zRYr__QS2b-;g{&Zk0#oYCJ1B3XNtH9F&B&!vX70KO28zz{8zOU>y->ncV(=e20$u|k;Y`ZOQ#d0)FR zkvj6>rVr+8z3LlxosK`-_Ij@21;?(9#Ap5b ztkc~;)?mov15O(Qk0v#KcQ89?!l@+>5e_$A)vP7R&~P+-{o$YC6HUVKIKvg_J@gmv zLbZeM1bCOA_71&Az7h4mh{%A*rH8V|Eq8nzGEcfGy0rLtDT3iT*cDFoB`5IsQi-c5 zeyHL^Bw`+L1>j@Cu4=niaOzmCgiE?0o`?+cbMy2f>H~)ka7-_pX~m0NcT%{n(W{Ms zr1I|sdS)wAb-#D3l_QA3fJi`UYA77tBhn;%z>0Peq^2sXe6a&C^}DKk`M>Wv6d*C7 zEMWt)PBw57;sY=(zRE}Cg5Y0Y*!dY$J9_X8=L?7!h>biLJ_CsecnT(Z6Jd}JhR^Qs zjQ*-MpMOT2Isp`(q-j&48Ey$y4EQaC3WjgQ-|Bw>kRSmnip$;|f-$E;#N%KHeVhOx zj?rHmTq_FR@*r0N?`va|;{wDQ%^e^H$U2dmzlKzb%TUm7=06XJQV%pB#t>Yni-Iqw z;ppxtd^#uv0!6K7V!1P)%DD0<>U}!K62*c?rEBp)G3670L6v1|gCet`1r+g~slkRg z^e7HKjq`-?4TpcgU!cST#laWCZv%wEH);j_eH}3!!9-!8)A46576f3<23SfO1OSAu zL%n|s=D&h-X9D6BsoIHwc2I2nWWYy=appk8eK*1zQye|HL)r_c;9MpAG4;`CGtvHq z(BD+GUf1H{qUb9P5Cl+$5eS8l0=os;O~f@3J<@@0D1LV$P(cc9ECX8nb=tW=X+I2~ ztp-H`xl9mz=64xrzyU5sK+jSCdn-z!K;j60CEZbq8NDC%gP}t>z(Kz&kO`5`rD{}w zGl~$u9EF0X0S^~=6A0YN27V79;1UG<6#-3QDO{(1{n1d4g$tB*1fHh|4vYu|?a?q3 zJmJ$5a=5_1T=;f}aq@<50lY)wM-x8q&l`Fa58qr!p;BH@&J&&xhjxJd91<{$tbzj z7fP;izf1!nL$S<3^0SUk+&E)#^{GQ)h_bAs2&@8G(g08z#xbDuv^5}%xH&62l4DLa zLJ3`S{aCmv0Lv<=NXRjzj8UeJIoxd%q=|$APIJlz<>;F?d=ZXgPqjtwHO$qnjN#i3 zk;#cdw1pAg&5!LyaX3`-rbcdVlqUy1JiI7Qe@MDR5^k#DBqjZ?;HSV};~V%>adyoV)6Ym^mVr-@#68$ zA8*Z!d(nz6FdS_3yv%5_&A0~^_L9>biZZgOHYa%rCvUyJd35QJ4oB8Sboyjim4}CdM-emW>elZ`yd57j%#)-)>Y42tqo1IGR z-Dy}Tao^j+o*(7e_KNe^;?LXiD=d%PVgaL)zskvBK#@GE1&p<=ou(yaq2lHcT~b>Y zcpZM5T|ai%0>c(-P z+9BpKFju=esq!dG;71q04)d$d@K_8QagAeYT zAGh$?)eD_E`RtR#E{Lz(cXjvLPfOQ$RynofH-2JP+|T__J1svAUUAF2*|XaYd1G9SwS9 z?74iLTk~Yuwc~Gk9Qf3v@6L87&wjZR<~r=sh4$@^CIoC=l0sgW?|9U8?s~hGGS|1c zvNdO8H&YL9FNosFH*Q=hIc_*@KiO^ZfC)C&jK{UFUSIv}3FS5D&4oW^j6G3f<@>z< zg+I#IJlNuBIpFPC`5?P?JCnQb&+K|)^448i8%3Rhhb-(osEagUMRR`UpQd}Zg=HqU zToAM;!gjUa!%wV>Z@c@8o8OgM_0o&lH`4BsZpU|8dpa0f_c^vMRkTPW`eo(o<=U^y zr(atYkbJZ>_v#UiB#SOf%;&c2S~+6HjP<#u{aK5CE0gTl_vx<9wN|IjR75&Qz23Z{ zIM(dVzS-SgFIaAHuPQWa!_i5M;u?8}nZgt#J1oO-T)NhuYi15hB>^>jwPI{0a)qR$O$D=Bktc zr~+?_3!1=(@f3UGf3x-}5BrBN->l8G)(qY{e2-!CYu+jQ%`O_e;MUC6UUSgr9NC!Te`c&vu3+@A zX+zqiR?ZKe`!H$H=^Jw**XcX$sl2qzadnb~_RSFlnj@XT3U#y4?3({<{*JJ)rL&JE112zIz{ zw4=;Cd&e~2=O6Ak_BU-28e_jOPkhs?Lsjsgi%*|+n>^xD{<{28%`SCbJ0b4D*xp6f zf0VoSyIa!Hd9{1reN~-5yPa9D;k$NSa$44j_9=Ua{$ttVX zMMqw3)fiR$cJPan5j!VL8@+v3OR3#pOZ!bn+u3vNX8H8=I`PZeDXVQ-FIkrGgx6x| zE&JekgU8&qi#yY@SLcYm8)Lh)(RgtxZ-DE$)_2n5O!{=sUjL4`wS6T^KKRP6ChM!4 zosI5w->2N|k2vq9_|VW)eP=7Wxk{(M6~4=1_jNLl8#2ALb8q*e%WK9oy*@we)r>XUyO*WT zI(_r}m!mTOVhBqKCCt~VNKVK@S_Zn zxHr*6U`A0UD%r0^X@Cl-qvpiU9ax-_Zd)2_h246z#-hGe^jG|CTJq6cUfpz zuTjAYEd<)?Yc+>;9Bj7>;0`L*L@;k**1}{}DZ9axJKRIW%5IQSxq-5apu(vzWg3*7 z|M!%gD_^PUz5`!M$rd2w*_yJMlx!L$o2(*|iv}edL3L3!$09AHzb zKSou|x*3&g?Q-U#G_lnjgBgu(@u$r8pHXl+*RW(aJ=n#m^SeFbQ)weU@96SC|8U2h zJ(m6YGWiOBXDiQ&nQ?ScNx}H;;n5cjr~Go-x|hw%PX6N~POkZsa;LM7i^H6IzRfDm zZnVvw=5za@;81{XPG0Mm<^_vOq$7%79cjzz-o9p>>9$47v<&AwO?sc?GQF&Qm-Z=r zgZVA=l7;fb8cJw18trE%qK`efe z#U3}y+b{MxA0IG(L$Htje*K#Lt5*NE?$VVeWBLU4<+^3GvmU$k4$>0kH6MZ}NVW6SrN zIqJscm+$_tC@*by>sZCilh5M#es>1w%pKiXJ6rpd_S(!Ajd$>P8(&=A-%NAI4Zj1% z_Rp@1FFR#`6 zpy@4EeCW}-@b&z6J5#E9&Ak0MGspVLBk$R{mc725U*9?@^IqlqkK-R36h2DsSox89 zsu?oz#*NH0{$$@%^J2n!?<|aMRi4wxt!3VGKmD~`J}f=DC~kN8m^rZ-F=0W0yZjH$ z$r_+v7?koUcfs!Jw6vjzA|&QUdEv)6a;pWD+-eRi|0vn?e_C;Ua|NijC@qt%ra%BG z)`WT*97B~64~tY-=hZG*4LHVNf7Yg(P_DHVH94&`*;dYGr`gT=j?DROY)JV_Q_&@j z6ZQ{QL|J)^x+Xagx8gJ9uU6fV<3YKVH7+#!+Gkj9U1<5OIjuhJU}2^yCy4?>m#h;# z?a26m8v>K-Mm=rHhfeShTV+?)_VR-rW+w|K-yFczcAT73^_;WPZ>Z$?y+@Uqfk#&r zq}YbH$i98w_?+3{PwPgt+WI)`hULhO-GgrCEU_NuRYCbT&-(Rhyxh|)v~+F69itAb zCX}{ctKS}(}_<8_>MZ(_I%TE!Ot%2dOXv9 z*h6~!HQ5f`KF?#e8jrEF|3!a0$r`w%<=Lx+56d;0wi#sc_{!9lEnAd{*M9tMIB(^r z%!l4@@0ZJ)I#BYab}Hg(XpkIv(F2 zoD2fm27pTI3f!y!UDQusgKWS#aoFM5fk#?5Cm;0hJNJ~G=yjK=;e~HD2gf%nnc9LZ zUOR=Q&0qLZ|B%qq+>L^z8d!TA2teb(b>Vop_op-qS>&rS*~LY&bCm4#f5j|yrW`?? zz@oBEtyvl@hHKAorAuvb8Iqiaw&*!+sWwb;+o&X7Dx7GGii~6jMuv58_Yd%J_VDLY z&R#y<+&OksYgA6d+@=;Ry2j}Yr!Ugd*>Ep9E16H1$s6T>UEU7ta+6xu47uS$p>BZI zY3KLg%q7ST>WqzCGr#;-2%+eihPiEn7%Lnzl)^FN1H(muZwA}s?i@Fcha&lZa-6`R z|GuHWp~vF+w2qs9i|r3qUs<>P;fxpkt(=-^t_Z5E1nf3C7Xz=t>KZkW?FRik=NUF284BBGo9VQvOS8j*gA=PV2A4!nFSR>F81KD$n`*1i8__#$wDkG$1%|y(jP7u% zD(&*A?2nta?Mw0BYwkR2`fjhhrC$1;T}=FD=kM)*I_T-iV_DT_H!n-bGM<^=%Ce*; z_o-jX#@FNHu66D6d;39w!{rjAD-*RA_~g?mOInK0t-5@WcGq4<-M@H?v-#kj^Gz}g z3ML0GsbVko3e6qRwx-vE*hO9UIQM-$czX4^+@%BhuRb$;_59M4#RBV?JKMD0y84}o z&Tchjsm{0~u~RQ*+uSSYPsYx)5Uxy%NJw-)*+?_H?T+)mk2as!Q+}`Uo8_BaTJG2O z`E+8^h~=5N8~v9GYp%4}|E}`6Q&r-f-`mdZdEn{%$DGMSi`uq|xH00*=1Y=jTkrP+ zI{Z0xgXf-YuQr=Ju{h|~KE7iMx6y-pa|}Hew;k71W5!dHGU?0~N0uKi5y@ALO7G|$ zuPL3MI-#cJ!K`%c9XF14Y!mrqihSO*dGA+vN5`eSYxaJ2Me5vEFAnpz2lqYh@xgb> zCSzgqg;lK&YPw!UU@(}(Si zT5M{zd=|0lQsSyBdE4?AIW)4{T;61v^UR^1zaI!}Gcb`m$TerSYb3&)1A?etPe; zv~zhU@A-GP4ccH~>3(5B`|6w)rK=x#EqPSnv3RX!%EqeA312R}|MkJ=L8bY3SGe?O z9r*qg_ndTlw9sQ^p59KW$&{O3Gkp*28@^PwxAJyu8h!rJkVet{i@Q3^oZjb7h~=$} zU(9AN>2vmxbNY=Z?dKJ7PXzmp`}p8_-;X6$23MbrxLh$|(c|)IH-;D=X?dY-=N;AC z`b3y~Ubub7=zy%a&!I)GYts@9k7YEDYdrXze75mkaf{{eE(}e0QFhq;{fF*hm&+Dz zD@p4JT2+RuKkn1z?Z&cE zJ>^M;M9kdE5&5O@`SO`BY%(0Q5AC%1P~EIayJ>l|Qio~3sl2QEWdECfdzO@x`g?4D zHE^ogrw}{;0>OrDt@P)#?+|*~Y2KQ!&*L5Qx4tTN?b_mqgINV#6zkCS!toI=Dl?te zdPah(%m7u{uU1tOP4?YSna`RNJRAG6n$+W(pU0QQ=uL22fsMm;b93_qUlw?#anc{^4NgYeOS3g~}I?us-<&noD0`GSh z9(FsoYZNuGx6|$Tb;q{cE*^7t#!9m1wjCMEnhr=Da{b+u$<1wjKe10p3j9jDXCB)- z*yEbn*z=z%*agErUYZ|xW0TnRO2Od5tyh*0^LpYH^2SlP)U3~gomv{do{}sM^_EVv z@sOLmF#V&dhvm~H4`%<;CFDxwpqiKGE=qj6h3$6t37N>+?w{mh`lzT+_uHqchg$aM zk&?rS3kO}W&tlznw-jGk!hTWn-c0`jUu1a5OE7*w+2Ro`;|5dG$m?M)OEF2i0bjo*H$$$&TOD*?OF^m@PO~GbT8Ehu0 zc6$Cr9~;_CqMRu&XNcX2Hk0}*l_n@}v{l?wnFi(E`FqN{0smTE*wT996D!?$(FGsd zue#;bB9Y{@8E|X9xYx&JqDKQ8Z|WS@Ly)spd+JPIj{8QR3pE*DT`mh!e>s`yleW!- zbGK&FhtyN$(=1y(dzg^eAu{yZtgV}x=Unu1nY&CLLujng+A;P)^3AP!&+=~!742|1 zBD~loD3iQoc|A>T_&Tk1)ZLuO%r>!Gt}S>u(RcsLq#N{`MKR0YPTyo7-R@+Y>aJxw ztu~pNHH!0XceCpZ?#j1+I*i@3z3G~$k^bvH8qObYHTM1sgQ2n-nU%j)MCLfJ8rwZQ ziHlQ8zOajvUQXkOlh-X9a3lCvsp0k~lM7G#-s{;pp=0lDqu#q&Uz+i1(woWTo8$YX zpWcLsMW!n1%?AXK6Z>0DPBB`r$o^`gm3^D7++L-^4=tloh6Xn3vF!J%)dwGp9n^c? z>60N@8)KvN)+Uny!+t5}rAj{QZ+qgG;G6vE$Zo&jVZ)~GIP$LJ-Kr)#HyrO=!Rb@9 zeJ5+Td|`f5+a_a+(?8$ec+%c_tidF&%UeVKobyHhp~t&6o{5e(jW*w#F#G(iR*zn^ z^Y^uzc26oDF!a>?&QFJxaoh{GA9{tppc_B@QaV2}wD_4ktwPIm zcZT**(+#%K?tRynrziYTE@z#E^^Y&|T!Bla{QvH1d|_*S=%bFdmZPx-%UYueLC?Kd z@^a41H>t+GY8$*-@B=Se#Qnq*&8SwECSd3@ZWJF6 zF1S!s85|CiK}o3&wLTk7lH)|Rr}Py7(4K@2e6UysCW?nf&6u~zZ17zYl$Tmv7CO$M za{M6=5UWg|(na+(bjsP~%4c#^nYv&Bd^Kb;BKq-A9q~)+t_80iRdAnsZRYcr_c{5n z=c1^Gd#}U@n{LdQA{;;c?HFUrvDYKb=;^&51{Rh16pFHahL~%OEB`#oYv<9^`K2od zv2k<6Ng>8c$2MJ)=E3jNHxRL3v(mCyCH$vDEn zz{4Q(gUy>2{nxgh5puDY&hGc~M)JQbZvU!(H6?qm27u+tkv*bh_bJ(3N>;7OK6CJG z{=HwRbnQMF)$hNo3{J_3Jazj?ezkb*<(w+=tu`f_^%Km4h6x7_=WE7&{@mhu;Q9i` zOIw8&FGf$)GR?G+_1VO4>FHh?ceRB&LxN9DQ_doE7gw71+4QGqOkAqgip8q}r~Ue2 zwQgwRWzCYE!?ew$N7l^=e=Z8^uivTV-N#eK=9Y8ij=S&PjyPj+zqDPOT{B}k|I*^* zvVMi)9pVMYPL_9k_L?koX#awJFLSGAfK&D_SJIwsYV`7L%I_nVR=%N6(gm6Wo4V_z z%P!nF)Yx~|#m?@9(H&UxCob%wJ#BH!4#VI+hgOVAnAvD!d4XhY&13WTS98j`Ezlhm zD=WI?p7q2mYu_>Z-VuW>4%V1gTr4W^U)RYu?TLAblm0n}7hk&Uym`*HZIta{_qcPx z)B2uc-I zcwQ8q9-VZ~;K?VQdv19C;Hpyxqc!Iao_X%z8xK8V@SO0JQ|Gj{=C+GTAGWV$Ep2kF zU;ldl4dn#$Zp|1ot4^KLoU_Y2vmG-$amq`5W{t3;5?=@=>l6 zFJ)BztHao9Vq2Y{dnnzY+a;vqfTum{@$KpMtrq<5_@ZYW83(;CFj!+G-ZBqat>aI{9quYMPZa15mx96u z^(JOC(^iM1;qk_A_pJY&&~k3m$iQWZ7!M_yFW}0L0Q-~9RjZ%^M%t0E|V!pZ} zPO}owclEIVlHHr(*ets}+ASxh1SU(x3v6{f;@QqnrDZs(K$_JP;9sjx#BVWID9*Rl zNhGw2Sk$xNAw43C=SF)Xg-sRAg{R-*Ep{RK5rLgM+Exi= zfG2NPFNQ-02)ET~NNuar@r$aQC=7$5)LeK5$s+4B4S7ecrem=^!gP)sUS@Jjyq7e3 z-`?nb2fdVIJ9q$rd`zap3MFV^><=$z#QDY-UO^8^kYPz?Lo37)Mc0WK&H_K{Q0+~2 zcs88s9P%geo8ywBp^60BlJw#bz3BuWpq96zyFmIy9)#s8l0o%Gkaz$^ymIfnXjWa|+pV1;Lk;eew=6RNLuCI0lv&(vlZr8GcX+IrP#&!K=#re@U zST#zM3pDaE!0JW#(JYCr#)=5JfOfMyP5?ywY;GpARA!4AvO#|rG$ zD+G=jw1O6wIxO)iXj%>$Q-ziCsZ64@mlE!0N8bWF>Wv6ddowRoUCP(FW5$BijUFiI zbIw)!AQ~#Vo9w#L50IQHnX5Q%X^E;4!P(LF2pQO~ z-r%e6MEF`ex*YiF;kEFT`=hJjv7=9t2>FwwRWuev%oUnT$M`{bJ$x+#J7#wDG6TEL z+iTz?ajl)V%fMdZS~;&0eG3FK>ITGAQueJ84tkb12flDS|1PP^CJO}^ zA;Qs;@=kao@_^Y9>1{=H>RpKE*x_n`;^9v8dzLVO4%ki?yFkAMH$wx%_rL|j zEdZ6DZ)&5(gcA3Mvw(OZPIoKZ#U_l0Y?N|l(Sp$-ec!qb5T3jfwcB72&8_4_+rVj$ zP)nk1iDkvH6ZETyo@2G`Zs-Q#?LY_{4T$5wSBqo&L56*;FKJ<(??7a!oS3US;h+Br zCxUh*`7LP3Z<8}T(INuZ-o z6zJ+z0=xC`0!K|Wl{4*@KD7bKi;#^g(eqK-g>*O>`AG9o?6cdV1ytw!4hmXZ@J{lWkoNGF2(90V6k6zYPj z#XwGMGaY_-KL}K^PGR*?h0g4zeS*A?^scm`#mirP^;M8?(+$axs1;d?9v6IhvlATE zQ_N=}w5AzsV`o|We$3Q|jTZdTKN|OZsSrE-2<7`J)3hkiaSBr!os?*tv?D5t@v_+H zOrm{=*^6qA(EvS;=|EPd>lY00&@0NC7;dXxbe>wSulV=ZwE8xq%?S=>8u8EPv~|CGUO$N-gwHj~bZ z6ltd)1F?kfKRboF&CyTl91B+oRcFOKG$7Kr=1lczCNuds%T1|I!^q(?L`$5wL@?$h zNNS1@m`KhWY-=U>LvNCo%zt0Y+^IM{)0!MxJr0`lc7u(Jvwi~pIFoBCE&d=Ub1IEI z(|@kn9%bx6!DyC>D6dk+ZtEX!*Y`Kovw+-2LY+6Y%V+a62;)H6Uj(LR&|+DOTb#HuKcFCD!NOr7m&*icNR zr7e{qPc+gz6#AP?8GZ}D$r#NZVN833$--w5AcHd6iBvAobd0(5%sNf9V)l{f+lAQK zr1)+8K*t#?d=BpBAX)()d&B49DQAM7@H@m}w0b#UMLQeO@@(~8cslIxdyF(Qv*tJG z09v!L%FTW@2)~cOTxqtiUSLWXy5m4N5Ia|DmRth$BIBg^@xx8Pq%sLYjQe2< zMGCY@11wK{Z9=>eOr^&Oj^A#zH?`XeEzQTMvI4=K0i5V^*5MVvRHbp7xiq9bRT`PZVxBI9T%lv;Z5*p$ zEHXI{*KID@esjP{q@Wq{brUIT^TI1Zz9tFJ~s{1FS_kNubt z%wV>s*(8&}M@wmGhb?1|)&Rqk=2EL~k5DpZVCHu?slgmP9{`>5bi|?9Bu>X~@NA~4nBe7d-OYuTMdQHRhq;FZnP5d< z_*39p?Lb|G%I$RR4mYb1!SD3!!}4z43x9_2PT$Y_BD!)<^flC1-jDv$SZ#LJJxr!b z%MGQ#?!c&BC}ofs#DaWAh{c_8M-xP(k<;SyFibLIaL?Kcyz$RHsC$9u7LF`UcfEt0 znDUYCLAG(uhY16N&SCCBec{i+;gKE^WPuVMj;z_wr$GyiJKv4j#v%-uEI(K<*N5)C zBD!~|+n{^VQSdv_B&_ZFfgek%CDXlNAbJAPFe~v_NP#BD_cMsHy~ik-B+AL~rj*>P z48hC>h=-Y4I^KUY#$)^IurR_GK`nuxidU69r)N1kSX0)y?T~}aebp}@h{}&0Msa&q zOtW3*pm}-JbkB-Z_|Je{QCq4mWE!z8EoC5{g%bOft~s*k-|$d6Z|?sOH>2U5V;iR?4`BR%)Hb zwUGA|JeIesrT5%m89JTKm`SL>AV_IK*jj1x>9W-Vf6G8DIWchT42<|?$?0@BCj57D z$?129Ff`5(g`r5Pag}IJ^(6#{zb6qXw{4XH(K+Ppbvr?N6{k>YZO25Lp71{rFUMJp z-?!Xn7v!t=;77(<2O}M9^On;&>-Mh^Y?>(0BLtg;;LMm{kRpqE;0!~yMg9f4?z#hN z8Nw*hBN?_xh661PIc6I3buA3zEf~cAllgk<4y-YRm1%l}q1Fz!!{gA7%RYV{t9~~E zVm#sn#^qsrXIy?h$QoBb+n0x5-Gs;k)0Ug6fXrMAg947t|5tc#bJrbID-|Y^^hl{N z!j(c{4lBj-;$ng6xL9C5E*30rT&#>KR6b*h)wLXhvAUw6TrA%o0ip2!cbBitTL-O= z+lV(&pvM$FE_g@Q6y1-DjsnL;M}gy_XY$#&=vmfg9)45w-lXVxFD(IL zb!30YXz2f~GHMIfVa^t77AAD`81coz>u5IO%f#Y?&|>jHXtDTm`Q})B&Cn{>m<>dP zK8bxnObAY#hzdg@PR3ad-nA z#({kWXJFujRrbIVX9XOmoLHP6XL;Qstm5 zp(7+CRi?#nk4W?pQZ#7s+ar>Ggv1S6{PqY5n%dWN$~wUX;D3;9Mwrj}eaAQZeY*@K zIhqU%J>iEvPsx++v?b&Btz6y`6c*0S*oHTn?UtZt;Y=WeD}(4=*b0R3BZ!Q2TrC-F zP5l=Hx;6%LxG&+4Q|UO*y$nH4^al<;3ud0XkRjNtBn;6bU%~Gm#(dmujVSK zW$UvAI{GYuu0BU#w?0$gsENj1T<&er7q5}CUUvu0JnOZ-cOa7|Kj+j}n`2JS1SjQ= zlqcQ}KqY}c$J#Tdm5R|d;c$7jJUxYT%(|^F>$b%tH)kodVMEhbbBb!r7Z2yJZo9GdSN*Evw7MshOV1?y2F=wXOrr9YE8LntTWw(^f1hglCa9 zH(UviT*`c{2q>q_Yue>aZveS|*;^cWUXtt{QNdIQ$8zDzofp9=tJ)KLce} zjjtfd_u*%l{PknK=_o+B)BLqJslOmfu2k~FzrxXMgY4hnkhNvF|C{b@vHoZF0)?I* zVuX~dd~H+CFZ;gPLt-9gp4w^cauByfE$e!_`U)cIzvCxfO0XyVf52CrApTYSz@BZS z>5x?tg;hhWa7^c5d(~!mH^d~pRNMorMiS2pF##@dJDM3_DU$R;2PD7@b&vB1G`xJ( z1&(JdJV2a%@Cj@k0GPD?h=fe|8K8tWLuR&PSF=FzIKcsAcCihC<$zJmM2okD-d1|C zam-jwrKyM|6s+#$bUX1}W7rS8p!w%hQL59D7*3dnGgs>LLyXN(2_sAwgdO;eh5fTh z!Zxy=VGZnNWL-3Ax+a>6t8LYZgk@iK0iXe3%#)KGSdId53k}kd9AF7dlpY455Rw{` z@FY@i8jrF`Y_!ekX?!YvAMqiKU=FXXgc42KBoB5kJ1nWQ21z0yHgil_x) z+nal6j_jeq;GSMn;x(725$ARU}$etVC~_UI?bHVhR)a zlCBVcP#SMg&A$m#J)p-Q!&N2C6plpGO>2gGeWwPajl6qAZ{X znM-P^Y7=RvG@hy&G_bf--gzW+4;@G|+vx4I>U?|NE^Y!=$g3t%GvBZf&cBk#~eMbmv8H z$B%3<6d$&$OM%vuGmhW@uiivIsoQFR)7ajBWicfsVdO zpsQ~X=;<2;cI)c|j+*Fd(9{Ke>M)Su`3c7w2krTw?JD%U{?N!WgycpJ$8R&TI|8tr zZFj^`DcDZpbo^427aob=(k$OoN5RozJDKokI0U^Zmnr)hBRVHMhUn$^DZ4?>g1{h( z22@u7zt+fdAFKUvBTJ5jS?&d<+$#}BUn%9W^;H5LeYHSWuNUa)bppHf6#_?1bcNcZ z4$`OI3^J6dXB`jP81rDi%Ij#F=!Ruz3KT{lK05nTP~WZD!E2i!np}49Wx~GFV0Q4! z6jpC`5Z!<^cUq6HFa|3XvCSyZ^|7ZPF2oL5i=U|;&#W%9D=q2-xC+%1>9@m^0PJuT zehr3oz`6d;E#ejR^Kf@Nigdba-B7{*{r@~PV zeA&z`atwKzAcA$Tpm4C;r^CArt*@!rvkn8mreeW>u445J1hwF}CP1g(;j7hjc%@C}zLqrD4Vy$dT=Mw3u5TNo5wokB*bRlS)iq90Q=OLgK#~hg`hgB0C z1I~43O9iYgRq1TbVl6-@oewXtYXB-g0;TLkVQr04HoO4%Vsty&ODv|Aj+TkSTNz_1 z>Pv?5)wd$j+W2h8wbp_sld~Pawzh3;YJ<3>?>G$5%!i&~^Sh8awmZ?cYo2MP9vQ6o z>P~7zX**lJ4UuxC{^+}i^b z5g`V#u(O)xDP*}x6V|(AS8M;6NWP zFr(4uyXcUiQb1?*GC z67qf}h>k&)B~SLa9ci~kbk8i}-$XLIt!C=vb(cql>3J3zj*W^r# z9bUnj7Qy&+$%t5*!5XFpL8{2;_X8?M>^Lys_e(xL{H?T+8;?$L7k&0Rt9Gg{h zAgWDOo`?TK_)j<0yfoJyVM{D;Z;!AgCRDDfQE4M(Hs0`R;EGP!c9KZ-Hi306$y{23 zWZsfa6z2i$lRUbNO*Z2a4DxH^vG+>bwe|Z1I{IFLuD(a0r{6EITW=6JYN9KYhi#m` zcs$0s!?2cXY>*R8O1KWp56SVDoUhiy6JCQKrw2Cnop6)~f)K-$Ty!k;{W@Y=eObuD zX>It5#$yWQRBr&v;AQLw%VI4-UYM|B*{|R0TINh&kev2<8jMUd6)88vnM8c zSO@iCLW2R@19aN80LBr2(TH*A}ah=`; z)4|{U%r_^@l(QaO?6;RO;et)Q^>MF}O<{F-D}rBeDmE@cY@VGtkGdBIqtxuP@&Cv8 ze+VR)1LPm^M-u{vL9`jvz|S#q32-meAv*Efkc${~9?BCBM>gd)(_Khsf!d7kVPI%Q zk>|0HH;Cewo7=D>z@~zW8m{!SpknN|G5h6~HaGCZc4LblVPd#r+m5hI9M;P)>7HYw zj<9STHoch2<+Hu(e*?uBDn#FaI5!OSL@yGKvwC`xpx+CMl~FY1MgM2*L%!EQQvK+Q zFkZhMY*SHrD1|a%9GFJLIj0uqj(;l7Y={#>KiqP&vAP}q&H<9+xB@V%;Jyp)at02J z-(Y;J8weQi-X!3CCg7eV;NB$Q{U+c8Nx%n_fDf5~`v_2$CTkF7+1J$XhZzZ{8Pxr7 zR6oKfSkmr37iGj^2JjyxYNb8Vy#^=@N5M8VdsS62|`OgY+}q$LYZO#r9|s zIK%r8y}aLo**n)vF-LOSFog1$8%B`*ew$zY1R_-*W=zVwMJzPNJo&C9a+}|VPB2N3 zseTf1Inx>efuQyXE%kmB1nZydgU(l`SB1>?x*FB(Tyf5|v<`YCaA>n{r&HMuEe zx>5Sn)A$kjXRMEdw}Zf2^((+}!{MudzNf!NfZ_eu1-kkh0t3BKU`9V9Fsr{QFsHvo zIKtSDKSECjP9bB^*_4&lf@Xh2D3}=1Q3q|lKO*EN{AZD%`fdI^ho2U^GAm=K@D68< z680de&f)X;8O{{Ps^5WQ$kyKlnDD=c-|F}AgGIa-01*Bn0Kzu`O!z;*Z}o@xLHLgV zXgAD#5RA0YoBtTN@F(~|^FvMj6fSnkSD8-vXYh8lbYY^Vehz1uj$gphv)i+fVB|Do zdbE*rN-5x<$-s@j-4`4@=tA2?T>Q_wP9TOS`{524*i`GdTCl%++I8GTH zNoLdM>=hl1oZ{P%zd^d_1o|nHbJN-<>ul^QMS~7Y69(0@i;qTx}Xb#3S z`xbn))CKoT2*dH+i&&7~!_9)Qq>D>9?3c+_{}b-wy^?cuHzLVy;`p1<;~3oiHQaIR zg*ZmL7$sUt*$VS5nVvbh%=9^aW}7+1(!sX+11O%EvnA))=dZxH*}+ugzYtdaBeTT$ zeTitRm*K@ZdG#m2-sP_uB^3dD@QyY5I{CBJpFx7N)4ve9p6q*iW@GcOKyen_#T_YM z|BW#m8yKuwRsS14{R)1PU2JSj(;NPsxWogo$^BXh`A0egTEyEflEw+44JjYADdn4B zGMoS=4eT_%N^i37jo~_N3C24)-Gm?75?i379f7WP1$Jvs;HZhF(C9gqrcVXOiMV_LtSmLaOV zwX}a}OdBw5PV!}l!eDsI`Tn&rZKj@JNPDg~{KKaIMNc8Oezh&ARNR5XO5WgOn02V_B(sd+1$}?cEL2QuYA7HsZ6@XE znW{VwvOHs_P{2cEvjghG6{PM3``C)&tgv7d-xLKKW(rm^3I=m&*=fO}XJbiC(q#2z zs-lt#4iR8Vx;u@Jt?!v+pS_wzys#s@X z(L+p6F3dG46Nv1RhJuPsEBvMP?E0q4?hGeh6Y31|L8Ya=$t)R7YbqVW1+bY8&rPah z(AsRC(Sw1l^HM62k3gi+k;9IFiH2i*CK|ZH%9AWXO>4sOk1~?(`lY|)wEp$ZSOuQx z=KfDB&V0-vSy}vGftRy&V_$tPu*H?V>;EWI&VjkN5A_TzzI~i}Sma9^u6hq*D$E{n zoB)1Y%DI^csf>9fId#zdEeGL>^p;ZXR14ahd3);CTIMn0wi;rkaFcpn!*CME!`wIK z`e;%LcLrro)v?@PT7sHe2D|3UK4}hDoMfN083`~LdOs}&%?8{bpqmAaPrN+WaN@=6 z(FN9=oz2n&b8N>u3A9bv_KFM3{?@UuUT$I43~SZ9AOu~ES_FtQV$t)6UdQgrbZ4Lt zPPlkd#9v9o1Y3(pTkTrlntA*W(09V!zzC+B>J8+$&yKtna-3js;TLZ`V3G-z_m~uO z2Z@oJS0Ezeau!q}PWWB)^qbHgQ|fg^&@>PCf|I)wT*bqLih4%vg6PaW_K^+RlV zTf^Zkmxef0yEu-dq1MIzqs5G2k<9F`O`Rw8IGra;Iuw$BTje_QpQ&6iL}+iqM)%`UDiIw7`rtL{i_~~_&gL;T}lUz)*JvT*#CPI zyjVLsgjg(=(MuTn!$axEDVDu3al!WBVJ7x60#_d%M<$kuh$f8j^7s-CRm#zh^wU2Y zvc&>tG7mZua)IL91%`C1WA+W(1!CMT(ACofcIy^_qb8cdK1m59`Iyqz0H+G(Mgm%S`j({o^qZ9ZmdgI9XVN>7g2$ZO20UGv^a5&O!p+AYv zL~MH<7;ZuxGR``$2|LYLe$APk=GuPt2SF2i+SnhjZ@2G|+AOc^=tMWQLYXgwfGdlg z=$4x2z|zU>R&)pbqNqn9pIqrU)Ym;9+nIUyr=03nm&`RtGCpwHL?Tt&DC)ft|GeC!djfHC78EKh_5DG552LB@F+ zoN`?Msu*#4Et$M#WQr4>&-573xMB~&GZ4vmZ(&w-FZ*}nJ%qy@X{~1>vcaKmfDY^h z*&U1Wx@rM{7sG*sh$#sPJ9CSEAV>}vNsX|xdC|87IT9lYJ6je#CCIyCBw=Uk zqQ?aZG4yw~<=Ym2PQ34{s!7|dCVcE^t$MwB8RIcr806>+b=UORS1RVinwst)M$ z`HX5~-m}Iyyzl}#FyVbGV7bMP-j7;}>lqjDFEr7D@NLGCF;!;gvq_v>xYh(Uha<+( zV!EsQgqwV;@qJi);V7cy+roX&K02qBw#`oqH87ody8~|qz!hGEA9}_C753wNM464) zm1j4#mqm<8ggzuoU)6RFA^c^Ps&yl_Z={u72 z(k7yhqPR|YDUuAybDQ24&d&Y1X~#ah1yukG{04jGO5>)j zq5&o_1{k}fH3ZCZu6hMB&}dn5YFnV;XMgZ>9Qa9W@N}`Uw(b+?=zf8C4n<(M?iDy{ zqN$yX4W_SVgC7B#;g!hF9w8Tr4PI@lS_npHWK~X7;2bn8umoLIOB7pRiG&|ncQtn% zj;HL_D6uFwCTP1MY=U2`UX8SC>vnn_yv9z8VXk{Q^9jXkY%rs*=boHzfqvW zv(@msJX;Oet=}zh)I?J|n>wXWy$3&>(|Fdy;P<4OoG?fVFubFj+@W#6}-K7SjZbizfjCEq+B%&&;)}(3|^lbzqx8t{BZ`#?o za=36p%%&MQkrJ5N@xwcSajJLXH@pi!!+v--Kw-z9rRweSYZEz{_e7C5*72eJ8xXaW ztvPWt&$peWJ*$^j-hlG|GN+ceXjY z5Va7?SMa=PbSGyY4MFN&WN7ASd!lSuIHWyzKalzZ_~G8l2L(Dj%PBf@pTJQQtYFbN z7NbwykDvN{@6;5nk4PF@e^emOa0qnu0|LACg91lQG_{MNNneeoE9YKM1I?~#H=k?b z=<-&S7wc6x4O=Q69^)NZWN;0Vc9-Qk-SBb<%CC14J7(*h1v+}6z;3-j;HU}a6R#{6 zeYJCJrhT1}qP44}vGrnsxQZjt)o&2ktrrO#HPO^!LzBK5&8?NI2j$$XT!Nf$%h6Wu zzjGJTF^9dxhrTA@*&6x7J{2|tTZUcf9m9`9qHk?uZ8$|dMU?78h^sZb z4Nzhq$^PO@l$`^=7m!|I_uZ!l8}@#sJH`TF>)uzNK=M+8WL;snVEgLf8dYq+l6okc ztcgeVVkJK#>(wb)FA-VVdT)V_-b)~^3kmGj*n`5c)=?8p?Pg?6pON)im>Dd}@RHI+ z1fCuzz~11+fLzaDC?SIh8BQqSN88co(V`Sqn@V<1PZ!TF_*h^`V++m{*g_$WOBo)E zvYka4nspiVNr;2Od60@+orn6?mmpVr?8od`F0VT;t2?itvrEGi5xj%IsXjuvVlPA1 zTRgd3fvm7&$9@SV7piXbJr?1`8f`cFa}6OmxKVjp5<~Lwc;5Yu-q?PSqwFf5-UzMS}P=ttyc=f+sp!8{bqsPdbz++6HV=9Xwp}s>G3@xi+0T})J&Q^ z!rE{YPJqNkS&fp3VKYH)Du`voJl_gae4QZq+WJI+j>eN|kf*Cp5$NfY1)?%mi35+) z3LG`*)ZT_s`V6C-+Z~5Iur7e{5|zm*gvUW$(LYlW%X=6YUs;|?ZIG{a{n|H=RjfC)&~o8^g#k$y;NYg zK0x58iN+VKsVDTQ&my^4%+JA5eLV3!QS*Iot2WcspGQm>k0%MLU%;>aB7TZb(-M9O zE@Kv}PccN|#(0y$seZYZ1Z85`W&&c#0&*oGJe&0&02Lh1W)?-1m{fUMg~8#|^hmnt zQ>80skl-tf6R(fk@@Cd%^vl!Zc#`0&OaR2!0N18Q4z>1!wHwO*>j>B1zz^HzMuCog zMqs!8rod4Xtlns3PM>-fKlO0|M)fsX-lWDdpCbgl+Ajz^{YwJ0>|Y7=^sfQgi!l}$EByn9pqnPa|R z(Jbf3%*9l6d`?&OH%vj@^+b1Vlrxpg?h!l2S&HwxR@_28ZcLYhncpIV3U4-mFEg>a z3~TehBi0|gj-8zR0{0SdJP9P5;Vp!RZ;NWh-+%6@eviO$i4I;}Im=rhuOl~t#Mt%t z!E&uXc7qV47xQQa;Tp$sO^5&9QB3>DgpdYR()p^;$9rt+89G#G%rzb1KKjGUH6_Q%M%qE+@>}|nrbJxd=I&tWA||D zbtdb7Z#4JVZ3Y2x;6N&nZWEZ;feTGrm3hw}!6xn7%K{z!CxNd1vp`S(MPRr7tH4nc zo!^OJo29QdXEA;I+o*GmOhJl&Lqs24oD5UM&e9%X-Jdo?`1o(3Z|heCI{NPdUHuP% zo}LictzQ*5YN9Lb&X5oKw#Y}V{NTfKCiB6u1eP>wwrjogrMA9Kprfx5=<0V0^z`)t zVR5b%N4H)laMYyZOZjAoK4Z)%bLN4DQp@8eNn-0;1UmZN0$qKxKu_N)5P7^u9Nqd| z0!K|czVgpJ=&R?!F@rXFU<8lRv?Q_h6#^Z7r9f9-C9qpxCUDe5g+|tt; zAo@X=`3~cHTQ>9&*y&=+Dt5~KKb%wJDX%%xaAIvv2VJ-mn0M#l%3G%=R{*;gWHOQu zj!GkTF7~)3JdMbEf*HJEmR+F&QV$B9xD?5PcQzL~Td+jjoNu|MvlZ6>TjjW4{46#o zXG(4P7Nl>P8PkE`1=%2ZIRP}6w`NTl_WaqztFH#KWL#XW&_VtrMT0DH~n5rkVkU4EE>fGRD~mq6T!KSZ(y zyT?s<5w$A_vzv#8IpA=?Y&Pv|L&Ef91n7^=xcN<1;pAjJsLp`Y98yoq*RqA~)x%XY zGAXx2ho{2XPPao@##t6lO?G0J9zVy14SL4^dMf@)?M*mL!bo8&LJRX+yy));H`_(+ zc0=G?1TO7J0*e^ND4YSnecosTuy)uEPqYzEIV|rQNfmL#K^=w)vc;uPH#U~FWW}qT z$NbbEj-ExDSg_CXh1${ULT3bCuR0`a9Bx*jYrh z9*m*y#ZKL&u%%%aP_eTcPPH2{cftaku9^>b@fsfg344HOcMGbQagHT}o>~B)H&BNz zv%~2OSjIAh{fV=#YG7H;k<16Yggj%1Ai`_@=b5u26}Kz5sUMf^4hMmFuS4Nc8b7zm z8{TB`Q%yz>klZSj%=bzXdkZT@dn@y&kBF_qdYnK52L!_2eq0>g`hJ0< zCY?G0)L|UyGZQL)!)6Kc%#deAfo((_^FX=U2IVZbyOkCXSK!;+>P+~HPC+e(T-1>u zg#`+i%TQ_;3X*Hi=zlD%6W}`zxPZ44u+u2rHY}M^j%rt6P#dS9N%$^TD1289fNGmp z9R$Fwzw#b9yR<)yUQ1~(Bj*BJ@!|=>Fd%t9k^yi+8qNkPZd>0;wn>wPGOxyxERE20o+%%2_Z0Jk}@y{#YZ zS5H8^#EF(B^oC3LY*7*T;UrJWR7^uk}G`wXV?T%OAgi=y1EZ%TjFL(^De)-fb_r$bsPH4L#3@rJR_2@$hdN}^1gNJuK z4unE>x}`m^XZlx&s}m>Sa1r-!)C1p~vziT!!VuITg&&;Ty@GM^40*=nfYh^rsXU5Z zNEf@1Za53x7n0Z1&9_&cwRUN4%0YcC+gjFi@NG@9-$>oTl9Y9MN_Rdhs$lES33T-1 z0=xBR1df_ub+l0t`izRmSP_kj_u+8}KP;ov*oY|Y=?Ax5)AewZQ0)nc@Meud<;3TOeA*=W!&4Hy zb8wZRjF+hGHeaJjVRRGD1;t7h4f!afDK+(Iv@x_+4dvxv_gd!yo%Lq${hN&%!a`pTOnI1>|s?A>mGN^35q` zET6E0c#cGz;s#iyv7H%_pOjk&$ArHNeyfX!8)t~Zkt6fH#F>y>hIJ-%%H5tD?urOl zK_guZ*M#KZ4cU0=Xy$WAg5<{}J#`Fl!iR{?2y`h5jp#hCP2^(4{U9+2Jx>2iLT z+7qxmJoeqBM!zF9dMb)kU4o#YafXbOOzEhNIPsCnwt0;C`aSEP0(z(rY*5%@$Zf=$ zK^zG?54qm;D+0q*~5XCgu;*=9sz$Z z?)h^)4SHgDg~Gd)3sXvd_iHfvVk4txl2L44fKi5wlU_-s7@fq~o5|Tx8#|LAsO-H#M@hnyf7s))+EQlF*4sZSmjH3G7sq!WAqG zX^-&-4RWQFhV~?5eG?^+HVMPyE=IFYm*+`{dZ4STm!I!~9jJ4L=3Z}R8@kl7jph77 zV>!=aIZeA|$T+k5KizIgbBsT=c6;;~W|MBYWek;s@2I_*h35Hon|lnr+nyi$Btj}D zj?pZeu|STW;4P`+;^G_+2ow6l#^RjK;+%k>p>c+clS--2S0@6cPGI^IDfW}#l`zRB zTm`S#lE8Wk#|oB!vm+PijRX zqe7$@8-(}f*!)+v4Z0KyQR$OVlUJoxlEfMBF!rOy;+@0dVS5b4W5_tUlDlN}>Q^*Y zEtCAM8;3DvtM^@QoZ(_|eAe_a~n!LL~okZEMMxZb*GNnqK1x#WGp(fIY#$zNrWLv?LM`JMY z?qbx7B^r~6|3zs7M*N9bTVtKt21KDBKW-G@xfI~p2pSq^$T;bi7N<%<>EUCE)JrL{ zF9tKQL+D3Wu?*)RmZTNNaOxF)+MpH-vuW#E=nvS2);vVEF<-P&>Qvc2#UU!6`c$j@ z`)Z!@4r4!QXMd^ZgBZ^WF}j58)%mL0}^+Q{yCb#@tI*e!wG$X=K@GU5bsoEKF6A%^6XL?dSyC`fv)7yZWj<0NF zrZ=Ga_;rcC22?-RBs2YKl#B|ti96W+T!W`HZwFrE!e3v6M(;ii%ZhkYo*ICS&I= zw6p7|!)wrBo3J97F^`;csp;sbvlnlwo{S$}rt`;X$kBMYCU73oUC(r8^TXAjMi^F= zKSzM&h0hYIHzQT~;ENuEM`3NGl=D-k_3%3F=w}cTz7-r*rsK@Wg>Y!1_;9TRy$u+d zZN~@e;xmQ|tof&!HAT$2m?g^M^B%r+19_6P6O>Mi`cyFNp)+&Op*+*v%&F9dX#D44Y|JFC*-5hHdk6u3hO-mjhSE zmrntrccLIwm|eVhiA~OD;3(dNC02}%u)6jw{K``s=1IkOU@@(Xb*QsBEn^+cLB1`* zFJr2!5H8QS*(N2bj|Ge#Lmtud_~G|*a>a+o9!K5VV}BNt);ZiY;hzhN)hofz&^WQ- zRd9BNSK}9_9>&%Is*sr?KkD6sfbU_xPIw%`IM9?43%+DpD~_2^G;jQ6Vt}Iy`@q3^ z#Bagv9I;NV1-u2jFz>Asqj(L1I{hH;8S{d-VR4@Roj_t8Xm5sbgCn2Wz-#M#ErwTp zp7gWQm&0z(N;1NJLu`&PXSo&$!|U*KKEsQ1s@KCkP65R28fTKNTSSI8FzSu?>0McU z7Xa4u_JO>b7oCbIft;|%rmLK@VDULia#yQU9=kjhcnHGil7qU;)sZJHKi@?>S#uzOm3t2pnX z6V?gXi|NEr&{_loQp;3bfclC)42C4%MR#u&_W2}iGM`IPXh~EGlORLwxg(#Kl7G#5Wyo2gZsJ&@T(PJPiW(ZB`-9Xu)R56+l)}#;3$c3NQti<3$5xzWJNzE$E zo9A@6$twzcxH$Fhf}IU-1~FN-%U0h5XLt*K;-%6Lrk6^c@Ky%jh96vjITRe@#lYL? z%h=dq%XH=(tZd!^#K@h*Vhc{H%-m620v`ovde@PL8RA{CS-iWz;yS8hXLITF%}J=^K}SxO zBYgiU!tZ8!sx`v5H#bJ&(s#CYv`!R$gNmGdZNz+XDcpdhwv))}z3_$a!_P3pc@N;? zd#Ew;$?xBh$SkPF3wFfj*wGZ;ix}ly0;#a_T!S{hDd|ih1e0s@EohO+t(d%}h(V>S zcTz?<{O2Ea6E@LWg<5_E|J#VfAIA=u+gZ1Xjd?$KseS-IIdvf#X#I-x#dJ)o!4dFryBCyxcV7lW56J+BSAo7V>`AH)yPGxZG<>OZ{ z!_$#%Jib|C%{s}5lJepT(H$bMDg?||e#TKae2Nfd&&iwO&AvSMDPN10$HlqFuo}Uw zcw5{tZ;SifOgI}jfO7yOax2brnzzNB`rG1owB|x&VDu*F4AQs$^4y0K+q09k;B-^1 zHojhc>RQ9^eB0QW7r`m2K*mmo0NzRdMWkyeQa*0%tGBQd70J}T9Vt6?jg>zXeiZc* z_d;?b5rPVeePd6UZcFk&!Q{^iA3)^j543gckSZN9rq&sin~JVs+(pzl}&9i48@+=FCeLwfv__|FY9ieyU(&{u}Ek5yAnGL@NJ>8q@!&G5@(kV>^vV=4^6Cn?N5M6KgbD%AwKrIf<3t))s`QItYO zM9I`Cl?we^y1;L3gei_s zk$4n{jbn}C-Xj(MDTKFX%cbl!XZ9=@%3|Y5GVS-^oHEDK!g}hBw>1(@%w_d4P+iBs zI;TCHSAQCK%>72t{f-Y+si{vR7%BU z09Pg+N3`&XS_+d6gADE^fPL$3^g{(%^4gnlT^Ph5&Z=jWw2a>$YTS?F(brj?av?aK7C20-8`BcE z<+PCLe=rf#oQVARm(&I?#YKlAH*?-kGolR{16!?QzeFs)5CZI_b?j5bntOH8`a1f{ zCNJOm1@d{Xl#S_A@8J*0w=HBHrFtwzi#!8OVg-I@2%n0)9mERq{FNWw4R`baetP7& zDL;CGh*R;lxIy52{FfkPTxX5Gf)IFFr9EmCl!pB9DR_qDGn72dO|jY|WKdr6st0_Z zM1O^!N%-tGX*?gT_M3z75dbIJ7Gdf$a0cOO)D!E(+_!ii%8bhUGP2eg*WB^S33PN; zpsSk&db&kmw+;l3n&=Ajc=U`u^)$$sJIWE{38Nt2(K-s5$JZ5bPUC87vpqsF;|;GP zF-G;}yG_*_5rBa_p5)8PL9)T8L1RHXma&OaXCa@KO#`;N67dW!`3}UBBy@;WhaA_v;rIjv#?r{Wfi>ev@XCs$Z#h;v1_M&0Feff57*f zy7~(1>aSRr0=xBJ1df_$>TFX-^r^4a>gWd0`~YR*@b-AEQrvW< zU_R1VDNsmj!5&@s_?c7`XJkF<>!4|LtY&VEO_`7H>EP*~xC+k!8=dZJ)?pqt!^~YX z*4SnLD|PsGsA$|q|7Yv)gQgC@!8*iqLsExL0v&A&bhRT8_XtcKnrP}=Q-}1aXBz78 zL#7U|+fp4~{`%|iowO5^>TqF09ftpU9oBkTjh4Mxzd+oU`-OViuS}7axGkq`?0*{K zeiG%~Lf`e(De@t1%lXuK{Mr<0iF-Y1zdl7;;$BbMZ%mPvxGkq`lubk2&1AEcxa@nj zAjgeU@I>5}d8*6tnJLl|x8<~rJT}CAaWaoviM#F0Etcn-Q}9IG>*c8-?rZSW5O*s) zeQOGyhcB3FIVMIVNXao>d1EGs{{AHi;zV7~<{##iI{1=O z^a~&z<8K%Ta*Z+`2vRDk0iT380~qn`fFB8v5rp7n2r)0gV=QgPdLK4@&$H}%&XzvL z*5?Rx^tl3E9SZdHc>=rjSpr8*bakHTgXmMw)%u`!VMuVl^g*tA&~!qqu*T6Ho+6oI zAhBm^7{TvUjAOEvO@F~j%|!2$j33@&`ko!?r_XKmG0-(crWg%!Bms&uxE_Cq)qkcL zOW0P{y6B2zT;W;spl2VMO3!c~u(pXRgTrQAWvVM$5Z#V?Gm7SwclAWks4b#sI|QO= zo+uizR5Vu4W}1dUIfwqfsX#1UPpmdWRqtQWIpi>IIGPkJU(o~v8$*Y z?wF)z6gN%Mxt7cz=8P6Tqahy_o3nRmSz7-ZKOu%Q`!{jkF*~JzRVtvjX>qoUt(RF4 z!3$l9ZpJ~FpKM(ty=4F3EUP~r+uByIb;rYXef%DHe4wU}IK2Nolp}lrqNshM?e(gq zi|cvD-WluCplbD5X3e-5C160KqItY2cOweSAZnPGQYPZ2(k0>>RS6fgV#T3NqTW1c z^yWqC&7i1(t!E2#^elm{-d3Qew-X4x84^dg9uPQc(y8-}-q5FhkmwCe2EWmRcjWL< zmh)7AIHrc8KcE!xlNlJfU^|rW@9@skBh(tBPXVr_G<;N|b<EJ28D9=Q&HR*l+|bwY zlZB1*)4B=rqvpZH1o`MemSC0Ij|OVEhTfz;>#Wtc)M;(j$wM_#uV#IKbIylM{rr&i zQxtLAx-8JqC4sK42<+B72pl!h)EZMA^r;`SI%Hp-_3;VTN2NI$0-H%YR*yl7Nh@w> z#J93K;%0gZG*FsueOcfFWFyN0TWxk+7KrDR1?$lG>=fm`zCrFVILIy4)Q04Pk^k$` zuh01(PPLEuB41l$?*p3W=mi2@y|ch>Jx}1MiKegy$aNX|Oml$zUF#f_*R%&ppKqi3 zaeJ62N^=~mq23;NnXuLv{{6O4v8L~5>>S%d`LKFhSaMv_7JLh9G5_MY4~t^)T3oFy z99(M)TU&j@#i_-(S(S_lO$Tm9ifyI`=Kyj`Lq()6BXu$?lr^A!Ggw6G1YI93BK{1- zm+>Oj0y$npy!wDK4woS#!Z~C_czw+1am=_31@nwm$L-2CKdJ)J=Khb3B8^V2hW>og z=;Tjm6W%I1XY02Kbo7M+UA%9z~h{`T5NhdVXb1&wc2C=?6Yo$3asj_YLiC<7%aw zTCM!I+rz)5-wnMMhR&16!)7g<0ga;+>CK349F5TSbG$*_{glz&pHp`)6~(jll>!}o znLt-xF3{6g2!!rlWgMQq+Bkf@P8{9(9Rf!UCAHS*E`92kb=@6AJwLXY?z-p!KZgo3 zJs>_w6@9nnGb0h`^%u6N*B_ipua~?VMcnd`wnYxhw3=_@a&n;LuuOn+Q#>q#)0e|I zH**%98GIJnoR-O$(=v=*KP}_cPs@1e(=yql$zYSWgzwb;6HO*tY?ATP25Z5$O6$CLlI zfEcmw!4!sjiUFHZeFjXS`n7@Fykzc%xsz+*VMOcGjdljs@mm;6H3yS+w_5N_NPTpf zN$qZB;vO{<)h$gXwltZjZfP>HrOBj5p*2gBG5cN(mL@3g))q8Qor@VGx8Sws&Ot`z z&iEoUiqkp8+&LA}C^48g+&r!&dmdi_LW6^u$fdAiNNU64Hht~F;`xWiogJP^~{jfkse_Wue9}?*4PY8s) z!!QT~Onklc5##VR#xTSL`cuY{(HN}&)2$y6IBIAsWXax}KJ^<~z<%8AyBU0Z_FuAp z{BW-Na@q!F(tSH#PHXJju|A*LG1Oq@^-K+n?A~AbE!)iTqTaS%CD73)2z2#{0zG|_K(v{YjlBPN4MTp;HV*~#*Nz1r~W{-!#peCnGFkv znjr{`7m z@lNB)>1*5W+Nwc3c1fSv!4P6Mj2X~f$|jMl8YE+v*Rk&Zua8~Yop{|pH58F`e`ky9 z{;8Oav!gb5%0W%z@;|?|nHto%W>AyCpeAF!HIj|P@#)R_pvEKtsy?WRF9>i@gY#%e zJxc~PF>y1fF=v$g_%6VzrZ?PCAJcFS_XX2F{)_G7FwtpSA1)B@QVVqT5duAZq(HQf zqm0ATM;nK)j}b?=K2+eSp`f7l*6g_CQO+C^=ih9`Hou>Nr8BvnuL zAf}l;h~028z*>Y|&W33l&V-LcxAEOp-f?J^X0-AkftZ3H0>A0=xBo0!K}B^$w$K^eLR!ir2`0 z4|zN_m9FtUZ^oSnOUl9mmA88nt$fuE^PYP|{(G@SBTR>jdUY))pQZD%DxI9Zkp zajcBX0zG*z#K|&jDCS+$*&K{bx7dL0Oe&*{^s#Cx-Ut3+E zuivY=(%SBRUSs9nNsslFAJ^^r0<=MtYihgx_J49rUelB*?0Uu=+^lO#gQcEgLCP4{ z+R9T+RlHp|_ZGSddn;YkK*em-d=5@W+ zVP_Z};(4Ei;0Gtb@?+n@He1fGl=^-+(LN;G!bc4CE|<-vBYLYiikDM3hnK6m_!$~E zv5QZs!MsSJ{nFOTm4SU5Q+V}m9?S8@9iSKD(L2~g3BaUSHoEhswwZ_Pr(Aserj9;>R=V$W1 zpDWAHY8{Apvi2;_csKA&(U3{IfwI@aH5sh8KE*bg?2>2xURnB^i2X`uWmLDPrt`Fe0_^? z1o~Fv$mrX|(XFo+IBIAsY!9=-=`)+C^|OiJmzLOghLE@|pSi22ePN2U#BDh(^LZo6 z{|xnv(x(1rV*Pg-_5aZ+^dI*|gOMI)ffnEg#fR}O26QSnM19Id-$s%U=WB99(O=+< zO0#3XMCYBE7EyPxVcUWaoJ_>qCqz1Y>vEbO+}L7g3aS;D+T)eKX8UmY4O#i?S^pB4 z9x4pph>rY@@gIVl8VX9W1=mh=Fn;ARNqOhExH4J+guU*M$lKThoN34v_ls^ITE4wgT}2EEc>p1J zw&mNj3S~5JzS=z}^eo8w1Ce>q+U`A}m)^I=-o6w1=shL&&OBizy=TYXfoUfUOe5l? z1hM3Vfh9z&F^J^7Qs%oDlG;4qYMe68_vF|c=NmSX5&jRHlFlUl6NX|sF*|n5e_WiH zyF@xr99OkN`fl`n3R+GO^sN7l)U3NUH}ihAQC(LLgo zF*I#43^r}?#SpxHT$-M(pAd*kRsvo9q`+?dIf0`l8XuTp)1*&fVj`ayEGUn8!Pu2d zUi8-Tde-Cx1Dn%d5?Z$YvOq^aCD7IXA+TG2QQ)YFrmi)4(WhXJsVgIYGRimdXF`$r z9FzzBH2UNJ1g?y;f`mnTXE6!*%}@PFEhi#y5MbD88?7cnoidr|Ob+1zSc&@G(#I%ET&TTvw1mx?ZO>)+;X9 z<3aO!wRq73U;xvLy;-alYuy|%xcP-&&2)TRZDF9 zp7j#y36qq6vQ5?MY3j-`HKuU9XgjAm2xT3D2+(qK;r~V4o50CcRDJ)QdwZGbS(47o z^ke}hEEz7-JpmHHNy5Hw0zpJTb`TNKtG5YidOAi#RF;5ap7CpC++@!(4Km|CBI$WdP{L*qK3eXuG`s;YsGun5|EacklHr)qa-m8^GU`Pr%zmzi5@-rM1t%3jy@qQU+L?4kqsxt+)- zM&sP)rk0M!HfftR17XccH*KU67w!ep-KRFgKLYY({&nZn%b?GQo&H}5kN!@>Gi`&h zHOP%B(`QRvBEkijrOtE5!(uX89iAV4f@X@gXeWfa6fWhfo7!qUlZ&5v$Fa^iW3qsVlBQ_ST8-Ev7}^aM&|UZ zrzl6-(Gs0ZET!;na);W=@oU}(=?KrIJzAn}YQ^pyHWaqrwoV|2*of?opW%# z<3YA~&#~lAdj2CBTFWR6joWuM=(iXmV$W;;GH{@^+~BzL7QEHblr7!IT++N(4uN7{ z|J%tDdxOTeTaENOLC@Sd@s&lqrB{qTEFV`wW;P$ck&pWlA92xURhqR>Dy(;zT%Dgg^aF`pos~P~ zQ%RYWa!cWvak0H!R%I?Gypd!CH}PS4b5Eius_`mMdBf}^!Z3JNoqq;ytua2zd)9)1 zzSfs5?^hcvXk8gQ4fQ@|7|^;hh;bJ#xS7aeTd+SaJi@?3YJ*b}W8*EwOSM+K2jEX@ z(2((32O0ER2OG?{4l!8Jx`>PSFf;IAsKId;F1W?TD_d|RAB*Dx;$X0u#=#nk#c{Mj zzx7Om`PMN83tH%NaUACi1+5keQ`GVy2A-TXIPNF~tj&pA*<7q{4)Ivx{keIQ3! z7B5STK;Ex4nAZX$_Co6WUu85L}@6!$DwKvGh`%Ht>p|i{|pv^-#jJt5b+g!oR<_cc(vrWn!tsz_PX_ilI z#8ULsmTRtOn=pb+P>)-&){N3F46fi#5%sgK!$@fdj?^*f#a6Z}u3OnQK>f6V2cgSii! z>Zl0^cIkcU-^kNM7y96gZ0CZFy{SVws}R1O@_CxhIngir>g~RH=`&oENqmgow=TYS z{C|s2dh_w{hiY7DoP)@6|Bbe|m5aVMxRtrATl?F}Mb4x|-)8lt5U}mCT$|Ic-EQUL zmg4z<#tWSJ0+}B{amxqqBwgqs34L_%O5=q%i~fc3?dxo^(SNbvO!}eFTZ%6MG+ye= zk<4s&hCZU_=(}@)lf2K@lni0QS%D%K7UU1~)XboO2hEyqh8Q!qQu#? zA1!Joa=+r}ME{weJM82{|8aWcpECKmeas&xbXf=TTRR%ew{|i(&{|?}+<6P`aD2*^ z_P2%HndBKO0|}pVho^Ut*|y8?%C|XXPXLc$7lW6>;?r}N@V3i=ZQk}d*73&Fx|#MlLXzgrp+<6P$?|79hU8gMOj)GUFZMpBq zYm$$7`lR3$5NBrX`Kq%hr@=bxUXvVoQrBue9Fv@XfH+1j@#2w(8%!soT1H>R@EMMm zg2vprzbRflby{S%;9=x)Lu)SUc;1+Mx=!601)bM?i|e=uHmniYQC;93f$WMd#DnY5 z-CTs5OfQBUOD(!ds?%c!%~ExhmWEAW$-Z`mVUfE=e!f{8aa;MR&2tvR8^%82xCP&V zZyXi((<<>Hdb3*)34eyQ82*AUqMO$Dzh}y9nUx9S9D|H=3^L9!SZHxMk~Y=nTPvKQ z(AvWc1Fcbm;6;0OSQINa-o|XEUg+ksg&nZ3T4C3qx39h^ zjvTO!_DJQpJs_9+9vS>w{$@>*t$FheUW#Z!Rw z&cbMsE20VD=Kr2UiuGI2H~?{2YH!O{!%HZn#Qf@v`BF2#hHo{zOy&mtaWQ-?MmGiB zNY{gGUfJmgYLow4ZDVv8k`a8EdKJ7*L0->?OCeF5NE4b+v8#c2=rXmC3V~2i#f$b- zuDj=%?ns!CeqP88-vtk&TyXzxLGEO9nCP{0Sn)Qbt&h8Q%g-G^8Xi{~>YbjwOFXz+ zM}NQFWk2GrXXKM#5MHk26stEBxuA3Rt|ITpY(&_qyD{71V{@L*V^hHucxZRQH%?oiypl?3z$mlgd5%gVKR(P?Byxz-mo40c7YSH)S4 zYPZfSw#YHt4TW^O`#8jqg2L*Xb7myv@c1lhE;S1q{m zWHaaBPsDeh95)oadurD0J6k$FSaK z>6*-yY@fGARNaem9U5!(aSq{Mv|X@R$@i~e+9)dR!U+F4lt)!h#}r$~&=(e)`i^!( zCm(g;foEwPE?R?)TedI8YkkZ;C~dW*j<8y&s3jk0srW$sc@{~kam=o*eBeAcKj% z!g*}@#pXKAEl#-#NmB$u38-snxo;u`;Dj&$*l<~tUy z*w^vdWA`9;M7!412=3B3ctbV~1?(KI9=xH-KbsT|f@(cbbK~S@#kaaQ%H9#}6!87% zAjmoW_CXSE!am~J!Y)(CZ_T9I*(}qP>TOB&LX=&3DH)aU28`j2d}^m>l7C#1{5W0g zD4&{i^0vl*@Z>(2z^%f55fWwOHo5%n3~mx_Y2Y%8xbL+Bj(YHmK%aiGL zxfuC2g2sZKwnsrk6*757#Xbg~*7jJxY_%&+YaIpBT-ENl@-Sz{%UlamG~w?Y4A)@p zgjYXz2)z2@HLfGB_Ir^v9hrMllyFPBFB4t4q+Bcxf0cYSRs_ZnzY zZz_$qDG$7GlYsWol%q@P?3`oI(Az;-v1+A%do1Xod^sj%zB`=n8}Pj-euT~EjW;Vp z-g)DRw}rgx_DqD!h@eIqkq$24&{&ES&3r8%U78BHgGrNqaX--&eG=MkEa=3y-W7d0 zMaA0`O4jtv^E^LV%BFeJeX7{}x))hvcM(P6@-1{mHACTA!z#zjs0S)}c{!Sd_;!tV zkgg4CQ(U_IT!l1AFY&FxqT7p`U*2kVdk|PY@1lZ_3_3mTS@DJFjs& zzNonG0=SyK5G7T%2;N@en~rDs&olDA8RE*c+;eMUp|apeuh|LXhVktw4<7k)D`HdJ zwMN!+oM z(J8TkY18LnCo7*X^u>uP!;?l|A@~(jx8Rd?GPe z;^q013FfZEaCc((lnkZ|jZwZO^52j4V~4kGKFim)aSWl z{ok7;CZ~IT`@(uXgIBaW>8-A-z3!Mwdm3TiwD|b-*p;{7zi98ucjYJkPKIaRFc>an zUX0w9n9)<-*(9Ucdmp@q+`95MEF<{|6;vkNj-?4XWH6QDJB4YySAj&q1)Az*Ez{YH z?PmGL`|vlCF9qZ9Rvh^NkHP6Vq0#MKld;_>?VfKdGr_0HRcj>N91wZn*&F7RBP}>L zPP1KJUq|3LZ!Jpb9ELOQQM94jDt|5W5p(KueS7oZLVHE3tLFJ#rE+a(s^bOr1Xbeb z`E-%Kwubgw8OW3mULomP?y}t81WPUZ(2}K=JH%k(ZC|;xL+=$ASonTF~uIljOOw^3@FkKL~l- ztIMYCu|07smb$%C_#x1JgO$ORA4To146a3UpHuIt4BFEpJ!9{6*j;#nrQQoxhQ9pR z`y867dxw^Rxt@19^hn}chQ8w1+a0==pk?40G;IbYMk`R!mZ7g>>_&&KC%$Fq>l}NF zL*JT2DMMd*j7^Iof^y(eA_I?>UG2~kA4|6kecfYdL-PH2f|jALXN=LY(0XXbe9O?+ zJH`=2p@$RSGW5+&qLlpi&8y5?b-VLMwVKmcsZ>@yl@p~p;^_L)7M|=UsZQ@jhW4x41EJ*yE^pVvQ;b9RV%TN9lg}lFm?)ND!Tgg z;KLMZcs&gz_ydJ!Uy1N{s<0OrEpGcU)JGgjso;c(p+4$RokEoy>SGS|H#lRW&wK?) zG_)QSs?(u9?tD!MRd%RPI25PWa`U?!>XQy7$(rBoPQ`-2a(NO`tmWjQ+mz<{);uo^ zJ}tJgX}&D=(x+R5%QL;y&a(iOep|xL2Cg0LTn2(`Y2>E3ERQ})w3TY`23+i5MBjqi zw$bN6mabGStPEN!oLNops4UoIhdaDb4at7@JpRNJRu*3PS?tBWg_VWYu%jheT+t!R zP`4gb+cX7p55Aq=GzfDx|1-4niVpK$u66LJ>gVu5TYX@36cnPn_~_i35WDOO;$}V$ zk(^6l=A)YGZ(a^nKi-SaGv4{p1zwYt+i9Ed<>EE<)nv?|;EA?Z{U&lGvvc0{7q_aH zpiM27&|i4gC*KrJqgv<#3ej;uopd?F|SvJ1s5C+Fo32vv@JScc3lkQeR@*^jp2kzS;Nf zSL8H(-+sDTzp0^q%W^-n?Y^Y~N_Tl@H{{#!l>9G%Xi(GeLbho2rzXqr1c| zH1W*pilTY4+HP`aH2OMf?6s6DFK<>lS}J<1pObS|F1)^^g36SxW^51v zH#po{5h$c0P*CPe1kzpUek=@ITfCG-B5e{8b_Obi{Wj2>B0Jg5=#02%5DHs$FoC&+ zw5;QU37wguj`yZpQ5UoV#@L2u*8hJhYAfpkZ39LBe_Pg1Q^2Y$%h@{cpVaYUTEIoG zQnUij9wKpNw6!HnBeQiSoF83L7@eOHPB$O09giPWhBN5QiG_}uPdilU=$UeGrSqvO zKLS5PAd>S$R{5EDv7;&`5-jGinrbo;pH=x^uKwTsPkIRIv)UW&=Vydf+`4XMWLSsO z{y>}HOn;QAk2UcF)p7Fk-663nX^q+K;Cgy%)~u;YT0YluyXM65&2)&yd{J|2AgiE7 zM^|b58g)*4ldeXWV{g(m0)^Ha1hy1^BVF%aT4T(=mH7*p^TB6{Jwu1Ws5E{T)4A5s zd84Cqoul)6h5e$V^9Px~WOVLvbhIyrxiu}^vtLDJ7=3W&z8v2+k>m^EyWpa0a{F`} zxYyAi+yid*D|I_h49lzQ<^Z$b1INtw3 zehWD%`wuWg%*bzC)LpyJ+?phbb|)tM=_g5~g7L@+9rkP|Np{MdB;h2YKdWGLA{cJp z(oVU(&&*YwTx^>=`C=y*$v!1&m-Z{n@wBBTJ+<6N= zhhVctCR=*up^$roJfKd_k_Si3$b&{Vu`bPL50rG3?BGW=?7_)vDv$iemofhbM@dHA zQ4;#yIsx556846SVwrx9#Oqw=H!>$k@{>DdHoBo(%$~VCO_Jp8o9=4o?VaDAnzyt{ zY2My!dFQomHR!i)F_>@NW^kZ&lfiN4E%?04TiMdQ^=-4y z4URi+!M%=A$Y3UEpB|ir8R@NlzAN41QVOr4b_8FcOnWFZ#Fj4fa8Oi; z*;`5~gyU^tZpq4|%;x8keSArMK$lE;`-G+4Ykkt7-@40SzIC_3f!4w3 z9(iiJ9QPy77dl?QP7JO0882Sz4ugK{{RRhGypc`jjyvbzOO8j`f^QJa%>#%Q6K=}4 zZ;IB3EsWQ?(;#=%8XRbS$l$nh4!-PY$rgOuXld`ki=ef*onL3nl3yC7Oxd;iMwed` z5GjS<;TwGAe>A`LWf<-hmhf(B6S_)1J+JS(4Uk_YLN9zXu2Z&1I;GLZKTFw}C-*Rq zqU2UivzYAZs3c8{myT6URSsX5>7FKs%5aaG? zol`N-N`d?KaQ;CgRhaxOwgOf556v2`rL0zK3Q)1qDp8lmMeG_ zrmTz7iX)eK!RLXEA1bA6L1Bp^;v4)(c4l46T6YS+B(Gfa@*SMeYY{>>7S89cAy2lI zO!7LE!u^;?V9=|#UyGY;?Oyt%+QM^zL(sLo3ylX!P9~+nI|wOumCB8ntGmx- z9?h(B8m@6c%C7Ea6Q4at_d#Bdt6e}sLU}0JcR0SDM6!Q9@huS_{cAj%_Nn(e=;-g} zRoM+ZkZ?_@)f^ysfLC$c?hWM5OEe~lkD@XVbE2E&KQi&0XL z^TVH#rAC$7p>&Lvsy&;v6j88id)5?*dSC;BPoK4!U?_QSCWvl8x62{9QOj<690tBn z4!XbpLJZNRV*2HnR@NZb-&g8q-)_d!i?U?;%FN+kAWY{NLaj-Dqt-RQE4oR9CW*T~ z$gF-E>|FUSjj=GoWPhalu*}oSYYox%_X7FrX7b<2musgIlhN*(-xIy9E1`V|YXMVf zGgM{?;G2?%-3!M>x08%yNg$xghYypaN=NiLC2zCJqNCOc?U49JZ{*%fwhOZzD!%s; zhUBnn$0we60yj1nx83p;E+}n00=YGVJ(GQt<@VE0lm75zt~$~=a=^K?wQz>IoqGXL z3lzOT{e)-KoqLQwg);@e1{^t+`xyT+=H#~>2CbBRp1+T|N=hZ$+dFf`8(L)>i`a{~ z`&_SDv@J-!wtbgJ{DBjyYN~%iiq-DX2HVUw?T$g}c)Y(M&*(0f+W|SGTjJ#^+iG3Z zzFoHRCCltBg=daf!8z$~p`kh~Dl~R2Gw3|hCTQ(ww5$O}cu9b7t*{?HiaAhI%nk&V z&STiaZDE?F+G4mA1AC<8QgR+j;m_n_2QchbzU z1z4-4Gj3=Z>|~isxj}zdVZL9ne;>B2z-XAHzj?V`bG1`!iw7ycFt_}coUeSg<=kHo zLYY?=n>6LWA~4LF74+y-v{^wfn~F9o=v}9x%?f(Asc5r;-hC?Cte}@qMVpoO)z|t) zZYSk?{93)8rD*NRY69ADd0lISfV9)sAm71{jSaUM?LlXjHXsEY_TqI4zr9&);g&hI zIfE^l2uK7c;Y$iBUW4bz{1ch`gGT|rHK~o?VWdfY4bg`jSSZ(b_lk`(&{NEl7d)b1 zn!l?r@H{;T#-5n`a6dPf9WPHt(6!}y_NO>DC?o zXec9<{pLnFOTYRp`LmS#iSO`gikbTMUZ5M8+_YSO(#1HW>rvvgYIo0Q#)BA0JUoWk zI<&4StXPBH-Qj5OTndjM=c~JSmWGC1KZa_eo@=;Njo1V9lJHlsHr!xQx4hIIY((Il z`2oc>?930zypzna%J*wREscq5|21#=iTjXYo%-{9?pXMKy~cQMzLZW-y{aF+77wGI zM<;j%38S#IuhF+Qa&h<@ywCyehI^5!s6J=#r0}<3%SE?SkgQ%0Hh9#u6cxVKW zKVsvCrYk6Wch26}8#J{h{2e6fo!smGBRp}wC*27?eDh$)5xlbQk2|zjx*>Jg=VrIx zyt{+Vo+~O`D|bWi2R!!c$U(VQO%WY~&cX2Mt#cox_}PQ(Upe?A(OQ`e?PEn4`)K2bq4pkpj=qQ9gFQ`*V-~w6 zDppKLgS(@=C->a*T^A6=6}F%|e^sSCY5-~{m#`K`Zb{b7KBe45F)VtizkkYm><_xq zvAzWi(l)@4eymV$L{o7qCbXfdYGD^Kpwk5$ZM6Ht@MT`zdL&C)=4-BMqNOQD%opO{ ziZw=5gm^rIVEUyP{5gZ@5rQj`(;#Ib=I}{qBx(5*X)&G?2X^5Wb?K^3!ZlY=S*@Ef z1Bg8mgc(5WnIOynVy^^Y1`y9k5M}@|mLSXkVr7Cb0|+(wgD`TE<8O(%%arLMw-0A&)i=dmDs}J= zylA-dTu3q8@q#T1^Dh#>n1}!3(x#=`c)@>zb-L%(8tAF=Z(6#o7yL=S_b0YZOVI*y zW*F*>)^uyEbQ8JV?RV&jgkq0#b@Us5#>EA833f?!(RjhX@Zax})~RzWZeWxSK&5ZQ zZLc5fPLnCbA4!q5!ERp{^M*F1>w(>`^>N{$XzfdUVS;h`}+EQW{2khZ}59VrN*qk!p# zcOj0Rj(FyD#4%G47^3^cnG#jtW~! zELSnLlvrym0T{5y##j#fq%!+HP~GW|AC>WGiY&Rj+R}QEWN@zbs&`cYXPk)y$R2EHbM%$>X0K;<&eZ&ogo_ zeS>%AYH88<5_0vYCA{i0p#x5}Azf&Z$Gr6&68`6J9Li2k6#0md=o-Xc zNs$i=SvBNfiu|#VY=*$+wkeWfb#6?m3zxB{$ZrbyLq48g3jawNnEZ?}N0nlN1E~U5 znN6tdO@YL>?qDgJkd0lJ4YEjRlevVfBu&R5T`YllFsVyCNY-k{ryh2sa4WfTasEOgzVH$JWCd9UX}Tq4!_iIgE!>uzhQCJrT?}u84v63&9#ZHS5@DB zfa&l#Zimn1UX5Jcz&{ytsZZ<&A0RNX-d79`A(3%+%sh@Mp~dx&69vcHjw61nX+!%5 z{}SrXMac}5Dxr3_f3!z%K~$qSXqKZ}WZ$5G?cTb@TE6S8{h&^CblN)!E|9i~D zpC~-4Y&+hm{Fs)pL)P7;%ao11X5vk?7z3}a;6#<2MzCf8@tg!<1`sDD2s3~2F3?QDHAj|;b)C6G$5T_*wGk`cfL6`x=841D+AkIt>W&m+kf-r;BlYdJ+F;SHswcIFje`Hz>i$+9ij;% zHH01fX%m^Qv}1lF(HSJ3lfj_WKJE|H&#Uk3)jK@hq+I4KgZZ_-a+G673gRrqTCqB^ zfK`BKEx70va`?LxIMLF61SUZ$)w0)B?XIn2h|5G@xd$=m96D#&+|Hp;pT>&0gPfk1OyzhuM= z<#_B9-Nf}ib2XH6wdOT({f@aB%DE1tVPWTo=4z;vo&UVxXbPXFrVx0Z;AI|zFixj# zA%|LW@tpE*cJr}Hr`yflRgv`Xv8yfzq43fT?ief z4J-ay6`+p12ogA0qX1Rr$t;bUOrxU>HS}_+%woUJ<)Q@p6b_+G$t7mh}g0=IHwqBNcpMwOG)q;`oLH?BAOOr0m3?QNe zVFnP51Yrgc7bOTYfLNO#%&@3&8qq*Is0xygUF|l{&-ZrpcJ`KgyL!8OdwP3&=LQ

%Ub|$#-OP-HhshtJ&N#HYg(V1 zXucNT?3(ZBJxnG|ReRkW(t_L}r#V$u@_RGsXzRJf=vOA8$CD)2NCYRy=&EHg`h&R| z%Bp2xI$YxVcXKtAb2SYtaecyE4dq--Z%bTDW2za3GS?{zH)&Kqu>+6^?f86G@H|r1 zRT^5bjLFf3D>?=_%*WrW>M2|NcjjvN*Uy~?i{=u=l78ChevjMeH8AcExx}V?5z9=A z{oq}YbNdKRB@8p<=*nk-qj&Rzv*qZml`32x^z1O4Za#Vsb@0mDY<8};)LYBJoyA8l@u`K2k#Pp z3n%{Ewk(?12c0JNw|L^Vw#zo{BYn*COx)Ub*>2)rZOc&S#Bjz|o?u*`#5B}3@%xNh z_r&8FThD~fOC>4nozPNBVw*d$OU7;9#CXQ7G9lIzpYtaeqolUJ3AE4D)<3Z*V;h)Q zk_lIxV1X(1IjG!9Z43K1jVxb(F}2&%ifeqY8eCf2S}oTWdBwNyLH63!ukL!+6<%?K zrj@;#8(*;ek%5tA!MO;)1`!!K+i&dtW0;s_&*JdC2^+dR)I&F}JdOKd>Q+qK(%-q_yf_vV30Ea7min>YML&0?-wXBn z{>4zx4r@)cy`HMhc_-(V@nKPqco%&d3gKMB&C3mOV}fE__A75>V=UX9D+XOGM!R~Y zT92gTR$k91t#R30tTJhrgvu_T8)N*zth@Tid62&77cRjSC3HTY`jN%ZEFYnrjfQC6 zUH7=681~6eKcB(fS@M#t8V>Mv=0P*F@U756mCr~_Nn}U&o1HB0k)>p-yDu8*DTae7 zNk`t5M21%V_$;l_G>NNY^h?R$a4w(dh}3O}d6d~xtef>{m>koV)KjwL-*JNt=rd&oAkq|jI^tgsUBo*%w&o^3)XxL z$8AL+_g>ttLf>BBBryx(KH1e@`s2LS)=l9el2`VUwz5Q+XY-e?et2w_UH|R*FXQhG z?YL}i?U;g}uNF<(*vI26i=mZTw#izy&04n0T83f^Hy>G@FXWy@9I8h{Jsd<=Ti~i% zuo1Z$nj7N=t@;^mpluA6K+Qf$o6JeS4w~VRJ1$YAj`Z`(Sn0VCqP!`v1GtfB;!Ut* zJ$Cd289o%~c8c-_Wtw#HaY4W-8Q(UaD<2f%ILyF@fCMZ`c0870aB>)p`@iaMA8ns|t8=!V?fIeE~<%itFSzddB#CeHJ`)e%iLWgS9G7OM=+}ByQ z%w!@W^%9-1DrxujjM3Jpe3CM$@0i8h1!jWP_iQ)d`6ET$n#Kc^u7@2eFIy0sx|a1i zhSDu`E(Pk(CRnd_GT@q#k!*_2OjFe72t*fviSuGxhk~7yh45+;;GBJm!TLxt#oe7^ zeaC1*NJrEYpT0R!i_cN|0k+M74TX{ujjX9ANUNQ_9uOiW&Q5%9uk8EpfXvU{C#Ga1}|bt)Av)slkV0 z4zEdhpAx3z4YnlI$`Flx&LUQ(}VW4Pa!z{wS zWE$>B?1|QUTY*?)nQ8M<=;$^oxL<@Q}=-vjNdi6katX+P<7$|Jm=K>xPf*TzrZ=5OTm1`0H(PfJJ%^WBy8HA-i+ zuTck-UnxtmKlla`J!~!``}$WhAX}WbFEr0~b`jQfJ92aM7p;F4;yJQt{Ur{(+JQ?Q zc#Q*>Iq+HsUgyB;9k|?qD+HX3e=9EI#xjz%K^nmXd;6Rk9UTeZ!M^Hf6tBjRaUaxn zP)afmr=}s4wv59|QU|3r<8Wo_p!8=PHl+^YDC2N<>L4C74&O>0#C67DGIdZsWE}pO zIw)r{4&L4g=gKSVm~^XJG2E4G;?fC_!CR-}wUkD@2J>dGJssdiSQW25Jz*H85p~v_bmjITZEn7(Tx?Ie zxK3`q@7Y{Y@J_f}WA_oGNW2@1sz-6+wyAyV0^cs>;EKZZCXO{@4^R(_?dcasxX;Ja zn2LEbe6AV$n0cb1%68R|)4e29$z5SS(}@^IZl1`cH=eAiy`b2hoXPmuJB_e*Sg}0` zu!)`ALf+_R|L);oQ9^YsT2G zookmuhLBB+tuR7I$EvVQJJXznhW~@Wb=@eRqgyHry5|2@Y z?NM3AkA};^Ugqa>@{^Ww#*g8iVSa9spLC)v_A?j04L2q~wPsroG9GN^Zl!rRr7iQZ zhl-Q=F27_)RMym_8TO}l-io_1{Zv+YzhJ6MfB z?J9NqFT;)CmOtu6`zI2rtIup_vi9`HJCi>~yGQqPmjib@@F@XXr??Z59a*jw3z;;n z#v{M)71DGXt%>Z1jQVSDqbJdth@jR)EMS%4N>efT_FWk4h&HZk?u1)9>JL{(l5W;e ztn^;R^}iOu1|`WJ8*^4AEjkodoYj(;bli-WK8>@Dm&^d-GYP^BAU>NQ%mCt^1Yw3* z^5%2$uxR}k9QdMuWy+V+Opz(hlzW6!*(gu;w>;St=ZT>5#KKvgh_c_*x1A@lP0JIZ zM%LS7YYoxgprk|_l?i6GBqe)T{a^wwY;*apKtU(^Y>&m4L_{M=Gq`cVhe+cAN~5jK zMR!0k{0v%wr?Y!SO}6h%N!3UE=*x+d-*(f4eDr3v-UMVNi!K~xC**ggh5T+NWa2h^ z$omLc-`0;F$%GItypo6+IXe|+FbB$nsw`Zvh?jYQvAm~L(S=*Q0S<*M3<2y4vDnS{Ky8EJoyD#>po^=;X9gVM(NGe40%SjfS z0mN4lgc+P(b`a^-&ncUJbk#NxzY?9Xw-EhJ5q%RgJ>mBuN-6$OprF%fwiNcD!Gca0 zS(IN*VlV?yel0GT% zy)uqJkmF~`{kY(wgENjln(lZ^#_@q^j_eNu6Ft6|yrB}uf`$wfavva#2O$Ifw13s^ zs&4f0EQwE2S`@m{m~rKz7|OD!1BM)Xu|#HEb(2vCHyOzlu~I5Ct{i*9wZmL{xZYF= zOogtG8;0uqgG5ltm9Dgz0@zjjtujKgo zw%A#tl*-D%CM*42{oVaNTr2Haax-O?t=Y(m(wlKjWJUEJSy6&Bu8FKztKdaSamF=~ z6}ciSN^-_Ek(GULO=aZ~SfP`2M~NEy;?%ldWzjwy`(3Q;ST-yrC96u^?6#NqbTp%jMQrO3_MoVH(ZD$f|>FchPIiq+Xz5!{{dT1HK7YpgTgM|~U*!$VTgOy^X93DVY zh-)n#N3Xy~X-jn-%2l{MO438L0|(;Hg#_*h;;;3| z+GZv$VDIUS-XYKGIn_z(qU1k`?^#r(A1IBB)<59DgAOnji8UrR|HNvfOtHqK^u%qV zbf&}L$6qUMq(=%$XR?r{Gbswcsc&0nl5LvKWGT5jdN(O=D25G6Q*>u)RobF2r&dd2 zqDNjES31A-2)?Lcn*|E3Nde9TJPfq6!~K-o;nV7u)iXBi8srf!!MMIz9a4qks#b%gO2))qrgostr^a1HOTV&shX}L&9Tj@y^Gb$RoMRMoF;pQPA=c zs9e^`&cmsMD5z7d0W+Y*k+ev(TB@E;Sb9E|A+6_Qt;>46pNN#STr)uXrwPIgARbK+ zW^nzP^oSQS9~}2*JCQT79?bMS*RLY^QcSbTj~u4-UyIS>Tqo!Sto{}=%8wVYcv=j; zO^Z=q>PLGd~vhU*_;teA~U^p`@tw3sGw~n?J`& zoi!|R$tqzpJLRl%h&k%*k<;oed6?AGcE5OsYU!-~;(}~X zFcSUL-Qi%`9nxuaYBi6GDhZYJT#wAsa~*+u+H)Q5s_g7N*Mxd57E9gx#$N6%xt-!S zjlJBG+&vE`^)+Bgr8vSmf}Y6?RH=2O>6dYS8npZ@9yKjLt^J$U4(f`8Y9MycL}^OHIh)6>+Dq}3Z8&H1)m=LZU)hFp zHeWrprTA($oGK@4s;49k4XWT;&YCNR!jzVCwk8uXu?EyB7Y){t)g{K~R9EF5s=Bvt zlPc71D}NQ2hC!Q)*@8@3?K+ z?z1|aX?|skGzzu>s28x_lW~+m&H!QPWBK#HQ?i( zM)>e3_~(r+Cfik;{Zgc%m646FUijH0D})@K+FttVlsOTXryFxa?|0W%=x&qm!QZha z3vSHgIVReJ)TCE<7!8SD!I)^fCcOgtXV|Ibm}t8uy@Fin6~s!W&rq*$eB+t0!A+Vm z9~PE_yXBArv*`M@!AfVy+2wK{*Mn5b!EZ@Lcnm>6?*N0Nk4$zmiY{R_ez}p;`WM!^ z6aB*4u5Q@O&8!>0SHV->2GhE6TwFJ9n37&sH~y+@C^ndlF0#eJ^btS$q&#Y1&aj(# zUCAOdtk%K(ArUPz5Y-cAoN~`XGS_37 zCO3v2 z044=?cVM{#D;(Iv0j_$Nm%SW#h6C(&6LO^ks~lME0CSphV-iweUkCPcV1EY=aNs}( z4szgN2M%%IPzRVw6qUmr;O2kXj&$HC2aa~&nGPJ|z_AV-=fD~Pn^eA7rC~GeGQ~qA zMy=K#B=gG0tIb;bk$8+Gs4XU(P%8SN>rmWQ>#Qa zdR=Oj=te(EtrFp=ct}D@q8#m!S|!raOH!*uJGv>gO2nhjrdEl1^y}0rk&m`HG@&ff zk1kKGsshosQmd*$H2<)~v#LaNVQN*?i0)3Usv^;r)T*iyEjT<0t11)im0DGGqEk|< zs!+5pwH_zy#?)$6s;wv;k1J0eGzG(B>0`p{=y+`2!MC#z&!SE_XT2VD96q=k;aehi zHeJ!WV#ra{8b>#&4ukXC%OE+)xDqDVIE3=m0if1i(BirXsDaY?JYy`LbQMIsc zcL`6?tbw@SxRt9EQtUdrn(ugXxKR!y1q=72-j?;oI@+^9d(9Kf=Phzu)_9F7>~q9m z63Ka-?0Gg`04D;1m8_FDo`XqmiF>w_=Gn&Ya|so&F{d~=$TrL^t&_2P<6NJYF9s*! zf3j~XHaJ;Cq-*Hc(~}$A3pJJ7`xL|vPLXSSD0Zr-?AYq{bfc_KKA|E>%!-ogI_0>|FA#apRa_U8xfuZ>0y%Vh;{sa- z_J=udAPxncGoa%&SRN_2&JlrX>v@1N^yZvbYO;BW{guLmoCGR2#eVBNJ~N$^B}_mY z*WC1P#4IF3^k>4t)^IcUl-yjRG;IYpO(oDJ#6=pO36oEng$tfC(w?o1wBNGDNL+=Tk3mz3!f^CiPo!b7k3W%Q45B?Ci&+^y&XI!5o znSOANNF?yYg z-VWX-xi904BXlgD&Gy>ZxMbX;~vDkM$?EY5Q-!a{tO#y=*B_v=(Sqr|; zCr*vzub8_5evqL`;{yDY{VqSW4bw~faJFsIoxX0|Emv>g^iO*WlkH#{J#PAId87N5 zw0keJcWbm>YHt#9p%#_e+m9TEv+FM;ExIx9LLd^&chz6WH-D%7(7t8CXajN9kavFda)GE9nf#n2Q81{}ncZ~L(XWYXOuNzlggQYmZWP;m7 znH+Y|VZ7w{;2@q~g6B=)OJIF4eyX!l*c4oZ{h|Us!Kr_& zr<01g-!{xax%HKNZch?=vek3RlC+i`x#o@cdK*~leI4$+9=(BzJ|tC6iQ(7co6(#e)uc$Emzd07UF zpfWnKE0wYtHU%Z792&l-C?%T zvDSnv+8CoZciDBhh4lCuV<^_RpLG1PH!#N@2lD@QIFVoHqp<7+(raE0!fRe(-z)iQ z>0vcwh&HcC0gSV1_b`SFn7{vFDz<8V>iYO{q3yi;B6i`&yQC!=6s6`+L6cvFj z17!MQ8z(3fbZ&-DH@USDE0WGPJQpF*qe4rrA^7qx41bYfxV9I@uTpT!M={jF?Yh&T z3lr=>bX}W2B`KSNc@G$`c~wfhzrSBE9u{>ubTzm|TxsLPtul17mEtzBwXf+t##W`X zb&Uc$zPRmYQswwkuPJO_r#CLRW#G&yTy+L-6Fo*N;)lnq$oX>Dd=tepvbTQnw_%Fd6m$`D@58mNC>#m0!dh!`o=5N5MTwKW( zfgHt-D3T{{1Q&Erz&)MKHKecG>ufSxR&Koo2V{{^ez`u+8^2EeWLd?Sop5i$P6gGs z?Z&g+HAZ6c8@^M#o6y`YlUAy6U2eCN}UJuI;~62`oy z9H|S=Ixm3RDE*s1DFHGXhm&Li+cz)q3R*}v?Is52v^xf(5sYM z9~2yaAK&>UuAf#uu7tAJlmk*dE|}>g6b?%2Bziha&7+8Tet`yMNYQHXm^P5>(lLAj zFWs9_#u$sNd^?~-9&ICUUJC55!?lKBm015g<*1-v!9dWj3iz$B3FKQ}mn$tt9P53uGNmi%hu@HmG)qq% z1hV4;-NfANQhzBR#qgUki8%Ie$x7oR7=GKinT40?Cu9{pKX)(m^h?J%-@%Pke^;Q; zx?i9@;%r}P(>Xq1j^);af^)lqhk&ikX6X(lfsMP6>DI%Tj2|zz5ne2Rl5v|c z!fsXtic?yMQ<{%cT8L9xbSVvnsA?`<&gfE6a;fO;812&G0L%1RskbAbiH#G5n_o2? zO+z+qrwskO@dzoP+d=ol^v?wHt)B}NTE75{tg1GCDXZ7|m8=q> zUpxD61pL--1=zYES8JQjArH=#jPT~eoZ$E1nXdCnBVN-=q^a_#hRhY~#yGuwgEpcv z11N7pYjKOgA29b!E~e=~^{@xCcu|nOKg?I~DuWu_^qs7c9LqR8YAZcvBzJq3+kc^c zjY^z*9%-SII!5{QM~JFl`!9oj>rV#rtv?$qwEkjnp!HXS0TB;Q7RP04(~W-M*Od|VWGfS`mKxhk*8dK6jb zkt@_O*XI`K%`;?UzN#a!fvv`PTRJ*0%!8d)`(0#@QN}fnVf+i%a&Nxa{5OU*z%7Ek z`Q!TC%}Z{K)*@%lk7YcEls|!|(cYj7BKhO|fcueD%F4viaw)|$_9OY-luZQescl0_ z8<_g?NQnIM+$s;*ltYgXZfkKHeULpz?D$q5IjQeR$&m)PKW6XTF3)o^pN#nXcI(Nl z$DR2a-YN2$J`}xX-o6F<7VTTIZ-;$5`KoDo87xv4%UF~9eTjW>saCeOrtt}qm2qY_ zTodOGoYQ8f(M8}!H=lG4Lhb$3H1*)@HGAzl*S_=YTe0ta`}Xn8q^Te4Q=}<%e)2R8 zKp{;NU0fA=J{+8eU0~RS!m7MGa}i4U3sm0CMIafUF`uIG+0Ox9V==haHhg#t$G+PN z;qu%ewiCi-ze5ZO;Yz|GmI&br#UZvA!j+Fh>>z|IDu>un2$fnA?M_0d+#I6m=r3&} zS2NLokan?`e#V`W=5>&gK|Kx7RacB3WW^cj97PjaeCV9Ws+tOd{F^* zAwcY}&Gi=UGD4DS`qcTfM$OkUzN@ZAzIiFf5Xz8PVta<$9CG!uy2o%=oSo{+oT8gO z*j)yxzRNMh(+I{Xs_zO=F{`M)KZn)Hm+@4Dh497&w+y^GnMN>1OTivshh1{ICU@?$ zb!Vg3?k5A^Q6zqi`1VHA&tm9F+C}tHIhNvDLT7z`=xKsrh$O6I;T4 z@e4OFGtwRI~QGFg0u$$3AT8BEs19KC^VL~uX zeYjwM>j;4KV1*Bll!Yexs4Vj6tmT%7p^fMia+QcQFZM8`cF>AcZ>xsF!wOp6eo3_a<+N-TM?T70NksjE23NFs*kNDCgX)2FzpadyvHjLZoaEhtJ=*c^xZl*gV-vCR?j)$T zPUfS$JH?>idal8N)~N=^opbOjmv^!Sr}J_8-eK_Y;tZ`bER5GW)1cov%V55Bw!wkc zIR?j_x8T=~rfiNTuU#qcc{$z*P;f4`@OgYjoQpGa;d_V{Up8mvhkV`tnhUKACD(p< zp1uJ~?={*3k>rY)-(sT$w8B*wjTIT^(hjNC_)g^~Crstn4xc<1V{Z5h!``$*Mn|Ac zARG(f15@ zVk_s*MUlSng#zOjiUNHhH%rtuFSiKfKwl`3=?fK#Rx9ZXUyRjjw$qaIfT7`EV&9kY zZA5%p4YOawch%+O4EGcpLdjn`I$LMA78lpqT`ZI4d0r-iI=h!+h&wxDh0g93pkiL= z?0yd~lPsSIt4SWgEd$pk4Z3ks3f6(8sFf1Um0M?L^!iBG^&qVrpg>c;-M-CzaXF&qzD`1!#8hg&n2|gyK>}I{ zng{afSAs-~wT+6vcn@E#1pPs|vBql(%SwGme=5EBjf z8x$Dt<17CDD9QZ-w7jMqU{N5$qC&+imYNY6ipC5oj`U18f09Vuev~JTRGIp;F(#R6 zR4mO?GPR9%nVRJ3?;cO{RD4d!)6c-`MV6-va3W6^0m#!+O2H?|%#ei{_TsEHMi(2S z+wgs=&0}sIQPjv?Zf7NT7xGo^GKp`}BP>}fkjYvFnI=6(#ez>^w2hvzj(Ev6DX)q( z=5>VI4v_~&tg2sXQx~a>r9T84a9|JUek>t3&Zdp$=DSy^Zk>*@qCn_6vU}AFT9*j_ zVi1PUo823i>y`oS0@34%a^m83gT6PeAmOVOE;=KPfdw9U)Ac?h&P#BqypSgK(?3AY z8R{bEtf)whVTlNRb>&BJFKIontYhtZaFZoEO6O|6^-8J9no7CB;s$fcO-PiQH(?$P zN`oyKN~PuvfWZq+Y6-^H1~cjSKMMceI16Lt;5DSA)VvwvXjiFm8Mc-zXeX?mG4D{V zc|-d*UMu|TQm-t{Vh&%=XL2s<0gT-1ObcH_h=)*IPjrFnYh!;be884P$ErCeVVD-b zoUnFu_6iKKnl1j>HrTonlsC?*UwJ<7i~L!Y^rI@krX1L#H7>Yi;JTz$RygL>H-hb+ zjAld{UM+eq$x2G_7btd59zhE(HeAZWYcSTmEsHW9!#5bkB~Hb*)b(2~xWu7pUyBFV zz|U~)2;PVzg`Aut-wqaT;QvYfbNMH~uVT>JFMW1y7vSxvr*iA%e?@A1J+oPpErS|zdxWnilM^hJRH7*jkeHj#^7n@2IIr z>l|Hu7A5NQ^#bE><*WMqH-b(+i`7o~XR#BI=^7OTBI+8^zTIMwk+JZsaNLNC8H7pSOU7&(jk=Z^iC4Z{yoIl-%)}Z^LMu zGU}=Z#;8VgvoI=BFuF-#{Ox?j=-*>Tg@sXp45JE?Vbrz^8W{`EmccfoZFJ12YoklK z*S7mTMLLB~mFLTi&lNOj+49^|O=i11_re-hwL`$l^R4toR-!daPh(W&ISZpA1*7{2jIZP?M*kTzDlCi&WEfSD45L<_M#jQZ zp6??IoZz<6F{87Try`xP7R{}Uy28=sur;Px2j7eY-a*;77!|XQ6C?$H?mXq1hmn~+HkyQ==$5!wn1r$^LSZfSi>kDWoi$jc3^MxyXf0TWO%m>(wiS3 zkH#&J4#zWjbQA#H=eb_DXg+dFthnafygFpzUiqAOpkdlDs?8OEC!=YPQ9B#chcBKcLeV- zQAp=@Zn-1PDQ%@dD#)g0%ex|BkDgunYtRGQy!C$v`maBaDoNpVFqZ(Xkk$yft2x@}^ib zZAu|`54^Fi3~$fE3ErL!F#UE=V_kKG6-G#xSvjAGTfn*D+3LbHUPTRFpCd4S0$+`L zx5T^(3$FqhUKJ$6tIg6G84Eu}+WUSPRP8>1 zA=WuXPqp{?g5ziKRqaIst8M-wiWie8pj3eck)TB9R5&Po5K28{*7LAxGuLk3xQxMv z!1J8CvwRp!_vRx+j@du1g3kw>EiSgsbAg7374n6p=B4mpsv8QYu~J`ODPcSpe=%1J z)ZMcUFs_>2+?J%OsXcwH1S6<2Z05m(G`z?B@Bw-^`9l%sJ~w$_`I z+|}u^FI4Q@Yt`4`IOCqQJK?R;(LMQMHiL|dAvS>=j<+p~7#ENMLS<)P9aed?rFs*Y z=@#|+dbJc_Wno#iWk7Cm=mE{$IxZ@`t~ai4o%f_V&9vO58$LBD>ljPd*)Y1ApsF){SR`kWw$06)BCwBSr;( zRDaSlzbD?Y+dIG4DGjQrrZgPj>9n0=q`UQHD8!6(djYGewarYY!iXH$ggY*n(HpFA zy4|K-b{8lCY|_%o5N$@kCCC*F9n4qcSaO9!{haHKt2`=mr_@iOX4X%Y^Oovu?fN-S z70wcEGO%SpZjRuVxPD5)D)Tb+^Xa|MsGpCz`jR^bQOefOhrnM?iChFesfQSIxAFfq zcnNfZ2W9n>O`*Bl_-E>;l9<*{jVbTK?8$7_rRXZC{ zs@iElDNW(!z<8u3I@Fr4g7L<`jYXYjk#g0@Sy-A$fy{tXK_H@$bE+I084FJdwg;4L zbVodLZm;LHu1Nb t8c{hBrVvAn%W1Qgg2LSkdwseIbVvYw|Kf>r3r7?*|&dC(P zG)6@TM!#l^ejke%^PB6hO!-u>44;ME z1bkjQ_8ynWq9{M!-0uLp8`f^TpiNpzFenj<(B?1z)#Z%~WTtZ!3OZU0sO{s8TU53$e`##_rZUbF5`GI~eL;-Z1Z0h- zOi2vBjb(Dswv}2kEdI{Sq4hS_9a<+v$r$`o_onC8mFoE1y5?B(x!2J~TxNN5B~GN{ z4FK2Au4YRsTx|qVZ+gwEfgG9O8%~fI^{%n5rGCS7Ema7U47Xue6g6x4M#1r`_-fX& zOBvR0q~)MlOTmnAC>)d|99+oA9C9Y=;}kUq7waIsoK7A>4@4lZk?)a9CxQj90MJ#>j)k*K&RR*(Pk!BSoNra znSJAy`VM!t;j@CT(=w;wO7Lq(>c1CUJf$yBAoQIHjF#m*1Ok zqWo?EOew#&fKd5e599y?UpLM1^yMdtD!-cq$KT9X<;S7-r2OQd@)OLIpTbQkzf9Dc z>WIrv*pPivT>Rrw7yb-OQhrKyT7Eamt1CY-u(jpq80cu-OqiGf%C9#rKVemVf|>HO z)XykCBV~CorTp6Htt&reVy66DyZlv$I_@jfXy{xDzhJ}>57Sn)2H z;a!2+yesN(mOjZy8_6lWx6x0|yV4Q!&Y90UkOI5K%?z1wPmwL7obNGtct4)Vfe!*$ z^Ljn)K`D3*UE2gFH?q%X?d&x_grCtNulZp?pq2 zp8_CL$1$q21bmY3*5-joC=Wg@IR0_I$^(k1Hre3u1?NG= z47@K9CxwI3??tkpcgQTlKbW;r=uQsj39A!V=DIx`>2RJb9a^91Q1@#ou$Y;dY3Fbo zU5ay9d$_#Z3Av3wP0m}Da$5>>k~6tVdz{zQI_*<-;6#oWb z4#Yyg?clq-f4-$fz^@3M zm@@@~=HFmTl3ekKU(fi!38vozvjvDleY`QzlU8p6WQ4mKFu11?r2--9!y)eo9#-_= zVMUK#Q;QG$j&$P9zQ{Pi90gu^!jD5|T1Gmn z3n!=~GRja{YQc7W&W~jb!EG_hSlk1QEukFXn|fCu8{8uJFVpwNnf-uza@%;MG>JLq z`lKvLUd%kCD25azAdK_rQXDPw`*QKs8!h3Qe~CuP|BzyseAC?X2L6JB^&WK-We$*I za~SJ;_zgF8J9%&L{Gm6@8q)RD7N-v|)E9vaiaZ7>h3SElNK0x4-_3wS$pFM_s5A15 zB#6id`o|_Gg~j3kV%TrA`^=MkUmu;5VeTl){h?KWX;FYxcZV=8wHPsrOeVB@Hp&L+M{?&k-|Sqlz+oV0V*{BUr=EJ8u@pl~Hs z4`SlX=2a+X={qFB9?zWbHm_ufo0j0)-2PG@!`Xi0^rrz$99j39_+~850C^it{S+lZ zaGX8$mcHjq%AbxWD7;Pl8BJ_kI&F9+f-qfla01hpedO9G`zX;dbcnxrvM?xg z9FMSits4iwC3YK@7#UP&23U`)6G<0}-fvz@{uLTHB0Ch*)9_c|3HpuWWDRKNy)Tw^ ziIkO|JVeWd3%vggtYkVEsiW6G`r%{%L{EVsce@#Psl=rZBqGnCH1?f~$i|!r3oF6oe-$!V4K|3n7O!A>8^N~fB8hD!+I2T#Y zVeFc^O!|EAa%Xr@Va`EW%-Rfxa-S(o9V?7WT=`g z7TTp1p5?BKpk_UQXt}EnlVyd`<*p)Ml-tf%m)oYQzQok>6fHNyRw_3gE0jAMPAGQ+ zoe0a#^IXEa5dF-C04y{^FhQ%b2N>ebGB#qc3jpx^daR>KN2Yl}6=|YCcA8Qkon2!_ zk+u;niybVc4(aG9iyr$lLq52mXphy(y{k~aB~1{N2OxhzwHr0?_-qaw!oL#phJS+r z#TFEkZL%TKxPxhg7(U&^y&HLp$p|tA>pd6Iy@5PH${YLU-_SR&mb(8PVIY)$GN`xa zMe-=Ze}V9jqc{8)Y#4-(!1nGHh~f*rC=0f9HiG{HJe$WcIKN{yoZFnF8Ttc|bDK<# z$!|o$Mvxwy-q3U`k1!slH+&Ys2r^rJjTHLLi;gOELoY4*rE}Ld>ccrmO%r{r zznD*uM;~hDdolQkRJ_?75C5g%No`D-BGITkbCQld3V!)aoW@0`8u5#qN%{K+VRW$* z!sVdcDmEU3sfl8j-D(8s$_HU+I`)>N%=$r?Df*EIX3Z&wkO2LLM;_!|7)d@|YDuS# zcVR9>HS430m3-sPW|j=t?|V>oLg4>K{AN+LC_(m;Dsu3#X0220Ak{JtT!A7TNQFdXIu&eJX<+pHk2a|V}_8Z$Wg7R9MOYv zMAIQhj2Dq3W~=20Zz@raA`X@0DC*;oqa{_#(M3@?ibOL5mEna>T4DM?ykYRE{M1bg3nsI^?KDM2;%?#+xnw-{gq(<~CbJ z<>(0H>`sv*AG{z(ei+n8IYux6R-6P4s|GLPRJ*h89G#sMFSeTbepQtm{vUUeatOHMn zqcDiiYSw!N1UF5A<#kvtK|iiqmjO7#QpKevlxLJe+owP}SrYRSa6dE94p2^mw5Nrq zK{~)LX~MlpV~ zKD4M2tWXRSq@j7>Y9Ah;zAzD=zhL+*YB0PiP<3FQLG+osz!XOrBW(%iK&+!7I3%Lm z5?^(591YQ>N(`SLEmfkyx1w^6%@M}Y1KVvOnvUiqrAl-*C&~qz6HQIDK4&F4q>EHx z2~kQR+{5XrPT+~YmwmcGxJZmJ7|_}G8hDn<1YrkZ%28bsiGNr8b77f)f5kq23f$)5 z&+)F+$5RY(2U(|Grz#2Dp0DjTf_VI+dJNYkoC=u(yo%jnLdc64$c<ZKdEw?-R=7Ks6+5yC-vVLUa0?E80?#|GM57@bZ5hQPTfgI z^C{M2Q`lm9WvwUaj3){J&$d@)&g_*hq#0@g$X>Y~t5NsL^kA<{)1fLEFVZVBTdgVY z0&(b-BM!P7p<4Z*bO(WDCkU9YeB5j>O59kCM4xPYQ z6?FoMV3p8}>I9ahf=-}QWt|{|gv8G}yhmzcbVAiZD(VEN2GI#Wz;xCjb;2|Fgm7O7)>xeoY^R;}N7Y2I zy>@!v;nYDp9gjLe449fB2^bQ`2r`%v>?E)=p!p`n<5JkFP&IVMEgZnJRW&RSRZUl# zp|*fjHBg?ms-Xu}4NZrtVZ4Z{VYXV;+^JPf#G!(!iMX57E2)}@-#<__ntETj8wjwd zhpNHRX;C$FrK+LnP&Gn&jH+SQlxra&E2?TF`E+5nP93VIcSO}x@{KpI(0amNZ@|j6 z=$f}6Ursrtt~m-fo*}IVyQOQ$eYe@i)-@h=HRSGYk-P5jg4|sO!x)y!4Fx}ih4TMB2J;TR9MrxvIOfiIK`b3U!0v~`(lC5 z`Z65e7sa=lv3Q4fj8hVDzNkG$+yN{t;nhpMxAk#ZvW&9vND7>?SpB$bpjXHuM3}QH z32ekKBCuyVfUOU`X+9=}`+yY|A8`P?ktMKn<>_mh4uKUW>eJWOjFnkaV1)#s80V}p zq>|**rP_7sICkAHBCwTwa6Z}|SHEDbB*%2bWh#LK1r8Ee2x#J1v^P8$ zwhD7o?4L&@oZd$8O2D(6o02eel0#^O`T??&ynymO1Igl+6P(aV(r}13V@2nt%v8(w z29j6=)Cfi#1C;S9=BB*p(YhUgGpx)_afqsvb5k&kC2`J8IeC-0DVIhZb5kh>p5z|N zymdLSa%Qp|Pf8Z_;Nlrg$J|s3l3>kE^>@?psYRKh@>+rZfI4p#jN_qzBz!?V$-IHq z8Y%IqHS`zMYv_-7GI%wdHPl~FPcj4C+WA)*4zylaEj7vc9nTcJKURTB=1gg3rCv9o+TS*WAaSTeCd&fhrVe#nx*h8 z**WuN?rfGqMV9m<^35yBAzfq^GhZo%)J;m7IgqVWUL-qRpm=i-TarB=dIi;pp{zOy zGZiL(kWjT1ILXZe;%vM9;Kq9jxJOW_?c!dK`Van&`7lM_Z5G;XH$j~P|9hnE4u=;+ zaU=}(K>;IpHLS61H#kB&ImbTNXeYrbcm^t9y8ow))Z4AL5r!( ztR(q#VYW^k!=1sDPnlU&@{Ko(w3x_usURk52L4>{d;$N8{RHRL$MCO*FjhZ7_T#*~ zEo&Z;Q|!%P?d1k|LDt5@U_T*Kq?>>k!2qDSn?f-WHb)l#ougjF-(E$bw-KBGc$QrN z^F$X=LL+n|AiIEEiUwCb@$M3w&;`(NNCsm?y8vdYMdKloSPaw%MjW+xybKO>dKSRx zBMLv>Quxq|q}!?Rspm!E^FDw>;S14tPihi#(o{nvFrmpg)={XY2c?3hL*WbAKCSSv zUaA)(&zHr>3PkhaW-LY?0>Ls&@?w}|eKgo!Z;TW$BFl1DRMzf!15MWMc@My`-lz%p zhi{G&j=Q2wNx0U!^x$1lnhtRm!u?LI%iJl>LPeHnUAf93Ii!o2Kkqb|mjzmm*1hg&E79r~4Wg_EGR%=^?%_-_)K zpA0X^{B1C-vC*xt#_CsSPCDWfLjr>WLjuEqyprb)PlN3Y4TIiBa4O(gHVhJmhB2K+ z=oUaWj0>X;gC1xYG#m|sv7!xwnd*kIg(Q{&#rs6IW2J@>^{Ln}NcY(^3?Ui~V+M25 zRHI?wu!G$&=)s0T)6p=5?1~NJXYkVqRv_BE?Qa`Kq!|C8VQ9kr;h9mw(J=C(4TBzR z7&ILXLkN#)7|fjwL#S{x49NlSPBDXYT@}J0G>j3EhH<(;c=}v~*KQZ9tah=lLc8F& zgY5!GGb^}!FDkUH_c#;Z5P40+Q~WY zn5Ug$#~qA{Zwv`!09;QKxDe2Mo}#%JwhFC>+f#P8LT@|?1$dUNhvcL6ETIva4anBh zoYlz*3oci|39W~QqxCRWwDmAk-FomH4R82%p!jBw?dWJdT+MR&Nb7OzaglCk>!DJv zYL82Z#va#F=A@~{9v6m4_^gLyK@aY6(R8#PA=}#H^6Gg6dkb!LrLiX%OABWRGLJ~a zJR(ugBdVwPFuTCv7(a~hcJSytA~ALzkr*?NfL5%)5;OR>Z8O5YNZZ7`z?v#x(x5x7 z8kpQTIxWqX8sTM8w$w1pmeICJ4_1dn6mKx4Zi@CFH3Kdz>X{B-oFFB-(5Tb2L zsf7J0spjZN+dN&Mc=KA_HZj$NY{__wbA=Qj&bh)^AFHk0D*XceWf}XtS$fU~Rky?(@M`+>om`vNj%EMVzhGT!fm! zV`#+LR5fnxt&PQkjH1L=`Hxfai zpc!3XXL&2EuhXgW`nnJj5z@S+iT zxCsu>_%5%#^Jc4Kdf*#JfM=Kt$0 z1lJ~=ao2}G$^cKSaQ*ol*sZxAIqxbfewV22?Pr07V+f;Hrne%(Oo~-XzlM1dB?4%jG zACM~rtywL4rGOq>DWK_)6vm6J6fj%eZ+`*eu;LwY(4rIBgN?YGb6FMENld*58}W;D zRDZuxpsDwTcYy$ldW?Rt_bn?0bmh>OrlXe<(qmQ%m^BrWkdP(4ln8+&pDxVSsY4bf zQWj*TpptLASu7Q8?~8PW9B`cgcXMO(3uOgo*|}D%>P2OR%*Qu7Y+2E3Qum3hJPa?$ z%3c`On$#XxV`U}yh<0+04IkA`v13C<#qCRh41f!U0v{Lnguo{O&6g=@Ps3J)q|q4{ zBLUA=(pUyc+CG}0-GG#|woyr=2PKWBL(&*8B5BN4OWJWQX%UACk`{3{@iborNsIXX z14+}=`@+wF0E>D^+9j5x(Up=$(;;a>dW@toYf74skQJ3QNj_bety71j-5im$O1|;t zWGyEDw`)>lzuUaUmNk!xgDhfg6>C!a;RRWH76$GNb8pXAo)-KPXW{UMZSXkEwhzJ) zXUgIHg&dK44q@e;@xZM}G2ISt-UiGF9)xdh0IH0^;>{^=NAAax0>_&dUd2@>Tv-OcUVs-$`7(?|ZzEiN-3RU%!IyxGq!t@j;ErW7fQf;H zx0)}Zq$w}*EJLSNb8XGVzhHFHFthH3>jNQ>TAmgrt5f5m+?ABxhOAV{-B*xLZV8IZ zV0hVC*emZch~DQqn&^GLt6@D$!K3@6n(s2aN;C8#Am3$ZPX>>}bu{37l!2y$!;FMv zct$a&dNfP2xMot>`HeDpAzSXsO7fB{#${7k1@e|@)EQrMhHDd%U+_!DS$O6Hdru$VlY$^CV`c)E)OMFbiz7D4Eo^(W<2T(7#BQhPn;TZsY|8u68?(i%zGs3gQ z3~6t(1ImqeKZ%)h0rcIE9!P7OBdvK7#|Y0C(;Z$QW?Xoom>J71a3#?AyelbTengl6RJAt%P3>)nPr_@@ z+mS#3nuh_G&<^F|g^rO(-$(W=$A`{&DG)S3e6s2mj7d^F>FEi$w0aQP;j`w; z81g41V0Hri@qy*Q&Gv{HA6P+aXSk+$@#QpMs)~%(aXrrQ36KY(kwnM+Hf&qQJ1$@Ia5=imp22d$oP#<`f1UTO=&PRnN$Q{7E z^od09tdxbvHA>IHasnL#nBaPgA7*r!mHyM{-!l4Zk?1}xz3;=pn#8UKIeHRHn>C4T zgV8sZmne`vkwsk$6C^on+(Qd1Ya=XH zWswqA)<-l$9|E$ny0Nmf$kT(BMYB8u+ibeB7!N6JMoQHZ0u4}I34w-y<|>)%_2#II zlt*-xt~olz)SUEMLWBgjPxF!x^kDZQd3~C<>LBsv7KDJ>Q!Z|v;PmB#pQ{vIUyar4 zzuDDPU7bvHHKaT4T`_I9d7qBRdspwGUUo{od<-wt%cn4$^>SXciG2<)T`#oRO>8Uj z#*2w?VNG0ueDK0{W3VHy?$l4%zJ5hbpqpTbKoht(tQn{dBgZrKb9h%fO|_<*IS5po zk0ap4MW7)e@PyRpR?se&Rqm&SQ_Kfov1*iM;Da4s&+TQHOhEMX&aNI${mcUdR}!{u-fOZcPDt%qIpW3%+-0>FOUn;v~w+BdBDs`5Je8< zyk;>#t~(`uiWbt61mGAX*}{PnB4l5R{T(PR9CV5i4w(!}c_g?k94r&Y=~3aRI!Ht~ zxR=0RYy9(34y+Q#wCl!jXWN{DeVt*4Pm$BhuJ&iCr&kj|1OcAFX09G z`3ic&@X)>l_=eXQ)Z%A_4S)GK=VVd3?6@B*)YfB|01n_EA^ZUixk z0{mIve*n!qa56I>jiwS4^{j_!fr-D+2z?JoCgOpT9KLT!S8$MqgM*9`;ov#oAXe8U z8Ho>03Oi)<9d(YdAo3Q_^d*tG4)b-CHD2MP7;3ka^;dYItbf2jSuZw%Ct!1~Z~so* zvA(T`1}!o9v4#eJA%K=U+HAe`G(^N)3HIc5x6;Hl*9ieE67h)%?PM;6f0!8>LCGdI z2%U5g+Hm(7kZauQs08E8Y0wLKX-0_7cpDjx0klScPV%%;_&8jup%ZkDQKA_pM2F0} zcMHfF<&#JeCBi$E|Aj4gnlJb(R4ML01H*M{K)phOnV2=@<;tkc$*3_MYjNZ*HD)=@ z&~Jd$m{_mPIhKZ|jjP3QqQ<1@n3gdfH72KJ_{w~x><2=FYIf$R08S;F9b>e_lR;Be$}$wg2EQ&RAq0qgz@V{k!3VrC)XqZ})-ZYzwH=oHh4 z<*u_7S%TY*n8l76D^(rDmf+4P497%uPy)=PRdpb>VA{XIu)GOBo^5xIp)P~_4{*mb zVs?Xu~gOTK^{Heut!9yZZ~ z!zP;L8At3+mhq6%PNalk(_}P(gupHAI=5THCM?90Sd4v~nwU;8m6$+vBSc7WyAnwV zI@MiBUJsk94iaxZj1W!iG1G>BNA>Xjuk326u6`KyZEtc$2eq#pLb z5%us04Ag_X)Bh;!STzO2M#W=-JPsJR9Q?@)JOL{oLNuSGh3t3=7VGIcrbfm-O*6C) zkc{n3ReT+m?|_r5G|MyIx4FtlNM=6_aP=Ey>5hXoJhN0e2%U5g+VGktU~XzL&WcUY2p5_03HEd>F&u$kp0D^i zba^?R;^i0?6?_k=w7CPUjMYm~rlclXx+zg+ z0tx9*QJ+W0g*^8l^8n7r9rFOz6~C77KF!bvfT=j>(}ybRPvnM2v*E;pJ~SNz8^%LQ z92%lGYW`2C`V3UbmlSy9Po@ph!Qm0?k`IwwQrRf9yqggy-RuiGfF!`+02E@)Dyi_9 z1vWfP2OH zKndKYxqWQYnLJy?sq8pi~;s2xS3Msq~{DtQJ9_2P%L@ zdB(@KQe`Zp^AXZ9Z-wl#n$SCu%nH2|onopU(K zC|{n>yq?;`2Yd=}Ul8M((|bd+=OB?lYnfbpj50}|_6aOx|EDmm$MZ=5*q=)yWCD`? zm~Vxz90>N@`vqAuG2|VzL$iGwo^%g5Y4ns%{=*@N((ZID8yeWe!XbPB$Yb%35-mx80 z3VQI`3Qb2fFdhy@vl`Ok`9Uio&CVEKHSuyKgbf2@Z}O(X*qcr<4MWD>LX8Bs8wM%D z*jp-9^jFnE>DVajz@Gz(m{01I1JADnO7;PDHud2nMNg z%t$GVvL22K{}x_QuNW7|4n;h6C$Qv!D@?D5^nFKfo}vF97B>GMU|QOjJVf*Vkw)kz zKsNtEkv%B}J)i+-lxG~bH2`BFou6TtL#Ta^jffPw?f=hZeqGA^ACSh6HkrTB!lw5t zESMk3Cv9Nm;Nv%%y3`naKp=CDJ&p>)gKH8Avu&8=8Q;Vd+i#wLt2tCUog0fUhFBDr z0O%@TGzanZbBvErsqjW4Wdse#Ic1_#Oxu$~`%)Pa+-`fU5ez$`ol@07>`uvUdrMJ@ zOpF8W!{0e}D1|%cwvXXovF%|oPrZS^qwO(wN57Sz@I0b=O4{D<@Iu@B0|wgOrCWq; ze*$whKjQxn8&Ll+dWB|e?OJ%E&Gx?_$7;5;+RgSQ(2i!yHDs*Jz$49*;%V~QCq1RZ4=hwNi4~T4niM znycN0ZbAOA4O?p;p0gH@Jue<75_(&aq%QR0E@TFkyc!Iv6va*`C^82FmtF*lbBA^CR5(Bd<4K3LNyiFua?GlIj_>eLezTWub2(eADfN0W095k3*!(Nr>n{2?>jV3O)k}l`f|! zaH^WYA3;x&=nKT5Xo2&vMdS;3XvL)^SiP{C!$56PS)*#HO79ivoD_K5h9Tryl;_%Xdzsd{q=Fa%KT#O0>%~b8WOt z0m%D)sk2pJD*B8yFff+C04L;OD-L5@**f>GD>O0RuFx<(L1K;VX|v~_*k@+l>V0ON zN~L|~6a>IGX%Opd_L)f;*Y)tF6O6R(0OY#faB81Ds1hSc4=(M|bnG)T9wua`+h-oa zeP&W_?K9&9vL@G(551Aa05K{@cAbSJiEOJJk`=S-Ty+q8W6{<*JyC!M@y7;$s*As_ zBfJF#`v>@Q6Co3({o`6U*UcN_@6b8S-LbFeQU8Yj0jbw@@It-fqN7!>xcgW|yaCh!SS4)uH+{{2Vnf$W;aa90;N?wG+8MmTkKLr|7X21`? zVy%*sY#w&oL^FiD2-qGs%&S=G<)8#dz~RKrN1Bc$D8}P?HzxUaThV;FE*AvaThYGL zY(@KU;#^7-vlTsrOB&>mwWNVzf({lVKMW8fKeE6frIX0E{IG;r;J6ob>jjRggH$Cy z>8NYyx=Qkcb4L6Ib|v|l3AbhVJLHGCJLE_2l{_o*vl(8HpZj2Fy|4wg%6egaRDQ5M zX2}n2wqC$KwU!IUH-cN~b(Z_oBmvW)2WW)u1>`gcv(cPm_lPLa1JfWH4oP4vOoJ#1 zNo7MQDkR6+r^XpET&MsZQ&|iUQ(3ZlBH2r1yRt|FR#Kwli>iZI;|sl4(o;=;Mb*{q zyN%je^D3dCepGcn7?6yQR(M`*2?n2Qpr;G`|~RdDXrZ$2-(RfE`gNM^M0*!{BByY!2x3TZb&jl{F7f)t_MBq1N& zZmJFvZ&pJH^zqhNAFK=3)^*WXJ@>8MM5?P_T#>UrOxbN#muMK@=(;#4b+HRxsEge& zoON+^v@RZjm#z!i9CcAm>S7NZE7Zkusf!xOPU<3=7IH8J7OO6pE$iY@nxTgQ*%9JN z9J?;)!MdPXp7E<)7mSCL(vTAB;$Ko1hglbxTw#PHbwM&uR~PiFTo*!3Nc^lbbEF7$ zk&b+HT~r+;-poLVe^eJt*==S@G^q=mdREU%UF?My>f&)2&bs(8s*j$6m#z!i?7G1H zI^8awfFr)q1PFddPT1n`(juvmn#fcpdbMET`ph{nt@Rn^4aM{{jnHF&R7@kIiisXj zOf?NMv8b||bF{+rV4q~rJ zV32FIhb1pX+r#6ZMBBsHzem=|nYN{yx*JnJ#rlZ=^B_jk{1S)xA}viz@Esa&={^K* z($+BJaKHf%=)X@CVFDiDO%}NISAXd04%7i3a(!-ooCIGpa+?x_^PXW)?k}*80|sK% zO=w{lO`!K7v*x*o6Ih0`#p!|bVD%e;Bm`mqNobzyn~c%a@dR`War&-H1S zM6b`RMpB|Aen1kZ;w?)=E6D-~e+USAkg(9=yLPxVn^ZZH!{OCE#eWF zSY88s*$$>VP@fdxs0Nd82eN@R%JCUBbsQboJ3=sbWSUrrZ^wcm;N8beIWGJO41W29 zd+2WUC*=Pnk$<#xuJu3{vHT;jR>JX-FNn4WXDAv#G*W-y1Ac;0ZkM&j=PyL0+t5PQ z&=wX;$uK=CnFb(Jl#J}6kD^e|MW)zEf(Mlh&GHOvg6T7WjE9ukBPD(%yP-rUG|P~2 zo0p}hCOK`e2nYJmUm$%6a1;S7A{#MrEC}kakH{KfO%CO_K-v%%5Xm({O=Lp&0?7s1 z0na5H=4cWL!32@?;Ho^$@(j$L9YiLWjhSS8&iSXK!eneL&$C%ZC`8-DDjZttD9iB} z$j&|A5yG;51b6uYby8Vthp*WYtVt?ss81YA2_*6IjP9UVvlZ-~wT zq>|{Z`&Usn53?W>VPi0Sq(;$PBaq6bWug3lD^} zf+eq;e8Nz&$JF5>I2o)$7C6;|<2ct+KzB%u6&GL+LTR<2WskNrB^tEkZ1A#Qc zZE3IjmsP@JcQT=9d4&r`+0|C)z$J`A%5~|JaA{r=b1=pm-}ZcdYb;0Kz!AdJbv8n@ z*^W7e+5*!s6K|1kc0yT!p#_NlR=^wb+*F`=hco|Tu@%EyRuERKW5c%U) z1m+72fkyK(n2vtI>#f;za%K}FBP=n4m%}&GIA1^*HqPf^qH!7shX))H!r3HWWFR!j zE8uRRO)>>Mt_c|E0}$>@+z8SL_oKb0WK}bgr}op$f{}ee=F4UwQ5__?4F+DQfMuhP!q zdfEH-XP!|;4*+U0x_~|+yK!m~@`tVjpBVs*_!fy+e7;QhED??1KzN4-0bp^d5QY&X zVqOVgvD$~3khl$oTeyf}YK9qGSSQKoIMk)Nj|*cM%E1^xrA?79haz-ozL4%HUnD`{ z%QqmI7tBhA<+P_IhDc#sdy;Sm5};WaSuIG@0gfaWLw4q>cslCvwo zlATEIT`==5l`cV2N(hf;JZ`{{@>DnWT&`!2fO!CNrzZyMG#rm%FeW-CERfj!7O6b8 zhy=6dNQx;ncP(tXcVHa-?cGQzblHruD>d=b^xEW7_jf}N1(hxo2CqX*e!Y-p;Cd#Q z9;O|JBrk+py}}r{V@x8w!WIAbNksY!rdMTukpcE(1qHy- zUr4F+s6&J$GfeJT{l#bCDdmi!5hj5B3))%XuzyLrRCwq(tkj%5S?4py!XKaQbcZPc zIRk3AaJB#e#62&yhO0uz>PU;Ef0ly-*YJMK3TqTEuu5zUb*|yva!S;HMM?Q44Z>AG-{^ zju@}Mm`?p5dO;5rB_#|MZ(>Z&7f3UPiV1uUD(4tR_{g4~94gXuXa>ebYN8pa379){ zN}PELIkqto6)(Zix`u^-4k@O11rSPMJl!-ur;`yPW|qJmhbeVvyz`8wWc=X?@X^|Y z`5faqV6^PQkvu3XiGMTV=j|!W^k%fc1xGrSXHG#w31p$eI2vK!dn7}9XVAO#Y&u|_ zVhB27Z1yk~4;=v1C*U`Q83 zj8WD{=TV+PKV5TLC+3txCpOb_B&nScIiat~>guu7-_3BwbV<}-YpTD$4IR;RjB05* z?!!Q=`rwv`KdM7zIR3=x z-b9t*8;-Xi{83eg*FJ8g4GHq@wxOCTqnTn7u(wu5TWzOqDnJ6*Gqdu-<(RM0a+7@W zg(*f@f z5vDL9%&nMU4l0tk)(JjC2gWv)=!76c)|7xX{l_*TF*}|WOEkegU4HFUE=@h>Dr}|c zb{>-4{?fUbMu@m>>G1}hdXg+^Sy_~Ifd&%06;2xWYnrRt$!@?>Y7S7_{D=me=_l{Q zNct$o%Uq|31F`(|0`vHnN&tSH%}FV?LvLXSZt+-1bSM!{3`nLu{>3+SiR#bjvMzB- zT)iiC`5P(`J;Kj0cm}aEpJe+F5M0aygi8JaMtCY>U+`V{Xfp7gCtL#@j_7-6XL=h%A3b78xm`LP5pie^7`IDrU?+y244oJ~*oo0} z+(TnLNGCQ;{AIPU^OC0X=Jhb4AxpXtJjID@e_-c20U5_TD!doi6{ z#9d+R1NqA?_}h^2Cbs58ciH#bwt@J$_~)YnYQeOBxZS|-#H#<|?>zrE5blq`EfE3; zy%+g$&p!=rS@`F|&b|hEg5_{0HV;9me|nqBF8#LNy$zB7@C5yCg& z(XtFam}%c5rUwQqG#uk6#(*T zb&yCUxn$qt5;f&f`+h)cb^D7p+pDWLk4E-Am~;%E^T1~;rgL5ZFR*F|4B>O|GT6Xp zF_VrRxA@#0uA0xYP#n$Y0-Mi6;TgCYK(EbDrj3UpZlQ&1^S8oct<5t(uFcOzGDfHf z7&icMCOhZYUCb*;53bGAEYDbOuWB+LQknt-ZyA||FnP!hOQR$Rd~>p#PBAQ(y(Y<8 zg4---_E?pii{N^_y6PbD<~)R8pKkMf_JJtRu@7sBdUf^w@d(eEw%eSqBT}|oM0h?5 zUf}r%7*+B7`${}tfK)Wki)@}>gUI+?0AOGte9waO%$1y9gy2T#YGCC2O;OI%gPf=7 z;5_41&3Telf%9~#%z4Q=B!1RDE3=Q`eAPj0&f9!n_+pgrxVIVM`$ykL_|BAL_>S#r z^`Xc*M4S7pm%{+x!Ad;ygMHK9z_APnc(xl%Oo*(6E&{)L0g{zikj~LVnjk&MN}7%h zCdLCRWrGQNgS#(zHDKZHk$F2n zeVU1?3LQFmQlUeqQ%r-A4qYgd;I^tFb?C`AAh=dlRR@VT??H$r_SwAlV7wP~cq#tQ ze!3~#8^H~CldXS;OTexuZaZ0W%tl=nL& zhlj}5f?(;+9FoIQ^O*c*_!;`?H5`+lNXgNs$?3uI08NMFFdjNaN)9gpRFEAwEGIAc z@EPnYXy?mklpYK|$hitvMClYGJ#s}6H za{yjZetN@g3jP(xc{AX)6o1D)F0*&Yk4MIi&~lKUnNT^9A07m^2aBaNNHCSgJeqPgok|1K;GAPJKMK-=N`q#3hTm2ijE9u&M@mo{aWLe}cS7{c zcY^cG_Yg`C%W91#bum+LcUT|&)pIW&Qh#vEp)LLu>%R-!`r+@We`fDCx9hYyzg-M}UH|jph5F~={WI17 z?eN$2Pn%u;D`V>)+6bO@mr{ig@Jhh{Cqh7~DFjPs>Z=710<41O$m7CBkRB8Qnhqgg zyni4BGNoXFD@-ZqRJq!PsF3(sqb%NXh^h9fgG8!5rrtjTbL*j=Dz}_-1<^nN{F3mW+_Gu2rY)Ma$mcY9cC_$S!NeZ zDjs{&^(74P$0$QR-3M-i3e+RJ4S8EXyT_o*y29^y;Lm>mzb-chMlvvdm}uN!QnR`b7oT5;u8Z{J)I6gn#8G<{+Q;kKWY?utkKV(z|U=Dz}1AjmNOc-tm zrgq`~75=DsIg5Y?YH7vKt1cdTc$ruIG>q`g;ergk8k`mDqa;yk1~qaZeb+Fdq#jTwK&@xmO(s4qpfRP{N@_KR)YKwThV69b0!! z@~X~Pwq5E~N06^q)g4Os>2SLLXEWi=MLQ??)x~om zCY&rln4}p4{c2$$;n+t{Vq!hFF~bblMfE71$1vaqo`o$9gM$-UgkrDMEm^XzGRy=o!ierCDP?sa(CDdkgykI#BFapL8MR zo2t|ItCVd!ysG~U*2M~eo>JN`7}gz7UCFp3A0RvcetK2&TN|N{1`K1E8oeg0_p0iP z2~P>fhDeTM1P%dDylPA@#`;Y1Qo_&0s5`&9M(X0RFzI}J%(T7L)uyCJ)?jqipQSjm zm!-JjZu;)+MlMYkNgIk))y(TW1YTbe#rXu`;*(I6k zyKO&A%~bU}|1kAK*KLd0+CMx<`)=WX;r*oT`I`xk453{0Puw{vQ}x=;SYO=DbUg6& zs|ylIPiH`{DoUeEcX26~QhZTN_pP8mQ~f@RanD8EO!e!4AEwq;gTRN{>Q+dXSFHi% zml&+s+G-bgg7**n-sRO*>J~3rLH}wj-MH0sS=`OLytbMI?$uVKAp^BlW)fWCIG4r7Ul68-X4(oJ2~J6Dg~m!c3>$ z6vldA>gbmsYjYv^;8nu_{p#O$GnY966BaS#pZh)uW~zEaLXd%PW~tis)wH>7m)2K} z4ib**Movz7l<5Se)r(w$FG0>4^M_oGRa_7P(l_nX;-<&SlM%hNX!jzCNIt8Vj|e$EWG zmxX%?*9~LH$2Pye6)CS~8GA2bI;(}w^a9$m#6DPHlEAf6FAvQl-{Pe%hTp(+YDvD| zi^ki4_U=`~drd$+-aT*Uq^)WeMh|F-)97Az7UAY6s2|?Fi}vl~2@5YLd}R{hNz}Mk zrA?&_^p?8lE56ep=b38ORLXp_&Jt$mZgBhi>G`04zJyu6dv=Ley}p~iJ_&Q_O8P#D zw&qn|NXlK8utwJHWtf)RndY#CYzv)40-xN^(#;!4o~)Zgct~LK1oEW2@ZmOr)t4}Z z&_bqmU=Af}^(_pOAR6f+q5SE~DbLI25_Z~7cy#@UnSS--9M7eSW8R`MYsO-9038j#jp&()VITnPAo@;X90DY(N#cj| zoPv#o9vzEOXrh`9zdCn~A6SG@3q~@)dWkmk$e1KqZ69{BU@X$-2q{_p^~lMBRY;#C zC9BzmCkvLT1a*O6b@rSr*r#eJ914NoiJd14)&uJ#*vC6g7PQ8ydx7L|WA&2-MMz_a zDn)*u&LeiN8Y3Y;dg5e37Pbd(5Uk5n#Lida1#3}6TIzBXgLpTMW4wB5qWH~4k6NU% z)pQjPziH5khgAdlHchg+96kGb)m&{`5l8WW*b*I;x+=Z!toSRh{Kd zVY0eaurBI^_zg=sS{Ks}CArAYEqCd7)dcIkNn`04$|b9XQz97f_O(wIc#MHKO~iQjPo&=vVC3KqP<9wt zGx6KqgMPzQE5Qazn#0sZlI977ELK;kZsIpu{H~E%Q?mLP^)TMJ2Je?JhvQPBv1+(r zr!4G7!EP0*$KsV%hP(=6nIbh-&66AsO0A4l3j})rHP#FAal2qXsoR^>3c&_$X1sv) z?ZtD&Zz5iRVw$}rhe>!dp4f5=+avLw70yq>eh>Xxi{CB0nGI|<%2%XrQO}CsjZ(fa zPUezJZLT4g!s=~FDU7|1kdsLv$c6UgCQ z*L?M}#QPeUQj0L?XS^GM9R}ty81JcljJHh2?MM??u4|d9hEaU7njzS7l`Pm@g013C z6;inly>F6zpCJxlv)mA0e+3wDd;H(9XbcWJ*{B=_ZW@>ecEyju+ys9y0T{hm`{ z@%!K&V$UmFJ%Qi7g1w;T3ij|e`n{;;3wA>MUR5gvyFjql)E$By-N=xyt2+g|T>Rcp zcL|myes3y#tR6Z1CfFghL9p$D{Yz~Y?102OthNYNBz|wH2L!uQu(#Dif*lmf-ch>* zYcGBuDtsIWIUE%1s5)+Jgq+oTE+4)BF?@54oPSFAa!ma!A)nftzw!as$LbfsZr#i> ze4$QA$koEnFVz3UZC#OpXef8|8?xvtkG#5mjG-`&yhH%yiymwmx44;Rr{>h2uQ$6q^Z=q#q^u*S_40a4%+y9OJHj{+l|)i+#oXAxe^ z*eibLZ>8S>*M8yI7f;gf1=p*B9bZlCW!Kw+?YNxS8?KKfl^Y9*z2*8|{L*F+d&l)3 z;clxfO!HmW3GusU68(<33=eB;!xCbjxcnZ{a_mzA?>8dSQ^Fi0#d9U%6 ztFBhQDgAzMwGgc9Tw*`EF7|LN)#+JcKf5}3Snq#zCuKjo zI!nmV1N0kUO!1J{(=muDQUylX<3>nqbqF?9utS0kG)e_47i^F*!{g3MR>3+9d8IK+ z{Muqk>#!;^=6c*HUkfbapr1D8i(f7Vf`_4l7l_}4XX$snvB;6i^~Pce`E^Z(9BVA~ za4qWH=?ob#mV0Ia>pg>5v9Sgrl`5?c%r(i_Bp4=Tg54*nOs&Sb^(14PV1rR_MJi}K zDp=PnVpEOB1e+jOsj*M60FI6wRx^x)f_;a*yu)gq@q%DAy~LIoF9E|h1-oH&%~)%^ zA|-nDHm13O7&!O}hPFlO9^*B^(xvR1j5h>(GM%YxGY)w;u5FK_X#=2H4-3{5*hsa< zcw5qZ2W1$b_8Lb7dmq?Hya4r{V6A}_smF~EB~9$31ADIdT&M;-lYxS@EHRXWOdSp8|>q%}B^ zjrUSLhS!}aeiw)oBw5%i7_1*wsqSjxr?Fb@8eTtAX*-&J=etwH?*ZX%mb<24yFlk* zWxCH1>|Md~+;s%IS<-CbK2NZHLUn6*T`#3B>3MRZgF8$7MnJ9)tB&q$Z&X^lxf_aK zaSi(QbT<~Pe=4y)?i|5ZN*xur^8{NbGBMbFp+yy#R_*UqfJgYJHk z%G=NJJ+W6TEMpV zp6o^JxH~A=2?_bNJ1p2?!M=4*6YSyz4Eeo#x?mk7l^@-61;bJm{C;*X7OJPrBb~pv zS9oVavi?G8i_{7C9a7p)rL@0WSc25bDfb%jJ74O-7q`|?hUB<);&+F{ON+ZluoG#_ zuWsBX!CHvaHIBPiFs`v5R{3%F3D#IR-zM&U!L~@P0g{c+su zf|ZJ{`!eoL!8S_B@8bR?*tZh$*SNO?`&uYF759!{e@PA=&%1*46}hhFc~7u_U>Tkd z1S^x$*7F<{Y@n3r0#BJ>K1lOnmFM|buo6l0V$Y|7?T}PDdp`G4=DoL2=6iX*bjZsU zz^L80I{{q)Y&NjFms6JdTiCFb#0FW|gaO2cTG$xz8*X7C!A4lvTUb9SQrB7797%J6 zg{>C9Nfx$n2}9m&VY^ln3j&L3utmf`**1(qF(&eSBUo+e`pLh%7(%GaP{n$^pD>dK!zJ(3OlyScM1CQGmZH>n~Uf)cF9EF=3MXC%K`;OL~nM#=_9$2y( z2ETTmk1gyHX>p%={Ngtr?Y2mL<4JO0e|XLj%#AV>DZ`s3*vBYekxKM77VIa9SI2vi zU{|9=MXHgvi(vhvw7K41f_0bDUgYg97%!L{R_(lf1nVXI?BeYwShDnSmw5*WwkC@q z`+5fo_Ml*cyoEkW&j;(6-!SiB!CGx5Hp;@fixf<=u%DOFZw4@OLZ>;?!gQMRy+eFi zYEk1ijYew0>LVQ*smWu;%xI);x#f^IORX$?-<_q_w(U?OOI6==!wi?&&?MX4zcjJO zA#eZE*DlWnyN_)-4xM&UWXkCN~}O=BtYZdI7Uk z?VU4bWU2287;EJIY}j_PA^n#Sj&Dtx-@YVJAAHWIy-1+u`Dat-BJQQDA3?14 zHJ$@}bJdX!{YytrB0n!!wF_lz1(>CN?Di61%iCB-1%XLOXJGA@li}Xwb-1VXKL~r@ zTgcU{+X!z9WV^lI#x zNQZp&MV})bvQ)z*P13SdlPTi>kKNWTt$*oAaK3-(iA9IOrLO?<)t9^9f&CG2Sub!t zpi5m8eh*Y#Byu(75~i>1I~RZv7pg(`94p zpW*UQU}sI2x_tBbwIG2FI@Ev^jVAp3v2?g3U(dWw-F5;Y`!uIi-;zg;{n&(Xd#kyL zS!&MGXHe?NtJF+ zEhjv>i8X%p9J>4NIe%uF>hVA$glyB3E^jQP{q|z=t;kNJ=|RBOmtKpKzA}HpB`K=&rbEcRc2`n(dG`+@lsqVu zOxyesLLSQfd8SL<3Ky5!*e(S!rdxrAT82{~`B`cjBsoi!v|&v-!~9cw)oG@v?P(`K z|3?Drs1u+znsWcrbktG*(ml{u{Y#t7%ywt0d7b|^GgCdgm9WPHrvP8Pm(c&*DU@iz z%D7oB)u?{rEa<2M>r+Ol<=-;Nx1 zcclBMw(a1)vwepeZpkG@efV&vS^Y~dL%H(Rw~uw3RZ#lc0yEG`_q2UPSVqG zWiQa+EJcm=1#tOg9bvbvg8^BhY^6(7u`IS;Iy8GYXwan~{b-dai%UIq9d+F#sqt!e zvW(4}k3^cDPS*qWXmKph)?jV2N6soNZEzW3@KVC2g9)37%Y3-F)R7J;9qjNIT^7tM zEM0PGFwdp#7j60aP2|bj=wDnaV=v*)yV>uM^DebW+?Oo55$P;GK$m4LC&KP-mD;1arbZZ;Y2v!T^ps$Sb5?5$fxHSL!ArJ!o}V8W&XpL>+{Hra$f783qhTx#*n zrM_G_8}|Q|Ft027rMAja)5kL9@nT;NdzM<#b27pVnM-@HJK>k>2%DoXE+`!e{^zSt zHt(8Ym;I)$LFBSxF5w+p3I8l6oo7>`4pJ{)w>Q0}^LR4bc?E%lcm-!|EVKNb=;9ZdLV@se3~n5_O2;ZkEJVZROJfX;oU z$nCQNM+&?TFki*33e@jkYL-yu+izHj@TpU1@7Q+ZtbA42Wd~eVp)F*q!Z~}uu`dIU z!{yj5)P(PJ-FH#GD!6zDLY4~rR^Tlc(d7}b*Ae)IxI8TINGtkw5xXBSO-&pBT!jA5 zx4sU_8!yUs7nbhdO<3=G!UL$0!qR&h6Ba_2(7w(&JfooW6M^3f+$HdSj4ldFGcevL zC`}dkw78rv_9w(%N9=pWey_lL1RfLEP<$U0`+k90;_@Es;MHoTytITc-%B`i2VwPo zgi}CaL21*+Nn7#bw09FYRN!9JZ$W8iw2LhCs!VOlRfIVL2LggKO$LKMA2udThTWwe zYj+rMaO;!~F7+$=beDP$EyYgZn`@cEzX9{rW$iN&s|g@<7vzd=4ZD7VpkJ+p1Q z*^IG(a0s|0FG~!4VPl%;!<5ZnsCv4o`ms0|I)hz*1nGRkA&t^ z!oBB&^7dEL{Y&u;i@l!s7F|R4O9kF2u(h~fEnymn%ROR$QPO-?>_;Wd_r!Ofz^wu& zN|?+MOtZJxhYD4R;yXoh|3%{7C1Ius944@{z=Hzs7MXcM;CB)?Q}X>$T;7*3--t`8 z`1X>N^TfS{*oO&BLtgpny%u@1^Ht*xgnqHlYft;X+YmmVLwH^%!gF&8JGCR6bRppY zfhz=#7We;1_>Y^?_i_pUT65Zui~Xdexw#o#LIQ^fOqMVM^XUFjKH(mrEovA){cR`r1uRP?%`L{WPVei>;4N&3-)*ZCdkeGPi2}>~6T6n)eKR%Vj2YA?B4BAqdo|bpdCx)U9{F-vOr< zJ8uM6TOgLrD{>g;FcB9gxX=fAl_5~`|DT3`yUw^2uX?-AXMi^MW+DB5nhx8DOLdAr z)(IzRG5hwaAB$JRWo>eY&QVEN(m9&T6R58SYhD73<@u@3tj*_Y*`sSc-{jmAy+fV$ zU0j%tT-JrHX**iexyCNQeFD3>_rZPuFq%uZbenIa(3U;TLrtgVWFySzqcp!H(ypbq z{8Fzahp+d2b#`ItJC726x0~>b@q}{^yz0o&*`g1@y{fjuFb&qcWBFO(#pOpZjf1_KBR)b9Nss?=ftrHCXd4pl)B}txNqY`N^(K|3uel$VU(>2Yj~M z#prmHG$I30-pDPBW)S5Uy)LgOAXeHtI!I9$>|7h$NI7-V~v5!v^17+K$^3RtSOy>UB-&_ zsC{EgQFRzy3Q}G*$JiU{Fo{^hiH32?EqS8DL}h~%&W3w$;fdWZI5n^{mR(^;Y8X`962fpZE=2Q4IgeH-ERvj`{89f**7+ZN5qQkQh! z2|W<(HVXFpF)PVZ{W}kYz4{uibr=W7AY@u-JRoP#F7?owAne84vt_h1drqdxb1j&| zR`$?&nQD-+`8?WJ!2P?pgIL2E;JOy@8CM&?n~foWr;M(E^WA*`KX%i%S==tb@o{Sb zyLy%Z-r|}Fc!zJ|%q-Qt*U&4n)R@Kd0d>FjUavKv(6-<2aQ`}DFId3wj}B9?pi!Tw zeQ+O_Iyq%MQYe_R32U6qq<)|Q`8{sb)mAO=lWa^*KQuWBk*)H;tr$^Fsmdi<%F5~Iauc~xQk)}@JS{dC{=1FqerZZBtHA0n>lK#T^A;S5p(tP5K zX+9H4^K>PxD$RG!m}XRpPM4;Z;U`6s;}=p|{!Y@~2c3G1XO&&%Vm6<@hp*l4{)m*w z$)(xFzIn0j&W`Jpz!Zeh@_#zY|9QQ$S8cGS9#Yoyvj@@bJxX)Kh_4Rm4AWrEt!R~+ zOSekPVk>5vRlD1KU@g4<9Or#Hq;C6KSB#E-xGHygmPzIPi~EKP*sdq zRP2(rg1e^V?88?M+3YdSTcaG)BP&~_m-;n@8zEIle~&i9RF3TyWhPQ01$1m^4orHycYprEusR-2dBpuK&%xMPK?p!5%k z`#osGx-?QQD4pDuaP~pMw;p5q$b0)f^SzebPP^HhUs(G6aKhG45Z0YVI6>@n z`q5r^KjG?$gnch3oZFc2w+zA!H3)mB6V4ak;WyC!ouv7HsCyImoR05-d+zewdnd8P zzC{Ebw*}YedEa0w3 zd`))uWM)3B>ZdYSBI8`Z{j)5@8g8U87uw6T^D+y){>H+;iaYeVxS=kPH?xPlycF{j zoQA!;EYDkmT4FWE*DYWfO60g!ceH<07PSPUY^ZgOV~-_~re#;Mbmx^zX0BN-aju7S zg{ED{UJ9|N0X9WFe=rHkC|Xcl7l?g{{^g-uuts`5?#%Y4zB$i3mf~k7Wpn!rI*vOM zb{)rE3)7mTW_Q->JmLp2*YT_beaxP#Vf{g8GIOCs_Os{C5iipb{q1>8-}z~^zGVB) zoBY6S#NB;c!2d>VaBup8`;fac*sSY2e>9uTeCJo==YxgMe7XNNKjT#A{vJLMev`-gko%u-|0FL6Kf(RIxZ8^BPw5Qd2YATYB=C>s z;hyZyxbOT@+&`fsUWxD%RJro+GB1nR*K>#;r&uy5YcG?9S@abv-5!g6VBf@hWYHf>orzN| zGxdtLlEjl!v5`IeIQvRL1EiWmzGu`*5UJ<;tx}4#LxK{qZ$)qlBA#AA!#Roal_KLU z@~Kpc%n@YFi$BiZwq0n+Bu1ZdDmD(~K2l1P{YWQsiCUT*;Z#H}F08;5;*lW$b1Q950H8KvV(3gE7kxW2MJ?#pUO-K5+A85`+Y7o#xtww^8-U?{WC;|!6 zb0v95ke(~q$tjqeNVAdZq!{UDKNsRgjv-yoYoyj77c6oi?&KDyVgfmAa-`;f+D5+`A$37Po}g;?Z5nvi&l zDiC%LxGtm@N!srA4rxYiAobe)imf>*Q4eIn#8%KVq&exysaSfWHc?xUVHWidX-R@O z1(F?;`-ik5sY1r<^G){cBe25WzMQww_9iJrN^xuZW*c&dQy{6rs4a1Q1vCT6*)hXH z+L6g(<1f;Jo%hcF@X|wBbP1eAJUzu4Z&tGlZA!!By}xX8Pc2d;{>J64(U${gpAKi z?~LWDp7FbXEGUqm5A!QklI6LI#s>k#0{r9`YV}z$uWd3%0TMxQ8@? zyhM^YLFcvi$xKeMB%uGfkfDS$23Zt2>UAY#I2nwTy!2kkNHV<%$e=!5LdTF)PQ~Q- zX4x1=&Rep|q2tK|2iXL&t0|9XeAhuyCX!-7V1>QM{WYgpa?rO%=p=F*DQv%IXaIZN z6XFFj&BmeAi94rYLhClJFpKmKw8VsbXd`V=l=+`lztFEs$(Q zTHc`odpr9C(i^oakcH$5r(!;51(Wz@ka{F(k=iCSm~?M0s8)9O(4`~^>8h_^XgHbD z0%TF_4W*%>kt7DmFh+$&k?ovBAB-i(1reA-VoCFs5Rc7SY@UcG0Z1@UB$7{%U=~gy z2a#YdUqwzK!JNE?TtR}lCz-gs4mKmnfZ>f9RYyv$Jt;JWG~^UZ*82o78g9`?p=(K@ zMGHeyN%K}<1vHn3rn9FDOiBvPCdc0}DLXWu9DmcK!qBbc4tyGd$2%6flXQU(@=1}z z&Hqa10rD|Y>^rwY50ek$M);V2u{JItpAVnd-5@o;eUr-A+Z*{ z7Iu}aM;f(YBmIdKTC}D1&tQ=KE3!RJ|Ecv20gS#%uh#k|kvc#?AbXp9BfU+WIEmi+ zJ1J{XR;k}fO^ZG+b%!(&@mM}5JKZH-7WH?!M{8g~x>@%nP zq`+m<*f%lGqU?>@ZNeUqYe+D=JtTLLq(twqhoodj$mdn*$voe%N2CtY(NW%EkI7qt z=r8$Kls`#7B)Df}CBV!(x{+a^iHAhOYm?Nt5az{Tkav)}(fv z0?DP_yO?YQrzo;t-N0x(CsFgdG|eKtv@R{Q=;u;~6vYW<#g@)g%C^YO*-6?ZGGSUX5ob@*L`|C$BUQj@` zt-N#-DJ)=!a|Nk<7sy#4nZKo2*Q;3Z<^}w$NlV zW(6ke%PEk&RhvDHV@NR9)t7D{!Cco+BHoamm?K}6R8E1U(I*qaUX^k< zMUsdv-#IsuzT_nOd}H2;HI@b=Rq=`qYc4%NYT=p@)=KKvO=#ZfvM=l{ zX&0wRa(wGIVed#FVX50DX5Jmz!J@@AP7dv4(I&rUmAW|4wJqvX2l??ACJw|d}SUJ46^j=R9uh~@h@IKOPq@JVeh4+<` zkskUs4(}(m>LoNE`gRH*C=KQWV|rBh2T}p2t5Ub>bHm3-h7V{)lHUEp!^cT8IR%p8 z6BEKGNR@koEQ)x{XlqQAn)DIWc1CjeWT}W#Ah|K2afPW;1pDF)jGW`Hx#0oQ4Wwn8 zcZJWC{Q7|`k^~Pp5I#$C^%XRG;o0zyrG7}?b-EHhPdY1zpBooSB?f?IEZJLU1Dh(E zSadIZk<`y3by=`99qH>jWtT0M=2_&nY>BkUqBo4CQm93>mxV}iNG12wUluCmThwV; zm~D z`4y6%h-YlgsMud?m#r?eIPjaZYMJ$dnn8 zKT5wN4d~iA^0riNu#h$BIw$h3)SOc!Nvm2I`9K=^9>~N>=dl#QDT<6)~aJnSDR{f+@N`C!)$XP7=KHZhbGIB?xsnyjL73BFy zi$AQlqPkp&)YrAs3J>`KQWY=%6%FO)Lxq*TuE8ss$puJNyf&|BBbWF9WRYZf>bVsi zWj{{AJp&DUi|K^4_xh2+#~By(aY~-Q-S!Se>!`ZMg?0QM*0l;hbXG-1_^9 z9&&(1k5~A}%Pq1+^_8s9gbQiziZJqQIYa!i@uMFk!M+S zGb%w|ZqcKtBsmkQ>mDU~jr@s4C8O8LCoQTJoi1Os$Rj#Oeqa%N@u=Krk?XE|T1Rh@ z8(GvP`V-mPqTbOv<>3|$iry;+STrj7fE;Ym)acLTRY*tc&5J%N=OcxVh>SiVpSCC| z`jlK^j7U9n#D?fIvX@1>qR-0_79ETJPCjYTx#-Jszp*0T)nV78e~^b*^fdaKJc<*{ zb>}MlEPpJBkH#DFB0)y-n(xUCIb6hJbKRC#Z^$uLyh9a!kvDNF=J9UHI|T6=^On3% zXfi8Rv|I9LoMM@k(lNK>uY`=H?!vAwZisjURuH%4x5q)Q#m>+j*%t{`5clNaNU$e& zUmnRR)_67j72ADzydZXs{zuFE@_dWjVjjpxEUFvxNM1Nz)XUQ`jba|l+bwDt^F(%; zAY_k6*R4pDNl4d5$5fD%Yn&p<$S!Zi$co2Aq4{=3`xr$Tij*;}Ym7~a(m2~rR>L6y-+P!rBdFcQ>62_=(LENL^$FQ$aD z-J)SJrImvgO^7M0oU&+EOalRmnu^Jlrp)x^fb!_lSfT zcO{H%!N80n4@rrsrQAYF9+4H}q12s*vf%|Wb(Q8wACA}+oKjA`J96J{(NhtND!Z)TPxpKG(>K#JP<@eN6f9-M(H;LQV%98t0#APOUd9A zNa99J@A$SdXC}x3*>%<2j_)W1NIxtcRk^*=Zx+a6$+8gvH9IN+7Tt~Mq(mTn;HJcO zR?b^gJ=R-kGF!yUo%3dF52dd~y<&SQ{zzG_qhk9g1s2VW?XMUgVZ8ofvF|DkEQ*gE zq_jhNzjk`;5TyrFMxFfF_m#n%pp6P+KTz^H!TR$|>?lQ<12&6|O6Htl|&@4GFe%R)U7s97Sf=P7ge3C zY~mD4(%1bFJ6Sn|Wb{+xrYPScCHnsn8=&0b1bZbFZPS#&A46V%T;isiIV%Zem~9cH zK3gd<7c_%e8EoBVD+7>VRWe8MN80FW>-MoyU{Sred5SSl#M{#U-S!KVrWUn|3sSms zT1Ym!c8ptu=@r?amO_+#ly&Xhr+v86a6VXBNIK3P9JfrF$0?S)U%OS6NF^L8qmE~l zC}kxlXd~}(G0In*pmtxax>7L$3HvA7C`ow@3CfqGwBscDe3Igi1go_qB|{K_bykvc z$D&2$Rx4f$z-BPnGN*r;6lJVM+uE;H=5q>U@s3wbRnBt~y&ywr90c(q$?5@(y|c}_ zW_{wMl%sfa8RYt%YI({ePNGi~C^L~D*9FRaBTa1tpTP~Hr-%ML0%1+m_< zJnoP(5NS*QjJPApSW8wIcTAaK$-a&|p)5i2cl#;slyb$C&2f%DtGF!YDXBB9NkS>rA4wf%lq{oWa)R>FgmUT$iz+5mQ15e!A}OJD5~`@K;gDVw`6{nbLREDf zr(iPAtwlmL^*GYTk9`u{Ro7*p8Av|N8=2st7H|qC6E zP$M&;x!NXD(4QT)CcLh$I}_ee3oQC9p{?3}1!x8vjo1!rN3}brNb*YO(+M5b z%|b>V`c)uZ)Poj%o8Yb9vgm3;H??XMw?gVox|h&XZHyGKiM@5K4nXSa6W+A9ItFQ2 zwhQT_e$45r1gnz1>T;B2)Oq?wUv(`fF;@Di+n=F^(U4v&*|uLv?5AEsI=tUGae$f{ zBV>oxmroq1`o{_?Twg75kXk-YP@Ms_5(ld}NX-Vkk~l=26E9?={hbqsssj@QmF?WA z)-ZJv(x^F26Njm{kj6}EmpELVv{Go+UF)`Nl-eXoP`Ukm68+V<)q?))G$C=KT8Pws z&eX)o>K&v{e5)}kzeZ@jGv2$_6ty8I=u5K_r>NTn8GTtBO;`5_B3*k2CQesflSRB- z|Ioyl>S?6Wv!WActCuWFPMo9uY|)m)x#}IHqPm|Y&R1Ph2>TaHit2uo7^pV1=-b2v zs+UFA6NA*@NY%RDPF$#tvt;VZMe1aWDy>|sPUjR!PS<a;dt46O@R3$wN)#B<}cy zsCzKpqb==2Le)o{*lu>8-ZjHi&$W=VNTMyTyE0sDWl{5$%hY><_&gDzs_Q^AiWKke zyfQ*Pk}9aEVNr_x%rInoblPgkx}+aUd#W+bgsy*OQx zI{94-OH~UwMUf>t$|kK>T{f9{sc1`A-31xHPFIu+wY!5XLmliO%T$+e3Nqe{sFswe zMp&9P89f#U;;;el@~DR-_g> z$coe>4zdI410+cOfar*35T1@aNZOLRaTiZW=UVl~V`R;(sD$PTK9kX|iRl!NLW zq&7Q&+&{IK@1WX55HH^$bubddJESf_f_R720*82q)FOv?ht*q19lI;aVb!$|QV>1l zu$#pC7Y|R`dV$Z zN66|{Z?x*PnuPSwx6i8c>XN-61I@{+E~=CE0ToMitIu0?MLmi1(09eEYwDc+LNkf& zO5adjihzR2;Ofb%eo==bHS#N1byK~=DTpL(-oNTMHR1qh7E6Pxf3fO!^$JoWzw@i^ zs!NJN7DO5sTwQfv^*96+Onz{CuT20G>9Ek;QSka|!*=mAp&8@uy}G2$ z?{h)N3n#8FXUjQaYDTQCVmtkXpxRr~R@by0KPEJPbl<(&)8=0VEKm@cUr-}Cz}E1bkd1Y3 zm^|IK1nK^cp2@Rp$>)XUs)Dh}b8NRR2+jHK^ONV<`h6=%|8#9~knIYmNMl*K-N}n> zp5K8i(m23rIFdv_wu)1baWP*}7TeO0#?JuC7esDvKEO1SFM^dQ@=D&REIxh5Z*Yiz9q@o|)F z8}1-WwgouIQfv^5St+^hQ$?{;!KduEH!Rr>HvZOHbfD0M*y-$okrmcivTF<4rr62H zziUdWC41N3hfy+5J&Jf{3`j|{-9mbp`$0;&&Fu>0MVyZ^ZJrj5PRX?SaS~^zEZYuF zv82z`i78pOeMp~Aot~0yJB#GmXKu;{+iytosxC^&wXqMtTPft(N^puI^~Z*#!*413Y%MK%oN~Z6$f645u+85hr?sEk z%KvP}E4TKjt?)V!tORPV{mQoe7n5FF`;BeWuR!7o^P=q{r(&sWu=m=FHkX?q1M0u_ zvaKD`L*Mt;Ua?(7s#|^h+8=BUZwbxf)c4n3wR!y}Xh@CmYk#ywBQ^4SxBWF+iQ7Up zxcdCHKiT|{4!SQ}`?Dn|2!Mq5GqCwX`;W2+dLZ zN~YG;d^iP>r<1Ft*4Or+?5JDg)W%wg$3k=OiY}>5v}C0D?gLYsYIl(IPbZ}|)8_mM znz7_wNMLFUZJ|X`sV%iIPQ_AJx5U)fwTno{KH8D`hW7dskwWu{U#GU#{4BbZ`j*!2 zDaiIK-&g-RwXK%VDUjSrFO$|mJ1$8~7D&c#Zj$DuxhO!95HIK9%}vMVx|+0qlw0e%cXEQO54oQ_}irQ*4kzun|3BCZpL%854rj`fEW*pT}P# zzFH{Kx%ikgUoDzbkTD|lI2oWNAW zQCgU@peOOS()_iHNCV^VrH$4CN(d`a`E>n6t%y@3iOR3GK0v!Kh+h#+*GiNWns=lI z>!)k4AYIUnk~6e6NPm`YzJ8XLgtV{hp!FYXzi_%r;mkEpdxQjMu6bI?Qeg8cg)`TD zttt|nx#nxHBEgv}PV)-+wG&9GyWdflXy=jUOq;fTsrCbs>@#nDi1sT|-;B`pq1t_< z?%m?nhp`_ z)1pJ`qck7(-aND|?Q?v6j5Y`9N$<1k0{v zPtrLe`Qn+W$>h0lIDrB)w|fPt=2-w*fZ8mdn9RZBTZyat*+L3ARQgWp7_)T zA%%{(zdl(T!|9T=wbqmMYqj|(gJ-waY2he~PN3=Qw3SGa^U9~EYFS7hjH2o5we3hp z!)vCeYX^|vDZO;LYt=1sAsaML zi_WIxYD+A-l9I2Tv8Y4(X6>;>J<_*m?(A!{!sfvA?V1n!qOG70(|2fXT!G;HJ~4f# z*2B%DdFgw#1)RkBeV>-k3C`%j>HD-D7R96=(29^IXRS>?q?NA$R*I!U_ssOe+F+!` zdv>KC(NZnhiS%QdtGm!#yyxfiue4~SLU$?SYpq00Q&v0Uw6+jwly|3$b6WFSLbk-U zU&aM(2~u8ar;P8kh}uHdzDB={OWGBrsowq>-)sIJLYCksph#LiWHdC*y`T2PxNWcg8Q;A*6;8UuFEN4Xr0Mn@_x$aZ{UQ z(ant8S`nuxl9m4;<9E%?6Exvm{50c^R@b7a)Vo?EPEo|ouT17W&5KhYdD5+F=6&r9 zr(gqm&qM8!kQq@UOO<@6{fd-6vXS~wdn`0r+g2ctw6d>2dch=x&5DmTcTPd1eZ|HV z{?yuYV(Im(mH9;LCNx>R`k6!@%t`EuN%{j$fn?M4rkS$tQy**wk)fSiWh(j}PO&6> z_}iJPKD+_12~y6s3axD$?;SE~J9q2I=IcD@sMZBhrOUHd0aV ziv(>{NgsqXx~B`Nq>n+G#L}y*PeGc?(yOcoBF$XBD6@*b6lwnQP)6}cE%&guk@RGw zc6->{NP4~?RwCz8)%3_Fyk1D7i7m^y>f1Sqr~X~_1Dpa$*NN;MSp7KC{0S9RSN%{^ zh{vwgx?f0h)oZ_I)-L;6o!-PE_Qa=toRhFwLm$`7)LfBSLtkpqn#@{yfkn=x>gdaw zb4_F2)U3?9dMr}@)O<#3ka|vYuUJn{M;bJ3TV_2yAIX!+JoW8JEt$+y--|RWNl{+W z4|57MmL|E7SM;w?=Hs<1v%Y>7X|PujqwkTbEmo8U`gNrGi(NW`69 zqrYTiW8WEKeV$)yzp9r+dNkdIysB5^6if~!oz85edsxJNNlb5oRASwCnN9QtEqP6l z-P5mSHr3zYBhXy3YC|B&e4zy8M>V zgkIN0cSeGG@zTp7L9g@DU6G))-ns`T(d)eRS5XFa)>UtT1ih}S-WCaJu$$f)33^>O zy%*ADcHQ4yAAoeL8~X(-eJGO4CPnF?`yboFgspS+j%*UNHZPe=D?YxwH#a1t%;r+XtopZC-IAVHshS0Btt^!a!7eVn4m zH=}!Gy{lj26iaqa?UyxBZ{7~liy~X22W1V?BanXf|1fK?egNt2qS0CJ=?{K>ffDrjE!>^OZs(yC2rcD!zM7kSyVpk#J}-jGuf`E$x^Efe+boPtQP z-)k*b>JdGKW?A!I>6>LkvRCVcNGF$#&rZ<;dWqCCX3Wh_(@!96_Y28R*ROIC zvuUQT_<&}xVT@IjOx+o&%2*eYsh8&zM9L0`&d$=^I2DnmRaa(b>#qq-R%a5)(ck1G zt{8Ik;hdt#!7*NGIr?NyL1fRE%oFd7CjwQ3V=qEV^l8f!4v$yK)`a!%v zR-(-8ZF+xBMbh0KjVo-|{gC!8+n4=`KBYfsiW2S6XLGtFRZWPHcj)txc6N@H3-xeL z(0ka|4)u6WQO5R;Et>4qi#Wk3{zcxYpG3Oc`L4WM|AkYe(I)V4_8$EX(qK-1AZ_3z z`$AqKjp+HHNs)rM%mt|or%FiIxTYJ@UQTt8s&HzEG>%gCeAZ^X4mUCJ!LA{*Q zjUiBWF<+n4T{ww)Ij1+_#MfXs=ky+ejLkC@fgn-UBJTmQSVYx-Zf)7Vm~W1Sy`y zyP=Ol8oHxT&M*2zq<|fMjAn8YrTtZR|3H-XeBApvxAgOzpw9ere$(IiP~_SvQBm&c z-bmFG+3(NmeURRdRFwPrK%^;=F66#G4C&GuMR}l)MY^-bg*?y$kaC#pp*{y`HWJSCmJ3I8ud38+oM1a}v4!L+?IJUE zMIpxPNHvFq<`APDrzrA)Zz7`yBTOsnawMbFNKtk@Z9|S?R77%Ot8K+_=M+VZ1)G^{ zt&s5%pc*?k#Tu1H73SECy-0f(03AZQ;|+8S>9f827@a{n#Yi`hNto@W@iV7O(kS*0 zV-3S~tXU$7xEqZvs<^@3=)_6%x>`mLq?$u&Z>VMXaf%`xd>b*EKhAEYwz0&b*EiHQ zR&f$mJdF%aQKVk~b{jm6@)PXwUNKxPVmk{)15Uxl*)EDw-)PP$irfhG-ca8dZc(2N z4U8K?lb5}r@stzvkU<+78XglNg<#_||4AE~7!8q5`A=um0_of3A8%-CyoL1Z@*qZ? zk#d;qHKQleE+%`;7=ScpUC4%J#!yb8#hMxICP8{pWNcK-h89MX$@cQKG+J4-dP7U2 z3#VY?{LHisuNyv`qKH#OHlz7M#>!Bzp_P$>n(*%2n?@$m!J6!sdW}s;+jkUhXl?93 zI=o{aqascsXKf7kDI#ZYEIz!UtucX9EU6Ij)rPl?=}6@koZHaOn1_@c@Z*N|MhGXd zg6M3l6*A+ialdWoVq_v+-U5`5GkjA|ObPZ_$r<+J~Io(6L$>aTr)RNm&r$SA{8qHq;E6zyMxU4MFH$y;H1*vvj zAa|sPybSe_%6NmU5z>7xpcY7%IkiEW)dyr9kaD@ru1FhtgRD2wP+q%!NUl7e?;};- z2AU(0@>ckEVg?D1-G`Ph%(&oR4}M{+z`5 zsHf3shB?AZ=k_%EaSAr>v%7P>41Yl+V4rJlFC(5)6d6ChcCL?cT*&yG)!R7DDTv&( z)m3^MR~=-1j9)F;ETxZ8awen)qfsLLjS8GZy#B^3oJ7uijTR1?zQ$Xq$v&u*>udON zx+G2C%D(GvBwk@6|aAYpK;tlbD;6~BS`&{1eya4r#be#3^K}c5~&X|+@6tn zatb0@>YKTP41Z1{^})uqkL@-G8}~Rt`I8C}SGZTMH6ejxt!`*uUbE zgL}`cWT#lRZne`|woZ@<>c zB&1?#sQ34+r&u(|dwA|ti+X!c%$@#Bycw2ksCW4`vn(3qJtOxci+X!6%$;Wxit@3t zhvv>VTo#!1xgs~vXvhh!r{8P6z&Itycsulq*1^WNNL@ppFuKaA*noOr>m4Mhmtf-_ z64Xnu@k9`7mHTf78|8x_y<+zDnTD;G8gFtEJtWMSz)AGvFk?EWAac&Ok%k$|Et!pk z8>=~8l2)^;^wK+x z>1@VhG6E?aFv5}cy3J@?Y-~aTn}?0PNOM=jw>@lJBW|EJ2Fx|K#njjiMDomeM8h!!yRvD4rLVPl=o}{5b^? zZ>{`0=ZxD9vJ1vzlugk{nF~g6v_0N;2K(#-%S#aZlG5BV-x)~`vdcy)$}((^%Um`J zIEl9X!SIQLcw!d*!5E4JZF|*-jM~z?YiNN z1YcdaZd68s_v)@2bp-LZx33$`k>G8|>qaUPya{>3xP`Q3PG0V>hJPYYfxQh_n0wQ> zh~)2fB=K$7)g744p}9%<~n_3iH&1s2uqaNoFw1aCqlW1?n9#$QZb`PMo*+3%H!NW3}2+fj2;_9If=Ud(`d39 zQV@0hr_l}x>iUUMd5vB6#PCD{*;8X&vR(Gnn1ci|Lj6+gGD1gk67O0{GynDg$zRC{_h>VpI_je4fpWg2aT z1TvkvthdW_>W&05gFbMO8PrI(r$^~UBv>U-`YR`B6;7)lOXNAzew;*I zm!ust?dg@IeK?7>Ek%cL5^Y+hOIv5FLWofG%yR0nrLIPPi>aoEtD@U6nfvh||pJ$hqr#Co3X-`TOsFDvd zQHIL21SgTt%5=_Vd%Vgt3<+#jp~DO8vMMwH31n4i_bql=RXP|6WYwq_bIrb6jrt*h z%#{w`W|z6r03?uAryif!Wz}hOB#^n$D?98mH+lyNWHso;PwlcA^cE7x-0As3yUd;b z%!%y@gf_^lNpB-v4sFWl4?%ns*P`l95f7}?qRn^Nt<<6&kw8|Pw%To%)uvuZAoHN9 zd+ag~x`|V;kr3Z1uMXXTv@X5_qy2(d>Mo=%J#A61yn1xWUa%5OKJ>3Z8qzDA*gO1l z2In=RhxQ2>yb0Ne4&5&(U{ix0P3iU`Aok4qKA@jC1rvBLvMHqpgk~yx_whB_5DDIr zY(~8}i80-r?&c)MLv#AM(B!q$oSxtmL|&IJu5V7yIcT<|KRRf(q&HFXeR*s3mei>j zQWrK`(Tbcz|7=CwI0cb=>W6u)XicQS(wMx~v^LTqX=+|uS_f&K{83&z>WM^^1$pn# z21rrL(!37zRivMlF?pS6W286L$UHCl8qy3kInSH6K7FkOiR&m<0}8CJXirn!;RRdz*moV-W( zBf)p?-lI1K(HXhlGkVNPtN`Dm^dQurXruRNHBOM1qj~Sq=7Px3kkfhZ(}9*Ox90nF zk|q1D;|Da>k`>kbfNrp4-{uXY2Q1k&MyCZCi`kiZ1T_wc)IX|Mqvr_P5NR5tk<^D% zFe%CAyiqiaQy?k#QO};E=q@2+`TV?xKRqsp+Z;p5VY|&S)B_1@j-_6lz~=X499_ss z*c?Z<3K_F0_Z&|T3F0;<(%YP_N|4WqRR2t*05&I4S5Cs_Wa`67*qlrk3K_F`J8ufz zBgnWh`*B_XJ%pOsvn3KhA9E73X#j2h1*9O(+5xm963hkD=$vDA*)$r41hVNg^-H^K zI^D!cjE)&}7bh_~X3%0zL1eWo=g*+0k?JdQ{!DsPZID3rF-^T-mwikNkU%z5`x9vOpS-1hNG*`G#G#faW8CEQt2IWtRof;Yc7` zNW*U1WeaH%637Boz+3LH|)B_1*F*HZE%VKCD63Ald4b?7-rH_$77DxRwyDX0SBY`ZQ zcGT^%c-jvMWC_&I$u3Kv{zxE8q!*p-vP60d31lnj#S(VeN_q_NbR1F_!y`YP?sm}3qK8oCthLV1q8V<&rk~M0KZnk#A#w)!%%dG^+Vh!5`yqiW zpDwIzm*vxFB#>>SCFuT2$TrdVx^~$nnt=qe&D6uwF566-BY~`dX1rpT70|7m zMA^5{L!4sClI68Bx6m&+iTd0|FK~i;Hbe5a(HnwDmnomO*iP?q63?-GLMzvY6e7vf z0c!RRI-e878@pbm`)TVMP;VvAEX~6^-7x|9ipK~*Xqud4%1ag7c#@8FK7-@ z0@FN7cOW&dH&;4Fk09N1T_K&IjhaGwBG)IV7bmf|c9M2Sf>qE-TJ1HFv%5K~@=wy* zg7`kzNm?Ieun%^UHb+@V_@ocNrpu9Fopp-FaT4i$LpP!f_T5g?0whT9G;Q9@p5AHN zMi5W$H0^*gNbfZ5jxtE^3{6LZ^v=>eP9nW?^d!olRnF6b7CZ&MLwBBTM}k(lK;v5q z8MMlGRDWIM1zP1IEiH(*$|YJI30mbcZGZ%=@;!YE30mbx+8qg6tE@SH|@Fpl^#cG#2$LMN#AZQ@>!j&O>faIf_OfEqy3Q}pSS5S zB*^FQbQ%)m^FCdO1o?bGS0F(?AJSAL$mgF_YXj+teEvx*a}vGh30;T;t@(tKwxAhE zx|L>oCA2D1hq6G;If)(CC$x$W*6`UUr%4bPEY&HYfLP zcA3qo2@=ROC-)w9nda0431qrc>b_fT5$2e18#4;_2xWfH54RlCU zIx*cBQ?XlfOdTx0JYAvh73R)1FleXG5!LKko?BnmGKW_yg6*;ljgPE?#57dci(=jB5 zwYB;}ZWZ2ADgh}wZ|?pwD2*Q|30G5ys#f`8r^7Z;g)6XxQgkg3d7$!l?t z69|!62+{;2#vb6kPhug@~3ja!~kv}T_Gaa2guJrF{8l+cc=J5I-6n#%2 zgBL&uxH6f`&ISsO#D{!NxXouF;WpR` z>Ho^lW-qoUEcDqu1YWLN?V(ThV||{@{A>=lk^WU(Tr{$X_u*rmz%pnm1T)Sf1#ax5MVz;J<&kQI_+nQisloagCxPB1hD3e)`QM2Df z=$|6ilbQC`5f(rb&W~Ud{ATOlVyi5Lj2{5=2E>wx51;d)q-^x@6qoY25TY{sGRrgM zoV}Ai=XqE3&llZ|lR@+EUB_5L6J~Xp{bnfST;%8N%@8txxe6hy$EpN+j*Zv9MxJ(e zanZ3CIchdzXW{2Hp|+d!g4&juOR;ADomeg|6w`XAzdcv~Sz7=9E{i!fZ%%=FfO%da zMejhJLv7f28)>|abl$fO)>2UCQ2$P>{#{(0u_pg}3n$pTB$Lb4U@df&udbgDF>?z& zO6GZBze&k*Vulap>lU$Mgx+P2ZaClBX8;(pPzs&YT@Gt47+LV|ul&&er%i$Nn5hXN zj-$H)yEhr$~5h=pj;9pt$E6u+O|JOOpV51w_ z`uWuVRXB|I&gm{LwrBEe#`=5dznj+oO8-C06~vkvVlS!LW9=jBe;d+vyWO%FvtVB# zud_MX?6EKUyZM9kMSXkt%k~f)*RJ+82CN3{*8a8Myc+W2dkZ2DFUI=&m9tovLR@q7 z{d*zi%2xD1SRI)m|J0^^B@A)RRq@~X|9OeVG z4c6qQ3v>P-eE&q~gKM74#5vUQ3@bvWu`{E&`nBt@t3rOxwM+k3b|mb{(1&F*^JAzP zv6g@op`XKer#)cA&4_`kiOKv*GirdnERJgfN58O{Q4j14W^=xZ_QiMs%VvsZh&^>k zQQ;}7JVmp-;<~`G-W>f%L`H6oT++lz9EHWmK= ztls{coIA#Ktn-I|(JmsNj%@+?xA7J+%Wf~1J;ZDydkD0VSdn(;tGJG(q0ZZseLmdO zfpwH1kB1Mq5H68cY^7n^Z@eFDzQ z+}FJu4LYT{dt@KvFnT?N6!N`O5psp~DACi*k{;OyA^&7I_#;*W>DpKLdBdObBJvaE$yj9Z2OvW?vyAn0;11ti1MA9HqSWSc=c5 z^6%={Q-ONc$PVV}#9;HVVbzJFO}qY%ai9-lP`B#AQPZBo9pj)LN=L&kE7XZ$)yaRO z|9>kdP#ZShUfN4*19A)X06I_`P!IY`>)~H(La#7K1k}I1hwvWG`=J;YQ0LG0kbj~B z?ILC>$9^kj`E#eP8g6|m#wWgoMS zei+gAkz(&@FegAChPpLEp{JQ+`QOuboH-q5en&t2(xgm=^L)0*;P&$&&x2QhdxYO> zdps4wZ!(wNCFJK35&k2;zxE?Pe+j?1U+>HB2OZuc%Kofto+};CjNmuJukcy11)piJ zu$;*38334(9796c9Io(Z10*7J%n+zUp(*aOL%4a*J(SJ%FSB!Pl0BBAwUM7fA9iN< zZfs~%wAV7eGO4`^q;O8O@%?Iz6tdj1`!CEj_-;SN974^oXIG{{PQF1uKMzj-dl&S@ z8bI_|M?cK2>~1xipB3Iu%%1tb3Kv%;j&pdEZ7>F*Pnzcfk)OCOkO#*cJ{to0gc(C2 z5N_rZ)-W#%hu$ue9BvcRGWA~;4z>61ghPEkQ$H+Mrv1MPf3_Y#A7{U3+72wkJOC@4 z=lyUFf_#Ge-YUC}qu;TIz&52T{bVOD3WM}B`3b{fS$_AENL26Gh508pP5_!}G z6wiar8v|?XUp7Lz!XL)&p)33v%De-cIT57M6QNFEOtCdB53w<8X6h%|RfCW!MBNT0 zEoQEbB(R*nOb4XuGg7c-KEtq>Jr^O9=FDYfxBTq7l37!U|6T|eGXR8`>*N z5&Mw#CnC(W{=E?Ms?CfAbt0}8*08yh)n#8utH&_#PaX+=Qxif&4k5(RZ`Xmg5ITSV zB!=jvVup8gMV*KzuSEO)lUZ8m+vA#ZuXtX|aXyC`*pv!=n0pmI_nPzh{46N77%6bZ zQJ$Gm9YbKAe|BaNYkSAJLX6Y@RS2YLj{X0}Uze?OOgpCkug(!KuMIJKKpmQMj%ZU+ zUTHhn7w1ILA7I?cB#)g<*c1HR73XDf9vA*n2_SVmU(e|bA({M%3t=b57y4N3Fc{H>%-`W7XOG}g9{5sKL+WB1)wQbJ0kp_xMC&|Jx7$T)EKb# zPkKuSKIiAJ`G|$&}IHhq5p`EG@IQix5~vm?8gJ{vFHW=>My7!Ax%U98pFnm$@1g zbHywl2${)RU*@xud4Cz6ypqYrMK71m-UNN}Zaa|fWtyf=@+xNc)m_(!ugl2_Ul4f#JO0w1Nr`&kdEj6S$qT;e8u?3*5~yn zIfRtttsq>-`YFLy1v0NOg^1dFHUyq`5_xuv1^bO`f7s#N2Rni6U8yeM3cqj%Gy80Y z;W-p;`qY(CX6I{})GLCxqQzefY0q}K#f}-Ak?l3?=ofV& z>e;bGj(#B(sr-}v;~3Y`|Dqij-C~8WkS|#)n=6MGci2Q+;fns*!VkuBPA%x4XPDnc zGIrQ4IO;q4U$opL5%RDo608}?VC^e*4P_&*un;ppjussKFIxM#Dp(UbVs8+ht7m&< zyv0R`kUG|kqhClJYa8}y*$#hi$l+PmTU7GSB*>evCU$Yfj-{v>@GGQeJZSz^oxGUy z=gTFL7t8YUoY=UgnICb!6L}NvWi}RM@?<&W>Ns=RGXs3Sa!gV9U(D4_-YbNirF^|z ziLG#+ZI@?b!Fm7YOmM$VgBh~gH1Lak?5Vxs?0J@55twx-(sitVN57Cdwgp@@u>DWA zVl?MlSdWQ+aQ_8Lx|YuaVx3lo&)#418D8viz;%Q~M92ib@)v#>*X)U6cAwYW<%Xx1 z6^9V^D~kLqFP?lB&q9mmneE}GzL=39+zfG?AH*nL#rFExlb;aA(l8Bd%42)G@B(6M&~iK`&a&u3p()a=uFZd+CMQpfA?X zj-=t)!Jj##{Fy^1a*EZtGrwvsL1wLnGCDqk zDxM1k3+7Xla9>R4u?+UqpU4};f-6~3B6Bao9>UfntfVr5r{K)GvWJ-ZW(cfc#lD%C z0mRDogGmscy9~~ov-x`147b}H%H{;qzN5b}pG(2MDYb`~BS^HDxMvM_HWhM;?Yyzx z#h&DR{^?3H1fHmbazTs3KQmmAqf{ct1E7}RUc7l13G%@1&2blUD-q#3_8dpQm_t@C zh7`rBUW7R6yy%A#J=<@Ejvt?Yg!^JFdx%++u; z_aDuBvZdKMNYtA-V>sTs6!%Zz9wpm7;CGxsYUX_OJiGtTt#-fY1NK&sd0QyhBF{@r zYtQS87Icj3sOcDPwzb`|NK54@+PJH6SAQW7|4LKb2^}2{H4wo@nRyNSSN^dfb{&t8 zAeP5R@Ql+F-dp|~DOfO5f3XkzlYahUtp7a3YzxP+Z=aX`Uiz>4^M9TziHP+%xG&3t zcv{#o&yIe(^q=L>aVNnw2HIL&5jb8KbbH~N$Z_=|N(yI5k)oMrbKbL;LabPX3;jwa z@Z^%hS2FBrkT|gLPjsF?BbzDyUHJc(d2>w5%-cUH*FVv*m+_yq@3Z~Tg_I&yi5oj= zv7;_K#!FS1Tb0x&)yQk?XvvN@*)d+KM%uE!?MVYtUTR8ul73{7G?XNhIiyIMLt@$A zM0TuZ$9QQuSx@3gnvy`Wm_{yHOE!^p%$LfJG^RGg3+(ug z9T(Ygi5-_&yzklHEA04z9aq`$BRj5<+2kko_c}Xnu;UkY{K}4-?6}43{>J{^X2?p^M^6aR!mo88fM(Q9;5bHrknHv|>~1CAQM0`u*3M)xJLO_kE9# z|KDC~uf6s@``pijbMXH)_=pABF z!)lxmEifnk-1?TBy|6WD!AFMS|U)3Cwt9|wB%M5v% z{mtVl58sPjhqCsh7y2W9HpkYn7V(HpM!!ZXKsPOS)e zj4fQ-qSf74jq=}3+l{SUdmgoWjO|?8&b95Dck`R@PzDET!^Tw3zY!x$!Le)4>K^Dp$-|yH%kwKIvS%_p)Nj8;ez_@T+>F`q zptkJBC8q5tr>V7;ilx&eMG zUcW|P1dej%er;#<^QHo=?yf_oevQ6GY%`o+9WvPrG;*8a&YRyiMG+r^ep~bN@4G?{h79c_I|H_&@$2RU$uU=G8%AAdF3>V>yvkf)v>hrpdwBLd z7~5@nqouxMz1d-Sb@w*t_(LW|OO&DC}uolne~cpX|&APkYI6QX69S!EFZ0& zXeuz=zka+vpALNqrFG%P z(L+;i!|}rgYppi@u+6#%vtcy$==9Cexv-arpZPHrppB)~nhqp8juZy*qr5qz|8{c3{E8egT@!ntF4K3bq zueHGvE`Hpai;;Yz=VH0;h0->YYoM((*FgJz9%|EUy!ml>aK7Ne- z6M5U9?ZJds2GacW==2rWV_4UC%N~w+eK_aPThd;?6O!Un+pn+e# zo8VEjop=--4?T*GhaN?9;!(7ndlVfr3z6YAy-?AN6>@E%qM1B_nMpzI&gxGS3Kh+2 zs{vo}MrJzRA_nC`oG&gjbYpBL)yt!ep*-5&|G)A~d(80k5jT`Z7&B}!Ek@aQq!dcW z^l6n=?){!n8QdjlWL?fWEuJFrqNbS`}kSArp?{>C%c2s zZUx5QZHU=j#`CLxgwip=WxVs|BuB3C;^YquxyB2JPIdHXJF#?&jDIW2b5t0AyI>yF zdh23Gt(LgzQ=?PMs6VczAzQjBkMrblo;=Ru)IP7g#ZidbhmdE~@+Xm*#<|=$6d9Hq zSN}HPIAlz9pM=i)rO|lE*pS?V@};R)nGYFDmi);<+duwoxN*y~eU1>8i1fA>&pD16 zX^TB(bguh5VrVUgjC3~l@Nyk8UT}2KaRTwAx4rmxhlgk8gv68_H6+sBk%D9FyCG}h zA!ANz5_C~&W@3-=!-qyCe#5mTMtaY7iBUh$r%I9e+Qc$m#xh>UGG4~*hB+_aow(ib zZs=ae;&!Cu+~Se}MlV ztAB#h*O%8?PGeL(`k4LpBn^A+(4-2i!OX<-#J=NTAGnZS8t3mhJ}&`Cp5^&>T_hGg+oT$X-vgfa{pI~{!Lz*KLn!Sd z1=v%1hL&;WGM)DKMfxdx&EXKX6C5|-zfE7H?|&sTu|(hCF%CNcPx7!u`un$J4lC8^ zI1uBbN0mPI!AZkY#6<3SdC7{ z3ctQ$_t9Z~-Sx!V(0R^z$$q`~*5fGCY}e>?B&pHqNK%iS=Z5Wp&N1#~ZRQLu$gm)_ zMW;2`qSN|q(P^Ew=(HYNbXun^I?a5GPTN3>J`SU8;rz{xDO6}2UFYD3i+vaO=ozM*reXrbw>yWpG_UQCo zbC+Rf^(Uz|>)g`6q;9snz4~v6d27@6(8WQO<}z&WIIc7;YiEv;_E6kwpf3$)*n*ri zh3}EwFeELCE4LwOn^}8UPv|8_lMYJOT5kG6|v`<(t;c)rmmFZe}T zH~YKU|Bdd3hpt6$PopucL|==8_oSUio*`+O=<8Q$PV1hXEl;KO@=|xRI<2c# zJfBuT_d&K8wiaA-!v9X%0Q8S(gZfOIK?e2P=X_uo)W@&>)To=tqnl_i)=jt1nd;C? zKNcC%dyFsdw?e7M9%J7_I8I`TGU1uLEIU2Qey4TH#&PLR>xQFw>1%QPoR4zp(JRt> zFnend`S$8^L@s@HYdT%4Yq)AXzuKSPi2d;a=)O&wYBV02keS$Me0W35*vR*2jmE-C z+z)bJ+bvVyd;yWWkK#(wL}#~D6P?`}jYE!7+hLV&r_ zj6=q{yJlpN-^8`EGoqG%WV+dNDeDsG*Okklg_WzI^>`mlF6YlP(Uowc@g%-lpJ$@$ z;YMR6YH1{RHp?R^Gv6ntjYJkl;JVG>YbOo$ok#>qbR3b|AC>zMEhE)X~phOGD=OZC;keheXZ0) z`&y}q_O%id?Q10_+Sfd$*ej{S>7FQKxX1LoYhJR)w4`bD@G{f4*Yqhb=6s!@%9Qb( z*HC8SYb4WWb=MCk|Lw!8km3H}=QMg>b#?rx&b`;5_txPxrVDR>3rhXgaKF{uZ#DPp z=NLc7_)WKL`O9!WNBTMPVFR71>(R@iVfCi{V<%+Ro3727m04l>VgGfRdwEpN&^b7Z zB?fo12VcHhUQMzovgXx3_4l0(YZqNc0w+%=+$`|9SU=*B$XFsz%$-_7Ii;xTmb z7$*qmhkE-lrMjH?Z^Qh&j9+`g)*(j0aFRaGr&C#aF6YrVUQySIdTw@Hw+u($U%-A zJukdaTDs|mthLrp7X8UiM`pUix~gH6sZKjl zY&6zs-@m>&tHQMOq1&=HntEKv)gF_6;7*j^`kg;(yQSpl11PW95 z@62?k_9^c8$P+W=@)B(~-Sb$*s5+GV?=AaE*#Q3r2hY7qfnJ z75lyL?-^aq{_WPr-?fhZ#&kE1R5e^%joRDv21Dm1y`%mAYui7%o@@O)wmt0M%bq># zX)v5bd^7u7*x$@~XtdW{P^X>7%-3o85AL|&97cZc1+9|V_Db^w?Hu2V_&zM@u}i+b zApF06ld}uVwpT_&FFSA{^ogoG=wnqy*J>5K>7<=lpJC}c+{jlLz zE4F3yb8QT@`OX8@PR~Nt<<3Lago)M80W;kRK8(F7MGctg9`Iok9jOlBzWxf!AhNya z)NvLII~|tt`(n;i3%yPMoK}9{pi?u`+xoNMPaWf8e*^rvV}`Il7p-QGIchb#7C>LS zY0;QGc(4svXd7_gD`KA})M-N=yJ-xq-(N#lJQskrzw#_}=7_^%Le__tbc`uPE1ZKg zx*ILA(0)XBLnc+q{!$Cw<>lfD&!-7x@Z6@CT4*UsE%!g;&hc6Tzq&f7%0lPIQcFCB z?&+p!Z?C>3CyFz2O-?R9gDSJoU0yCfORTccJrsJx%v5uabe)MeXld8qeI%y_IbYNK zoU=~*wEEi|n$`0;^%i;>P;a5HxYb+enZOOWTLk1#sOE@a(;F4*sz86?y!Zk8Y*$IN0N0kApp_>`7%$Dtofnlf|Aa_PE&NVvmbGx$MbhPcD1%*ptVe zJoXf_r;t5`?D6o`NYr{kbIrsOE3MyBD{V6#92?ge%Gl#&PZhVV;z__V((nll+LGv;0K|?w_=r@4}WFqq~oxeEn}foK%NB z?)0R3wEfXu&u#0`Hp!uBmpx6_*k^8{bwOwIJyzP14-VgLKfCTK=nJTAwr*QE({8gZD7xXo5Mt~}Au~OZ3z=`eapth)*r!rd3%;+_2c>J^ zRvv#VkD-;v--G2EmAl+H;nwlFbk#Z~cbbu&S5Gs3g>y=~b;a%*bK9-1C$>Sm-ul4M zZlx=wb}Qd|@|eS%xr=-0;&M0l(u=nL$nE8}z1Hj6bBw*#^{X7+tp>Q&fR(N%2e|D3w;ixfeT6*K z`v7Mc;0%MjjDy^2ke6}L`uJscOdjNzL5|UFFYiAx*}qd7^n(VV2(XiidXuT_0A zIn_q3Qf)LpsWzIQEE}!0ERM{wS?|v=W^rwnZCe$U>6;BM#LPjNzSxk<@wptI%kjA! zpUd&NHu`cy9>?d}=(`PtHrnF~ZM4S~+GvmS*l1mQY_zURc(kp&FSlCg4l!gtxXEY? znU8KtQKdH8Bg*)TGEx2A(3y*(`uQ!NO!nI7NW0OLId)mbMpGf{d3-av!c-SBP0h6Z z@Q6uOnEv^aeQK5MRZsrZYK(`T@&0B1vZ<}SJyh`3X^DmQGAC+Na4#9!xMgY$k6hCx zG(R=sp+^nVP5_8vs0(pc2>VIwE*KcVvnGwxcE8f^46&#GnLm`d@r3u zneJZcZn0;ohO_YB;h}q?keTjq_h28yvohXOLgx7W@4RR2(~iNDKCQ+^=O(J9y@Q@y z(HUoRLXYwDEAE-rLw9P^=y}2vJ&&JY=khcEJpRSusQEe^|Bsrle7+yn?YyqTyd{KrO9=Cp(8ZoE_H?nQo8!AV zUemf?ieZM|$M!%^^1qz1*|u*?wR5xWr8QsAz!zgM54E<6P5+wFV@!M{DX$KmH2&oU zzZGgDZ$7T*dEHfc$BdWa3O1(GHnSP)9Wgxrhcvp*JfuCc**888Sf$prnaa23z zd7Xi-RPV;meeYroMm66{d-Hm9+9uap=Hsezt>uI3>6e1_H@4)_c6B7L!B%$JpX?2` z2cW$+K6CN1^zv-<7~c&I*G>db2Wxj@Mh7I|3+C~0*@&}M}j`u#PZ^s z{rQ=eE&IQRJ^~%I(G|rIOQBzzImGhdo5N-nnCTjTu6)MKoQ8Ag7bn&7Nw`R+B*61{7<` zpFqC?*C)`gy?aFISKYk{^dw|2ddxI0!WCK?ehCfl_^IHiHUigXNBLLybK0}}N6kKu z>tWYy%|Oo+Y=)c1PePflnG3YW(eq~84AjbIpjI{meSdJT;SaY@NZ4zjZw5Cf(DV7d zhFhQBIlE5#W$|&f-SWk)55Q0Bs7~`-e;o0p*Uw8v?bF9+_t;L2{djhR;rF<&X)yc| z+e0%iQKR7mwy|7A-@nb}FWuG~K6-ZKoLu!gd;>R^zjm9eoU`V`L*Et7RTHM=7<+8$ zYR{Yl{L~^>(RFNtfii5j{svoPgMr$%U?kVfX*7($Z%ny(n!0gLOTvrOauQk+PUCL9 zCE-bW`knA_-OY0f%#SqPGN(0x?#@~gzMi!gkz3gxzV+EL?c%oU zo{{FfKY{L92Do;RYjr!->UQ$y8EGx#8Am*aZOKS$VUf|EHDPW8)?nV;hmGa;&6(R^ zq<9x+YcSFpba5*ew{meShn#|2#PhCG`UM_kusa)iAqI~zQImTT3 z)`LUlg*iSC@zdw!A)b`t3pu_J@mHWs@r4}kvG?9yKCi@1-={6H(|2i0#Y6i=iJiVi zTVgL-)nhEN&pZ4g%Bv4Irj*#H<9CM=`%m}20naczwJx!5#q;VC`;R3#h`i{EQ}Ao7 z)O$DoW>jLo1WVm34bQ*dPEQHyp`Rx7^1Tv0 zBYk{6ovoVY)9*?z&ELbdd+l_kz1L1>+Y&o{VYk^%zvHxU?Erpv!+F+Dzst1R>35k{ zJ3Y^DwbPUQRy#e(Z?)4eGOc#{MW)qG&+|*L6yGL$pyA|pZrjdn+qrE!w{7RP?cBDV z+qQGtQf?Kt)2}UEJce$R`-b##ImS!ZiWvN*vAxLpNl}dR$2fnC^T#-UjPu7he~k0T zIDgDezeL3BUhC&*OTR$%+i5?F+3EL)Ry%z;cmVn57zd$~hQ#borp$B4?DPwT?x0^u z91hwOQysJ?W;tlziP@J9dC;BZpgpeNPJ3Lxo%XnXJMD1}JH@*=K9}SDy4U)XyGEye zbGcQXgVt25>B$Y_E~(KeLyb-uYIMrb&)a{YV-lY16*_if<_jI~Vde`Re_{Rm$hnsk zI`*tybV-3J=rqDlU+;}6xKnuNqS5pfCPX`ISpb9Q=$L@n2q2%JHQfU&`?%4!Y_tanOBS8OM}yOqqk85|?pg z8Anpiam8K-oy)3td8^r9?Vv5H+Cl53+Cke-wS(49HL@*8t#QySRXb>Vt9H;js&>#; zSM8u*i>h#?I%!C? zh8vB)AGO5eHT~wEzh-#(8M2q3&wKfKyT|nS`dd97)0q7`JU!aB3HS?MzP7J|9`=-) zj;FllDKq`+nstV~=$|wBPL?pIc>mZ0v{yEsiU3CsJaf zk(8KdBqb&qNh{AutAn26w({(?Vm5v(ZpCc04)5Y@UEHdRTXk`(c5c* z^SGVk`#FAq;|DpuA2aaz!a;7;Z@METb&;M(ZS_Rj2CDVnUU|`?e$zKY3l}*Od7nz; zeJYXmseaSaAsZHDCDK0C%G>ZE+ku7kh`(!Cj}cGThdqvL)O$C2`LVc{HAX!aozqN5 z_b)!G(aiT~w=a2p@j2U$WgUyZv3+>=yNe4<^o49!B5m!iM0#fKN~GC#CDJoUOt>QB6M@zqP~6X~402esAk(3fBLByM=14oaii%gfcAcy{srrOkOn*-}5zm(K zSA`Z@cU=}*cU=}*cU=}*cirsoW`8&PyV)ORf0+GY_J`R&!2a{bk)uvu(a*Cnz%ww& zqZ;Hf3~;LfZZ*KI2D#NB`v=)S$bQ{QqtdN3D&0z>(ycVAT=wU(KbQTv>@Q@0A^Qv2 zU&#JE_UExbkNtV)?2qwyVmzK0k0-|Cad5nY;~gCD;P_Pbr?Nkl{i*D) zVZUY@Im%S3C($Emsm9H?orGte2HU&zf>MCYNJ!lkTCbR*uZ&$UOMB<>n>PQ?I-vdft_nL`Rsy zBs!{ik^)a>nhTToITgp3aC}J;Jx?o1nvqhtsD$H7d49@xe!M(CB}rcEq17em{l;7` z&s7!2RC7!X$F%a&)o^VqFJmh&V=FJCpX2K}eh{hX&iiJp%3^UU{i&i*92yXi;f*;n;*<}mJy(@g`sM1#CUdNOUXdNOUX zj%3=BQ3rCTGy^*dUoncrY$6w^W<@! zLeAq#_F8w8xsqv(7jjMy$CPkPsl+TD@6;JaC|Grw{v`ZJaaNV3!>lAO3IH}ix;geuhVWn zO20Af#gl=qWco|^a56o!8sMj$;beMllZ9*kpWIpY%TwMi?@qqwg6{GxT({%AkbKjD z@5_(kZd)XV<_Y?6x!*Foz>i`np;(Kt7`lGDRkFK$GQ@`W%UEsmDn3EdlHc} z@@j77veGLhf75vvSUY>y- z{L6(A3(7ci8E3|QG;)@4wlZ#8W}i0nsmd~B_`ooLzjyMR%ItRy3sk12(A7n13SHrp zakeVXP-UktURK%ZOP5ugr;0OFafT{xTV<#3pVrvNrtD3rvD39^jeS*WLS+ql%<+00 zv{!ogex#JkrF=zQ!gnPld>>K5_Yoz0A5q3JbPuv?SQ$r#IWjAS?(DKs=L*O79Z=f_*j?A*>XA3!x>6ALn&wQCeu;3l-qiF3-t09=uM{MtyQ_yf$Njh1oa}c zQ2h~Fq$1FA_1X1SwL$%Gy-n>=|A9WC3>$3tmuD7eKslhzYRHBp^^Qu1c5$oY$Y537 zDifY;ZS)4KD%B3avqsBDxlEf4E!XBly_yHQnQL!>CMmzRXoFGRt1W}pYb&99wAIij zw6)N^S{Za7G)c8<*FrnBCu@`NmwIIz4C;OD&<#oI1ba?#OsU}s#H=y=9$IGTf^IN; z2lX5N0j)QT-I#>GkeUbGX50*|G49xCRT1NC)H?L1;YrnBf)3YDLbLR*q1k#qdfA|_ zxxuP@IxUx9r{%g=r{${GX}KQKX}R|3m52#&OfzDJs`pVIsy<=Q*W7A=Tm8WCgZc)< zE7K;ZZrTF1nr=g1g{B&m7n-P-5)<{Z%tZN1Q9D$vH&M=7)_b8?F4Mzk^^j>VS_QaO zGq>8$ty)af%R#iYs#g(jRqY%TM2tc8nhwD~%Y2ynHNOfiGMD@^NqNjipbO1ELQBk- zRVArq=Cn;l{FMr=sWs+hD3_U6Ld(sxC3wxNH({2{*FdYx*FkSKUk|M|S8W=qZZXq1 zx0yG?Q)9jr>NDQ~^_zXrd(HPi>&?G{K4g9jy2rd1`h>X&y4U;+G+=%K+H8Iqy5D>T z+G73(^q~1a&{nhg#w7KsIpap7YBy)!I8?pPJqFD=@Q2OgpzoL`Lc7el(BtO$(6i=+ z&|dTX(1`ggTK$Jx=@we!R?7u94OI&)H1aY_;Z4{(EDNAs%NqC_;2)|wx%M5)P4IVF zUVfW^GPVUt6w$4p_E9 zf3P$_2Q4o{mGu*-ZcW;PQCTNL9ab+ChZ1P2^&{wT>-SrRs!S`5Hp@D6E4Ewf+^s{E zlRYl$I(Q~n?}BF{dvdM6gJ-HW3eB@xtB0z5_Rq3jRE;gcx*A$!-3RqpKY}i_{sb+t z&b|d(f^|K#)VdqG#(D@^X8kj?+=sS&<)m8&?@Vc+pr~A?|@cY-+*qjo`Kd_ z2cSM{#x`sN)|uPzjgW*xc&}n&!f$E~DwB0AYd))+bvbJV)T*iy4&Z%Bo49;)0_`c) z3ACqdOPG(XdOJtfan1%VzrY$|J;54f{f1SuQ@=x4$FkOX%k#!%ddkFRW z33RAhG?a7|G)WyAdJuhu*we}SKI;kA9@bA-qpY8?{*Cn;*6&%*LzC3BVU%s|Fv{;{ zUBJ4Cbt&s|*7d9#SvRrX!n&RHPS(d*8(4qCx{vh$>kF($SwpNRSbJE%XFbpQA66}u zMrC46WF5kq#+u1Giq*}!fOQe;TGne=D_CD(J;Zv1^(gD>tnag)U_Hg!!}bHu<-F$!#~JRinI-%T;L)puCC8H>c52w>s@b#BWPG2CYf^ z66#C)2{E-C<4+rU$56G4%lD>Th;kj5>(gf4fn$5xQs|zv)zBx>wnF!&-3JY%Jq>M6 zdl~WjIDUWHhbSN5a!Xna; z?IdEpNUOoQ_#8Y|)t~kSYX8QyU#I;IwF7CxciVzXWWbNI62;x@c{f2G9H2EW;_m^nz0v} zm(hrre2$rw@eDkL8FWQdl<_>uo{WR2UBI;qGmgMhlJOdJS;m{t(u^>4O~x^3S;hy@ z@{E(v8pPw6%=#E>1M6>C8(H_UzQB5fHN@J(KE*5$0LSg&ENU|r9;k#!U6X4YF+x3k{KTFbhN^SQ}aQ zu^wSP%KAEMi1irj3Dzjd*WO^xn)bu?5y={tfz2=C{y2ng4`7k@+LmU<0yYf6p}G>OGL@fHr3igYM594sFRC z1wEKK2HKiA9{OtL6li;9J~WtF2n}ZzL*L0<2<^&T3O$~=0@|H3OI%sd^dT1o` z252nvCg>NL)zJRT?a;3?cR&X+cS3*2ysy@%1~VUqsu5pe{Q8JJ@LNYbj`P&=5i|p@ zvmRspjP)DVu_LK=BI{(qgeitlL>@S?gFIW^G_? zWIe$80_!2xBdkYRqpWkYXoL-;NdJ>fsyRtbtTxs})*-BEtaW23<^k4+S%1UY$hwd9 z1=d5XM_6BH4Y8)>P=*&+kFXwPJqE>V5%FG=Bd5lLkE;9)#H*C|<0+sWHgTBx>?Ptz z^%XNmB_1aGLX|G8ZH?Q1Jrd`QuMqDxe*7wNhWeU0N6k7)cClK?T%yXEE7cz6)hfoU zROgw$R8wA~_^s*^<{fGabEi7^S`qxuV|;iCpLz;h04`R$>&nGnDSqN~)O*28)a17H z;9~Vioe!k;J3(qsq_|xm)dxVTZvv^FNcF_Ss`|`6@DlZO9bVzh^&LMW#gTnjJ$0rN zq;d60J(22(ht*qWKI8gF>NG8$#|YBAo500tU)@+?F?d*=JF`IS^&s`XmD$|6%b5#UBD``8wJEbX`RJpMliB$q?^n2D6hsWrTh^+bY2om`@^)L;O3z z!z$(MqhdFK6i1}E!{YA~Kau>(7$3(lkn+zE7K7BDNO8nIHR_?fMZA~E0zxc_fxP4+D zW_Gr9fD}ihd_;=t6#FEzv#k%LI3mS;Cj3t7jh1*lk?KuC8?&=*n9vC>R&Sij0VyAm zmT!jCyV-vC)B?6K58|%?dHVyYU8U5o7j9*Cw$*~P9}p>iCrI%`8rLpi0BlojuQh@c zPo(%Jkm89HPvm(M`!KV!Ed)}02T1WmiYM~?iG7mU*%k#Uz7M2$BE^3uJja~err{AF z#Th}0BT^iZ@|whUf)tknQXG-u#tPk1Uo7=RswYyON|3ha_2SWRERh}|dkM5_NxXtc?4faEs`bJ*Y6HWsAyUo19};)s-gf!OPXKCn%F_1Z46n?M>j zk=pGOc8H%y{!U?^_=)8IOlV4o+ryZhZBF4>@y`(3EnFb}m10+dG!7!=T`$}zej@pa zv|PKyZjyQ;)f0Jp6T3s|iB#Vy{Ems^ygeT825Eb!5LSXb9+29RO?jJyL6G7*#EyuK z7d@#hmYrvHkdD7j=H#{+Vy_g|ivO_KCxzb$RbssVVIZGZg>I1gtra#3BSI}HUOy2m z)>fP@25HQC@&etUVkodJ^+Kx`0@_^J|t#Btu=i_FvLm>4Z7CRz#RH#zo^_tKL z@;r!L0n+iSR{UX*)@Mwp4~g3@p&MMR{(Pz!%rWF|@Q8mUNO{*YpRTKAPHrR8_;!L6 zzYAQf4%Rh_f1lVPu{%JTpH7h0b5#6&AdTxY@oPild5s|DHGvfG0x52+*b6}F&ny1* z;`fWaOX~NDzf<^`_`hSjv&}Rto_{Pz`4))1UbvOn*|tmS_X&gGNj0O5_(#>=)(O%$ zPcl2(BH#+l8}X!ik4bT#NgQ5L#>-;@sogLpjx%BxOZ@_|S4w?3*rqOMuLQSPo;bT+ z>bFY$PWC@{c9-}c6@MeRSbcS>iR)iEyHDyvQr{_dAJ=!D{Y-2vP1XlU^KS&VSbENy zKpHn*JpuclXUB@|X5#vc{i!_*#9tx)^n#E{#iXUK-zxY?0@%EG5as?StugDv=QX-u)W}Pj@ZS*3if0F1ZjLb#os7)6SxBN+adm_ zuute59?$O1VX?3hr1AJbqqe4<$os$e zn?TwgI>g^6G~#{Mbl%Jn77Htd8^KE~n?Bx2MEg3nw|(3MQvMEM7^L+c6}wMp#5;2- zE=O1_tOTjwonki$`-H|UX(ucOsedAE2aCwI_&+WOjoRXP_ z(ed?}4RZg&B4M$xQs@O2tNb%Qv3Cmn;%^c=C=3ZZgi&FiFa|DGH}x1Vi1)99^c=t` zc8<^`ez(}gARSkUw7xuCe^XBdNatZ9uP0%xaHr4@Qa=H(O%1j;ioZ!15_W*Jy+_6F z1F1hPJD%SNlAR-Vv9MC;1KU*o>qI*5?F4DN3W(h#b`We+x4urKxDN4$L7Jb4`1`~k zWB=|t<&2Nd2vS}hq~*#HyI5E$41hFmMCzvrq^`ya+F*`1f)t-Ec8=IZ zViT8Wq1TJWUoQSiv3ClagdM^NNb^i=Q(dn|#os5?a%8@RIl^M02c+XdIY@ab#qSlr zkNvpL68}!2U+M#3n@WA7QT$E9W~mQ}-68A~#=trFOA(_hKE52G3nYKB*p=5<|V;~*(jN@c|33G%+!eXHZr1MXO*pM+9tB4R6H6@0t{kF9xZ; zQs@=`PO$?Z?gQUw5<4X95JrW4LOe9)`PM+nYZN+#IYJjm<1PYe{kX+nEUXY#3TuTs zg#nO`1C3%g34`Jfi5(F;DmMP{A-B^&8lMi*II_j>6n~M}*b%W~ zAmvq)Fdz&HBSJMLo<|3Hyka{+8i$MhliP~K?-qZ#*cD>?#I65PzfigJMU7>LOVVVUf@cQvc;*`-HXP_k%RvfcS&Lh)_+Hyh0~P`HIALi|qj^ zPr3Lj#P1WkR_p*s`xBA35Ag@Z4v8HRJ1RC_7|;DWg>GSm&?m&heU8f(`oK0dk?P2?kQx#%+L7E>T%}=fP10b(Iv4diV#Eys^6*~sfc+{+TI~}BcT}<=` z(!BaWx{jz7JHR%!7qCtByxA!JkT48V-l*6yv9*GDKBv$HQh!AtZGUd@d)WWRsdBJQ zWd@0~ToqF9V}E&&Nd8*!2gGg^J1BNY>L?mxa= zf>fU^ey8|d;x7`vTl^J5FUZeh#BLPob0iKlJbyOWrd|s< z#dd+bzp&r@mRtN4!dhW~>sP$hD0WB~6~;hbU-KycZ{N~Dnl~LJzf0%^7puLe!_3;# z`uzBQLtLy5_hf@@>W^;~F-LXyLAsv~uzhVuklEM~2I)GXsEFnh=L?YfD;N5N0bx)W z0VzHP()mKU<94>t1=96_e;?{I(AonYD zfz)pi*B|I~i@!oxD{K@7g&|>7s4bMdLKn!(BX)(bR@f*E38O-7k>nA&h2_)MJVu!?zh#eIhlNvwXfixf4Vmrn5fqWk+3<}kfxIY`D@%TV$9}ycbSZ9B> zut-=g^a%sPpfDm-OQk(X_nFz3$L%7a8>Ifq#jX(BCw5R65`RSOsMzX?czaFg6uN~G zVHBk8PA!x95jsJ79#HgO|MGaf6C}S|SRwR*ZK}VsR_sP$NEqSzDSwE9w0~&SZzJ+WY(T82isKZA1c^> z@N_M6@97}>`~RR_NqIZlvcWbr?rkT?*DuUBPWjkh{&u7ILm*wh5ErYrPDi-@$+wHv zQ2Xw;1I)B{8bO-(5J<}%6>4kab~f0iZg|Hjwp&;s^l|-j@6?Lj2y#BLBV2#(ov7H_ zRq?z|VG-D-CLVK(T_LO$2DpCXu|{yQI&r$0{rLTr?N3gttEqjGWd9OYfV3WKL5^d4UtLHTWu7>#T^sMm4N_b=$j2wKePY*&9T2-w?2u3^ zkGFS%H0~m>P2Kx$h4^dPkNYn6|MlHQwojanfPCDlh_m*(c%G0j0=B7j?`2mK_q^u@ zd7NyYdapukAKUh>5J<}%Vf)gqDA!~A_EP)Wt|Df*%MEfKwk_{hh#g>i!TTYxqeAEU zc)VL!4z{VC@7IE~yaBe~d_Tzi@%<1;`J+Ph3yPorfeYmG2}tdH?BDT0E&H)Pg;B1@ zb;tG8?#&OJAmwul8$sIdLu}*s{SEPY9i;0Wm#_$=`E^UZNBrgD_kxR6u*WBME!+F* z{2-09k@<98Q0hZshe6sOBjS&WUu~52DRhD~ZWl=LMdB|PR!F^1>{_t{VmE@coI$Z8 z!YD|2)eZ6fG?46UvE3lG^9XCDzERjL{;1IT%XoXYuo0y8QL$B(^aFA~ViyU^g%wio zXJY<9%G1nDJ`)yylAGgIL(JWEF|oCqDbK+=CrIOLWE;yT z^lXkVPa{b6VX>oPJGaFB6(G$^NNoI3ByXo0NbPhc?gzldD*23C{2uXp*}t!@R_JH$ zt_usJAm!1j<8%sZLF(7f#Q915QK5E=^bb;8h0rUk1!;fsvwg5G2(~Hfhar&qiwa}R z$@r;&>KA{gfmH7Vc|TzP;~%=kUm^6dzvshRaIwFtL3I8<|;WnwePdVn>-1&S*8%{*p6J=CU(xCgzJ-ai&)27r*OHipPE2j`;GG z3w^?Xuu&KkMuh6Fc)M(2k+59o69$AqVF;vtBVsF`(3Tp&#V=5<4i22-W@ZcGZ3J}8U`Rb$-m69$AqVMK@z=yLzrLZ2`oj0jbeZjoaD6B4PP|?fsHp=o1EnL19Fw4oE&>k+59o69$AqVMM5&llH(q0$Y4?JSa9k6wUn>fh#rh2_Ivg-uUjcGHkd~v7ZCsy%w7jY_P7S0yPGJ#9 z@f9GiKd~F7J}7obY1bom>EWa^|>;1SL0I6L>7!yA}&dz>6NbP(d#rutb zG`{SUah40SyTuj;gb`u(DXA9*gb`u(X{i?mgb`u(8L1Zrgb`u(S*Zux)J@$!kd}+s zrrzj|h@IUdal(KwBFz3+>V*MeM40_YsTT%>5n*<()C&XuwLhV8B%bntJTA5?PDRAd z{#4ot1Hyih0Q|mFp57|7X~RVCe%~OzxA|>S$o)8c-= zFeY@R$Ne6Vp0|6MZ=BLI;(nK~8Kn9!^Nmw6kbXZR(%--MhsWc?LOoMcZTNdk7s%rQ z>HMOPjOX!yOz6p?xHTU)gS5P1p??(l_tm*Z6L;5n|H}&~ZgQJn*v!N{ z3H9uFo@QZK7!%@i@7#||*euk?h+pUtdWC*rGf3-4&yjecN9Yy$h0VgSFecPp@%A2} zSLheUn3%V*6xZ3NkE4F^cUU0VVdmsEeSF+@;VsqV_X}e}eIm8P^J9?a%`0}Z*kPe- zQasKNQe3l8zcB8PEy@y&WqQ_gr5Ak-!If> zQGeJUgkF&5w^{5k+t>~YBu*F;>a*j1zpxqP{YPwlPQ2a)lHVh?U)U`EnAmzD#o@U; zNaOMgU2~;>VOSUw>ht3DUZG#;nlJ5yVPQhnz3n6{f9H?^5gnns&vnLjfBWKOkgv^--;vzAzwTYq7F*xGD; z&-$VDj5T8Y%K9H`qHVNomTiG;x$R2Z^|m1ik0uNxthYDV_u2n$AMRM@*x-1^F)Y!Q zxIA%F;vbgPW&YCT;hnN@}yrR-IR1!QbzK+_ejZ3{I z^`6wsw7j&HY5zzYlAfD>S^B2*9qEs!H>ICQe=y^zjK+*NGJechGko{($A+I8{*U2W zW@6@;%*!&@X1}>#=SMJd)!y!Oyh@)pE7>=`1Rv=j}MO@7@ss@?1cFfR!_Kj!aWmSoAAd8 zBPJG3d~RaT#P231Oqww1;z^4qZJhM{q*o@rHR;nyUrzeZB-@2sFMRaE7cM+};pZ2s z+*!Gv+-13Cx%cF@<(|n+pS*PP#>w|hes6OBOqo7q^OR?%yfo#FDW6Okd(pIu zuDq!7q8%6AbJ3$0{q>@uQU!4Bt^yAZerw>lI&Pbgxea5^QTV~YHcxFaqhL)F_H!^QbUS6Iz z?}ohkyhrky^WMxmnfGPhk9p(rr{^!oFU`Lx|CW4T{%`ZU^Z%WnFf(gr?#vA{pPspI z=JPW@nHih;<;-apUwrZ0ix*zJ<>LDmbu=!b#wR6-8|1Y|DyRf%-=RYHh*)` z>+b6=dGM0AFVTzV6kk6%M_b!qt0e_mR2nPp-6 z!o!Oa7O!3W)Z!D1-Afvm{CSC^WK+q#B_EgktK^ZThnA*Xo_YC2mwPVXc=@)=@45Vw z%V%8SyTZBbs%1x(8J6F&{Kw@>R4O(D<`g5yJpzhrnUcEyZWjRuDb5(fvX3~>aJ&)_I3N$&Aztl+6Cns z%B#wgD?X|COGV~&Q?C2Pb$4BN;JU-tC0AxuUR>#^JXG0L*;DzS%6#u_-hS_l_2<^F z{srD*r)P^a_EGh-1ROkpbM2%FLDoc%0qw(JbDjWYf@n4P_gZFXfsIh8_ z8mFeI3HZa&TvebZt2yc-yq$BZnh&oVf9~tSpY&d;^3`RiU5MJns40bawOXLAMNK(s zD%2u%9cn7o66IATYQ0*DAGoi;kJZc62DMym#5M2@YL)sWT2-mFYLhBcH>!2&CPd$i z=*@`UhKTL(-VUn<)(%yx?ovCIPwj@@t9Id$^F69w)u~5OdP+TjM_do8!|D-rL_LOU z?O&^Q)u3KiPvX`-ppL0VyeIT`>Np;_eT27%o>Kep(DxbjC$x&H{R-dpR-dcq)R(xs z`AW5@zpEG2H+V?%t@^$CP90SL#Dkb0ko{k(RZY@@>Ow7quUv-JH0=*+ruMd)rTtOO z*8Z&KY5!71+E2=@nY2qZo959Hv;~@7yHs;%muXjM3$^9iB5kF%SS!_*XsfiP+G=>O z)Rt*$P@~kwk`_Gq`MviLG~s$G?|g#FYY!fQ-Y}*OdV1fR&~Hnr?5^(kpZ}ZSF_iyw z%Sq^khbZRN5NR{3@=$!=Sju)I*CxM7<$cwkK$D({K~FvQ74+F>et;G}Zoo6A|F3ul z{LRk|g?3*y9QtJwY3g25x1V~+Z^8#`)l*kcdEZjf__D+`zI3&`EOF0M<7p&uzxj8x z)N#N0cP`|a_UuIH@9&!ot-Wssm3e+9tu8=0-uCC^D{?5?wRg@(?a%!`FaLaof9{XB zjrShUFr8=YO4jejEKx%#|~2M=AVr%-s39HypA*X-%ZaHui5ZR=(5e5 zq3d~l)m~0*n{T=eo|l3&lULtBo{rz%2~W$7JE2;`!_XbgRQt-SR6F?iWAGe1M4rbE zJ&E%FUtjyG1E_uWnSIdVzkU%K-x|lgL2Vy+>lJuPSmUGm`FP^x=YP?Lm`hd$p`CC2 z0UBS59k0+D>Efm6K0>4Fe~GsLc&oeFfB%DBh`A?7wcl?22<2;UISZZ5`te@!-@Ncs zc&@mI%4he)Q2zP4JGjLtgim?`#dv~0D%As zvWb9*?13bJpcoBF2!VuzOu{1SIGK48MkX_179cKltEJX%R$I4P?P_c7W?Qv&x3=2t zwTs%$&Hidq+}Uz^|Vn?!OpNk8gLq zANUi=4+FmVZGw4+VEZ=+K5`|&X~z+~>3amXG5(v+5kAyNa3{ly8NSN&6FJQ4g~T0Z z{HZeupMN~Tw>izpZG``G1Hl&=p5IOQZ5-wsTL_PHu4Z#ON8dq|Z{0vJx`5z%hQ~1+ z!|)M?gL8>{fZ-+lmKPYmm*LYK<^aFt6U`K|^LBzS%_q2!@v|8IZ=NXs;ynEG>r{_x zc~+7d*>dq!6e~=#%yrxzzQFCF>GJD9-+cKO%5v4Mw}Jj&x69SsU?^|&Y;^>rG+Rw&$!$8MH4AcD6)3oS4)}3^wwkZT11>-eTP;*ag1!jQR*ThS z;7b5)$Wc=O&wz|)L!O!edIZphR5lYZ3W?8#lr;zN4y0|X`ylbz>VBkcLlwUe;eP;V zLoL1-@Da#=He{z|fIou#XG3-h#wvL#pZktg|`+*IQcv zTdgqQ2ADb9s?FL4_(5w2;76^UfLB;&0A6E706%X<0q?Y8fDc#>;IFI!!2h-qfWNVJ z13qmH0{#|8Z?<~I+5`A|D+~Cdl?Qy?+6VY|YZ&ki>s-J$t@8nG`vSm#eGy>Lz63C2 zUkX@Z9{_ByF9ST?z8rAB{UN{$?2q89F9fvJMfMfIF9x*L`|K+L-*0~$@G|>qz>nM4 z0$y!j4|t7z1K@S`jewuDKMnXP`?G*I*`Ejew0$$+XY4Nle$M_f;1}$#0N!kW4e*N) z*=%)-{Y}6x+usJf)xHDptM+#Qzh>VB_;vdpz+c<<0X}6v0QejGdw@^d-v|7y{V?E* z_74I7VE-8KkM>Wg9syC0_M=pffVTRx{d3@d0YshJzXbjYAW9?fIACSqSAe4ePXdk( zJO#Ke@HE0S0otlL@C;x};5oqcf!~4N3W)j*{2q84psh9rUIM-e&{pk%KLYOnwAJRo z%fLGUZPgX{Gw>~dwh9Lh0>%S>1;qihRe#`B-~)iR+7);mcmmK?X9wN@z8lb1?+LsG z`~pB*T^RT$;6;JA0WS{x8}JhRcCW3j#E&G~>Z(8p@DqVbz^enJ0j~*E0p1@N2lzl> zyk)5e0d4hYU?Skp0!IS=JTMvXvA`5?9|uG`3`_(5Bp_-bFa!8gfT)GQOyExgq80+P zfIkC>{uP)5{5e2dJs+40{C9xpYk_&de-DU$6qpbERY3Hnz(U}!1ELKF76X3+5N$ZH z6!=?!w)#h48SsAs+Uj3{THtR3+UkD;^}zoPXhU>Z3ETq2S~7S7U{!Dp;Mm|vfa8KE z16Bu50URG}1e_3T0-P9Z0X!nu3V39&4RBI$6X4`v2jHw=C(@h^XsbEFEx?Zj#3&aG z13wPXR`Y_rz>f#Sh!@-jd;uUvyxL!B{%@MA(#N{4(0TUK2bY@Y>)7fY${t0=zzW3E(G# zmjd1pJOKEq;AMa}1}_J^Dfl74PX|8&_?h4pfL{(?33zMpAmwi>({_|E{*R)b#x z{tG~~*x;9eKMrWCCxTxA{wqMV-r(1OKM9D|8~g_FrvTAv~KLBEc3El(ze*iI(1n&cUCHMf~tHJL9z83sG;2Xh* z0pAS%5b&+wj{!rWp8{5d9tErn{Ty&q=$C+FLysf1ae!!_p^eq9r`QiYXEI^V(3-iCjnv%480E66nX=&IrJ7_OX#0~>qBn?wub%< zxFKZOnBzhLz>T30;HFR|V0&mZU`MD5aC2xJU}tDNU{`1&;Fi#lfZd_VfZ@;-z@E@F zz~0adz^$Q~fZIZ|0Jn$c0PYCQ1w1V@4{&E_KH%x0g@9*-76YCcS_&8mEdx9&R0|jl z)dTj0RszOCCjiDnYXF_lNr3&KlK}@prvUB>H3B9=O@L>IS^#&4S^<-xHo(EqCcspv z127%x1RM%&0o)S`1D+e|1-v@64e;8~4#4X|I{~i`odNjCPz3OXP!#Yhp%~y-Lk{5A zLIZ$b4X84~DXUuZ8k}uZQ*l{yj7d_(telz=;*-10GRv z0bpyzMYe_C9JvU1SH&g3w*X>JuecO&xZ(id#TAzUzQ5vfzzIuMG6n+~Vazx#jqaZ=_0sjVmy<)2U zT~%FG3!|M0RrS!LO#*(mItuuGYBuou)Um*SpoXfN05erBfVrwxz`a#%fcvX9L4w3D z1_Qna+=tbLRULpAgZr?0FSw7W_aU7})ccXn57h^N|4@Ap_>a_wf&WN-6!?Fs>wy24 z`Xum2)u(_zs%`@Qr1~xJC)KmSf32Pe{%ib3ZoPV19Wk~RaMIX%==F{Q{*0Om{8=>} z__O#0je5wb#{hp0zoStPonH;`->K!mUr=?xUr;N6|6Z*E{(H3=_>1a9;4iARz+X}g zz+Y0Q0{^305B!g61MrtsH}IDge!&Sc?pEM`Qrm(5S)B&_&kDcV1fAlU!2hDo0)9~S z0Y9kX!2hbw2L4z4Vr@O7;S}({sUhI6stoW~RSx)TYA^8D)PCTvt8;+AuFeDgcl93N ze^(a*e?wgi{0;S9;BTt;0e@4yANX791Hj)>9|ZnSbrtY`s!ss_m%0Y{ztnZW-&UUl z{|Q1N&!E{8UlWdl>t7> z$^oBc?FByD+7EoTbq?@3)_K6^SnmOTtaTyqW37vU&$B)Xe4h0&;K$>)Mr#2-0err7 z4e$||0TXzFrZruyK*18{ft@R-AI_n|eb=D7n*ISPO zueW{#yxDpdc(e69@D}R@;4RjRz}H)U0KVS(AKuH)yz)d~Cx7k-fva8-2+;Ogq#fG1YB0j{my1lUkL2zYAsNvhXsM#x@kJwo1?xxkj^$MQ@sZ;SDgjiixjq5`;o#n z>l~!8%{mV$Y_r~j6t-CxB86?%#Ykbh^*-czyY+tLdAs%D>JGqx2Sf2xahV=#DXIftbex`K`@Q8IQ z@QC$Q;Bo8gz~k0!z#Z#bz#Z#$;7hS4#|`t?OF0+&9-mdWsR!_DXn(@E@h|k}vDPH( zXls#GXPtBMkzB2;L0*!%W;L^YyfnNkVf@cS>2)+4;;GY&`OFM}FhTXO6TdO`5cP(#ewsC*>#IIcekMJ(E8(`S!{8PX6WO7bgE{ z@^_B9|EQT$W=}bNN@B{MDK}4fWXj`HYNs|$-8A*askcsjX6m$QyQZb5?VnaT{ix|% zrYEO=eEMgm-#h)^)91}Nf5zu#+&<&^85@r7I=XUZ!_3QPUODsnnRm}TICJGOrycX& zV{SR-;bWdZCOGTJSqo>ap0#<_$7Ve|>mRe?voD){{p^QlPn>hvoG;9|d(Lm>{AJGA zV~;tu?%0lF&ph_ZV_!OU@!U0YJLV3|{o>s3&;7;Rf6qPjxX5v-)A6Sr|IOonef*U9yXXI7{^A9vFSvif?1kBdA6R(h!iN|BY~eEtCoJk( zbkU+$79GEMZ(&4PTg|qj#D2$^_5fSG}bn@ zH|}WM-FSZEpBw+)IAdM?y41Q~u6uUfgr@qYmZq;a-P!c3rWcz2+VqR&KQ_;4+0}Aq zOY{0~wm#7MXzMGjU*GWHhQ~G>+t%2&xov0L;HCqc9@zBArbjo`wl}r+v}fDD)Ba$4 zQ%ATX-jVFMrsJlLyE?wt@npwy9e?ZiN5|UD(arzU`D*9CI;Zv=+q0x+bMMaH5BL74 z_ZPiS^`5;ov-QB%Pi|ehtzlc|wwt$oecN}o-M;-N+n?Xwv}4nb?K_+u7w-7Uj>mS? zop!}(H=g#D(;1jg(K84KtpK5* zJ##-jg(j)K-v5{P5KTf5M&Yiyf}TV(?|!{MHl1h`mmK{=URvmRJ92yn+?{aWLH@rB z?dM$zzrzA|4>X?ls-qx*PKDNT8pgP3>Or{g!94``eYhV$c77O=^CQrk{t)`jAHn?? z`ploe{S@xM;2wqh8FsaQ4)+VVU&1{G_c+`WaKD24Z@4GnehvBiDeQdz2JUIN-$Doa z46Ku$#lHA+&}lvojppy*UQp{GHLioSxDHa{I+zGHLqcqZ4zv~0VJpVsR!D=bkOEsF z{k5uBuz&tnxWB=@3ile^>)0j#JKP&^Z^FF=_YW0@)E34#9)^?_R{x9r_J6}Et4CRI zHe3Lj(V(>*GTU}l0apn(3T`yq7`Q69v2f$8(;&;mAj8EVyT#N*D+ReN1$iw6IV}bG zECsnN1$it5IV=VFD+ReL1$iq4IV(l-738WEskzpEbsXG0xZ~mG z!!3YY2)77sG29ZkrEoQH%ixy7)xy=m)x)iT#&xB24))W}Q71s}x*Bc`+=*}}!L5Zm z8Lk2D6u4928ljn8XI-G0;F{rD;MT*n!fk+SgWG6bq&8Vss&?xt)d9B|uG9Ls>Vn$> z*KPe2vdYgOh5Q`y#bb~S9>eVZ80PTDFn2$OIr}Nh)lXrLehPE*A227+wIXo%HBl=H z*9RAai(|*%fulAYRJUA0&m+`aZs*g~f=kIiLqBKg=PW!a!Yq|KhxoH~_&RmX2J){^ zd+#Ft3N`&q@~_hT_4?VapQr0*pMDOht8b+68TcuFM*A<;{EzDA$Mo|m{hVT5SxNDx z;YsnPS^pSM{u$ao1AgkmGpzfLAo@&ApQ-6HK@Tv!dlKw-aH*|o{l$9$D3z;cM28AJZr{OieG0*eXi8c6ZErJKey>8+6UKrR6moJ)PG7p zhxGG8OX~Sz{d_N;RPOJ!KK4C&-}|)xecJzi?SH@ae?Z6kpe60(gO;?D59{|{r=K_J z=V$cubNcxO{rsYS-lCtk>gQMW^XvL~n|^*vKX14GJ4gAw-8%OI%I|kI{UQDQfqp(> zb$*HXKhn=*oahoTQ&e>E~j82Gx4) zZ`J+{+TUhN`L)?nej7D?lcsNC`c&1S>AjlXtHW>8{%!0J;@5vApF8*&RHteGPVGOP zpHtNt`WeyuxPJEQ=WhKR)X%hj?$OVze&+RapMDPO=ehcMzJ6YypBL%pCHi@(eqN@Z zpSGo5KW$6BeooWBpr2pV&s+5K%ldh%ettzizp9^K*U#JZ^IJOoZ|U@J*Z$kJ|4!|{ zll?(;H^&RAdv*L@>1QB7*o*k^QZdxC_jVHpHq54=*}hGgZlZZe!i}sYbu0)5f{36xM!BLlgk;VgSw9pq<$#W^5 zH>(|iZ@}FJcTn{Q-@?8{$eIw^7)-#W;XWT~vK|h_tYpO?+#a~|;Vyu?6z)pv^2!_F zHU|F%H-6Mx>fTWsgQtvcvNnz07>te%*at_4*u6bEW*r=J5Wf}OWZhU5vtF*c(H=GS z4!dvcUG}A81A+6#jSpN7P3`Z-)d%{62i3vRR|bAD;r)m^F8KJ7x7gK_ZiTzWo{i`1 zNlSy_Nf!hU;ywSG++^Kw)Z@W^?1_DRN^R)1DLXU#JztOIocB6eHT*tJH z!SJ+v=vLtOPJ0CSjrNb=o`8FP+PR?#({B#l0{4UIj|5-FbK;B}?Gt9~2z_A2UC6_Z z(5>)41oyKUA?r6YVpe}}Bhp`4(H~q>@#Uk>4c&3{BgjKrMfJ?KiY+tW3*Lc>1;-qy z*avqP+?#MSXC0_mH!EiChx-cfZ^CuVK2UK5+$*#HTyg%KKOo-D%7dfNfQ!Pl+qWEd zW#zPaM+BD7yS8%cya|De=Y6{JGk88Y@5_~;<0k~>9sljh-FSZR_nb# zz`uc4&HrKLg835y8|FV+c_E&6%zwOc)Pf@dvlcv6xdzX!1A!sMw+@qr%e;s_?YC?3)&C#P{7(`He*(>xD&+1TP&s zchno81s2Dwy2TrV2jD)m_%8d|#hs)60oSnPp31Fo=P&sSzNxw5;OK{f-(PaUsIg10 z9MuFDS$a?9g>cU=?Fo*p=?1?C?qZbng>d&&-dghz>gb-zJ8S+p>Q^;)+0&QZQ@MEA z_)%vpdnlN~^Fz!268!nHjltuWzgDrd_BGVQYZbF6y;iXr_{nhV;kLk?2Is(~YGc;h zqu)}$sJ$3@ypZ$xL|x}7yZ)ZaYPi+)ciGAMt4F`D{)W*v0e`H1WANAYUmm@>_A78d z8MS}b&N07SwK14HVY|I-bvxSZcBHZ1?p$-vn3X5qGiK+BzZ~<06IWJz;l!86931_| zn2wVUR9pmi^GS274vqnB%spee)~>1g8QfcI!&QwZj|*OKa=7ZolLxDwJNZVt@s#)4 z$%-vw?Zz!*KhroocJ#U%?Mv3(HTF%o=}l;ZV|I?|YIha@P;)h<>5ZE zsdL;Dn|?S>wf}J3&i0r!(0X+eO>$6Zu~iLpXhxNWpy^b4|Q7c7q|n}4{vQ5f7Z5^@egi0Q2h$rjO_=iySAS( z{>|;p6&Ux%e`v?G-vYR|APAk+%MrCgL@qA3AkUu{Wsi`aKDCo z3hp;>Ps9Bd?isje;b=Zm15Pf|?PQ12sjSnKjApZm{)CgMTfSUHGG)nYw?z}V_32Dg zdT=P|y1Y8@njJ)N3P>X-MiF|4;?bNF&P8+i zY(X?(w4`#0+_1~2m)BG9L^hX*c~Mphr!f|Dve~Y5G7(ES9(NVE;e6jW{o!;z6LT8+42uHQaiFl1YszPH>A|i{ddSJ- zhAEJ+C{R5IYQ*cjWRUqx&X6d$1ft*^x+&wJM2Nv&epfAJ2=Cff--LP@jOO??Ol^oo zBF%~HP%=8qm0Qo$u4pFfm=A0ih(xkZE|*9RbY_~J{%Ag#J5Rz<>JlN7rjqM`iw-#3 z61iRJyj#UvqshFkR4N0?3`eXZtT7&M%;hqPzP#kRmZ_X=#@e!lxpvvB7z;b8__}B= zwyWFOlXtQ?sSUhF*qjc%1_k^M8RRmdpf#~vI^+5{g?gf+;iCFu+}gN+>zGUdRxwtb z7fM4o6o!KoX2Z>_@Tkzk&cL9P%4Mn0@j|Zc^J-Vn`#C3!p(=}VA_0o)(v8MQ;kzkw zF28Oiy#Q6w*>|=R%k@MD`1_gKlFAP{8MLVlPBiXhvL2_T?QnR`<_VOZG({wqZAvGT zNEf|^V>7onwh&QJb*sI|rlGedQoA`S^XL_fxK+izayexN3exaUvr@7xgG0Gtk9wY) zaP1m;J))HMOkr{7FvA!6)4D_|ni+16=Ax8zH%iH)oF`GZOgLThK{6(6h-TX{5;-YT zuIAld#wbnWb2!uIaiA@EC!O~f$bC(s-ZgpRxwpM^TFZ%*e5GuVYef?gs8mc@V)#>h|o z?mRc(;e>HtTU*Oj)}D^-?#%ec8=7;#8hH}Y5%D!N{`v=f;!tHar7_T_^uVIiL&2E_ z;AWu?;ql#xXfkn*(~}P8Fc1$Ga7WGs#WlSJ#p1?V0eaD#2vQHI)S@u*11oG%<)#N6 zoJ0Gk2hd9f`nD`eFA;A^#fQ>~RIV$U$k14Cf)))=?M`YSw~NLn{f^ay_Y%o@DEislDo?Ow-lgg60g` z=6o_qV;?0?2}Lu;=Z(+A<9LOnmOXh4t`Zl+Qh#C~pK;=pqsD!Zxl1_i2l?3~oHa#L zF$dY8;yA28#qa2drt;Aw#y}_M#+R~aN@wWP%vYLWl1OO|>Z7z|GU<%Z@0B(rbV>z- zMxLHr7Bsk1<~bD*G1SF&!ryO%WLg+yMhmeB2-#~F(x50LgW=hpb z^`iZznoucd0EpFR$rH&{0=rFI4;gM;uWq-`!)=cEOI@ODITwkYJ;)8J#ghQKAcsjFrM$l%;gO@bxMyEbp<1j>F{-GlQYcSon$m5P_C6DYIB0e8>~?1 zB?T?Kkd;ow@)>mXTmji_{smNS^L4t-*GZelyU^xQ5)CIrBKt6?)TtbT>?MlV?h6Xg zr?aW8*CHZM-F`W|4xA1rGvE|W>h+*YPvP}STmR;Cu2`a|S3L+-(ugIRZoLTLYrXKf ztrs{oNK>%XMnKxdjftBNd@(H5g&vc2LL1go`!%UtQ$ZYR1TaMArll;6PAjB@R!G6X?1KhYWOy%v zl?Z{Rj=T)7EZldZ%oCz)BDhc-IP|XR6UeAnhbs8$V&PCmGb>7Y1)8-khEm0%6v&_Ig|_KzOxow zUF3cmO*O6Vr(qBiCsLuD}G=-Bvf*6H%>C?!szNbXxog6&dINL<^~ zu(VwNu06q&g!^tHc|rYy9vEnDMJ)|P`6M@idXUh_wB+L-99Mu-w%k{qpn8~hnB|DD z#VzjyDFASMy|Q*Sk3qdX>sPCu)gxsK3~oE_7p#`fyjqe3`<-jHc1@X3Zi2*>QYts_ z*Mr-J{fd&6ATdzltdz3WtCbF*sP+^jk}n^m~0v8hG1wy5?NwVD36 zHukirrtbFjYJF$-w#M$}aC>8TgWBBN-mW@&+YxSkPgi4i%VyQx*1AEXZCM!d;-foN zco_Q0!J4*C^y6eY74A|kTU2Ma3U{m49@XBXHh1E(qqeP5vk@FHNMsYa_UK?=JnF5v zS?Zwl5fQdpP@ehBsqFfl8Jq zCs#qMT5{2W&bWC4V^}FgnUW^x`Z^M+#9$Nxpym!>3T+%3!p;z;z;tS3Hl32_5^nIF z!mY=${~ZHuPP;*}eJK8z!e&iumy<=CN&`(`RuaWrHaz6SxR~0qUHLv_%hZ&&e$3Xi zl4cn!%6wavXYUx5ekKde-he|Qh>DO@?fEbtlN`z{lAC+dcqO-2MGFbR-k~F4%HrLY z@^ZA{`n!%gM5pn;(wlr$@oWsjVT^Uu9!x`#gh43Tk5s1Ba}e4eOJ_;DQX{Ac{#fE; z!^WRG!Fjr#w<}VUDS9zUB{A7kXStW3aU#_mk)^zWjE94Q;HSdYJD=F-KFzU zG`Wp54ylsaxL}x~*T|$^NG`AIRxPPmI*tWm23@v53tsvf$>vDaCfqVD&F%UU!ar?M zUW;T@C`?$Sl)&KoL^U&$lAbAp%^(uZ(AP-%qm+tf3AFzblCCN@iY_R>YE#K4lwG7~ zUhx#Byq2P+1sxDA7kef0HtL*MG`f2e+=U!`0|qDu;$?ATCEAQngg8WUNqIu8J3w zy2PdWB!*uY5DN0=4^SdtAdw=GLq)kQtu2!BM%;mHh^sPTjeO{B|8Y2T!tw|iLwGGKg1QT2iyIL->kESFrW2{U- z!oVYFhS3yZlo|#`G(>o)#~6IbApAbwRy0z#WKT4!9xWp~`Z`T&?)(*ua2nAR<1zh| z4661t0v@VCdyRALA%gj}D<+(bYD;u1*(*mEK-*GUD}aR?JgrWyGeZa~YtXwLC+E%r&I@Krfs_wk@)@I=X0Z$}jU=)(9|GfPG{HzNB#_y+HPl45 znBw@tW5;HlBilCk4yaSmwOnsUG_zY4zL@P~2+9v)UQMK^EPU1%9?f8qmtH8XBsBTM zyUm8wKwv}mp*L?f0jBd{oP85Sxcy|1lb+PLgg>Zw6jGupLp z7qgJZ>PQp^KHB85gSX3&vBqRFy-%lsPDEyHG^!#CjWSfG(0=z~5t~kd<%=M#s7+== z=!|s3*Oq&mqk~x9qfsY>E|Py5rZqx~@U+>Q2OC;ZezrO}en#Axl)amsef(@kjb)%=2&Gh%Sb2tjf-V!S+yq@3Y^2$`G~_!@ z(1(svcD62!;?A~Z=IYYW{;`~TvYD1kL%Qjfo5f3mA7V-`4Xo$IQbt?$5Uip(v^2I% zZl!epM~^Up9Xis;vr=iik}0Y*h<|V|<)T`A!*waY>{wkI?2rR@Y4Gx+cxkxuLwaer z;xV~2#Jd@wOJkdQ^o`A>frYJ>-Bk}(cb%~ND2>ufCf=oFt*$C%v~_ip zT}3GagT_|c)ayy7+oRavEe&BR@Ew9ld5oM42K!Vx=hMTG(tsxY)(lxQWawKvqWiUE zV20$&@6Dtj@8CTEo4+*QeAraSjvDnO%kYR97@^i z6G^n&k+`PYP~)LqkxrF)wb2jqc7_=-sM4_C!n+QoZ!L&|ZZb$aGwIaG5ny6bnhJLb z&w{8l0Jqi_Ec@Bkr=-mAb!?kg8d0l5Q7ka}DP^}uv$-&IyAEssOSxD>Vx5~U$AU^Z zlPk-?s-Z6tk2_`3(=}N7BCp^|d96;m+i^FUO8NAK37B5eGP;!O?lu(df|rJD9>(yI zhlDHQWT~WCF7eeGLg&5@b!pZhT{$CWtgOgilUC%QhZPm(otusIYCCwXw$Cz zT_z%JpVPsxl8j=if~qY(B42;Vh2!<^UXD>-tj$T2Oro`e*DcNm` zSPP60L>9FpFm(p8EbS$Goh}Srr7v+s6q+OBov^$vY2A8((Uu~+>=G`bboTRta)ban zx~rN(o=Z~^0SP-k<}|mgS;Tm^j=@g$FA1)1ms(^v~NL(cE zFZG(XwS|L%wY%6Hh+X#PEC>wzoB* zxFI4{HdiwqvX0PuB#KVUa6UE>0y8rf>)1oN}w|{OpR7xR7GpC?(kw z*=-UwGpAAH@Y}dV3n)_dE(x1Ad8eE7MjT!ycrF}`c0_kO+VD$Lu%nCYla&UUZD^v& z6!wR(G}S~1KeP=hXWT`$*Bs2zBXC5oVv?hYS4S}l7ytQhlNuS4$GRQa*oo?MR_RPv z5-;DCrbAUaq)Asc;vlfN2c~rZWVtOa1G!1OghCaDaGFm(e2(_%og?kTofg>K%o=9l z+qoYal8%663lEBGI$ltgKFIq}D&;^fhEx#E#MN$RcwZV%$`>hL&~Exs4B94z)`Q}s zon7ODfhG(JJ2TsML8QWQHUyWgU$m1F4(?F!g3((@F~ABzey3@N=)QXsesv)kGK|cm z>p#k?85O#8QA%k($^@%Y^Wqp=fO!5ej0td0wwyXwEGa?1Lx=U&IbxuOojg)Va+dvr zVOh1M6lRLb7*V7p!eB?dS=h8_v@yPyL-5FtiN)9yUr&54N&vWwl;7_SrJrp57j7KsrZN@(G`6Z2CBjTB}+Vu;0!hISi10&g-8-Wtx1)ZcsnqJSl8Hf5w1ZCdZhJ6uK5Lt#gsBpZN z0?Q5;`>`xFlLlHfUkku$8)0syD7~2^jB*G=9w3p*;hC;zJdQ>Mqw!3Z?TIkB>0pQ; z_LT~)$x$f+(za<}hq3T}tV9^q?OChYxX4*=&l81U^sQQHuM;so3d^6N2X-6;h+a4$K>x3CGgqPw`7N9IZRj1TcfWn1>y%9wsYy`t^feat zqS9JYdlQ*-icTnRjiQ-SC~6tLy$y#zFr%c@>H7(?{l&7;K}nMq%`W z56jlDfea_ohHmV3U;5~_-dz7`68Q?KFzFC=p_U%eU-|R^47126L-SDF8tcXq4+|ht zw{L(HfONqlADyAo6siR}CZoNWO$HE-jC^p!3G>s|G)YfDn{f=^+&e;KQ8G(VCAQ7rf43ydi3TrV;BRpS+ z=`b<}E)C=3<$X7a`N&x}wmWlDHF0{;p&|MtXMcEK0w%FcL!+f!wq#?`Asl6>kMOmJA(-7lX@`G$X#?pt-XpzmW>pzm=$Ppv~P^73DX8Ww8>ls#SE-|aT8HLq*jq6n7G}ecJM@^Q{h)}2+Fr_lam{s z-(RH0;5d*d*bJ6EtoqvkErVf+u)#iVTBKP=FQsdY%uvou)(96+j8X{AkYuR>9-ogX zq3Rg)io(zk#|tTLR;2G0gdXx4kKrJW>8%`veQs}LUxa&r7Yq%NJvoC=nT9dt=zgqG z%#$+JX@4XuL9j$YmnB7vjQF{j5m?AX&Bf8;T)e<0&85cm;usS}ZwkAgnJmo3DOrf= zxY8_|We;8l2_chXPXzL}MtS3HSf~zd!U>+E1Ze#0Okr)qc8jP5ULwdHOM2nPM0EQ; zVz%+bLxPCYfw@=0vtZ)-@nVnZJFC-`7=oE3(vYc%S0FBpnyu@J44I%*-ZTU$hx@zo ziSRUT;EEEyCxOQkovz?KtZ=E*Xu^oQM=yr?O!qD2-EeJLy|`zJUams=H|e~?hQ5pl zWID((jL1%^2__`W@{@f{X$MyqGTMSW!VGR=iRjO4t#&iQJJY0i;u2q%g(S<88>5&~ zOdn={hn^NWpE^;Q+|37KZcRc`!SN!ZpmmbbC*EpoYx8;~cYl(1u>iDsU8olIE5r;j$n5eJH7^L;rgRGLL0QftYG zj!yV|gPhT%6wB6ep63#(|dhzfNi z>bq-KhJs;`D)2+e;p0*wMy}uq%k>n?U@pTPpK%GTI2__G!f7m`*2w2${XyL2iCgm& z%nhOMQ@~uqw=TGJJuT6&SymWQyqa}`BQGw_UoIk(>OfT`&;mRzLXyblhUSv+YMUbocR!%Z8F~(2uOutAco+w9XE=5@vPDdeBa^$Y7}0R(^Aieq8L%TG-Gi~ z*tTyUEfcZm;Ug?`6${I`dMQVdWg3v8h{1A%#J2&8?+Qn_(P|Lw2_$^IryQj=PYODa6tG%N%5_1sKq_693n?5U_s3(3@$a1V7cLIR0>HCDy*lV3w%|a4_@%- zz<%E}TfCsEVQI`a($th)Vd-Gh>?A_g#fS!xSjaJhbVIR{fi7tu?Kz8hjkUaT)JwFNPFh1# zC~G$Ca+`Z_m5Z^a#`USqP9Akb_pWi;*>)IK=A#3?n9|xPMPDp^zmTBVneGe2|`LXlr7CmUOY`C4P*ur za3Qm^FN?D{IQ!}rV-H!C=GN2H2?hIZkAVg&r^;}Bvm06`PWm|?6txG|H`js9Y z-@G2*&N>r*M=2Y_aV(QyZN0}d6K$4u%h0x)|YFC0Cxs~9W{ z4NZF(hn{l7q`IJ^hH@vg>Y)p=w3tH;%*R@v#NEPPNQ^)Gu%Dup9MsQ!Or05{F4pTp zUBU(7s9$s8(Du}R#tQh{E=?2k-fqelogto&7ijP&3E}&I#aST^kNuon;us^ z1`7jxOP)t-%R*q`TMa#$$qUPIsbPh`)43_AldzkSC-t5@(F2OE zcVc;5^~i&UU%?LJIMK)f{YQvK4&@yik}zCCsa)ZKSsh)Um`x91%g}dXR=AXFJ#6{S zffag|EZ7kZ3ysnPvl87Otn3*a3FaChc&~DIt8_vTviN)}G|*716>;78;F>|UD99ns z)Rex#q=69v8fEunW@*5}O%neRO9{(m!kz2G|JIG2>~gM&;FsJk;tLX{z(i|dNd08SEhPF;-2-B z&|A|9{eClDBL{rmL-<^Tg(MMu3u)-`ZUb?v-hV(tQY+rTD9kbY%yxya}At@GuZPkaIWK^(gA7VRo?eEF{7nm4&giFB8lY2?_(@gaMkpFF!Q7h!+dI=%Apqc<_bMw!%We*OPJ% zMh0?MutIkcqj%xM(p3=G*jK#1yJ-{`nb_P3b0cmS7j?1teXB8uK7P(F-jJ41vh1bV zi`R!d9geu4It`Y!{pO8Am;O~?(kKir z3b{K%2-I%*XBWgvUs1MI>di|Dh0)864cUurlREqRu__XBT4p?Z*C&ZMquOPfT2f~s|7*s-f zr@#z*{@nwYW_Al)LR(g>*(Dh$jB)TuaIcN{?bw7j3cog?`uNw1xbP=oxC!=luaDpwD}=z3e86aU+$OeNbL$+k!6C&=h%Vjz$qpiR(oi6hsdS_wY-0rs$HaA zEba>J_1#vW`Mp`k7u&?*x-r}P1w=W2f^oE%>-yPd+Qjib#!#qSkqMH{_ye^dM1uty zLStq?LE~ktv`N*Eopx5wGD5N2aPxBt3M68PU+_e~M}svkxP5Mzca*R=rGijia|CaMVxHf(`X1C6bx|l8Ap@!e9Tq@W(x%Z$}WRTvtUXVHfFqOgd!IGC25GV z%-cm#x^Um0-1?{Rxl#i7+Fjf}8IiqHMyYrjNlk`58<&8zTwE5??vU!lH6a^`@$H{v zXsSv02ol7Qk{2eE>~}qJa9qp|Z5Zz&jfLeQ7v13`;$ojwufEx1yp*w@$b*snB#znmQnj zlbYu1tcD5!fYZUXn;6A0hmbcb4{iwLml0iWUlT#r@Up*xg=;p)p~xu47fA2)5^G4# zYzr#=TSfAmGE}aZMO7MZ9k#A^!+Z`T(uMWm>KEL#q!B8@He8pL9%6a~bBZ1xQ5Oj4 zZn2OQ&pAdt6WT;AeqEAKN&`zq+&PBV#N)Kz%Cv&>yRw^YPV?%Gd~6lb*K!Q{Oh#ns zW;QC_)X1pI`;8BkBd^g%>iS1aeX6VAs{HlXZY}ze4lf|@@A@L<$a>c2m*p!iRq~>s z9(_LgdKrZ=H2dh%2>A-FLWWpxl#7xr6Pn*<9eOi#9N$%^YsB?k}Gxv9yjRsY*;a zi6MsTa|LvlVn#Y+GwCv#c_&8}GcM7m4#05@`q2>8PU?8<>Ki{+1;SwcMKnqKNGeMk zVYp6M@qn2fXLde+VyisZj9lZ=qhfbRA`U(IY}d(`2}N0}Ozh$-=dCI<6^WJ=9X87FCPg|p$mLO><4 zwlVh!FxQoPIj5cvgR98H9Lh+-9LV!%`It6;)ayR^6pS$4VlE%84E?D;wFats2Ac>4^;oX4l{ctcz zNM*^U(-(=VhHMo|7^nraLFx9T8?rc!<6D?vcYB{N z3gkNTQ!R*SppjagXHMwt6I%COj|9mr#?CiG3s-Jw)Z|-wN~5(ws8(TlR_arIm+_wgpqk*pP|kc{dNUFh^?7)9);+>M*A}S`AXv>Y(%JF+L|z5(3!Im4k}v)Kbi`C#xhO{17^ToO(O zYNp#*rBC>Nn}(a4%O?9uKhy0@#f;*5F6K)~>V;!5Q!gTm$tVK1Yxpw(y1TE6^HuVD zbo9exVDMI^M>JBccRt_aNtQgn2}@$GN7dq~TOuBZ+P>$b0iz9SLd-8FM~OnO=u|y6 zbWNVeyxgN;@oN$)?s2qU_5b7tG!-OQ$TUma;&e_FO$xskZ$vd8&wTfYe3`AGlb|tH z8;F}Z1HVn$ljcDi6FM;7H^NhA(QE(SMu4y5ntgzB!BBtPr4M7jfNWOqPQEXe6i=$3 zEXNt+al72zM1|K#aVtN(o1;byiglp>vZxWmiBLf5c289{V&K9np+*c=d<)db0kzt` z_|>lZ4uc7;Q;PZJitzA)>9xUOBq#;r3&_7KN;}G2l{tfGdu%2~aSD~jI@n87#TPHR z3gspaQZPF)h1!T5A!2XQubC=2Qp7A24l+qoG`-9fA=!uV7_tLws>s5ExLRGz9;{Iz zcI1ZHlOQ%-crLQ#X-+21_2uqNt8mhBh7{c##0=i;$wdc;SW5JKU1`n7lg4^nR)ww) z;6Exw^OGE@A*z3tmA7iMeZ?v#^nxd zxj?#fSd8ei>p1wGULVaU-|f(6MxX;!D)T(g^5Or46+h*{l0@ph9+~8@u90=hB7{G zb!ex?FG@%sfvxt9(%FPUC1590e%x5942x9bN3HvO`~s~B_mM~bv1I53a*;@%P8^*i z4tdpy`)>ZgmWdc(npH=^y&#eww*8e6L$MAG#}_ekLPsTg)(UT+E4DChiTS-s!`wgP zjV#au@_lmD;F_?6%Zd;B7=6OuN2C$JOv^s<00|=Q#dJJQ_`JmfCTSv|`Sij^aE$@h z4VY0g-m;Q3q43iP1|=c&Npl5+x%WhE*UcH+2v(hVKu94P+Nf+WZE%tp6KQzT7&6bx z*k1ajXQhwWi^m<7#LN098VALT1-3qqr`h-j-pLX#T0biY#iw-^;_*II#}t)GR(vKy zGzDo=m%A?4gyOX@eWF=%=^w2w5Xb1t%&JuDK{9Ac`m&A^PE3R^l%D>bEM7+W&)sB^ zqPq`*;gtNI#z7OLZEyz?sapRspJsFM!a{e%0Pf*TM8M>LK|nS;d|vuNJ)pmU4z9uP-gIIJqVLe}!zY?o zVf_^;~lh>@&T z9fK#1EBb*9NV&jJDE&6Bf~P67+Wglv$(imFN_J;-oR~iFzwGa zVU{yzr+|qF6?UjO5+|}-?nB}><&in*ax^_Iz%;_7z(M(T4UZNXf_0SV%{l|L2jdY) z7V&&^B-Qg}-IUGs7nILKEyNm0_2%7fQT(H6Xc7Jp{MAuk6e37#@J@9c@_mPV)w@sQ z5TEug7LWMKcmHbqD%?B9Gqr$Co1(yHqeroMjqk;-ep^In6fK!9aIYy9H0W0fAqP78 z+#3R~UEUDEt$R85Q@G)v&fq+A;bGQI$<(kxn32QD|F(B9<1k})U< zQf5C9aug3#^rZQPo=B1&=)u{NwHPE#x@A`6a7>YOZ-Y=MHtchK6l`$$d;{S7uA=3) z`TY>V%{8?pZ>2#DS1XXjL{`msKjqQ$=|<#9Fp|MyzZ`z?Q}q@|0V(dvL0LLq$!0*b zf+t^r85gT6K*jD5q!QK$NzT(;Q5R?mK78XDhPP(Y!rK*OaXD!Of#i>a7~9m7W7 zjl4xUkZXGR^&JUpc4sw#Qm0J-{34O87o^6ENYTO&-ZANQv1AR8B)nDLPscXRIAP2c znUfyUwN=60R;q09 zv`JjY0*3bKvsg@#iE0)-M{DTxJf~B{N+0`OTIxkGDox0dWbOh%8cI3P&?xa@Ogk<` zhvFMbTw(-fpmYX_<_?O+Jtw-K0+E*{8O#?nwUNaD=422d4B-5f=jVBciNwWedO4=J znQb2QAuo}_h%ZtaL}YDo-*iY zN2YZ!m=y4_@vONXftoV1$UpH2!%Xo}NqPdCxdt1zw-w)vtv9iefPAZaGLKtv(J|Dl zg4$TlNEQuuGTufFnBUt-%|X{LdcO^@wg;2`5;^YIP{SgaJB*am zFXJ>m?>%A1)~KOHMNwpqemF_JQ*Nki{||HIOO8rUr(ASc1#Kxa+-fdP)L}L_`!&Xc zHMbH?kRt;aLs;hEtzy?sS(-ELdwDi)GK%_s{g2PND%ve!I~6+h%Gc9km=sn&ldvtv z166?qwY&gboA#%)IAJ`+15P89y~8wUq!|W zIIFN;9i+0|4+|Q(-bk+aJapglI;81)9>v=!dKXeW&3vRh<>J$Fi5SO92^NvK_2bkJ zZ=7S2BZEEJ+ir2MbTRTlQ3d%febI^?p0s@Nyn&^dL)u<*L6a{+(U|GukV3-e)fyU6 z3YXG7g{hCnd5~#c>qdP{S8d^=73wQ|3{DA?l8=P>iS5)RM}E$BeHh*sm^Vn}CLkZx zy~RZfFMbwZsNy3?d9pm?qZ&PjkHjOS*d%3@HcoO|B<)(D7LD(wvU5S+1d>x#HBCPR1OVV+r37Q45)2OEKZ>BL$zW6@wN)3 zmUtgfR~X&(OVYS(mZ6!+cA488Haoc*8scj7aG-h&LLcbI(Y?~%Z-ek0S446OLr?;G z3^(aeWfYMjdR#X_iiRgy;BotKOc0}jaS2@TVo+|vm}E#@Y-qF+!`qEl5=CQomH%u} zM&g+XqPr=|&r?4b9>26;VP-g9EN>-K#G^sOUD+63!BnBw6?nC8kvVLF^2?FPh&(T2 z!&C%VbI4(T8ZG$e3QS7g%x5UxhZRux=3!Z&70~63Ng0OU!oMH}uFb>3v@k|w7k78J zUCL$~rg^=&AfhXoJ3=KyIx{q7C_6OTp5E6^N7K3>Wzm=^yHi=({N-&VcgQphGjQ;z zV~EsXd2vRYCERNYeSF;1N22hu-sIBuaZIBwrc1R&vnBL2=I9b4eTg^c6tjoSCJRbJ z_BYUEphXbP6n_D$rp?HWFT%xD&@GTsop4sq#9hTBBxU@*gNzf>tazr>D^4m((sf{u z5Br)})MAyWpHvL;QkhF#oK%XQt_*c)mX&gSl5XMXfLXHF%_>MXo=3|fl6!r^92H8- zZ`Vg}Hda?$U)rY5qfrPwN*mh%$z%z!)ybI>MpodH_Sx1iKP{x!SX_Z^I2Q=JFSI_h z^zu{al^m?#h(4F4Bw0$Q!6jd^PSaHBU)sY77h1?@PWh$D;s4A$zW6^&i4^4~ri<}? zZ}=oC4Eh-*o-P`_pQE&|M zU{f2v_)8d%1W*S0E~ubhTSQ6o%@wMr-RYNnGSW?QGESF*mL$;AO}A(9*9wL;Cj7KT z?QKQ#W-<=JMT}V{;gEpXL=!Ed8JA;o@IrBdg+@8=1!XfrP>ax2Ng3u z;=fMAW2{ePvbcuEgmX`H8A1i`!9EJvmyjJVU-*hsNSN{c1m5;ClLs{!{z5H?iAYXG%T(<(=MS`Z0M&vv z<(OY#;|53i;gYX*vRrg(o@U$0xP=en`E z)&0LE;fsBUd=}`M{Ho-Jn#0Mb?|h&my!Rh^ba?`z89e=4>wlvSH5#pe@*z`LVHQNS8Ee9Q_5=_>YyCWYMx>OvVqO;5!t68GU9E*^OL8*WMy3l-p7hDd@;IV7Qk7KifIMU6K27HxxEY5H74?dE`_dHDx}~B2s!`hhM`h*^bePCf$|MkW`1TBtWa9z z8cdH(GXjc12#|I7Vq%v->B=h2i&6G6Eq;}m3%s!YTUcaYLa#Atf*hGiuPylrP;T&L zsL*N^{8XqpU`Th);H(eljHf)zaS6IyIwLg9x89wEOr_5+rD8%W3P;%!#fGFt@%;V_ zD?K!iQx+|R+UE43+M#dG>Gdb0y{UaTizm{tVT+((d~*Di49T$=G(^e;*?WobKnU4; zb!M1`qg$H8k{A2@y9*u_)r;#TJbydw{Tk7Zd$XbqBT!i?qnu`3E36OOD|F|P5o=FlP;<5oAFPFNg5S)3X$5y;D_dL!cd^qO|Q#A&ZyjEwq~eLx(~ZVtFdHLKeoKkywZ&$_}>Iz)kQ{ypmPK8=2{4 zWdsddVOkvAkfef*PhRHJuN5-<3bsOyU&B_&@vGPj2Lrf#TpQ`oAWLTR8HZ8PDo2y- zfox4|oX>@pO;hxEh+-dR3bg}`Qj@1f&P|>XqTsxuv{yYcp^vzC`JvBabAlGGU9|tu zgWoNtgYz6EvWp_pk>(_0l$NW!BfSCL`p3gZ7oIr~(%P>N`LPi*2k_1d3XSgxg2mik z{=HIV);f@`X%4~x4K!W!V={L4*}Y?_flB~%5gIlZhiQI>$W6H@pe}I}B&L(ktG(Jt z2Zto+bUJ6aHy7KS7F2(X|AsweQ*yl?XN?Pi2Tw_XEg=PsW-?LO5>vWb#Nf6e6f`1!p?f%l zOOE!ec@soY9g`2UDSrPLHd?$0=0MbxXyVo^2pe+NO#6o<2FNf&TeU*}e31N(G7aSN z3t1&(eY;H|oeIoM+d2iBK8i>>b465)as1O{I-c0}VS|sFu#|fYzo?7DuJi-XG{e%! zjD8y(##T&pzhH6p^Fk2GbK#W0-ioc(e#+}M1x4ce{$g}y-eBphmiLdZ-;T;w`1eI=w?8mim`SSl!@72B#5 z$AQ>ekOrmepB1<}6%dM3EMTG{3;acM3`t7Hq;R-k?=%cu&My3*VmhyX?^{eDpilLR zxHQa=lq_X>T{=FjXqn7inx1amkzP$olE{#*qJt)!U-%NS#wUAmN@%hrfr@Fk*)EIm zwICejiN}-zDpgS_mBNZ%hrNxy8hO#Qj|%KKYFKMiy^8eY&JbA6hI~n-J5TnP4zLTij$Q zNGyHjpJ=H0G911rimx!Hcrxn>TjM@6Oo&Ikm!UUJoVd50tOZOT!HAhY5|pQMX;#`t z6w%X1h`VN=+=sZQan}>fcPdS_F^P6gTZ~nhtl~QIS^O>mixv`#N*Vjf;)(1blMCHL zDRvKj01*v60n=bC2&v>rASlPdBEKA2H(ZhQIbpr5*OZ>LMjEpkL1AmmGfLq*?)7zp z`i5xZ<4<9WK0`5Q!(^dqsQnNCv6^&e3py^!CoMNX%qIpF1owEx@QZ0t+&LlS^*FHN z68MUeXwvn^Oi0=X(U+*&8dzM55xd)w&9I=0nwAlyuIDA)u=1^eR2zSw zX5iW}u2YsR^|h9oMcF^h zWPD=8V0>7siwe;t7(~JqM8*80Q>5=@=?r=)vfS;=h|hoFpP{+CME-!308ZEq4k3H8 zfY6>Ey-1e2=K^QDewYC4a#<)2v3+zYm?w)UWcB2-#iZHwBD9MS=_?kzQ_2`lj7c1> zDM7&f!;1bbK3AQqW~&|*RedU{a49&jK|E)xli|))%hmaKo{v8@F#~#54XLzB;pr%~ zC9HA?pHq4GPjtgC0Tu>7gXLI4#W*#JOW|-x6<8c0Qb=buxRhEBG=gfpdE>dNmfpE^ zzgmj?WC3HyUqXjligX;c2kB9ca^NPArWIJCRMjBx{h-H{3Y-XctWuK)5i*HzxQP|{ z%>Y}b)RdF({yw}vk9WtJK8&wc6N_mo(xY}E#o4N#bCBfx#}Ffhzcf;#bcmniufav= zc*ktecX1f69Aiw$fEojrLS52HNQxMh~UtHSsRZ+x~oTzbBmQ=FT22^M%;#;9{ zYK&5&39^4QLGoE4s&RE>Kk`WVUCL!h?ZFzI;uO$ACQ^y{+m)K%#ARe^e5q>YFQHZi z3u?SS!F+2x)s9IAwZgS!QuEPgB@jyDQ5iMi%~Z!RrlFBn(Kk~KqjgQBH=Kj-+khui zPHIH1sdQ6_A?=c4Q#nxEEKJMPhO|)?nvD`xlVeP!hR*~xNQBL zbU1IJR4G?QeRUqytygj~>J`=r%IuVP^M=CMTn_UK-{PP@4&hse3-W{aj4vEF)p#1~ zsl7!}&gid`H()O4QC%1{YEhT9+|$+Q4JbkC6Kb5nxbIg=PE-}u6ZL@oO3gQYb1Tx6 zF^j&9YSiC)RpmTYhuK917UQkd=F=EKR^xA_S_7Ms8`<{!-q} z?S%T03iQG?|9|Yge~?|(mG5`%?H~7ctNW_&)oeD&tqp=TN(U+G zvNFi(`S8>mxT!zLGI4dZPO>DC@KZpPtd*=3R_K*gpWrF}uTrv#>=6%~jG}E9t{HUP z0yWp{0L}?u9Ou_t(innU{c{>(5m`boC{brQb?g{KI|iXd=%CD{mL4!y z+RWA7RacaloevHs&|X{+Iv2{h99O4=RyA%yvq;h`Xb8LJSaH+KXPU zz1$vASoUSKPPj@=2x~E4d!Hiauk?uq9qX?ws<>W{QO9oWel>x0qPerL)s85gyUNQ5-=n}-v|KJ)qA}ph@zjcX#QCz(qx!Ww4H+(D2B$eEtGlylXf?TKHov-R|XKFHX+UG6rVhPS=*cNmJ|6+v~C zq;j`|%uy5ae6b_S6>cZ*_9(ha{Hu}+wVcSusP<>+MTPeBDd#n((-kci>PlPF!)N8QQoG*o}hjfQZ->dNVBQ4 zGCX9?Nr(mW=d^|4l~ocY4@P$p&n(R^6+fK-W9RH3R85eM4@X}hU4!Fhk_@z@1sCu0 zAYOSfwW1+WOf(kPPBOg0_#|O1;&WFe%lQkITcy?mlpQT7xsGcPZg*iv>_i^i%*<9O z+LKT=%flFZ_u-huEZ9|a+8nrjaF_$EssNxm@oG?_F? z64)ADEo&ul7Iq`#HeP(&V0uTov|DxJFv$+h3~`~RaWGP}Fx5g^t`u2`k|IaI^+D>$ z@etiTAKtz6PxhDdz`{@`QGXYJn(0#*)pje`g_F#G@VF|Chp^QM1&c9Q$dv0C<=>w~ z(RKU5F|l(Kts+{eX4C@F|?8j*5Gq7gM)(uUDK!$GE%mzVhTgNJ;JBshE(J z1m6#UVBbl+UL2H#pr;{4wMQ=wP&+z7JO43JdF~HG<$%$TH>03XyXg93qW1?gDTslyV+?F^q5 zE5oQ)Uz$Nt+@o{X7YpB37)1zHAXAsH4f@gRG5`Ve~C<6t%xR~+!9G7 z@dfLqp07g<3EHUe5dFh%yK19JA1Okud|ZTMbgy%VM&es_QGFfjzZk;JiwSiCZi#4n7mgNaRr@am)CcNL zIwuy;%0#T}3?Wf0-%fB@Bsw!$qDzlR=LZkeB#^YBB4?Et&h?Ay`NWD4+VTL2UA6Gm z>PZHD)Z-2hSaF3&EDK?hbag>WB3c$!VyY|HCn&j#l2Ro%K^zUe`k`gFr%IR3Mq8rI zsggTs?}51QQ8|>nl{9I_XiZ3IUzS9*7sTIg=zNo=+>hyAADJ|1BW^hrts@(v+$R30K`{&;scKyl5y*P{9)c1Bs)a zT?P>nUnX@Q3=HSyeL!>$hpJPh(MJ8%kjqmosT5q4(PfLzPMh~@ zZl+#haBXZ&hur9XpowkWLoUgkw4as!v1e-si|U9p$!t94L1| zsRwb0Sk2FToSF%r-wu8n$K2BEQru6kmtN75pXx!>a|ORLHM!@sjcbx{i^i7#{^a@F_3~v+V}@A&QGHB}3-T#{Tp; za#3e%{L=p1M8{-dYcVtr;$;c%Ey$Z|5(*5XOT|5+C9`l@mfGv_`sCQpyV^8n;O8h) ze<$@sbF1H_UFT?Bp!8z=6s-s)(!3H~wjR4cB7Hsw-XKg?$a9{qVX13e`OL2q^=lCp zI5Ao(H=Z0{adI* z1Vwa5n(m1jPRsN!(55u_d^+p^tLaSdqf65+Nbx=|7KFAIwN-+bINCH{+DX1iRl7{t zh~*IMAJ;{>{)6DxQoC5H>2n7xz5CNUpV7AVd~upArLeY3G@us9SH-w9(zotMj_o(C zDBak;A1*lA{dDJnv;ksEZse+@o-IZvZ?@hA_kqk9>1FBh(3&KP``l$es+EKre6b$( za9zJtTejDJY2&guXPVZI8s;m@1Cp}Fmdw>4^CISNz{6)}7K>7ABYc=Omy3eoypJ{}wYwX%khhjw6pM^p>G#rZ_e5*v&kol%QGZ%G=rm1`S=k=? zYH64CH-yjQI?9;e^ zQR@eVe6f=@9)rKmSw>71RuGz)=>rv-%nMK0U^L2DS1TIGv=8zC=|1HbnriORS6v;` z33avAFQY(?EQhtQ5J4m?P4=5rJF2~Mz>rw@v|Y03a$kVtd(yyci<^@(Q9*`@9FhT! zuz1?fAo)orhv5X4{1z!C>D`f>-FQzAKy%U6xpqSu8fv7MAWsot|+$ zA?$o@r9qLEz|eGjDvEZgzd>dMiiSEG|Ob<4UCZ{wo_TDPbmo^h_Ee*6H zn;uKoq4u`+Q%~EAI&0~=PEd#87138Gt{#LE!-OR{qEYoV(Ln9cB#Sf_qL1i|ZMHG# zr=*WlUs6%a{`UIOjC4@2K*SS1UfM$xKI*q~r6#maR89g>FunIacjmj|U5=}aZE-Bq zc*-_E0-fU%Q7g1H(~e)RC+O*DnYer_lo*NsvF)%<0_B^=JK_h~;Aw0qG5%2{7HqZl z+AcbL8aLNBLHIVCXb&;8cL4r=T#ZNgy_?nlfQ#~vMcH)@(EE7^rwr^4L z0LQRKAkKcw&M)Cr*+ZHf9k&2sj5436ruI0#g}-GF`Lm>7$HH%v8egK+J|Nsd>Pbtz z31jIdy7>)Y9LMu?8~+}}F{fjlzArl*t4BSxpBfE$df5N>ROQ;fDhE|1Ahoq1R?d>I z#mb*qpIJbDnO&Nz`1hG;JD7#39!h^Y`Z73O%Od6~LRV|yGnq9THBiB%35s2UBKXaM z(?=S~@lJBZkP?t?kh-fFalt`ZKYtZ?L z)bhFF-V~`=%^86f0L}FT`ShW$(2WFj%_!-LDnq%Gkcg%;&eAcGo|*@Af>k1D9Zj~Q zwA6A?d8gg~9G&{- z>zyQHSVd?0_`pABA9WZ{eOEs-J^fsk>BBlnBfrpE>4K}GJH>Bl4W;#*dqjgi6;Em8 z-MPF_3tH`o+sy0v#f7m;M#l}$g$=q3;(9|?-y}Z1?E1kWi@SA{DR6SMKM6})eZ1O> ztf4Lvqcr~{SVTLL@P#l^9v^)J<3u#YtAUGz;Is3e4nfwD>uK3kzCRod4O^=j8uiE@eL`TQA{EbfbwW|kKy*n9m z6VmoMQnB_w>X2p?0&9wEO(auNdQp2YLPN`9Hv!aXH%$ZBiy6Z7TIlPo$rT`EHDeV) zC-;Le@{LE4;34n|8xUHk<~lHmmn9~5&_Ox24HNUy4a2=aGxy)6J7`<2%AnEG!-rB% zkEnweNculRKYbHR8*-`es>ESB3^pyJ++6!IgQ7LJ04*Hr%!tU^zv~6z17-@i4W|kZ zk(OQAXq~>cl8Se0Ff0$#s2!l5d(lL8wWsdy zNQL(hcMRc8+xIw({^Yal977R~B8&2;O$WNvbB~9HNHe76J>sC14u0)3Y!fe;TEzc? zfs`!3qt6AdzOeMY3s`9%-GP>AlXy0wt4_^hf`z1Q)PdE1>0%JUFg`CETmsVb(W*sy zlUYe_wUy-7D0lV69faiIW7mER)~Fz3_JBS25sFA9#_ujm+XF2X+hf0;PYSj6U=c)@ ze^hIX27CJ+(Db^VUCb1?38-7;z}cQ|6<1g&4m~3(~Zc zrkHb)=aXVN?D2Kz{jCGoF;Um7=xb1PZdeER^%QiE+jFU0B0ESEZ((Ki@4~Ftev!`e zMwi}9t^|c-qAa!)H%{IL4iaRN%$j@hCVrkYEgDq+CVqvd4!8z5KBc*r&v-bj{UzD& zpcQeyW~l^<_$Acx)`e-bG@BMJy^UHfgfyRZ{#yPE&Gh-Zw9LRyi9hwaM3}3>w7qSK zZq4TzMo=qL%}*%ZI>Nb-?<29Wv-|i9Vo^IQG}4=SK@aFmu2i4z(EFx@zyFY|0WQ?V zAfyr#N`f){&c;H>OFKwYxUS0LASO%<1?e#1DyEcnvlkGTB@;T{yV$_G)&Ko=akHhv_4qb@O3)TOP2s7o%2s7srL z`c?Q|3*W0SHFR=MQ$=GD6(mA&PZV^T53x;LB0DOpv^HV(@T+xcWIj==7M4oUija34h;A(~WmkEsmy*fp>%ag#bHZV%mu;PID0^H=XO?yI7+9uL?5sqL zWo9z3liO~L8k_L~Y{7XkffG;5DESF?VL3z{xAE@~l(J3HTR+~$>ZZl5D{i=xoNRAKR0{wGa7Qf zm!OrQ(3Wc_MqRiJHw_+wZ|((8@u0-KkE!1J ziu!%j;+K2Y?1hG!wL0=AL#V~+9e3d;kqneWBVuz^^Fy0Vn&INSXq8Mdz0&DcVvsZ0 zvqiyA6P45Uro1iLBQv6@#!!~6y<`(B6^*QptVXNU7rDwGpyUkw+ehz6w{qf5KPVEd z+6|uKWv6MY{-sit^81Jb+wyvDrjDt*A*B)Vi^Wv7bYASyp}3$N~52 zL_7GQMPabul5*Spmz)cSxAPQt*AOk)%za3xkw3l3BJV9F9vu z@1;Xrpl_G8n@8dSUmh4wZcV>+q7jz96_yS?z;#~MaRWIU7@e!KbafZR?c^yp#Z|X1 zhH%Z`be7iqUv5Nd9V2}iGK5O zT@Wlj0SAAh zyH(?8dIl}*_WXj?ybo@2Xt&y^Xw)=5a?5BuHOFKJr0pTM%Mz&{-Q1oMV2Xp>Lv|FX z(iREMl9F1Q$!!DoFA77mhs8yw-xF zb=!PS_4%1BvR#_{TsT2Xn#<0|ZfUuW4SjWsH<7IlZNALD&3IjF2Okg3Bk@MGMtw+R zw_@>IphMn+J@AIC58r1K?XB(0(>lQWeE>`~KGSf59lu3S=y?Zo^)7lMTDlb&x3J79 zs_j{=uQamJXBM|)7P8~#SuwRgR~O~MOHSbVf;adQ99bP=SF_2|dCCS)iwF&1*!6OD z^Fc|wSvA4b$|;DGH8SMVO`kj51w1dUqbJd*mdo-cAET6(vLcKxp?%6|hdi9jSgeMh zu+RaNz>3` zZ+*mrcv+&Ryl3GHD{6}++s*0xLtqjP;HYiiOHbZ)@H(PN+GL7u4PzSI4sJSVviX-> zM9*v;-&+c-8#8UsH*9PX6J?FD(_1uTF^{)YwDBF&s6TTKhV$y8?X($+Dy8oVsC796 z#PXyJg~fsT6lCytot)B$pR?0w=p?h~mZZ23)YM_=4iQ@~ zc8Bc|4QLqHuyL$)oY(XXmOv&AoLE3FWciz|f*rc(pXTxINw<3!RaO#EuR`nshXhvG z5^_sf?4|?A4o#ZI*}|;^hrN*VE!QtwN@THtyjny|t%yNmHva+J3CvAwh{CR{ZL z8i2(QBf2*xQ}!c{@1@IX+c2}DShTKIIR{}@;p2=Z_6>}pv5l_u)pUEhrbl9jMR$hD zm=>^E;Tgo6kA0xQLSopq@HppyUn+GJa=(p4a0X{LUv)4*;{;8k=%%^<{%_YU`_j$- z#RF$f{>S6*_US8Xxz1`XSM1`ayh6cJS2dq2@k_!U`~8aj9xbe>)XwDA=Jb3lw=C+W zM5XqQKYmPVy@yn*omXPHKHf*-#@vcZvy&W3*t4q|RqFTmko7=*S+p$IQ;mT50wr3Z z9J#gcT5gGQr*kXHwbw(GqUmV;Pm?I!$*aPSB&o9+EmJoKh2W!(1^^8mYgFm#j-G!S zKX=5>r+BLKLnY;2;i-*&p7g9SPR|a;#Q1Gal}YPp5bjxtIitYm1^Fa zS)Y?M0$we~2LR*&TK2|RMvGRqzX5eN127?hrX zYDE31_TjA+6|t!rc|sGd_5>X)b}=m&k3z0od!`F*%&+pE^SS$+5shJC(nsa`4a#dA z?S?3&!NHC~uG9_XN&_YmhPu4YYk;ZLpM#b|U8+{8y++fuS8}EDKu&ZJTk&{-M@Mh2 zq;ZF3yoi`VGvC{#PSJ*DU|DWC1-=jeGTY;_<=S^H84yJTN`M8?N{Qg*-uA-1>Z%nh z3B~4HY8fWumxg*_Nmx{jC2BN&Wz_gtVI-H!4Xlm2dX?rqd;&Jimy8OfQb!b(3Q=cC z|G{>EsxeD`!_ZU9}W~mk>834 zMnxZ-^YjUjr6tzbZ%vdI;&Ptm;#FyozSN1-%rQlVx(ak}sH<4)t9DjuA1XxS>k7Ta zUL(DAfnM}x8F zNji`U7H6P~aB2wm6}lV>covsup?F3qpy1I;3bLiFjmi;oNNpKa^$=UtuXJ92%XsH0 zOS-zd0G|)S0?f-|1lzn*ZvIR&l+XY|9rh?e+&uG3K}}|I1|eptw7dY9oTsHU2bK#` z=VE1bpvZ4ewNnqKi@=dq?I5mbp@W#9cf`s8k(?j28CP1$BM65<u|)A6qU!jdFTf$mbFFO@(_0i2K>Ya>Xc9GjU> z*-ZSM&B5OhrvE*K4#a3F%=`2G%t;v~pvhk^b1;rE#XXs>)pv=&=qiq|YMxB<7~q*n zH%r4xP}b>@R8nc_rxq0HKtYpuTZ`sn3c}zcaJph}+~Cq`ei;R|> zEIdIm`dLJrYdSmy6RtG_rPs`3D3N#APf*JAvO%rCvZ2sl?1ef=5SIjl<@(Rc^x&YKn&-DnKN)WX=Eja?PF1bgv&$(b&^alvJbscBeiN zj56Czf#1+W`$!D_dJ0{D#*o->WdWU<=n~|kM`N8K)rq1hw{(NYk)DM-wac|vt-T3r zW`e{@?I{dT`pe)+>eJW~^c7A0et-;D1a+6@_0mvbNfAS%Qvbc^+rX?7ncoL8h`w(l z|9crCjhr+?X@ErOv)E2!U{N2rUZGIGp;+jIMzWkV^^QOon_z1rSwRR58FD5)6p$70 zTZ#n1fpk%FSwbZvZ$bg4a$A9Ta;N6(+GuI2zUFW%^HJJLXKLcQ5g{yO5B-2=T-;If zM420TMw%5Mi-4%ZLK3BQ!7st@>aJ=aBKjrwsUDhIH zf;xpbR!-uzRcWZInY~v8(L6$yy{aXJwCxk_4X}<0z5zwNnKwW!eVN2%j<Bx?ABJp>^oRM4S$V#tJ@l0Cn#!tg|*&_#;vYy z0~qH!9ybDS+k8A)Fcz*GFuDZuNp^i#xp5_=(*m(nZd_e%Y?LgnG!DD7gaYCS9+fx?$bb7hAr|B*uG?`d$qAUt;YNH-jf5OeEUuFLYvhHa2=mx4HXi zL}qDD&Cs-?LVE)7HkmQs*=U;#t&80x>FZb-QMKAF_8_L!H>G?DiuBNGs#4!zhJs2W z$Y|mPMj^1sa+o<`I*Q ztKHRP{vipGz`42Dr2#|N`=l!BeXSHmgcN=qms!Ru#znK(C$JI&F7AHv)|I|gc8es< z+eCcQSrD38eK$WeydwnxMu9dT;!k1*&4wn6Lmp56#*(P{5G$@sA(jwDDK)Lc8O_V) zasv!3O13iBRbZhfH&1V1rjGo8m^r0n^Qb?DtNGfBv=!PixU?klrMr-A+%HSs@NV26 zW7N3663bw+Jr5Hi6sx!7@VP#eC2-xHVJ?JH9)klld%lZTd%I+|5jLeS%i?@*)G;`S zDGqYtNx9!-KYw7u+e<%WD?@K($~S~sCaINR%s^?CGQ;3uGYlTqWSU#SG7nRy+^83D zY4j4r8W0(jTR#UvnoNbxAqIsP6S|6W0}wIa0BK|?+5zc@x>N{K_o_Y)X6h?co?Bza zfcl|+8FYDI9;IzuBiItbx6ydi5Ud%3HI{!&l^qa%367;;Ux?xHSMg9*Ja3t+&*7Vj&~2W+&Bu zqzBNoQtg+iV?TWgx$nCsdp?0IlL1LE=m?v z(?;>9E&Qy7pVh(~Cp|Jz7HpqfH!kRzP^?Z$>A1TRn=e{T{Zb~FetC(W2Ch+w2`qQ@ znCyP|DtIzVr7H(I7zma(c#Z>uTLIa%A&_6viy36&Z47GB7AFc0zv<4%7SfQ6CyjT&k>e6cMWyoe*2kNDVKsjCxd)!@F>mj?-!WbQZbmg`DPeigU=kwBc7#B>(BV8{guIRd(iZwhERzFIe2 zT~d{)*ixl#4KvKKR&Mbjiv{JvTW1MTo#PUMlfGpD6#TD!4!*bGj-qw9V!*&_d}9b z<$)#>{~R$EiqKUq&SG(yq(=QT?N=J#A+*DA^b{!{`RDN*(?2?l!jfZ9esuL7w=lJS zXuscQ_|ZlvDy^9w&6QX`=5WBqAVh}7>vGFtvQ_5B=}x8jE9=_dTi5O0X65@TeKDW*GZ){7X`5QN;S0#K8TBu$uH3A$N2#DUjnsU$sGpCP2RegjX-jGAqnV|NQWk0TTQ8f=8%JnvsrdIxH#Su+cL}Y3B1O6Y@NpYpm?^}jhCj< z`0Wxy$&;|79E3-Wb>uq&8`(%K(x|5%h8|nxI6YL3qpb?1R3TYv)`Az3<>lCTp*S20 z#nI(e?1giT?U~Bl4$*a}Jh#hm`%ug*wq<-iRE`hPhs2~{e=W@z7;8}D+FVDLD%EF} zS--PIR)+p(lkp8{JQ^SRknqbyiBV#st?^6z{OOhkOU@M3@nI6h)Uw7*Xw2OPuA<}I z9s(Ljh3_OVMAAybY#z`x0l9fOSgp%CWRNbCg#&4^0tCZCXp%tjK|Jq0>WOhy+plsY;^weRB@e$X$nIp#;XnR7kUW#t7VF5m3(@;qZb z(_`g(gv$VF?saO6Q;faQJpXdocbXpBec;Jq0usXJg(q}%+ceN%!c&dkGL&L1n5?LW zu@n`V4H{%*nnYXknL(Snk6Fnf39h+GFDubx(tKt}&K^;4A$#7e?$f!__JW)oXfZFO zWt}ZF{ed>Vnr&iv3UE~djV0C~|HmmZ*?=F%AcK{&Er{loCjKZvD3q{WRUnE{@IRzr z%QmPz!*+7MU#pBgBV*{WD6 zbecX@Pb}Sb1~f!n?8zF~q{UAZ@GAZuFrp%UUGuKv^ZiA+{>wO3{zXSAPS7O9-19WF z9^}$678th1VJ)9z_V&`#CF-e1@uVoVKVC7jP+~>csK<-Mu#T=%Ni&J948(oy9kwru zOADQD(G^)W@h9$>J8H)>h|h6iA%}Q-%vWo2tWtzcNz}D8N$tH#?RVwcFVTu%cT|&L z?naG_4k*=r&V+s3JQBoFv6upLHx8)UTV#X+CW0R~XZm}9G8hvB0mcWk{zj#43%I$7 zHAr7oo>OAuF+hZTlb{dCdp>ts2SvP+@Y$Y$^=761h#|5)zrY=NrbNQtqBDN3k7q2Ldf5w8ls7E zgHt)~33twIKNz;cTcGBbX-BnmHN|TP5?R9+h_-4U7#0VTZpK(4xjtlXkm#F^~DQHwG>rf zOjGqm>%*5>)0rG)M~!qwU9OVP$i}pOLy;b zJWU_Mm_dp&J)h{uN9ZB#DaY0}E9m96(laWw&UfW|Wv_|4z|kz7HPX-aYJ2*b$^<{% zg$~x%TBhcT@u|~SSW;2rQCpJDxipqLtvvUL`uC1+O3z79RT_ipeuLAYg-ZQbSR!{; z8lA)|&ASz``IPq^aP~;Ge@gM@ovuUhB>U2p6jANDA|g<&ig6^`NwK~^ z9hkvOkyD;~nr=&a*1rpZB|vTE9H3}XLLz_aj0Ow4toGbsWzHP5a}uBBxn~jACV^YB z*XPIcW?9a~Za90&f#R}TE{~s^L&GvYSttSmq|H!?^+=^LN1N6=CYqqj(0NP@Au%ZM zin?ROLs~^xihMV7uabuc(eyi=HiwHP%7YkEv5K|8#zo@jsFGv;y;OCBD$`eqt?H!4 z&L>OvYT7MUNj)8;g$$$j;ygXI$GO@ID7wx_KtDl7RG8m;4XP&Wn{0V`xu4T~NPWp$ z|EstKJ=Mbf-h!f+rHRavq@B7N&Bpy~+SpJu`l$lVTXF4d5;wBXeVYixw&!xmvBo<6 z*tVjEueb_i!~S-X>!hvB$xEy1db0PPsaeU^)aJVJuZwl(WmiA0XI`Esa~f|OW4=6G z!0jupG9e!XX^W?9zVPE2wfAM<8+TbkOY#6sqQj-<8-oF+WcAxESk9keEF?_JbFNh1 zY&n~2&nz`*mWW1k)C^XdlUClbe*0Q<;Y4Ku#H0oK^e659R=I&yBGSh59TU%_ixBCf zWiL+8EA_W+<~Huv@Y5-+D{F7X#tVlF3<`MxkgcE|Gl5n6p?UYH;)^Z)HtrEn8~_Z{ zv;wk{6=YM?pnFjr7A+xphe~V!VRj=PhA?U+tWX^iG?C5>X!@TSK#@|~bz4@kb?FTO zvkuNIx3YFL>&$8kuU>8nc9E(5xV3PFmAvALAPmC7u2sooi`I3CE;c)>VWQ!TUabfU zh*Ab^&>&YcIVM8RR5R^pt=Hbpo2hnGhgG8eUco_B##kQlF74r#{FF1>N_u&Rt=g`> zLbqn6Hb+^`M%wMQB{R!pofu>5qIJG3oQl4(uoQqC3;RXhyac!ieklm}3FIp9-=b`V z`tRXF+ih;#&rV3Cem`rTGbM~QX%hW5zGJTY<^$#CX-%?5)i6G!1MHLB|^4z-!D@x+$|1GmUcK37E7OO6nZ6iTij&QEdI@;K7!jb;g&)K($$0$Dgf{@|g`Qt2i&qP5FrjhX&;)rkfIMxB}e*;+Y@nh^^)3 zkoHl^%_kE1duF>{QjsfdXceYx^RddA?H;9A<;+e}LV?Fb_$K@LDjyP`lB`qpP^_V? zQG9P2M?7$H87cl;sPLTGzH>h^AgFQ+ES0A}_R}#6oOYwBmM`l`$Zfb2cfI*2-Z+Saes5N9bm%%dvCmcirs&cQ`h$0a3p zeg~n=NSN2GlL?`1^imgt1D|RuztpdvZvE&CdZ|}Go%-oxzMvA!51X0M;a zEC{M0Jh8B}{NqpXd1yw~YpXd;nnw%OYpr|_tR#c~V%JtHlgdhBq>s=qGYxMoAS5`I zD2}%y%d%Q5Cp8J*C+U?WJw6{xqIvghri$Z%Ql1CK9B5=|cTP5U3y#s&TS7=So`)+P zQ34vP#`9S6Dcl^x_&1Flx~Al=ymm?i=N;_x7z2HTp??wgKniGVvb~swXGl`Abr9Go z6pF%Mbb|a1yor#IE`y$@r-4ckf(80ueqM~)li_54rST+xCUl=vYvOtZ%qn|w4DH)^ zywZ4yKhhpmrW4M8WAvVk%Zq6O%1@e+_$(=$p$46Adkv%Zdy)q%7O?J&$=||s=#eGB z3vBZCR~kQ!pIRxf6w=PWwIxY}2zHzA{gnk=8589?YrNS1q^)7)l3=2yp6lhUG`%4; zz){^^#1e!38*|QmC_iTH+(4nbSozuz){H7iAH}79rvq=!L-zJ3voG+J#e2Gk%!$m7 zv~4>=y4D^r^=wB%Q`!n&rZ+H*9|J750QTVF*~9*7rG6(8MhS>gNqHqR*U=wwb%<*9 z`q*L|d`oY!9eewDJs%?Rdpey%P}!y;NVelt-1I2w9o~o zJl;O&&FU=${QGi9(D^42iEjZ*9tMI;4NLl=o>(SQ(PZO#usnN`SARxK6w0&RMDT}n z!8XOLt{)G5i?kR7&LzDO6gSqqBChRC7|2#zt%CJucs-$7D9Xj)_=R^J%JsA5+Szjb zUGRX@2{X?qqG?fo*Qdo<_0fkt)P?twlF`ln-FdRdn(Jy*y7xh zR%i;=UKSFmW&`wz2|KLuGTl5<#vu5O4Jpz|HN#?M4t;0|FWI zy0vais#M+tgLZq?4M=9o_E^=b8k zg)JE>re^JIGIO6&f*%)HDv}1T0)w&Af5mbm{43IRgMOg{j6s}Sf zW-r!X0jae{=LBW5r|ta;?Yr@Mg}9w#$n2tV2us@n@xkdFyS)O$QAfRUvBDYwIg%1+ zD8E#Ug+FSMg0FyO{4hQF{_<+4rssg(-uU%EoCUp%=6c~KK4-5{5vlZyNywRYwjZqs zjmazFwNymZUD*G#ESloA5{lYc`F?@8pmYHATkrs4ggPotf|w$c@WV_36($LJc`y`9#ocXFTL3 zJluMrLt+39m*3Y8PB?}MrE+EF^{ZpBulIZZ7aDA(}6ny29(_Ke>o84{8oBEw_DuUYdFze`HE zMcAB^e+`qW7t@4e!NbPJ^-c|WID?G;d_5y%2a5?0hA;8wxOg0bEe1$N$o5#&lb@Mw`d-Z+vDos zJQ^!?6x(@WxEF%=&dbJr7(g`N?GWfZ`b=#}WJa~GYZ1_YVTYoN4{#o((nOSL@ z`2Cdl9g;J%SIMBNOLu+@crSV_d_>QaJ`A{^JvaI*v8xGFf zD8y_ojug2Qpo+n0aTAKY)rwUDv&FgP<{LNkXb-fTBtvtnwDV@UTM6lwKE5w&S$P5ZQBEh!KvVD0wW1~>~%d{~Y! zuuEsLz!jV>-VHVey)gpZSauyV}_4O^{y3Sj>VSQE^mc*v7#U>pi9D%$3Q(?NW< zO^kzDEsJnLAhplWRzF4F=3fH=cL$rou`@wSW|WH^^HUECd0oYkbQoOjA zrh2O6Z!RtL=zM(rInK*bu5p7(H?~qjl74$iov;0BO)&Xc-F1XRm=g{)i`e zJBvi~N+q4e(2~(0m-NvD1Jhm;eo>QEJ9WvRH(27IOSKS=N%2k|+wg;0`%$D}FU~j4 z>YRx_Y=x=KdwSZn!ydFl`D|>mYp<8{bU@ZuA9g&J0`apvx10=U$FyqfAn5jq5@kPI zk}Z&buR3}aO2G7?2(mR4u`|I!WQ8Zji{3=hE3yzA2Gc@XeBuBkDg*!yv4rrP+dw=% zJuEK@)o?c2oHK83JtteM(p+J!3viznv8g63Xp3SGL96D9fw%??=*{U#x0HFuY z*2MRdlphUsdj{(EaeWxUaQ!(>s>k_jfrP{en+u|NV+Pobd(D3MLELej=4k<=5mx=s zRlWhvV`{YB5%5uM?B+^&B+ zzc1UM4&VOM8$6O}&|{&&BL@r1T0MkS;4q@kvYLBZY15d!ld9AT{+4y$Of7uof9OdC)&fz=MLg2%#G+RFZuGPbro9SvGou z!=$bDFM^F8&alzLSzrk5H$M)rS_W9nyz2FzmYcV=fFP)f?91qDG<*y%c=emN#TMP% zoE=EO(cipnmC3%J>bO#-K5h%0af+4BBkmM_Na_)dwo$s>ed6UaO0?xfD^+@)Q**&_ ztO8#DVL~YFGkUsHS)r@_RA6H+))3ui9usj6%&^vNm5 z_F)?!&TWJvmIrj38j;A*|cI0xYvODdv^ozpaCX)6wLhF_VZp6nkOXSEgK7&lC| zK;rzi-MVZmIutWxTQbIzn!MG<@#i)}*aNmg;plAWU5ML>jzcvC6#n2 zK6?@~A(qQ6J6oUdV~e(_TyKS4k1!CaJkIKe(P&FexG1Q1TmFZkN|i3py?mXMkVJPv z+ace8Dvn=G3FB3T!AB3>r)EP3EZ4zv2-k0B{dDRA1xXSnsZy(2=%f-k1bm-QoJ?5=q0=Z@3H#Yx4*bR& zj^P}Cf^2(33t(ddV+WRv!1|64&=z;vmb7hN!9*3Le!FwqK&tffjFJ&MAX!K$*<9(5)45& zQlVm7-&Ll3W-yD9W{=9t$&kh)qma(rGY$e4slLyP^Y@^(aud0_qVch zoMfd4-(V++1Mm6WNJ8S9;dbl?xvXrnnPrVXGuzcVdT5IWd&rYTO#Ukn5B^iDc4jw; za>eW5jh(mA=CC`zG`l&OCTh`&Kv?NszE=Sp<(UibD|%7pE4;y8yb}_F;*Bc1$N?EZ zC8r(Yp*DLzCZ31=@C>-FUJOn!7p%N21lbg=hzM_ymbu_?TLbUW7KQmC(bstL>Z*-#hJQIizNH(fe+B`n)dZp0rwZpb=1bZGlr5lCcz;f_+_34!yyD)rrJ+3?DdlI7Qi3C8Kx=0& zFZAeZQ-MqwtiZ;az0wXRgd(&o!UUV1u*(SHah6wO`DOl0)6hoSfr<}-2;roofy~xL zufHswepWC(=dsi0nV-xs<c;{c$o{z4GqRv_rJ;^0G-Fbe9-?e|oD7OeiIsWhY z){n3GcYph@fAPZ8SKazvu6zF-GymJ)-dp(FbBDiv{nY>Qx3&N4%F670xqtJ)zkKBX zerWCe|MtJ?fAoJIzVh>zop|*>{Gab`TJ!UNyJqs=taTI{_{GQn?mx^7e(u=46My;eSO4P8D-Qp^|MeGs^WWY2-~2BF|NA}v`M!Vs*q{E* z=<9{wkNu0)um9>CXhhM5hq&SSD7O&lo@d=}J7YH{ZM2)1{JwHsShbOy>8P_m>Wwetu=X zN`Yb&t<;TGhpFb5e1-e^I;k6Vib$O(&4~9SpxO1&b^M>_@A@eJnJE9sD1SpVahhv~ z^#4XKG`!8)pXM^9-TZ$&9XZOcZe|&n@o@^yM zQ9hYa=R(Eu*F?kF`;w|{^waHJek-zH`n7s8`W85zf_mSur!H^OEp}r!6Yy)%^t&;2 zPn6%bxzX<5QgL0Lr~CZ+ba|g{P*c~ci`@Z!AJArLqN1_#OS{6QqSaw?LgFxdpqn&x zpSsXH2zrBy7Z{Fq2FRx%y#`GDqI0P$|KyD?!UbWg3FWO z25uK~isXQDRTS0!)qxffk_)b?kuC?*)%3b_Yzo#77lu|rMi;T^{y@K*?wgcQx2nML zyZ$uj-a(bo2>CUx&U(7gQM~H+VE!eEK7Z7>=;D=ijiFM) z9da{vFStmnX2PY5eiflN<{UH}?eJ=NZq0)Sv5t>Z!UHUC1@m9JI;sg*DY2fmu@y` zpkQ(dpl(dled<}d4bxUN(p}sd;4BV4{F=VHTF|fh^AYhIr-!5K(;SuXjbF1TZdr); zwv+nlD8D|+UmbO8Y>~j4Se-NA-YK5!)ZF2RknWr1XGSG;lV`U&elY4*V@INH35#zk zCb^N{7x_Xo{!`W$ zS3Wlomvm5j>c6M%{dgdBF`urE)iuRO<^j9q;{iJq6Sf_vSlk|%2Zj;{!)NoCy_)lb*n1AW@LdE7^+q+?* z7WPBbh3>1rets(pU;aJ6ohy=dcEEm;KJ#y@za%N-bk_B~ep!9BeYo2T45lxwY|s2; zI&<;%M;5z0+2PIa)!I8?UCG68>!`+EJSfCaH0$KW{3;G4YAlniRG$4s~ zFCu&ff=f8c{QR`=aWN|q+rzl#17X(_+(P4p;&3tdEC@wt`0hyKWp)WUHmJ)7meRWpa$!p@;u=-I(`z5j(9s*_}V8Q~V8nPCfRm(#GS5ZFISkm}{N0z%*`zNB+ zivj3MS6r@@SzvNs$J`qgMN&CZ2GhCiYl@XO!re(_EkQK{mhU3*D3jzSn+onATDglP z-8+91b&lKY(9&{sDC-kVmWg+x1!O0sec?S54TRFSk|aB>5)vdZW?4p#wI^+1W!ZwY zpE5E*G(Yc2JO-*NPS6TEStLs}DM#y`W8`SLyck8Rv27{aYVRKcI6We1V7Kg`)$DES zBAf10KL!znu`lL*+3k0{ySe3Mq;ZF%eF3K|sB{NE-o@>!Z!x+^$W1fz5(=)rI6vu^ zqECEO!7oM27b?atkZoZg8ZYe(mJ?}OK8BwLg zi>3}v)539M1+9*~g4z+A9EnzDjhQf)2eZjORYT_Tg)&nst@c(^D?*tC&YzlovZmV$ z+sYt~v+PTGrVk@_u1U+nAkgHilk&Qk&PpC=`Hs(NnxAiy*1$i6)9>j@zL$rJ&N$vEjik#~3Fr_r%r-?sE!C}G@i@lNruI?*xS#2d}B>u8D>mCH*YbPgy?|{VdbZa{a8(&r1EQ($8xBtl=krGRi*~ z<#AvgiSm=Vwl;$_-<~Bl>?s z_2vhT%sy~(=7wW456qsNJhGv>?}39y4o`h<=JbK%-Gdo1b9G4K29+L_eu__flne-;r1JN?RPH(UsGA$KQGG+cyMr=0M7H!!IG5A)L;g-k`o-s|qZthr~1&!F+JuKoZ@HXadxxj@I-Go;P^b)OC$ zgwJ&{pa%rtR{}RW zYBlhq*v08Jf_Oi<Rd$}6_nS*@QOh=^Xw(~ z@S%ZFVncU?Yj>XrZ+VJ-b{O@n@-*!lXKe^h#}ilWRczv`#9U|0_&&Y*fKmHB>CF{_ zwnluc$&_3zqO%Wv%2`Jk>`Y!JMaSgS4=-a!-h{&&YHMehv3yD?3rFV~Rm{nb{IF?I ze^RueYrMylh52kY`ZOOTYGD=gl)e`akEE01*C=SH{$duuOIdVuUO}b4mrd4z4JE(4 zAlz4#^(xoRdXuTs$aGu1&|5p%X5VOy*4x>PHwEjb@hEeLR|1pCBBYX2BO=}WMjLO7 zB%xG_B!cD18k+=xKEbez6yoBBXW|QVGhYk_y)%Jx`1CEv{w|B;8(Ad9C)omTW(x$i zNl=qGII|uM&X{_TsA&!b2I51U%DIs;O+Hp^lYt*QC#1CJTaEci7{MxLThtgY$>|Oq z4w~emsE-|Pg)P!WLKOApA|1BSk&RH&j&D?Rd<4qAnRl8`ME$N(|3EjTwI%TR*A;vo zb44X7LlU1uE)VFk?j&_BpM%pCZ8mRt!J8A1OkiXg$0d0aToJx2971}N*FK2G_bHJX zZ*ic6m&3sbC9PMA(YI8QHZN5>5SHgT4P;SXlP2@E5|_U4M!!OwG^4go{ON;pWZ zTgqEninhfARPOxL`LKSD8~L~4^d+342UjR)pAv=BOJ%+U$N?hV^bN-@R~+Cw&fHR~ zj3UF_)6M-)Meb*X{yf&^db$140&DYq1D&05aBW9vpsTADS=%`<(A}MiuI;J}@VbKl ztj(|OSlhX_Yi;*(nrKT}TL7=zK#%{=J@-95Jz&RgPmjg)q0^q8?vY%M?=JR_UHezCO<7sT_W!KSTBbwNh`y$;NX^^Wb?4Qm#V*aW~&ICTcg_uZR#a%V`NqQ?p1% zCSNVB8{pDMieoF`b!zEOhEPZ0IQh|3 zvclXu2xnN+Ryr=2N{MrqM9gq2!o#E+^0oEVP<{RI78{d>E-`@NQs3djS}do&(r1~J z2XOrTJjqbI=Us0_-7vt%F8#Xtj|KykH1xV7p1IHX{1a-^_E^%k5L^K7c@4(B)>RE3 zjqXSG`r^RMLn7|=A5uH%wcj>zalO82fLqM{sBriIAH3AS&Ux!2sAiKe9%o*g@!D$o z z8t@It%eXDt`lh>t>0-5XZ%1HW4ipZln;Tv5a1!*~ zE8VHWs0iuzID8&e;RUcuIb>_eT-hE<=&PN4;oOozoYi7dfh#%Cs=%x?9*Ch-8mCLx zaSn#^`s6XUxnd19j$$Ktpf3daL!g*f)0Cm*Jhv(-XthguAwo=8C*kuYDp)D74nTVI zJzkcNl7~=VzAxfdc8QlwNXC8I{4^x+FXSPeX(r9aQx>Bubm{ss9MraXy#7VyN)RZ|QTOwL<3=q7e54J?3rx*che$ z(2~UyCuJ5 zkTG(`L6`)(yt7i@;P%t%U|~_hEUc>56x`O$oAq1-fT2Xp%`O5Yu2cbJVjHx9*ifTT zjH|t>j9PKwOxn5;Qx@%GnF2Sc5}C0}WzMgT{}f({yDMf%S8vZ;lOj>J6PcV0 z#<~@>c2+b4I(L8Y$qwD;1KZJXi7OxUxhu03<47zxS=6xf;-l>Lx%v_!p_2;w-(@Nn zl3T8)z~TbO%1*Diy=D;eCAdHz%lN)Wb!9~TMxvO)xWY=8gx=`QRtDvDxJ5D^$JmN$ zr+u^`o4S&VphH=)R$LfnqXCxH87TSXx`@c&w#wFTty%)1F&aJ z9_dSMy8Ef#a^jVv4%$hlTpIBux3iEK@sm#H^KKHDgC$-EAY3pKqjNMX_OT@TMCz7^jKGTzI3U9N%-dHHKYb zOyO}d%wwY0292NfK#PIZyZq%rIfrsZ1VTElG-l1rGWRJQZhFKjHD=e{B&NvrE^&c~r6o@ea_lXfs5UK%mm;j( zSVe*AOK2g3(O9Xx`N>PFTCj%d;OF0Z2rgXDu<9c5yyQy}!>KB7;^SSQN+ucp(h`}i zj5P_m0xZ9qlEqJkY+IrUQ98>DbQ0-YL)w_ToC%w1UoOvV0f4Pl8AE-+?0y7DFB-rNGRq?1N z#Fs}oolQT`u5mvW$czCp^FR3dn3a?t80t6BPUJL$m8t?1ClQ0KN2)fEFuJsj@#JT$6rZR@LIE zh2+zjOt8B|`G(!RthMQZ3yhd_ZEQiJzZf??zdVg?Y#)IOmbN#t1LLeqPaqRte9ML1 zjkr0055^N|!AxdZ!i4nU1(eL&>yjBI{(d8%9%ma&&8I~&B?X(KeqTdn!YeaX3sKJQ zhP|XUds3STAOTprU}9dXu^%qu7!3l(e$Hf?R@ofHncE=fI>aR(M(QSo2l_*III_es zy*W|&S{E5ZMRZW5IWCo3X>Q{#c13UKu*VL?SZ%EL$A~{}l;Kn1DqB;O=5Wu`hGZIz zGs3*YPndCPh4T{J4L&U@KYP7W|3KQ_LRS;%^$0S6FMrAyt}94}8d7&ZXeHMkB{qPK z;e{}41VFA#mHPqz_R=;jd8UIKaqUVB4ZqM=xeBo%Z3hh~#uq~;mS}1I( zAq+GcT82V3>>Z!RYSK!irJ^eXE^!+7Z>m(8=a}XL=&k5nPZG*s&``iO7kn1Ei`xIihV$`x!r2A1yfn##ai8YQJ?RHM;n_z z8F$B6$ni{9(q-0KAxh#-_-8C7pps8Ck*_~j-+U0Y{`{NYH`3IU z!N)F@oIR>)qG9f@tvr)VhS%#hf0%+UM?#eQJab&?$qRRq8kGZl&?KkzUC1{OzoISO z=vj=-=3mKkBK!GQ113r6wWJVz2fi6~zaqpfkb{*2m53Y7THwHv@r|?=2`wmPY1|11 zQ8_?EB{o6ke)7ro+KdW&^XZ#hRZK#TrrAksnXQmOuCX4tNOnWM2D%%-I(s(Arte$9hpC*ZBdV5Kxkr7%q zD|xctlbT9)rEYMOSx6(XETW>9u!@V6FuRkfDBP%!*sMt!M3QJBH*KU6wYkb_`3=JI zvcwX{6B6~I>^AkWK+>C(O6n*k%1RW(lnv703MP-Zvy80CcFJao_8@J?u=c)mwKQbO zhN_`!Q{l6>{84942+TmKQteO&2XF>x10C~JPB~6K*(&O7@dy!whSZ6hy4|eX^l8=!Q4+IA4`D&MJWu{;Mj=VP#_o01r3ubCL%n7Na13y%tXx&N_Yxp0(6BNp;QA__if~+sl00a^DW^Q|wvXX#7GKD95f1=xYFsXzw}E z-YYlWGorm06YV`a(jjJ#Wt?O-9+9=JG*NFQbtNeWM*jHLv>;*Z<>ai^P)<61DJE&!xav)`7{_PN$2 zVA>lZu6stcAWBLskC#OuC3YoKp6@%^t$u7)`dJHh5u~@QetdvS<{;fbNZO`?k^6Ng z_vm1=n;IPEvB7DTg9$=HT*OJ^N9JPIa*^xHz87M-D`d~y zsNvHU7zV>Wz$Wy4_`xpU-MOA`0(PvA@?GoMt9y=6iGM|lz1Fi{vskCWJX9vs%{K<) z1dWepStzGMB43=QP_9d#By@1^&=%+U_(6B5-CRd8DygOVkL>ry*6I@$ex|EP`ol%T z0B@Kj?p0!Qv^P$a^jeR6y^R@3*b;dkS+gu4;zs zZ!O%H*Pg7>H6azYTCW>0pNmRpuHYAbvLQC%QOrg9{7}T6FXtu?72%ZQC+2F}7`d z)24~ZLz@q7-7>Ld%gClfGh0SCPad2eA0M9?**0_N;N--igA)@oii{rOt&6Ft$(fny zv6+cO6JwhWO>Uc+Ikf4}^fYacZap+LGCDRhxn=A0*ygRf0 zj7^Vk8J|8lJ~Fvw+vLnBWv0hBPj3YdIBuRkxM_M~a@*+mD4-5b9h@GSnLc#z;LOzI z9Id1yHAa8-a0iowP`EzW81c=iRpu5V@%+&LtCaMCO07=4sANfW6RXkwux<{ zTSmsGN5&3LPL6LG9oc+n^Ayr!>!!_ysi`q! z1G0q)K7+iN8l9S+I<)Q3*3qqFn@7jTM`kqNN4JfRZW~9OZP|M8;O0YHHX{=zX2wRx zMmJ529GV`T-Zs5?%OvlOZ5!ifbR0BBwr$!rws~r5X7bS1%~P8vwv5gkLhMW)JhTN= z#lOpi=%LR5{8ZaT=%%$CWm)0>FQP;COlw~lNc=asZ5T9Jze5@vUvj-p$0(VF4g zcOBRtUU&=dyM2=v-p~!D<+q%iJUa8>@sr=!dHB?cBa^3ZCt6mOYN%7C=q0&mMGJcM z=Hn+%96xDqy4eB#!d){*W+qR~MA4>PH2jy}tu9z}xVq!Wk?P6A_ue;qs(Nzf)Xd3m z&P)$S(H*(yvj^@we5yKi)Cr1xWPHbTa4^e4ZE-HBwPLQ3Si=yjt(KSi;<_Yq)PDIfS zxv2lHnG?rP9iBaY^7P#&k6d%#?CgnC*I#$tz4YgSgTqtDk6veBuA7ts-gs*I8ygQD zKe>_D6zx@ru9;&S@7^CpW4UOfHwXD=hHslW3cLd+Cy$+CEM~9W&itC1Idy8ssnf@% zK0W=_uZ~60r*qM^bQNB0JbYsE6;Tlpu~%$xP_d(8J7PbUe@#M)faTnK z?swn!-XA5|ZLL|eX0=%}dxphkrp2Qtm5`E_L?ts)*yPDHGE@o*qEUH`mIAHD zB=b?QjLD%a8aX6|e}T+S0eOJ;GilRk+y+L_@Tw-2oB*W)E-K9!2!U{g`+5kX3*wew z9P<@m_$R0W~F+SD`%fx3SLTnmTyO@U(qUV-+7;aH#upld=5Bc2A06N@C* zjUJ1lE|BR-rUs)&kD;;M8EMHhP@oj1Lws~Jx{#d8o*}$C+d7(XpkkO0j*a;)S|2)# zJ&Dp6LOvoI7wv2t96S`4> z0Q!Ou#>CSE+#xV*ERMPVIs#8x4Aq(Cl9H0t6BURwyc;Cp=I#*fZmJD*vJu?^`no5mf)4-~+g~U;ydSD~}79MD>AQ~tggC)dc3hFW% z$E-x?2>>P_CGn&s0Yxl>(XOCi-9_{7Aw8uKlK?mb$NWWsnJMg)*pwteWl%$N?;9cQ zH}VqP7#-qZ)Mw2=D&26*@kdAnq;=blp8U2zlv&}JsR$CV6Clz*QweA(8yqtifeU5F zS&wCytKZguNsz<8|DDwi3!eqoGiK7kEaz?!%T_Aw?4m8CK!@P0Kqpt?y7t90i z)jYizf;9dg!v);^$8Z6QdRUO}u!v_z1f6-VuLpf|#xb6SFy_Vwy?~Jd^kR=ddJ$Xx zO$@+{e-pzmumIIUXzoNL%oO}gk9bGGf`F8yBpUNa)we`i_pgInBXEfHtoxGCpO;Pn z+W!q`DBBRn^nO&f8x2BxuD1b634+K;h+qbaDgvM*1-KvrU{Hfnro#d;0_K~7MhF9vA0p-1GA>y{c(ZS8*$?4; zY0P+9PjINyFBZ>ZXHWQFC*KQ#U?y~DfDLPVrW4ojwS!oMffuWB=JiV z@Cq8;0*CcldygWZUJ&2b_OLc)p!q-0-*2J3;`~zB?&)A6g$B~>*NW|7Hq61u+2WYR zPl$D`)DMK3Us(aDS6q+Enp>eb<8Ptp4$B3tWZolG>7^HZ zDne8H&}?&?Zv&klKvSWw+k*oZ6a;ODW0pVRd!JUx0z^d^p?$YxQCPl=B8{*BLHPwq z`_>?d#sii=Hp+ayea{>rQ}PSt2d7O=rn9+ey%=uRNYHYYpwpf>=K2%f^+LdBf&h^f zRHX0Nh-+KB10;TZcnZtCBfx;vN7$?E)fC^y(3b|AgSYy1a(K<#gPb2*`X1!;9qpNe zbp60v^uPg9(nq{!4kGrqaP$%ISwQ1V!m$WmD|35tKTB*0x;Y^!f~sswRfkDe<3K~W6+YrTPc_CI`migkCrwIS~!2HVb&-(I-Ln72G6M|yro=AJ99r;v3|7scpdII@EiR?bR;S{Lxcoe5++(2GVDU@=k!nj|UB5wi>Jj=a;Ve&BQfSy68qTp~s=1roJ31HHbVT31?Ntc5qNmJ1BqUb~b z3vVVPSOF&PSvTeAo)9hfM4g9LlAEb!_2c^h4C{}>ykkTz{1;XW19(0kxHJk*zPZC) zQ>~kGmGmHm9FIh7aP6DWX|YJ!q2#q4I(SX1U{z z;(&^KkcIe+Mj|!PFZNw28!@f|!_z^K{eV7m3WL{|gPF)UtQjxT5#};o$|og0 z9tK;uQqvEtJ}W2yN7F%z%MsE=GCbA*5u43df^?Zz>Qxro%&^h?Gl^%>f`8uDj%>bTABNKA_U1 zy7gOHpxgozghWDMY2X;7Ll%B`W0k-^CYyU-(mg$uj+lbl+9!s^4u(i3gq{q|12vZB zvJXwZ;3}1@7b7+)jY@M4@B)sYK~Eau5f^QdN0?>k=hB5IWdAakILNuuNO|p*Z%auy zue$1zMbq3Jt&|6^2A#=SkSSNFs&%85aj7t*xrNex(V=r_X4}w#!xF09$xi22XB39b z+8p#7wxPyW7?)w1AWT=ZhPcM zRt1f!Ktx1eUV9tEeFG3{65wy{O$lsny#%_&{UDww!=E1fJ%xKuMed;o6w#N+Cn(r0 zc&pizQ&{>1uk~-IjqYsTUWjm*M4O;ATO0@!%Oqv;6y8h;(MgIX-E&V&M3!}i2`jxH zG)|>X#)3VaO)V_3?xJejyNiPAOqy`JO=_P?9g{_96*(Lu@*FS) zRMagg$v1}1z>-<9FiuM|rY0rvp8u)~NP1RV1l9jP{GY)AFmyl&EUcdOEj>I(0WoN= z>*zU8_#1ay0^7&)6zCEhLq`b1dj_kh*b(H0A6cZ)b!j~;z=xKJT* z7i|Q=g8OK(e%|Ic+y}5-;sXIO4m1gOyXcMS6)fNhNjzllT~|L5o3fJ zp!x$@gvS5 zyiOpY!t!}Ld7%~e(LNpMgZ3RThMg8rs~N*F+VzqG$LI=@NFFbcw4g0OnDC1>yc2Tc z=QJ9_z6WSOFQg2{KnvQyE1ru5@hla1i?|UFEeEa-tNc#u_03;nZo6`K{S?81_=5Ib z;I}N=Pz0t9LaU>8_3wTXNe`+EzirSNl1@xSQohG`VVxXcDK+Q~0#3AV4R6O=A$LS^ zk%0z3(CiSPE*RPqrU$}jF7UZ0e9uwk7MC^w59i#hiStY@4tbure`_g6ejdS*6eBodouy(Z3!!WV6rSs% z*1x~v6BUSBjC2m6?IsqN1(Gr;vV^pxSg5$9GAT5eqD%}xC;gOV!eJ6E^di|Q42mMW zp9~kJlwrm;H5rl=l%a$Mx+0_8_w;UxJ~0B_7gHW4ob=3{2aI}yfR!BJ>P$8zC=_C- zn!KqgVL^c}bC_^H0Zz@}l+t}lu>T|Ub<;2Q9r_6lK3tSh&~{=RTmjk|mmzVWi`l7d zr`{PmV$`8qJERW=o_hY?u1K@R%ze2FIiXIv(tU@9(Sn^dDp_629uBGg)HO_Yp=|o( zoh7MZ_@e}4-8?zPP9N1%nzIHh{o}TZ1)D`=rrtDGG>~xPU4n8TZ_i5AA$-mtyt1}#Pe_oij=i+rA*G2uNFy1>f z;MDTUWTr%h{N6pfo=lY|gZvK{%sH@OXAvbtMSfwDiPLz=Q>*6e-G5H^Zff($ms_Tu zxv9N+`gw}ZJ6)xqgfy*wt^?=Pde-HwNuAeh=@vi#gNEO$C1zhXkgZ%h?&uo~&3QIh zG5xT-aw`c075|-sbATh6#4u=UOsn0TP!vThy$qhVM<@d^(M^ zoLB5HR4n0DI;PY;*A>mNhbi{cr%yLd7Q6w3X4y6{$p+qnd$Ui4Yx$ZwL0J7z*pA^9+|P0c4d!WxV=Wni8C@>?`Cd=?wkzks>o?`UhnIgc;W2q$_ot|>sCy%oZ@RR zXmaDgVfJSw=BpGKy)JrL-hS0%o?H8as&l4>h1VL2r?p?#fAsa4(Z(6^JF>mfjx-Ys zr9L=x-55FUukwm~om=}>S;T(yw%*%XzN%#gd$^j6{gBnHz+>zFoEKpJ8dJ|IZ&?Mi=s-rKh_qJfo zpKN=RyUH;9v`2_kSnCqbfH7x>rhJY`Sg&|>Mc1Ea67&*62MhOd28wk&1s@7tr* zoE9C49H(eltdjWY(TD2HnTl4?e?&huAvI0%+go!_e8Dx%Gh@R|Hp|}_9US_3%cA1& zfzHv3&F@xCXRv3H_q*!6iZLqrr2nR?Xr#ktw{)Mk$I~^f9evHTgT_6ynvoqdX`pr? zg>5vs^IFBZV3q zlmhQ~xT4u|-0iMt=^<_0Petwum*2nL)aikV97nD5a{&3?x;AV-Y$WJTmlJP z0_fbe~F#Z4zqDhH4a})FIS7%@2=WeWS!Z(F3a$Z zUs$1*g>It_gE}YpK(WI1LE3ZAygne7oBuBQ<;9@-Ma$+NI-PB7G@^%P1wl~~SN9^ULnGq&eweO`yDFk{< zuYQl+Ikb($iEcZhT3t8fN~m{-O_{=DZLdS>``u={-*0GS&b-a+&}pytSl#sEs782O zPX1G0FQQ`W;`XNz>vw*-xhw8&!^-Sg&#pc5?(iB}p{&2DA|pQQ;ct`EqpM8jUJoyh zte>v0|L3#hM*RZA0w*i~hCB1z@{URSG+iloHDND*$9SJk9%rZ=HEH=82Y<7?##xM~d*rziZBmht$iOUU@ zfu14SnH09-C1jDgR}e>NatQ^2?Ux|Lzy*Bc=9osdB+3%kS``VuJ5MT3P%dfbnG+Kb z#4vI2M1+5-Z>e{#SGN}eZ`Iq)aeZ7WGldFoXmLFe=q+e1D67EPMH6PxrlwqHH<9n$ zz}W>60fZm_9GsoYkDQ%JEZ@`p06&|^UXO?;i)XJSvX>Frg#soSixJs5gd@K=5ij3wNa!VR$(Z+@j?;Dwy zl5@Tsc6=mr+OB>~*_M!cd@+*5ar!TX)`JddjozJe(V-$8P^$Pg_gtUh{KYm)+DVz0# zZnyIj@l4!jaeI4Oa%`dfrFCI`{`Fbm!^_eKm}<>@;ViS;@vqHiH%2v-Em#{qHO$Y` z{fNt{wbLSGvOE(%&sg73mz+H1R1iy9erCWq3TM!If-`6>bODL%<^OHR_1#{eNXN7^ zdj|mqsJmY%Ek=xT@NR3oe-bvT9q}$Vu9iT!bJpJj$%%jma1ea_0FZ14bD>ko=%IZ9dypbIXG53 zlzcua?tI<6gu{=fPkWR9>W@8x)sL>yW6uw^9@}Qf-W`2;f8~R9^CeP0&5tuy*VvRX z%Wp})#`;>d0ma)A1Nz@`8q}%rq-1=+c(0O?iHgb3L(aK89(x7Tl3e6)F8!GEZ>}4b z8992A7X;67?ew4U_(t2&PqGI2o~kOZJ;RM7FBsPBIiKXRxNJQszVb!mk~1fpRq|?# zONQl7eQH&BD{4aY^iJod3#*NkmXtLH?6-5-ev^KqovD1gY-CVfQZ>m@W6SI1YU3;y zm3v2M-ZL1|Z*;rsCHB#;nN9e;BSZS<)rVU%Sjb~@SMN;*4U}) z1>610Ns_TAZmzt9sVkcj&{Z=ftl>R)SPR71+L|(f5YHmvuS>IAHfCQXvYY=SVd>xO zSdJic!23WyR5Ju-RMS}GklF3ah1XlQXa`fqD1o|H^iPfd0pU{yi^;Q!#G_o;Zb*l3n^)DN8)O zuXFOIUC7)rEsN(#2f~WQCW#M!A$^qgyx^?{tFYu)K&GQZ|z0Jtnldaxuj7k?-$)?z%AWxW|J>gA2#c zTGuf*`23b>Vf9rrGXk#k-?3I3e>QVZ6;pl4k~I8;br6YWuh6>S)TkU4c@^Cy_4bl) zIk!Dueljq^3N!ZEA34v+d2Zn_VCsW{Xm?ebx7zD@V_X6)a8;Ymjn?Gb!yK`$% zRe5}buE4H%7z2!@n^H7?dWs2FHbSsxp3i)ONyJ^ZoG&Qw{)#1$yT-Qi1@*Tfr&*qX63%8(eqVx3?s!`a)$x%74A2ib{h6Gy-ddwuE zdC~beB8&(r4Jr-D_4}UB>yd=wtxuzCN(fC2oPg@WHy9;CpE8mgq9^e~TnN!85fdQ? z-JO?%5Ix|hW$~l*Un{L=YHA>=oGwaK$q_RAa>e>_)5)3&=sI+2q_TP#J#G+v?nZpI zdjQ*KS5@`miJdyHbm|XCf4o2~>SWJbwf+rtd#79VB${kRP8j&;QeV%jGfv*)8>)a(aY|yzC?vZJ8WZ(3)yT?zNU%p}r zE%Lr(R5>**-|*a*MPnydSco%}P7Lzjd!iG+$okx5ouV4P85?#vcKq%$r!1GnTa(%! zx+k>Es?<&0w)9GucdmdjFQYQ9XB{=sJ+M&sPNa+FVXrZZCq9qN z^qF`u>9Xa5nEA|;&?HiZ?1 zz;8l6ntN)7PXEhZ{bvsD{+&%e9ebEsvNJZExvn##uK!ie<V%A2Dg(_BLgW`r83rx{Abq{T1EuVwuvFlJhtUClfF}P>$bO+ zhb=}>|5#;rVDK!n?O73-ixf511%27~XtM5&DGC>&UVm8}eBs*Dd11aUZXU|tc(1Ua z%EmCT_;D&-{SD@C3;nu#d*(_{)%n**n@|sR;oqBPrCKKsBoyJ{b%w8R)+H$ zkF;~gqRnqA5ht7kj8_bN^LhpO<9UlxP@g-d?Z%KxpR2BDG$p=`3<``=YSTTiGeBZyQqurU=8OCfLC5B)Ej=6)HqDJYrLKB;BJD0YbBHfITy%eNpSB$yer6V zk1Sel4HC2HtbBnqYaUh6E4{=TM}{o{2KLRL>SMD`x7vjR0@Mh zf{~uTnPWqPNrVw$X#`79p~0jHe5VP{8x0qa<)4G|cKDI=?jyhUEpB!X^T~C(>q0X= zjoN<4a9BJ}(TTWI!u0-Bnerr3WuJrJ7;5@%$)zjpDQ0_Zt{G%gVY4*i5o8*HE zl>0{u{z|%3woHBa^T%=Vw!ywPR~^_lG`+>rxVVxNhKcQxIGp#0e*1v*^I7dvQVx$i z!)S5zOv78%ZzXf&-Xv>>+)ocq(+RJ=xxQ<${qe4ZcG}yGVO!oU-=`m{cTuO#skDC3 zJ|(3AQTBSbomNvyx9QmaePD!@WYN zt*q;FhDNyIizf^!Oq5^0QU6B#Abp(!*4}Fve`$pzPH`VFrt;649VZ{px z-tZ9V-E`b7b9Pxw66=f1!Kcn~_VmwZ8l1f{GnXDd^WN@$jcWa#^A6>dz`2L&Ne!G0 zv(z+I^YT-_bnLyTKR8de!19j+J|EV8m3eIbUdJNd;I{n!hl^HUyEFXBOFb8R-DMBi z?1(9sN*tbLmQu_z4xM>CtKK@*?b4DzPj0pS&9>j8K|R_q=Z3#G16c$RqVv%q3Y?>jz-0$ zqnjsq9Z%igo^4wSDdy~~jhX*te=Rb=D*^j8NMId{W%d%o)fFJn=cQ3>%+U~;;DQZ> zcY$CNw!)l^I8HGnMiDaI2+){>6nw$1@7uc%R0iy#XupoHqHlCdO$7L~u^p9?R6-AJz4t zHI9&}ypXuPX+xycoTY4u!p~pBPjPe|*GSnlj_?}g^KxWEhZ4!ItoExGis#JA8vc-;G_^ReF$mFNXzY|9-l>eR;~ZBlc3ww~n-z z%FefII%UpY^6v9k`4jyvyIj3rWA-sY4Xc>l9AWWLsx(A?c>HsV19d0WBob#0t?EB+ zgT8_M4(~%P6^b%Lst&KZn_(iRndn+;owMzvoU`G_h%$NWz-O25?9R=(vwEk+nf+3u zRL?|_e*Js6z zk<+84rE{Il_AS+=CY4o;t{ro5+zQ_d^oh$(&hcy*HX$x>Vta^`K8n6_*8tIcTm3C%*=-lSfgIEXh24DY73i_*Q`x}|GoM(Tvx#;iir^Gy;;gGOgww;h4 zpI-jOL@n6V(b8;c^ug*Q%)1rzb{~n3C4&>!CK;J(?Abh*Qa@9AE8{B1_Gr^gj}Lq0 uTAW(0o{?V6GM=2Qw5N8{NlWQA)3e2`V>~c@w>Phg8F!5nyk9{N^8W!WGyK#5 diff --git a/Modules/AzBobbyTables/3.1.0/dependencies/Microsoft.Bcl.AsyncInterfaces.dll b/Modules/AzBobbyTables/3.1.0/dependencies/Microsoft.Bcl.AsyncInterfaces.dll deleted file mode 100644 index 39fd1311f2660966f58a43b6e2e581064bd9febb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 22144 zcmeHv2Ut@{*YMn%5Fm6AMWlqHA|>2}A}AtF5EVoL0TnSM0U{y6By>fJvi9D~3U+tx zUDw{$-n(mG>+0&NtX=;zlK`>ozWYD__df6UeBXaHXXc!lIdkUBoHH}$UXANJ5wQ?L zZ1{cpgwPg9@e@Yi--8M$Hh11;jy4z{ciBSqIPQ{^BUAJ8RmyCYD32!=DHKW#FH_1> z6)1Qz1uv>+A}>!Vk@C&Vxb8aE30)BCL9vikk3$a{db^2Sc_tKtP#d6dwba>A5AonP z5Pk?*l02=I8xyenS9q{&G%`T`p!1oI2pJP<6F3&B zW!psgcFu|Ruz^YQY)EYw8a0Qi6hcAs9?}-zM_Ud;t>|V$ zVGVI1X{Sv*wTYKD@rDFuf;AMkpgnvr8V_pZLq^+BO9Lrz2cGw!%okTJ!wkGV=rY`) zH;*pEy?8g*rb<|j+yVfU4{hh!(zAtUbI(nUEpZDUj#>aoskVM=A66SL0}n7nV2mXJ zAz{uq$O*3(&=1SULsFkBcn5Cx5)4g^#}mm#L$~(s0@VM zDd0tUw1=EW5CCsu+Hfe=ftRgEFeIi%9vvXz8`4IEtQ{Da<6{e}0BeUHf=9|~<^ghe zaXG=`K{QS|OdOlvI0nqm#=y$JyQP&u0q)Pt*rzRIp(SO*wqpClczT3jE^LoZkT{Vp zm7$Pr<7r&p8Pe81E!vcaLFOYT9H2S^(<*QYv@w95l~IuYoQoA($07ojCZ3%Jf$(}~ zp#l&TKe{Pu5VnPOiIDm8vC)o>3`aXc?e4S&cE??D%6mYfCt@6+ItAhq{T5%U^0P8BHHJE!+H2Qmw`LzXV09dIJaDSO zvre1~>?7DqBtQaoto1EmZ7@z;qU;5L_!eBjqc^T4)D;q7%6rz6$SwL!p>n+AJ1S08X=b!S3 zNbD9tVUG@vDf|lk`3&EW@e_dQ;F*;JJj6xFtsEhL5QTxCTcSoKQ)H`g4GFk37z%Pr zPDB-ux5W9FW7FbKB@xiS-Q{Lo-9Db5Rwjlr#=x0D~=P;l>HzNBpnNWnEB zm=Z$oqf5c1knNHUDU1}sTp$pI)B&Dki!_52m*F2m&K&KiIEc;OYQ#ZT2pnvH^Yd6; zjcm|sP#g#S##&;)L41R74hQWvm<^>H*%;1X9|B4!3&T_c3~dN3CG-{q`V;t;z_q02 zAQt970=RL}D}yLw4(h|1X23;v5YE4&aWC@>ah;pSIKPL+`QJDgejso)p^sqU(({Cy z5#+f@4mG)GA;LAEB3wFwI}IfN&aeb1C5E`pZsW^P#}FU~6_e6G4ROEc3~LqSd%V78=eFS-mhjgTFxfUuhB1*mQNsROO;X0QFl}bkV0z# zwuXEH50r#z>^d4@-KKtq;Sz)n8l+G!KvwN@(7?fHHq>muB-9HETLpd&nt5|gX&MdW zVQf0GWxWQh3S(3aisS~ud`-j{szKYRNYM3s9kviK1GGwq1+ef8{Y0>8qw9trXhU>c zTLyBbL)mZIGAuRA2));}OQDQdT;%G4;HieP8n^}o6RZY3F*awJp*S5jonyx`M`Hcz2*G=^qiHS{;~k4R|?fHaDOoq|Gvjd_-i zgO;x4reE{xytd8+1I(v2;np1brBE4>L<@g{JdJ!=_+*VKY}6L6I1P0IDV%4BwAy~J zlhOvr0qm&}mYqgmR*j!FyqAS`KSm20JqL zJf_6wm=gbE3N>rMTVZ>5fcy&ZX_(?oJd8K-Hr~Vwc@r<>O}vmd@loEyM|l(9dc)1Yb@j}S@69MOu)K;pq!XRoGYq_iDXZMcc@Cf4GOur)^^K79e|U_Ti`)@l@JU?k;0{Hg=dRS&R| z7gQ4HkfM7aY$G91heG|431v$6M~-l9u?F9EkLE*Pbu2!zK}!I(LaPC~p%VbT&_#fL z$ehhb9Z@rYk;oBXcN9ioe*#qmjs%#9z6aP3Z3QSsPXOkkAPyg?Q8$2Ps2pImj>A+= zBpL(#MuIP_V~I&#O!6#h3OdYjqpWc$fnuOM<5W{v&O3xc(YP&(z*-v9cN2J%Km<3< zIu>H#Iy?fskpyi;v>Y1pfP zQKBfiAF)b|YoCrZ7kmY_V4UDO2z8|UfxRM-j0={E&vX>z{E1bYk`#`+Xgz6XgV->u zaAMZs&2;6qI=ZcnZjZpY;c?QH^K`h64)=xB3xy&d6b~yZ9u=Wz>N_-_Vxc^cZ7_^H z4@O)7=ZQSbCL}aCBSR?2U{FY+EL$OxM=JC3?5DL?DQ~w^S|FG?phS3sho|QiXeIq(VMij75gbXVPet zDj;P`H5suQX`TQj6@Uf?3L7axtR)l@r<4@PrJ)dS%K(BHC6=h6IzLh=mrDs>H9tnG zkg8;26eUyVE7jV;pg3irG#p^>T}CYCFepud+rF-HWdL1eJW3biOps;5^i zS)Y(0*3KL>$&g7g6w$qQHHc}7Ili$ju+2}-lUQazgf~aC5;n_Kw6C~ zPnuMcFYO9a0HYYG24m4GWuA^g<^?4sYD5}ooJgD_Q-DaMm(NHrjHYrttMN*xs87Xw zb?XA>bUmR+QN9LNBZ^c>fdc}CHmQ&Fpk+eT0wy9w;cB%sFH>F;C)J1~B8@0q1GmY{ z0x0Q{mnoG?5I)}>4?RgonE?DdKoDjn zalz_UiC{77Yon=3l1K&0h=vfjv`DGSZ7S$etdT0zU>8lKhF+pU;yzN5#1ISC?7j$S3LzDcLO!L<~VoL+gu5EE2j)?!T)_lANdPqQz0+;789@_g zMxl18p%j@WN1unz@#wp=&#kjjL((jrFGgSPW+*mZsgY%skO?IF8;Xro$uu&tNd8qx z&wOl2pcJhXQVF;~DOsarQ_$`&O|)=THf(DOO?-h|-b4j&iM7(mtEnVWs%b)CR#78{ z-K9t)&cU_??gfk*?|0x|a+H#Y0-0PQRcXl$w*GlhM&4&Nv2uH64uah&RuZjLY5fUs zz&sPhIa0iz0Y9+vd^~0~UpsSZoofXPf=wMd zYqSS#x!$%KEf+y_FpI#Z5k*3)a5yZLsAY|ke$iFK0KOo@NOj&;O{PI#!?1mRQA&0q zScW~x+Eb%O2cvc7UkQ#qe}Nj$oGz!GeMF8&OqVqdY^aUXiRyID1$V#5g7znkiKj9;-rJ%WSH?Us^FnTi||S=A+yquSLSELDx`zq zfC+9IAD2-}F;XH0(m>t^i$()^AU@OC^nCxj0^x+ z+2X7@1~kE440tqUZcg$gY(vV*0RqBSQbUGOy;1!c0 zVmVkkI5=>Ck9EZe+%6gNRu!XYj;)mkWrGYkw${xcr8zWdz!B~!9P5f%7)+x%4!Ea^NtA;T0#RmJSIonM z;~4M|WGxLj4%QXRtt(b)p#y|LpcR43NtF?#*$AtO<8bw&VJz^M6t6V3q*!>&aK~|i z+YJbYdm&}#v5wN3@eHghPHV{yR%uohm!TgJCJbc7!mY)U5d;KszOoN<*u^~$*Jj^7hS1Sgv)G8S((9n>wwMwUOAwhYF zpaukDHCt7T!wO{c;9_SEm9Yf6ZcX(OT!Ave+_1upj+NPbI_`6=S4Ay;eZa0jXez8Q z4!$V@-a9c|0GBzqO;V_P&HkgsNpt+SZL;rZhi-TLxN-gCV5DK&1}?pG^zyI__DPEo zgOis{9{)qT-#%EK{Ap#!rRE=(?pWw5A2hB#x5ru5t7ctu7293YMl1=6aZ=O|J~nxg zC&9!lO}4xIjb~?L}}L_+`+Bfp)N$~XzkL& zYt{*4ETA-5%O z-SMSUp^(o22lHl)XKcKi%S9#eaO6e?m_6=|Cf&JG$gycZ`NruAUV%Z_9e32ouHj?~ zLfBHsM7P)B`vE&i1?NUWO;Aa*q^ej&rm|R%8mmrH$@22_>e>VMMge$mSB8@`@x=)F zQHZ~HIq#dLd|tR*&LihyH4ioh*si4#c*|88OQFh0I7}DHU_<3;a-_V^?${t?NKz;d zRHmahT@2wH95{85BPA)%k;>ut#nZsmOwEHU1`jKN*Pw15XqnH`e$fL*TevXsWNIG% zqDKXeS_U^}o*HjXu($Jy;2il?YXRwm@Wc@Uo*(ctKoW5G9W|NJip{?9Ap6BV+ekZB+YB^2-jghBzMoe)f6y!?ZNLaCqFPb6yJ zUYZ#s%oJv2`uT~2{e*(7V4 zii2~53<4&2^#4URv+?b+Lq() zVJ6*n+{}pk?qr|i&iCGYsv7A%eoI`nSJZ4PN$Z`G-)mm7vS+r8dt@3a-`7Pm+efDf03!ygq=t%1px>iC@7e>p~x4&m#niqBaSmx{nZzM|uLUE!BH5TOn5UZvsLz=02N zP#=hJX8`PidP6Q2zO;)6JQiTI_NzOzgZ=a)UdlM?`~0XaNih%j$b~#?fZFXqM}P#D z6tw6AXF?V5k-_%{5T1gQVHTVi@#BuSY=|DhMGL5EDAzwd;u>q%%|KQPWYRz_e8SBB z2B&8RxDM0!#~)>49iUn|ilQL0uY|~M9`ub*srbW&1mLAag}_e&R5eVW2IWAG2hxQD zUII16pbLDS#qF?snMC>!kTw+RVR^)QZweT5JfwKd;U|vBh}WtbepxUM9?_wStTMbR z@vLd@S`xS!P>r?`1sv2cK0L~Ny;|Sm$wv`TQx3XlTKm{azg)El;hAabqYu%dx={i+ z2m%kh9)(B%FaT1V!R7 z2c2RqWW$QqK%M2F!>{}LE4^ad3MbsL?KE(~7KK+hUb`yrBX|Yl@0#Rfj6HQVvA4ow zZ18*-)6VSI{r}&OH4JtDO6SQWV9|J$|NYuo1yVOyDMD57F6_(pU(RU5d@}I9)E@eFQ6+B zBlw~%n>V+HBYe1Nf>&7U$eL|WS5V@bcJGI8jfh@U!;ysjR^`+D znxbhN_`I988Efhw2-tom15XicgW2kYrA$Gja)AkB%wZ+7IW}~1qQHi+!ibR#H$|j| z*O%EEr9xoIm}8=$jbU%81a6=bffM6^DO{UxU(f{}OdDLzvT<&_UBCriBIV(C9{Apy z5E;%BG6DhP)WQrdkV1h#$S}bHg1&$X0cCV3BmTF@XU3RlkirmLt*G$$=T;@S$)T?d!a`Jt_xk6xHDrG3l#L&MgkK7QmIW5kqn$ZJi_IT~%4 z{h(@PCi}_DUp|~1U{|-~b$5Ph$(6arJEF%Q>(;*K+KOI-+SZGgs)n~{r5w-O8rg07 ztU-@=NUo=(H0%GIzOm|$9(#SK8tiRz^Gd;jh=Gf0r`3%#pR_;nrq%q%>oe&kGfkZG zavr_k*!erxhYQ`~JFU2I-{)gx#o%TPj$@ZRd0iVvIu*vQ?&L9L4Ev3@f#tJ1Tr0`en0eiv>`#&j=6Jok z=zO*PuI3c{{+w|w)l zhnMK`j?J$=yngMlB)`JJ^g~qNp2l@oo0;A3HhlGB>i%)x*!8{FS*mOQP|on2wPIH| z4R%2-tfI zGhEfc#>_v^UnunR!bz~7Rw6enQAM+^3d!9BgR@mXv}oVnbz|PLBL(y{CJA@x%#LHa zGqJTXwOwi=aZm$d8bw7#{Jh3jm^ieNpDR=5t9`{PIlg3r(SXT-wP0h(z`%!T@52P~ zp_~yljG3a?$xI^Cs{v=|nlAsc0~nV2Uv!~iOtIiL6!nQs!*%X+-@&S);d9yQH~TeS zOIHhGrmnC-i?)hWRz;ioznB{8_QTGxKP4uX%z5K`#(0`jwKv7hnYAZ(^X2Rp?Du{8 zuFDQOdw0Qj%X^!gPXwPhwD@^Zmz90DEI`$(JID^mnR<`Rruj{hArF~qFC0ORnK6vc+zUuEMzg~S@Sk%*Z{k-cV z2kk%lQ`MfNBSTVW++SyS?t|Ou-+B!)oUqjC_K*|%^LHNdk9=@w6Se50%X;(t+zZ7M zw~iY6BB$2F@6+E7+W4MddD5vDd)lbGFkksJZ_|UccI6+ zapxYzq?~^3RatV}V@^AR5@!#klzA~BXocU_m4n6`DXaaCm0zkqJbT1+VU~&+y#9|P zti40lUF*^AkSlxO#rweyYYI7AjE$7p7bEU9KN|kiv$-$2eNdcQV=&?5sm;zYbL7tI zywH6XV+Tfc+VrH$mg(It{r++3mT4!vTkf1NBc-EyqOpDP;lJqW$Rnw=X-J{3dH9mGQaDHwwlUBOK_~5MC zz})T&S`B$=KgFV8!^W7mY^KVvl&Lbv)b2Q3k@>_k&uo^gq5Q zR?)8d+9TT$Z2{X6e87io?#E|uRhAC?m6sGhR9VLPZ+pHe)n$G}E6?1AeG`7z!U?ix z$8H<8&(!H!``m-pmrR}o?VZJ0b13*c)l3j^c9dC(uZ zalQAgzP#LPRjKjni__DN474|Rm{s^d*t?Cj@BJT*5>Bp<+MIrAKc7|bW6q1Cc`rKj zuWSA?dfUw)$qI!epm<5G*uv***p%0It{a-2?_aVww%vWRowYVaJEwMf`tFWbUrXn> zJ{}87RX43WY>pjp>B*DGN!6Fj)|J(?x*WQ8Z2E&yJ%`&ruk%g&bz(=KReq@lHiv!` zo?XxCw07O<$wB33=2dvt$M>1!63}{IutG8{aob#rl`Y+dAAPxvRWt5Y#irXZmWlIoOGqp0#nc-D_fXyAbSFUvG0{kAr{nj6ZH7 zI}z9|SS=W9<7St^_+>~bdv-1@<>~w#_U&B<+$HMd2 zl{1*isZ8ahMkVoCOl39GxuH9nYVP-U-Qmq!q7P*Qi(nP>?KXM z>l~BmR=32HXGKgOdZxs5;vQ)R-#hg6KGo^G>W@1+Kj0qexGQG)!WXiu;$5x*i)W-u zhff?jCORSclIi3jXY9K>yaQr3n z_QGc9l8Kt?aW9Xyp`$(bj<)=1(Q*URIZtxl=J2Q0dUp2AO^p>h8_N`ZXHNgM`sMBk zFQUD!zwdZzN5E4>>s5DGw|#Qz+6(j5vpi)suBvYG4BM&&4!OE+uwg&A;`P@W#4 zRh@0(vP^cbkE_2mVVHx`c4(KSg?Ga|r3?3^_s*=@=O_-GQFG(Ui`UPa*UfHw>-gds zr+!Zthu`UEIQP3yP7&ucXKjIVvz;Q*#%I4AY{lMrBm8G`kKeCLeIL*Gv#$U2OXxyf z^p3O_GZq_n?`k=#!ub?xcVO+D#htqpIRzX%vtYse(o)yAU8gz!_%6n+qW=5WyK*;o zpK<%Qf@1r}kJ`^FvFrZn!g{xyf_tmqz8~|ONyQ^s$JOtdC+r^MZ`>%z6Hn@NdS0LS zp1UeiT`k#kZ8_lfV?Wp~8kIfebW6bl+53=BQI~z z;ofQ+v(kj)f-2iTm@3;RaNA@mr~RiluD`r+>fM2BD_1e#fOJ<-W0t_Q@emJpVz^c| z-H=TL=5YRO!fhGfriN^RE1S3a&C|zIl2kdZZ{-cSRPb~|xgh^Y|O(bJcK}Ej#L9YNSUS_Z_XA z=0)}3pV)I~;hM?8^G_^$w`_<1FwZ2`-R}b{qmL>M*@%+Te45QW@V;cM{eWCaa?P}L zrU`$(@HE(3e|5`%$H&p5>D6vVhP%=t;?({Hb3Z=Kj_(!BNQrY5g#)_*^C_Uv9&cKo>plUp6< zjoBMnX|efCOVbC>e>C{nb^OXFh8H^JCbLG3-d<~4Tv&fMEN9XB9RoX4y{D$0h}p#q z57{umH8H`oW!}|~EBeJ-KTmNUG;{xE_Px{T;Q?#cJXxku<;_;ENFTZ4ew*iOe>rpd z$FqueKfIkCn6B=&?CSjNo*zRaBI{bOnf%?Q38v5UQxEn3{#Bc|PtvMA4xH|-8n`U& z*_fTpLT5eo9CLbYeZQQQD?;CVn3o$pqD^Y#Nypy?I}GlpT)}e886|8hS$R9LXsf5# z^pD}{nVs_FfRoyHY{LowFp zfOLwcSYL-?s;D%MNy93%glJ3^)fMJ83bxcRuqGYr;b~kJ^^I7}{pYE3#)sbC-R761 zUzaQ`ESiwAj5oif|EkU-JDeRAtEr(mqWtd$o0i+z;9v$sGulH`BS;v;4-SI!CA)&A zUe;D#T2y(SsXX&mV--EZxS zJ9N3f^~AUhHlNJL80TIyE;$g9KKuD#$2+1nHrxK_k~Vr<*3Y#O)83fcX|g+>Srz~6 z_{_-*hIPB>)!Zs?w$)%&ecD^2pxltBHYYx=tMU^KSikJ}=+viYyZfeR_utqVpj>KM|7N^DH-_Jm^TW7~ z?;VQ+!+%)zwCuU1+ko>q5tA2s{=V+OkjLw$ww=)JZux;>&hFDcW-K`Abfjm)LAw=b zq=nwGde--IYE(&kXI+^*dhPt^KNEa7rVl?m9iJC>=s#L8@kM0Wkmyzi{Brt^$V+DW z-~*;JyC(x-pjrq6HO6TE+36ToEm#>WSR4joNEk>!PR4y3PL^;o#xdn?4LF>PL;q@9 z!*Qmjlks2h{xbe!gGbPsZOU*Px?mZ7Va5k3la!wYMK}d{5sekyRsiS(>eF z^KRRpRwJj>(|GE>}%?yZv=_f1|bR=~HXx zTpPT_B~_jpHhf*)g0VMl9Q^Lyroe35arHk{TgM(QcUj=IDD-(O9Uz<2w^Q{22X>3S z&W1(@9!K69800v*_xd|0R_(R(SU0-f{^o_zecbG;&3-J&-7Rz%e`?>ZTWrnfyGwZK z6RV@vrqRPfhV!#`n3VOMHK#}HklbE#TRa?e%UJ>gg8I}15prgd47Qb0XQfUphf*L`X6@B|H@M>cQo5xWHq`2@9}$^ z8TD_6$)@INk}S_J=Ax<*@16|F>F%9zVBcNQ-onkHSzi5~*(SDS3!KAS*-vvkVQe#g zh=@sB%S2iHF>vJYq)5|?aa)3n)<;~Mvf_f8NoiBHu#4HLNA)q4$9K686s8W0ex4dr zBOLCe5oJ%xs7zXWa!QZMd-g9$KP|FRcpS8UQ&aKN4bl7PJ#8J`v#nM3E~8g>myAlt zT$}!($hp(Al!6sIMn}Yj^*U`amlK*jtUhZuYkE}q(^K6)DDKWavUb_?Qcten*_C+C zq)j7@0v;4Qta&)=c*uRF}L{r265qtXX7pGz6^bd789RQJGB z-TvEL+Z?-?lO-eEH>QxnG{cdaG*kdmTT8}O~78Vvh=a>F1KJ|Yy zphdt;_deYL802^}Z#Q(#y*?=KlKgi9e5& zB4u|b%H1{OC3$CV&3)teKIqcamj@Sf zr`Ign@xA>jc0~1-jTLiTgLoTT-<3Rm^>SCaIIXosDL*)+aKYdoIHN5_HQy#$YISt> zCG(is6$efoUwZ24(CTNmIu16zk*=BPY9zX{Cc#O$oTZYHota;-(d!bbpbM_~V zu=@>hS^cchzO8x$n@0wLam$pLObQ?;+6CD?LlvF?Y7iGQVW| z(Wta2*nhISS;YKK=U!c_O#M)BJao*#4WY{i3#wRVaFaB~>$-Bve|9=agzH-uS^WrC z71fQgZ;V4gh|BD=NW)iAtgtF}i<8~jO7FiJVe#z8{&IP9L&xk{qXtfWb+CVjz>q~u z`(k$K{5DI@)f!s7 zpU+gz{BK|f-&P!i@LcPk%q>2fz%te_!PDR0{jRIS?3S5*A1`IayV=ApL!tT$5~2hU zqCw~Xu-$31!#Qb7i@=~27t#s~qnN{gy0+?iwXo3k*}Yj8y~hXmpP#(^Qo3M2EAr9! z6ZYc@hx&|Ow)yPXA0E7NT@kb3{@_CoRBzJ+&kh)#e?4`*^V5!ZEov60nI^M(4>X@^ zf0F)qP3U#MA`W$ZpT-@^7qtzZ-1exs>67>udzw@l=5zS zQsbuWy67lLpA==f+(pvOrHx{8^@~NUj$_RqbYKrXduXox@~nHjT?(%Ssq8Vg3RX^? zU+>l@@jzMM6&54>=dbwvYOk0yjoH diff --git a/Modules/AzBobbyTables/3.1.0/dependencies/Microsoft.VisualStudio.Threading.dll b/Modules/AzBobbyTables/3.1.0/dependencies/Microsoft.VisualStudio.Threading.dll deleted file mode 100644 index a94e9380c16fea6d5e94d4ba92f3691b7e4f1976..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 416648 zcmbrn34kO;mH(feS)El~eauuJRXqnY!$3Dl9RtH~4loS&DVKl)Dl;G;Ad*-$98z6v zdx0XL;suI`#n=H?rQVwcPkG*_aP`}4&!>OP5k0c{Gb7%|2fnuFr}|F&+MefJ zenn%=HTC%U^^0D(=6M%geRaHj&Bd3lsb72bnk%kebKDuvT=T;Cl1tYO59jwzvOe>8 z&pWLz@Lq88U7t@&d%|10X0UI6&nt(Xmv_)pPR73m|2ACDTWWsa;Vpphx8J?Q1HbdG zka}%|Sy0Blm?Gv8YH&qPoZuQYx<&6nE*g2>+EuXjN+{mfVeetiqpDQ&EBfB}!$&^>@ z-|xME!pWde%ohj!YSAC{;*BKm+jSKC<=Uu(Qtf##HyQ{WIPQTu?16 z@uDMnVKDnd9`7c+VUUSvg|NKV4_dsbx;Et&zZD%tJfyK8ZUe%GG?i|>dC1H75#1mU z-fvOBUkD*o*f>_vcLFIN;77+1h$6iR4OZ+QcsJr^!DC5Zgv82Mvq5wMZrN`tN0>1j z?TbzX;y3RCP+j5|Tk=FF0UMg%?E6iX7BoKO!+~io`GFulnFQ07A(zoWdBTj;eRX#B90H2dFNj3q~Z$b^Fr{V)eGYkEKCNAL)lS3!9;-g8N6OxKjNa}(+TD0 zS2!$dS-)gh&gXO0FzZSRtE-If_Cx?nfOe?)1ryPWzaila|aiw zD!EYzwx4BfWC#rvhv{xz2!#>-w=y`NAE<^oS7f$29ER~T_?bkPw)joGzF|vc zbA)iu&pvb5%S_cu)3ayeSqMJ{M#dLYbBb|!#pjaJ7^E1Thc|u}kLe^%*%tTzXwvFa zjV*+SUEDx?K7oPw0-i(jJ2h=W&jIgsce(mL)UI!a?omhFw5v?G*nmO8*4-cv3Eqwa z(>4`UbBk%!cMgFD^p*l0{@E1TI+r?(dVcFXb0=Eom^RBjyF3HQ52c1V_ zO2MB|Dba;QJ ziGTE4vc$_B2s@3@#}K662=6r>fbPiA))o=nI&0XJzkU#8h!A;|X+K;DKdI)qm`pPb zM!tOOo`eo^<4b^)Z}*$+Ky^F`TuMxQ8IKi6*P^7e(ggAI0Zo?=PJ@>#gL%IpS<$+J zhu^qT-WSMgNCkCd#x)V56?}r$Rf@>8=#lyIrs!&gnu3i}%+*OaCR~Mja^q`wfIup4 zUZkL8&BZV{GP}^I1IdSetAXp@slrU{cWZn2O<@zGNaU+aqjRB0gut#u*8zYfm2%@h zLsh@23Pjg0nl2n~-9Us((<49Z{ae&ZebI|a5;pehgYA?$baiVX7xVtO)twe;5^Buw z08L>w+u{+=^6;CYOLYo4D9=C~f@kX`it(Fr;yE5Il{mkTKM=pP9a`qH8nycDV zVKP+|P03|zv4cVMGEzn_hCnV&5FyMf@M|A~lka`iJ3QM5%gTSf_l{y; zUjDRUUe3EDr9T87Od@r%(0BzvwaqJWVbz;({OD$$;xlWaR}mOwRCqOR*;RWeS6l9f zO(l-h+;LBu92A7wj)E~#9R$^nPZ2WwT)w?55Jo3aDYCaBjjPv%(TRf9>BZM15w9WJ zTlb-RMz`WCuQRTmQ|mA=yWy~L8==%XVGT{&OX> zi+2!HTN)h$=XVVmWz%(OBd-MMibyoIM9-LDlv`08p0E4Odx?zS$s>q&@T_J^`3iDZ zVAoi==w0~H*=pbPqj%#CYf~tqcxnaTk5SU{jra0s3FIPz_R~|^%Fr7`~bn1N+yYg(UNT}~hRmUrXQJ(1G#~G`T^&OVa8OuY(s^I@Ff`BF#q z_l;pfOuLW=P#x=L zf%xO#RGmP(ZMSgw)d1qYF!;c{fT;@fB$DiQUFrm|ccg}M=JV}iBB%z0CUgOaN zBxhJL67>u#cM1h2Wri+;reR|2y3kk2l#o#QuzI-P{G>9_@Kb8ZTVV)Qn_C}@VK*s# z0_@!TzS}cGRad1l$F!sDc=Tz#%0S}BpTP%N6PdBnd*Q1)b-DofqOwP`*ESxDqfkxc zLi||@h(D)?)Zf~}-2#h(Qyw_s3|H>*D5t@Bl^>(v(BQHG{fqB;dx*C23xSoQD@g%e z8-)PtkKg<#Bh8wh1<2~Y=<}4p^m8;5QCiq~3zLX!ZRtS0DZcWhl{`p_#us=Xm_Egu zv#%nJ%>i%5vk>}Z+W4a4=M)nyff?h6T>4Kd{i}P^2c7ha=}G??rN5;&eWsIMF+J%& zq4clmP2b;1ub7_n4=DYuz3IbFdd2jl|D@92)|)=tNw1i$^s~43rpzhjUmIl}!^dVj`q@W%iEVG(%}tQ*(;xWaugpf1TIs6n%{!J&HH}hQfOjj=qVnF#%Fz zx%oY^Rg_AxZgd*p$40${;wFZHc&$POsRiEA2Woy|b3^YzJYVAvcC?@1$W-s^cpl>q znQ6bV{Rh4GC4N7sGdsVgewqsZ15LE@wo~bGQ^oovK*q<%>)UaQ#i$RQc1)G(&+;Ak zQrtFpvVKC~z*}(J;AQoLGJxwR>N(y9FRwq_z%TCwuc*Jpz#r@ZNB;v-P6zotIImJ4 zuVak9CSqu*OgFv-Etqq~KY@dWF!C0WNWKv`{x(t5e*9Bns#9V8>%8PbSg{t0=cnn6 z=4s*|DDf!y$!v z5`1hvn8wZ#{{#N$J3QilFlbkibp6lBJ1PV$!M0t zBgod4_|c5qtRKw^`I2G~`WDklVlX=>W}ROgFBPTAgyt`nQh%unUK;PfC%fR2Z8)=L zq3iT`jQpZW`9jPaqDcG%b%;Jl8I4E4odK?y$IKjH0tn9F~oUy?BaMfWEpmAvr1jg+?ryo2h&GKCBI9!2o4R2vLca=RxNEct}d zPc557_Zaae+jGc_x0QVNB;R5lmii|MHJGiQ143XzJBWTolIUM}+-SUjBH|&H3qka2!B{Mc@1n>XmA8J`tT!MzD!#dz zFftuE`lt3d6V&_rDPpB7LbWWeKRJm16;Hmh590MV_y)87x)qMXLzN{te?z7;JU^AQ zcE-&2Ym)sN$!d?zk7z7ELem8s8;Y97CcGAT2R_FQ)w26)9y=vmwu_eeFxmqQ!uSDj z4|nG1uqjTK{yx7pj9*C-E!X^(60ewu{sU*ao6FOA^GdIJlB4UxetZ)zF?Br)rtUHU z`0>rau_kZog@f}Lx;M&+{oL!AP+W4qSPrIYL+Ji(VYjr;p9~V2$$~*C^;btsj+qFn z@m{H{@#M{EzE;s>zT}ukVy8OOC0yOi;Yv+n9we@|&2MU?F@CH)({F05ae)(8MW##(7=_tA51I6=)rs^HcU**J1=0t~Y5dRmMZ#%nkV1GX#VV#0TG9#o4 zWIYKt=$k?7W#(g5A8~)b&O7% zG5u{PHKedLb;*df4QQ?R>JO%}()YGer$}v6J%5+xfRMs?sIp(inkCpUoXZ&Tu~-ey zmxIX-!+yqyZGdGNM@~Oed!)N)^;{>PhP)Hb?v#BDWi!tyIO>!(92D39P}*ABP~H`p zu2vkHAL>|di(R(AJ-pI^Y5q9cF7oF(A)pm{*Wa(_BAH4nP`Vd zuuFliK1FZ8#E({D(fa{ZRIbZAMbu@#K=kA~5`kjpjbShkS0e%udTuHf&T{2hvx(vx+mzs90h zM~o=Lhe=ZitCd7puIv(gOQX%b@|EOoQSwZof7@ZV;RAq#_6q%la2sqnRB6K8gV9lG zm2d2>%hv8%o=xJ@DOWF@z)MRC{k5JK9RVZi!DOj4L^Hh~?^v#oV@HkgXCW8=wr1fE!3nbR3;pQ(1(>Dj^t9=5o9;%HNcQiLko_$AxVE_WsF@4MN<)LgB^kSi=cc* z5dDc-5?zYkM>`}+Q&5!kDhXj@?f1R}t*X!_Wp7Bbx2B8v`d;WOtYiHNzv(>F^Mhld zUr6+xPQk1elB7I7IF9lI`H=-}i(mdUY! zF5VlB2~0Gp6{B5W`Hzs>0Zk!U)stVT|ISFg#EV3QLAEwWA6{wZqA4!5>>%7*v*|KoKpD z6$(oWg>BVUg{3S?28Dq_p|B*npDYI}`9eXK&pQcZYiubg3>2de6Yw!veGnJ@eTbfc z6mX`QLPkAZgk!qD05SuZPFLruD|1dU8K1lj35HoEiwz~WBYH|C&ra0_r*m!m%d+L@ z#~j}FOQ82@uZAbRRQ=;({tC2rgFmIwPkPc8+!|4+m(M2O)?G}}wWs55bJ-4KZl-mQ zx&5uTn>&(ez0Eumtvk(~aqmT|U~@KoDC9PMs0;{fzo1Jec5{F(y$ln&q^DLc!rBT# z>LV^ROh_zZA@n=->+R$?u72G$rtB)?9a|*&1^fK+t}kS&dnOFC(3egr91nKVxQVIX zAAJObP<}fDYcgg}c;{T<`g$FK_bH)Wz=JXr)^d10fd^#4Q#3dPcU>2qKVW3@TlXbo ze7_^314pYJ85K(Q&Zy4El846aUF&Hx-DE;kfLfaP##r6*XR#Jl2*%Ia?K;%DLtGt% zqjbvslz(7+O4k!phQ^bw9)Wi`Y4#_L=8z(p(~FPo9;ptl?44-F7{r;^Sl6W6B$UoZ zAA&L^-fwHq#r+?tj0aVg@C;Ve`T^p(#EOjcXV zv5=)QAu{`>-jqu^xhclw_U7I+OFOwK#&V1P7AxXVF7Bt0;(C_t+O-_6u&QGr(OzqH z@y`&9GNV_=b66RvWxkqc>z%bi1;L}#B+C*pFjYE#xb|QVv(w()W9&sx=}P|6F;;t6 zBwLJcI^?V!)y*DQvf7iQ;(And3kkz~=mdA0J3_}DWycLlS88*EHfO55*SE`SH)aim zrQMdbv%3pFzMCu7Uyy{X@UEB|)}PP8bq*iKmxNnWe7dq{GzhjCvuZr*X?LV#k#X+2-%0rcdM*V02->^Tx2(BTzx)yKO@LbB51~XMN^-K@gXgs$G1mv?p4x$#fo&crh3YmoPO`ugQIYtvGG zPDa_rh1~Q`?x5vbTXqQy?D3V6H2lFP}iPogKGY%Y~(MYvW$c>4o_>pw1q=03> zwS$03j|$LuwpoPdmuxY67()Av<)mxzm@RnN~fjs|aS zWq+KU#=>xkKl{yeF!=_ah46F@Ca4h%O^OMl)npT&1T?T3MQfDpf#K}8dfz)k@2MY7 z%_$~i|E9X(Cnu~M#-|V+#!Ps^cu!@xmPd^RdXbq)!(Iegkd2Qe!F;ha$V4J~3>3Sq z$WpK3Q+xA~P)o-iOqZs=vMsYc_H6Qlt0GoD^BLC=vg3b`e7o)V^Sp=dRR|9IM|?8n zt1Y@GccqpZ!yy}^BQT;~))i_@1L8H+CEf==lYWdSQZro$vf zl|b@t4X=Za8zm|q^qXS7m@4hGA7sBUW@D_D2#45dus>cS4Stpn^R-_x0%R77r?f`^ z_}#7V6};EI(~-yb9`KfZJsk&pPgDOxp@Y923pKW2!##{ydJVOwR6JYbaLfVZU!f%g zk2esgJ|m2eBVc6fV&O182B;JaZSS`f*4ml)K;Ci?w2GaZ*|o9oWk#$XdeF5FU)igX zKH9TrXAgF6CF>m;Ft=Ej7^t1m)g*=nW+ZDP(V3FfK&Iyi1y^0yvEzeOt-o^JOgXwv z);*=SMI13>YUdvGuDaggDYWbIs5c*cbeUwv&uF)}&3igwQkj!baV=>gXihSM zQKY^gWn^DcO#8*g1*+ZYetk3qNP7TmY!$3GVbEYv-pSKIYe(MUs&{>}-m2JJ6Rbu| z;Oz^eIb?o(2N;o`=yVk6k03qr{cvz@{Tre~^8Me<4O+i7ccS$hb7x$1R3%&Fyh72D zs_FyLCYh1_iG(2JgZb*61Xw69#k(KXBUeq)Fpb{ zD{TF5KB`wS_6zOm1l9W{9v2)$0~EM-j2X(t&j6ild^%6?RAnd--Z=rb#is#cm*SLb zbuhy$nlbnx5!zlf>r8cNI~yY3LnPRrLGId^Dg>m8%H{l)YDzubVKA%f{I$E*fBquB zsrHDN@>ZA;tCFQHEjfOFGxOU&@lMDiGYpeZXe)R_|{va_1I&W?bKYf%B)jz42Rz47DLP z=cD^r&DkU&!j`*qA(5ATs>VG1z07l~nCEQJnwnEgCgq!F0&;tIUPNJ=;gz&;x<~JX zKIab)7##*My*Q3q5(M$hWF4PFKGXA6o7eR}k3l5FjluBnkUk2|VO?`s;8`V9TDpsbG zY+2(-a!WEXgJwRU%9VYyxpzs>YGGC-RkH&wEn#6&&4i^bd99!2vbSGxz&Ap(K=)IL zrTm@A-=Sh&W51q4+J#y%tCC{Ia@cGwU+nlUeLL^RoYC5{8p}ARpDI}Lz#q%>AUrlO zI^d$lP+=@hSQr@VuVi@If}cY;jT{*5w^Z0!-Gobv7+o|BZxb2D!s1xg%9&0v&X49@ z_Dc(4Av;yt!ct5A-AdfX{M+cB=e1ko4z{rEP#bKZ4dSn3RSDv6@Qfbefwuo`I-L%z z$i-p}Q1cxNW#S(x*pB>hZ{$xDgxcCK_Wsx?!@@YJmlxGF?OBR8;Z2U9rMHdK?Kq=j` zcMb2cXHVOYupEXvZ1dc-8~ZcvOgr`P>n{^7NDj73)ZZvSQ#eN9`hD^b@@6nQkoNE# zo`vvE_3*F2u~T!3vCWgN3T{6V!?C6;fyejQ-6Aj!KE)@zh&g7x=y##%fYcz+MhqN86gE3xpd?~kv;UmX)(A`G4Cwn66?eH|`>m38+^seZn)B#bY^Gw5fv z5*AJ~lck+&Kc7ceV@k1>z++-WHSDPLQ&@M%mbMILL&l+ZC4F_kV~y84(aP`c=S!7? z)vZ1)FSFFjbbtMb6zrP_oc%t08$Vy|5@K5Dz^u%_qsd< zCEaUkvOWu_i^=auQ`Fy&FQ|V>;mawuQ@tJ5DF?He*?g~@yGwHJ3erx^DJEhr>$ZZk zgU(3^wXxfWcM^1HT&e0L{b4Aqt3UL|F94W!h2gNS-a{`iXp$7DI>?Ai%W54Ahd;O+@ zOf#B#kDb6xy;pW8)m;J6iv&4<{m-~|JeGhJ9kK3e=U~)Eo554RBuBQ6DaVNo0~9G= zshpIt6eZsPTMS<0aCeg3c4c={l0h!53x|S%->O>1Q%I-sj&vTl9I8dk-C=+r!mb*! zkq1j?$oeLhOwE=xfyPK1`tTmcMcYyQgorDvr+JvZ{V)ZX2f&jlz&rqclmb$Z4hG0D z+x)3w!t#AVy)0xf41i4Y$3S)CNyWF#EUljqra*yJa#Rs2jIEN-o1ob#k{_j(GIK9$ zex=lYQ?I(iJA+}(pD%{-bx;FaSzq_j2bjgl>$TqSe$GCY9v_tr;B3k`)nwFh!jdAT z=bR}&(^d7K>&X8m(Tu1h=-PehY6rFkMvvmz0%VJ#T1jHXCrra6sghA70WMKM5r11xq-O|oraS^cNHzhi2-D?7rn zi0u%4pQ%v(R;<^3JEE84Ejt8$L*m`#-<`ST8ofd<9?a~6IaQ@`lR~1cYfJR8UfLQ_ zF=Uuq4+p6#HoEZI=Yj;|`mh~l5aDgZkW009I~BTaUwPcx@?O`LV`*FZwjY!6oAQp) z3#k0!om1pD>1oXp-Avv={3@Olmt&*ItA+8n;q3HT>`;ZqJ!GHfB7hO{_v;rb6LjRt zbl4Q6e#0WU#NAj-Sg6#6zcc4e!;tbQ~6p3etZu(AZA*> z2c#vNGYC_C)4{ICWvYr@=-0&7&hsPe0Ac(V9!cL$Aa4ZHV-&LVLo5`cM20Pe<|jMG zk6t0*a?gj?Qf!|LUTo=Rh5#1MjvjfdPH?)M&neV{&uq&HAyY;`ubcgu>T{c#Zll|V z_i6~r5ejmYta=6YI7{`|8GoiHRwLoxZOAYx)H19sp6)mQoy=KbHaEVVLM-ASzxmrF zLT)EwCA&^1JI8LdKODi8ob_Ul=}H3L8t;@V(>jfM7jIAN)chrRnUpsVl3GpW+9U9O zL_Ls+X+5m*FY}xKNs`*L{_M)R^uxYiYJ3{zZ0YsgW9+iWT!aZLtWw(V{*R?udP*z0 z(iD8U(iE=_=9mh`$c2thzV|L~^+PHAP2M42b#NA+|4Z1xcnye?Zz<$p z8ub34tTlp~=Q0)tRV5k5aO2nUf==ZWISiF_C%vQ&qx-GYKeQu%ylex4*{IQRGsTz5TlrAiqnC!0 zTPN4$!{u9-bEy$WVUqj2eD7(}Z|F(SUX`|}vc4R6mr~X_oj%Z!MZ4?E&3_d!hW%p6 z-K(UaZ$P_F>1jJFWu^VKlAPV~IW=?axsKm7e?S57&IO;wU)vbrxAtR1V5rz%&WxUR zyN(|nCT1J=qm5!VEzD@C@6BpPS4qZ-FKMixMtL^sir?ZNlD7QTm?wiW0u6A-8RJ%CQjE7vQ zlC@o_ZU|!gYJ?qH=JlaMmi?K@RcS17W=q3|zP*pF;A1)MPi0d?kU@OU9>O9|{8mt{ z7R;Zu6O;Y%MXZGNSM%(XX6lzE>28beuc8F2vzi3?h=ij;4wjAIM&8qeCG zI&mkpdYXf|)MEpMf!gxf^WlPQbhlow40VSJId;w-_7F|x7jn@C_a&lsuP8w(c$Rtbcp7sU-XMBn-0g6M+304Uo}$Rl<_WiqR#}`{Z3(;Dm`%t;-db zx|Bq{Uj;rkziM>JLh-V8f$r>9XKXHeN54^Hvz;}uJ0Q{V+WT__KL@Tuv+y3r9m3U5 z@OSY?zwmy!6Wk|q8F4FcM{xC1`b&7QI_%xL6MPidEx_*Xf=}zNk2gT_@&Up2K*%#A zLd6a;7K%=hyyiXKi}!9^=?6jm{p#J2F%^nk-LH%LyHy^i;&H0Ov^A#Qlv35P5KNrm z{F%Y*I+)ltU)Jy}gbztpok|H)bBb}xjB9jXVP~ardiMi;q6byHZLdkk@jbj7-sH%n z{Rf|?F3*zuFvKD%P5VocG&K=<&I+l5G1`3Eqq}O!Qe|f_?N&{lYPZ=hMXb$*u50Ub zzKziz5XIa84amk#14Y;%Nvr-qzJDW%^xSZWU=eTc%2Da~aiVv2a`&HhA76ieTF-v( z$MDRS-gFy#{B{wA?(ldv zelDUg$)ZE6;Vw#zWr}Q1<&caM#hjm?kt~S5tO5!)-IFM8%M3&S2a(vo%Cwn#4LFV8 z=}%d%QZaOW$*RyBAInzG^RuHIKVS(8bDIQHF3us5rz=Mm2C9ddpwC7hq_(aKTZOOn z=fZ%k_&D%3zyQReiDF`{THP_vYUjgb{8$$S_B6kvKzt!@R+j99nQQ6vS{2jNxQ++i zPYf{1g*@O>U1D;(kWa+;lgU8djYE569~&GUw4r@|$Qm%T27Ii1G}4Z)ZF_69&hjb# zy5&fdFoMqe5`W$D;z`2Ndywm17FR#zvnPKK0Q*P&(tOl+?gx(fqpgo=yzXOsJ_^zt zhKysfDK_#ooY2Ci{QU)$ltywtZoa~?*61(s(M`TU8bTi?gtgtyyI$Uwp>B4d{-aq$ z{CR|en;{4!Ro;P2ST9UahZR_eq}sHntgAYzWMT_C%v*7etG@IZ7M-MHA=ADnnFgOR zk5BYWQ$5zP$gGB{B%K*UD!K_b(t$97QFH7DdFU6^pJ?a7O>cgEWQb)pciCu1T6C-4 zX+cZ3u3p;ShU`XAtp6K0T@|p|aH*{A>5+ zRkEB4YPm3>N@$`D!vo`?&0cfaeq-tB{xfUG)1^z5fzbL7I(qd$Kl&ng#2+QYp~`43 z{umyaBd-9;Y1HwYTX*@XE!F4T(A|Hgn`=8;-ga-*9ZseTe+GUJbIu}qV3*kG9*B%f zt0UBFM7unOAHReg9BGT2R^e}a87@OVbg$D zt$>=H7BWp`5dA&=B!Nmn_%7)`)088J*8E1y*5X1VpHrpTg%P2-gq1##bN55?fSp^C zTv@{(^4YtEzdU~Z1ebpDGGI&;+ww{B=3?N|JJR_dHy^A!Cu!c!IFsrkyxn7LX}^_9 zg59G?r*QMJnz!=gRBu@A9r#R#&br2@Aj+JqK{h|fNUSr5?LEz0HfDR?_BA(XmCc=K z?PKnYi;hmGTd`+MA-8AjrqnifnR*=tL9@**PzpDb{I?2YtWZ$y|Hze*!8{n$Vydf% zB;m{-mEg&sew{LN;w+ZJ>+ErseBIKbi$0#=D*7~aLJyO8m@c2!{i4naNIXkcNLKEN z>*S0Ijh%d{*1u(A*gp9bp|5 ztrY4y8-+e&_O>2et!7=eL)gKv+?gGM=(Aw;w0!D#pz4ioN_k+FS3b${fb4yDQvNoR zIaWd!3pPFjF;U^#CHJU?ZOO-G-{ovumFzQ-YDac*SvGQkn>MuW1@&r=&lfcvCAgO0 zV;%cuHvSyRZhavVd~6q`u)v*iDE~gQ^nEUN!?tcsJt?{OTlR%(Z+3NodoX^x+wkgs z^G|RN*V`FJ8ebKTv1_uto<{l+7330`B$DP4@5OXlF^TrZ=jpo_i8j4Wu~RG9t!gX+ zz%Z}osrt)S&PH}5Q z%_&CXZu@qweytpYwlb>?MjXd{Wmha> zt^%Q10){KmfU^T+I7BwuAETyoMR7<%v|vUD+u;!Z4gLYgvX9!lWxz2k`Ti|YwRgB> zxjGEuBE&0>CI@*3Cg&=3TmPlAX&(zcStp)ncz?8wcTj&&ex^b@*Wrqt>Yy!sVf=TL zK3q9$AZA!&gMC0x`igwIf-9-R?)GSOSLzFkRqFOdD&^{Qw0HbXX**AO*S#&RQ@{5e z>V%3;TUebiGa~6{kMCu@$HaPH1O5yp6viymDt$T0>F}>27q>}BmlZIld8qtLUys&z$)$E*msY^= zU5UR3t)*AEKC{YOk=)NEEpWr}p50Za@#GM2dOkQbzRwF7Pq=Bl`$SKXL#+bE|3vgy z#%|VNsrfO5`Z+){Y^&)uteipvnigKMEAHxdP$x!|7D+WXPuH{oX)W9CLl_I|?^heT zb#d!G^^bP|SSrL@JMBDshy-q<7kt(qpGvXSVjCt(qs8@+cz-CbT7#noPs;Bb z_($>v@+L>`>?Q*%fe9mL@S@vr;vXwnM#&h|x#ibNe}hUFFQRw4IY2WcN$s?!*DrjR zN-M7yC`c z1=@zeRUOBPT>nf|d7WLAl3sJ$_zGhO8H-*|lJ6DjyM|UiJnT^bVT9snhwZz`hrTNH ztXoxWs^xYv))_4R8O0XYZ?m@Mnh*#4IY6v$>sey?g}lgDE2*{`;TlS-;7DNT&ZBeC zd0_q|2;U?b$N3#pXxi$~a@7-!`lHOZ&xg!R`Yx9)E$i=>x8^y~+Kr)@5<)?3-0%UtLcx2N=2<~@JT(M&vZHg$Nx z|ED_qD|kGeH9nQ|YrRq;=cVtJkL{HGV#;Q0dOG^4%H5WnE{0rS`|mH>bcufhI$Vy} z1N*oC6~(0guk|)<>(J+{D?2#SpY+WnaI`JIm<@MnV~M#Q90dsCf2VM+%R52y?S5W! zA6ePGL<$<;ab3BM6ALkUif0^O<{h5cFK7MewXk7Q%~a}?wy=js;-|cu`18|v+0X7F z&#S3ZH?K0L3hkZyzhJsJrUJ`#_s(9kyw353gP8QPCatoO#@)u(s1E0C{sTIo#1*+C z>p$hiD3*&qK?2hcfc{Q|`XOu_E)-wZmIlZ)w_jt@EA5x|>tS!*;jV2wzPpltsnZ#J zxM;7}rfn8@FQI<%PW5B@s=D+Dyspaab|+DSf2LAm_%-~Qw+5LQ16xvojH|#CRDdD5 zy8;gXqF1b@?Ktf1dvJ>Xv%JBJQ~Xc!_P)l!b-gNCvoOv~{r6Btqfhi-^00d=6aAs> z`)~QKT-1&W>rRrpy90N22kuhf%|ZQFl8=~dDJqB`fiHsiQG0%qr|gu@Adw=V@mnWv zRFbbM>DZJnR(bn9!?phbzN^L0g%xLYyJ`_cKM?S|USKAA zLeM{-K0j6R%X%`gB7^9ciupfK?pI3B8RIS-qj|x0#`}i?a>&IJCc|XgKDkRX!sSnP z=j>jHek9nRjh!F;Lg}qtrR%;(eV{(F1QxP6cu?m^Ug~fBk-o&qqkfzk+saMT88q|z zP~%Sk+3WBQ9Bg>2F(}+CuWsBKm9lT^Bsoo%7l5aRyzf4KH!a;`%Zs1VduT<@{-?zO zLRqIG4G=W7U>Y^4&E2*grJ%Ju$h!&IWAl>* z4ib`bEg3wKuXhX8?ZGGA3$KjeV`Y}xrWY0=tmil}<@F&1RTh}O+b%9m+ zf$r>r`gzLQmZR7V+xANY>P@~##SoI88$m)yFpk@aK9uGz9WIW+C~y&`cQfI)pTC!L zC*7Sbtx<^?o2LYI+bes9gp7^^yDYk|CJtIllseNY$nhJW0-4rQVS$WPRQUow`Z@*2 z5}dZjxS2-l6(v)7TukgP`rssPzW!z^*#1JHMIVslatFE4pOVmn{4BYWh zTfq<90)F|tHgWq6L!IK&+)VT6mqM@YqSw-dUYDx$pmmv?OzZh_nhLlQw~1{1ES*yQ zLR$R@g9rDCcU61+BGoRtd=|nCglY8i2%E}2L6Xtf>SQIjIz<;zn)9OBgkp(&QEq zS20qsu+#2StVFoL4sy`7TeDd(9vUC6oD;G^mCwKAhjmcek1$@c%z#Pow{S&x)dhB! z3hvi<#pryVWAZPlNPdupP_hgIf`BIl~8Hk5~xX5T2 zZ!Ufh;Q5u)^UD^)_FY6i=Ijl+P3`6fya1yZy?;ONmQUN3F6bKAz1G)LcT=gE!oLz) z@Rd_u*8W%95^0p^(0I^BE2>~{=|scaV=#casxgC4rfMplo81Nr*uu$HJPYBlm}&&H zr{)wBT?`AbF>(bXRywiVW!~Md_A-0PX7A7&?D|QDkczkE<*w~+3hEzMcX0!P>(hK+ zM}0bouLXH3*~U z5#jn)##;l8uu7-zU~ac}g2qznXQ{D9lUnpe3VO^tS-<6k)Sr-}L0ll!;QYi;V^rkG z#bY?}xB;~_@M4N|bL=}oJ27qUaV_=-P8R43bGZnEX@yPA3x#QSZeDa^4z62k2e{}; zNqzkL?CXx)1`*!df?F(C%)1cYL1T`q@=+Mo~sqA|&vOQ@GY?2qpX^JG!6{|M3LefTDMXKR(hJ0_F^7;|W=NX^6y!gdpH zpCT(;J3oQ4^-DG%C;OKt{b-KL_iViqpuFqmWCJrDTBfRTwqJJ!Ft#lEdi)yYVf0&M z|1#4w_c2YHiZp%t7MV9A8b_CO@_ZGkxT(y2k<)ff-mgsAHMvgn)DJ6gN?;YtY##*_ zJs(bJ?-OVlpGC{Tw#9x;a`Ia%%?(<6m^;y0W$uiNj^KQ)eJd2L;ZeRL+7l;U%VToG zgbVCNV0N5N745Ag#qudDC)fN2ou)BGcuq0p6a1NJ0uknmN+VJ-T4P__TOrGe-hhoy z`%wQ`)xYx|r<0;GuM9a@E{rOK2E*)z?~AU1?u1|Lo$Bu1k-bUd2J>_1ENt?XNyuBn zXQwFxdvdmJaDD~wb--&saD7i`yS`T}Ya>&7CVQ&t`qU{7$?<4EUUD@C$Bcb{b&m1^ z)3Kr}p~tje%es=v{Q z5WPy3?p(4|-6Mz&B3Xo8s}dc8kF%nTGX2pY&$4!A9jaW`H5gdKIm_yfB>%=?#I#D} z&UTbZIT2Dbv@hk#7-2~8&30m3bkJHRRE%HPN#@b0+4n@~s=lQ?lvB=1#P(H+RN?^&vdT zB!%359DQEY#~{uvHIy|TVc|66RN_k`GA;sos!YZl`=#@&tJFSB%4wgVbs{-rs%2(X zC*kwmIl@?GrPj$^fY%Ceib_jXqfj8wzYFXPN&XrcD0c$*iN9%OOHqMauOdc|% z#eBTPMB#C~6P>L9SZSa8Nx0}*e4{fMWodfUM}K-I@toicbjUX>XUF=BT2#bhc_MG; zqH~CL-vS=XCM(AjPt;=t=F>+1HQutr+#FhEh_`N{j0PXx#@yhy&ckI6z-QCA)p2GE z4#W4%`GU?|pb#70aH?zgoVkDt;j?jUDx}5Fa5y{Q^eTM``Z?_==H``%ZOPax!lrWT z#XM{(ZwwV|g~o#K*1S{9Gvu@lxZT)fJG$0TqhtgAGZ8Uu-n!0P_F7lB_cku#4bDAZ zET^ew-P)H4Vr6C_LQ5)Nn!g80+DOH&7QZv?x>i&fc>ZmV9VgB zmyMW;X>+gMb}#v1OPN=m;edQ2)d_D0J;Xsv>H0!CMmUUY{OB1iXij^P4W%lA<1ccY zJj-}*qduq>)JM=-AEKnYVwZ7a$CfbL83K}FadVp6`IZ|O6zKK+7&DTZ*c*mN0+9Bn zfh6aKFwJg~w+?tmQfQL5F3l1SZ1pruU*=G9MKmr~Om6~>|M0rbuB7z{qhY8@zRJM{ ztbA9+*e$#yMbri{4wrK#O@(&o7nZ;21cYw0%Qy+J4^q^JJ>;6*xiu|F(D){!Rf{rp zmNG^)q0$P)Odp+`I~M%(%N(EKndi^v4?WGaJ$;_0u^*BZ+eYJn#638150_h?K}a>O z0K*%RVeme0-a>tK4DNko=2it!kk4L*Qc?_+LeQYaQjV3JN(|`{Cs-A{+HF zD+od6t`g}@rE*Dwrjog|lC>G{80!2Q=or0_{NNF#?KY(wAjpJ`qiBWrY7)6LQH-~H z!4x7oISXZzd+wG0SIHkCQD_{;`x3BkW$ePp@-{h51$xv2p=b5ku+qhbO{KIE`f+pt zuW=3K-iXcWZe`GT5uw)G@f!X#xbW{;SP}p^3fsA1dpx_Fs&p2)!=`eK>*O6aRStXj z&2@#_*(TjOUOdSQ-F!0kHtcZg2aN4#g>HWPB>3J&-ILF`5*s%_vbY|FO7)Dl6B?YKOq%FgLeujnb}E)_ zzD2d!+qv21n+PSgsq09aZN3>mbUofm!Nod|k>8cR@iOgr*=3o#ZHqYSC5{gIBK$kQ z<@B9>mLexi(f)eg#))$jS<3=8Hinl~4-v{Bx&O2xBc@e5=SRXBT*H}c{RIv&4;zgl5 z7KQ$9QRv>Ii{*RfqR`71h2Fj>^od2G2aGLN+Bu6tXBLHiW>M(EqR{=v7b|VcqR^`s zh2FU+^fQY>f43;KJh2!KH!TYN>Y~u!EDBv!?8*0PzaNgAfi+W`b+alt z(jz1F9oWiXkd0r#OG8<^Xs*_ zq;{T}Y!JWl|CZ^OOXctTZdVbOrb=Q7)7KN3jpb!S0Cc>(OrbF|F^&iNHfp6jpS&ic z`P09KHI9i?F^Cvowb3citUv6{z)t%x2kI)9qe50L(>u!ma$5$_RJM-?a2ZHg8@xcY z#ni*yr|u@z!>~_cK$T_Hs4}(y$$bFZQ1m!d*OD1jn@h`rxcIT?4xp_!@X-ADjphceH<>%pdb7DRE;^c{s?3uWitgm$Y>y{W$Je{OY_9zo zMmy#8S#$Z8ueq7l=gggGecId^mn_1Hq&yW$&cet>ekOV9*VWXnfogoXfGup!&i@rW z3t?S4$k{N%)SP0h_T4w|#&?0LZ_l>f@{TTi|AUu=?|+&bw0>vqMC-Ta&ba94We!h; z+ITuTzM+ebZ#8=Pt+$yQwC*-{qV;xjXIylI#-%zdsQ0E$ znd+6x8}H;LeUE`jJ>OjwV;c>X_RXEN>Wa%7JCd}gSXyMV(uTT^(tbU4Ify+w$pvb& zUxTKGvTM(V+VfOvPsIfNnaQ4i;hc;S zC*wd;wzg6MCPumt`GdSXZN3kgPj({p7uH$YwkdX28vp&sTrQ3?H`Drwxf87)nmgl? z$xtueQK*X#mFHbudHw~ZiKp*3H)#E(xtZ37&7Ej{#M~K|Oy5>fo(i?|47okq(_f+S zQQ(?md<-{fL@|dSe;hz&!?9sgG1bHT*-zk_XnFw8LikCZiD*&`qRCQP4=uVzHQ9t| zIMetPDO#WAp#|a3=*`da=uZ1N!dxDvG>+J=uRu%L8w!nEpu6yV0@`#jTZ-q=VN)^H zL;TrCaJx8edxzr`v_ztjD;3 ziBUb@_yVux{n@Yg*63Pc_C=zm<`femUjB;EU~<2CwZVr~9_@YQI=zBDfmam6jhswi zU8lgvW_PjAexvu5>-EY*R*GVDqXBcMicw=tN5=d$DW)rjCwY9cH;)^X$CoS*#bkGW znGuxT6;^!vTeFki-bc7OkmSo{v_Io+Dl5gBi^xiS&+c}j5Rnh7G!3ACgJ&W9Tb>D* zDn{bqILMIE!eM_`HH=l6`}`e=q7ICe>UJ ze}%Wv0NkFAF(#;A1rUEtk4G#D(AO1u)I#JcnQ>Y>e@3qVpZRB!tVO%6|N&IT8T zvI_V8y;m~T=s5cgurOME6VF2UEuIOj6oX*&OPRg368mNdasPkI9u?b|q!qYdB-L zQWmA?ah@)D7|*Ba#DhKQie2d}TUY1?Zf%Z!z+1JNA3cGK<)U43l4J}7+px(C68r@T z?JLYqhYQRg@J`VIB_MiIm|W>zOi^tJRW5l~)MblA>APTLrZr2(a&HHD>H7p$_D_h? zC!0A*xfgBw&-fS;qo3i{M(v}cji2LZ^F{m%T$21!QQt;PaaSobyYx_Gb#oa1il||> z7YEV5;L|r&RR-pHAutX2*SIxpFJ`Ui!Opw-gt1nCndZ?DJ|`RYPxjX9jrVVIvF`ml?yX-Sx88u+D>XlQmuTl|`&*LcD|PE+>1RHU1+a4uzo?ahoTLn>V_6Y&I6`ByXP58*M>0)txHvg~?m# z!K+|L%ix{dEJ*UxlpOaNa&K%GCa|Bro!QZ{XfCM~uHa(P83*k`>2zh%DZ_%~eMT?X zg7^6uw%Q>|@?6b}0uuUs$f9{Cr-LHcj9pl(HDZ2PGcj^FQ#qhDwaf$HtQ26Lb<#e< zxw8cX9WzzYc9Mw`xRNKq_7${6TdKs!TXhlIIq)9BeYdsqIphFypNBITR-c)jdAkt0 zkhDX&+7;R6-2~$^n6nq--_y)?wd;T3(e<%^P`e-D7pL+qW#bRDo+W4IT%M!so;1g`Zbl2^#&f5@bg&lUFz-F?gR%lJUr>IIjhWyQ(kKayyEtQV}0 zC#piumOkR${3dUi?4t)e1cGQm@g3rbHWco?hkC=bPZ8V7FL65Npt%#R0dr>@Sl^(N z{-;pXhhXVsmge~{x z?a$VrJs-g3$_BAaCPI5L2DuDs8iSYz26=u8Fwdsd3yqJWL$EeC0siXi=xAZo(2_wC zuq*9s-m(h1yiYuH?G^+Iwhd&Ol83RLaX(m_yivVT0=)N&ce=jMyPSz6qLFp|;{&37 z{s#D4%3ozHT)lK#zA_YY!BoD|A7ZmYmu;Z6hUNd}`u_sG;N#-5C#ZW2MMJlhNTW^I zimBC-j9Ch5OOW6S7mG2->i!BB=G##W*nB(6VvQ)*h#2B^-_~9~Abgtw9`-SC>g+{> z?t;b$^00P&at-shs6np61urg+(JYMN`49uK5*K5{bvWFmr?Tm84cq^{ID}Bu-_Ea_ z9*9v$+_Jnjq|UF@36V|Y>$Fr21}epc!YW^zH#DrMmr=K|ki};79riVbG5w77B)6~Z zx!#hiyir=I&*vtbJ(Dx^zIUv5@~x@v=X*y`$@?5{W|BM z7Z)+55rZle4e*Yg!=xOY%};1oJ*kUu|0i0_kN4KtzS`Z^TQ_)1j&ZopBk*1Xi5cqU zboioG7qqFTZqIE;j=N77U+F+;luHB3#ni@AxindkmPZdb|3XLsq zsTd<4bSCgJm&SJFxm03s-8{N@3@gODiQ$v8Y*}-yDT89COjbcvXt5L{jKkd|;%kfl zdm0sdb$ip5K1M%cZ>CG#{bf%@ve8+w(oy$<4?ZM5aJ4|rEle;* zunwBk=7*%TkFRU&(#vk&4_d$dQi1lT3>q|(QY@rF>spebhh8VAzjdP=u8zJzZjVTS z0mIhy25x>HL7}~n*~wBPFV23c;C@rlH9jw|%qBOG0IDhf=Ery;-7#sK&|eM|b9u9g zs}E7TbbiwCZ1T4ExXM~B;?D>jlRm1La+Iq=*=X0C!JVpQr~PIti4h)3@iMt$J@Wui zK8g^6a#dYvpD)4X)?jmE)aCpNxTUBRhUlgQ9Ymh-rCG$#;4q`GFJHPGlEIDXPvHKA z+Gys*%!yWLeTj^$6KaeJ#Ym0P*Dw^F)>Y_fIA z_)DX^*kL@n8}?=d-Nr@`D=R|r*3dCaY;|pR_9JlQhUGeoly@d+SXFWHQi`3fOlN0T zB7@BgvjWdT$fu3dJz$FAWHstW2__MLsVy{D3GD9R4-1d&42F#1Rz=L)pQnn|LzAyx zZ{P!@HpsjbXxGZSgBIhD0G{q%Xb(Hwl;~Q%SMy58IofM3cnS6AHKg(!xYW*Nt`tce z46@C_aLA^8Yakno7N~pK*ivL`kB2pcpgKh@XOziT!Uig#&M7K8&MCrKhzrY{F{$6~ z^8BdEa}1b{{WGFIyhgvRR0pF|$fHpZLuG3DXcP~ko6nBf{Z$vybbRP18UsAYimuqU z#y9FCBMsVk*iwu5jy-3$%kLH(TIyQ~_r#weVK)b_^qY#--kT~V2quS(IyrW!LVjjUhLNF<401L7WDSFOo55`7EkB>CdQ6 z3lq#uI0|I%F6Ui$9fZGu*1rK9932j)j89Mo^`nAzP*>ZL2GYwGp#9eCt7=& zJL8f?_kukq7E6si^sY*Bn^!vLXnV${n@CW;y^CbUu8TjNt{Xpx+R>1b0mp)yeqApd zY<@>$_mOo}d~)r42|Wq7zjPm8U>VB(^h}pscYY`AF27Gocm8Kd`~NNfXDk184W=^T z+|8< z+ogEj)D?~pob0f)S&6*v`(_6RF~$^b*04+7$y6a0yBC9|=s%F;!sLkz|B4r)cZylF zpy06bn{T1MQ7D`=E?mzH$If9A2e=C5l369@L`RL_XFo2l|qHdR)MOqJg$XXY-Rnkw%A-^YJ!B`bp2vYf8jvffH&%kx9_ z32{SU-pe*W3Ip`sdY)~znX0&cnh{&Ii5R59>SS~t^lAJ-BkLHK(B)!grigqmNyTje z50YOtX7U~m%`Xj$`wezqnNG#;B{L2stvfQeJDb2!eu)YG?koB~u(#j*b1FLE7Y3}r zd0u!s1?!F>=H=m{)gDi=cQy8#_wYt3VpI$lsYz2USmlauxzTFmLcE5D-&6$!m)n8Q z?=zN{1;VQ3nm-|iYesJKH8aJYPnRe$TIgPPrPaqzI3+vFOr{WuP3_WpZu(|nZv%Y-GHxpt)|{Rpr%Bv{9v;#Dqo6LDi= zH(`=Y%mz>2y64b#J7ZxnI{=usHAiaOyRm$nY`XlB&=~C&Y-sU**!jX zZynPUuSz<{kzKbEWSgIpX#OQ+i2L5Ac+Pc$Xx^X_VtP6=6!=Fa)twvZv{-0ojzpAwPGkX8OfwPYre-R6gUazmQXG z-H)T*dvrLt?%HTA3Cz~8mpnQ#xi_BL(bjyGEldqHZf6P5amtgMRmWm+>U9_>#i zb>d?Nt&emtK&@aVRC)Yp!$1*ZIe$iOm$Ve-eB)NO#rc=hZJR=(Ht08|!O1XkAWp~c z1LX1Nu+7jxxMtiEH`s8?WW=G5#2xetgGNFG(Tpe>?Ms5OVZMq`mS<>mD5~Irbj#X^ z54Ao@%7k>B)5N${d7Q;^NT-M~PQJ)pn7F!!bVE^bQJs-?nUa_TTB4Bprg zNolJZLJJcyxnMpWkpQx`voD7n~YcdUI{G9x+|p!9WCMv*6r$Nl}&#IYu7?*(>m zk7({U4k6Fhp*;NY$;M#{Y*fI6bx>a`(qWu6(jBe{e<3^qw{fJBZb~3WwIS?Ew=_o! zatx2wu?gh3HUyKdr8%JuIWd8p)P|glkNV5rdI5McGh!d|0m25;tEO*4CVm-xAHFvK zOYwJ2Kp_+Bh|C7@uu7@Z_DxkYh)?0!GbN=QH+P!$_C3SRLpA@smvTRA!_>q_P_0?{-+l?V5JM4SgYP2T`)g^o_A%R3}OwcWT zX8^B#eSW#Dy7 znU|tx0^LFEIk>g&v7|>uP&$%|aPF|QA)70{m5YeiDzKizP*3q9;ZeH)GWoEMv+r^_ zF}S%k$_u>8E7SUpc<=tGt1lBtHFA6|52e-m0=3i}U-P{40JomSL-V{X<_4|v&CRqf zFn6N$Y;$K^vWU@GW^9F`=kj1TrEAXF3kjK3Wh)+zI`M2=B-or{q7U(6ggK}ZT}%*U zH2z-$E)Oow%i`azc4<71w-`IbIYDmb5}f!_9lV!uTpY`kwI%ag$q3f6;BeOY$7^ zmeO>iVHvT`-z5`CGBKiOA%TK$#hefm zsGJGI;4UaS`*1M_44CfpL^*TLXZB2I#*B)}u42wPoPqWK{Z`d`^JW0`_xaD~Gq1X< zQ+0QBb#=yci__5oYrHh-&H^kg%@SlKG~Q#Nj7p=!p!9NQ(?h_$qPn=ZZXdLOs^YZQ zz|RC7Sd!_D9tF=*;<1R7c1=`+;+B4vyGtTqJ{q8+y9vD-*`1MTyX}|*2i{s1b&sLX zSgm`kz$~p<$wC&USX&<)V94RVMEbgs1vmeDE?#aZO_>|YS&1%x-hcK_M}-oo@r&Bj7z_o;fHqT$(olvOjQXo;r$f z%FIQ?+=Fl&AiLErK-H>YnFoumIY2+*`Zm_T-$ElcQ5nq~4-e7I3HWACG`|t25q=*N zzsrJtPZGZ;%l8z9I8{PWK830ONc@riL;R6he?9(D9{s{XE$9KcN2(lD>$n zaZ8?75&o}G!M?N#ZQ;LCH+_&c%CG?d^CMefegv8sj!~Y564Bv5cLGp%=e7`0-E|Pd zfT0ribodK(*27Yb`Blslr@J}W4Q1&7{g)u1xHA;uq2eCPR>G1wWAzDbB%_qoCe*Xj zUq}V|a)kP_#3FQJx1NmSWxGKR?d!|leuLNE_xBqxd#3YpPW~CFz&uq%$Wujx889PX ztsb~p$9&|-eGWK(h`pGWi2FPMb<1Z78Ic%(pgSEHh|u%+g6B~TaCp%}h=F}r$k`sn z4V|JY6wrBauP8^pIO?oZ)yOk+Im}c;#9*zWHZ=(_sJ5Vm?SOvXzv7wgyOM1>;*4z5 z{-m`7x>2<2C8bdmQcMc+_GJvJ4N{R_0uRXStMoT1loe~1whpKym@f>z2Kkn7~d5l)?nnvnVHRk)qyxozr& z%QAjhqZ`mR1l!(dTa5VmaJX*?49!BGrv0I(Runx(B{ zPp=r>R4;GQOHMa>O7co%GggyR%TX&q|hX$ykgzOYGfwzf80_2@7k)Nlf+=*>&ka-jG*HDm(J}I0!7lsjYxAbzhg{1XP zE@yP{N=@tX&*MB#;+&Wt=ki>fbn!|H*D;3M4~&ArWO^FAy)9FORPR>uu-rTl%Enyb zu_C7yd3{FmDlX@OznD{QV?kNyeF^Y_wWSe!Iea7G=Pdos-P$8{D;RpC?~~MR5U#O{ zE~`0Y;n9sXy)@dz`OGvbgRtWQS_(W|XdVa)>FyM|#RbzWxf^^|PdEL}{X0Iw?EiqF zH+m7i9TyYVMVFQ6{wI)4!WW!t#5j**l}mthw?{TPR@p&dox7dDPDOJDjAIkpQkTNJ z?lDCHvdpXIet;qjj40-Q1bf3Cja`H-m9)V~)Y}S~T-7c+VUKc8F#!hcOk$YK-hk?A`5O~aE;*DpGIUZ{W;;Yui=Dw?-`*EsHRc( zdx=QD-@@!N&QMkn-x0yM6p^J{`#J0o?$icEZynbn9ajiaZ@p0{yU~v8i2eZ{Fx;Pq zLI}jskhva?0R$e;gU8Gb`Pj^juydOkld+tMu^`_VEEC1_^rWK0-mu zL^4Amo;wgvdCwFqMPYLblkdg7%1)7Oo~s{;uE)=dW&chDS*DtuBweeuQ!AyY6hPjC*Aem4F*n{o>N{fM+*3=kJ4JD1}> z3}*5z)>&8p;ndxXS$PV#&~j}DW1;`S2|TrBr~{+GsM`xGo&%HbFZjC3)Qb3(2=aIC zh9}I8ZiW`diR<6tfO#~;N#FInue8i%3jh;+09w3ge*?;8`$&O`X!8ypo}seD4}#~) zeZ`BqS<4a++Pr+f=D}}hX^ar*C?ihgB2H3ZU>(ie3xdcd_mMDC8wd=QY6UPn9E_dE z_rr&*l{^3gIqX3|<17{!7E3U<1kU;y7A}@xZ8zP0y=0OOSWYGAt^3U5EQUfn|3N%W zJww1*0|JS2?N4&VY}gcDy>MTaWXgLD#fBe-^$+lmP*JPZrA4pAczc&+QE+vhbZFu6 z*nuFMQ`dy*M^Fpf{w8w-E+|dhUTs?F4p{6K}KngHDc4 z7!P{zPWq5h1NIzXmk*YR(!!~+Q>DXeDL$hmoEyh58E&-d0IMy`1ca|VNYybgm!sV$JN z=Bg?Wm)RA;@E8ZYJVMq0#LypCKgqj4#j(tzz^-%Wh_FuYj0xwCDanP+>HaZ1CCg+Q zv9kUcqtFQOI1Qigwg}!FQD1{woOwC3_-)AiH|G_12Jzi)^ZJ(c?N!dG@w!jQTSs^X z(i9?Z=kZKfSI6_MZ54|RgRfPhimb}mBmHe;lX&L z{| z#4)&Cm&w+Lxy8lf@9o3#vQQ|SfZx8Er{?eZH6Bu(Q>9$q#3{@F^IQaKNiYPJLN-2LKk>CFN{2 zqHmwd_iNFzxjrL^#mxEo$P3PX#1I5siBr=44zZ(wjhD9cD{24IvsRQeSLC}gOa;Qc zi2M}EJt=(WudF@P$C;Tq6{ea<6^;qR*N3333d_}}5s3@c1&JIuRmHO>BQRTOvx`Tf zGhmN0x0b~{Ob&>-O( z%6bm<;w1m-G7<+mnP~t~iTo^Iha&uqqO_7NEcoA1y0oRwY!l3X*m&qE) zILO8ba>w6%6cGQc9{xDK902$->(8qnk}!KqmJ<9EZH(*T3$0 zAYbM7JV>?6o`*%C3UmC~8o0ZxcF~5R;qq+&QJx`1>VP-?Y=DuQK5EvEIqjf(iKIgh zWx5f9of8K!x8cuKdD#LY5#S<3c$3!Q_GOG&ep`k@%M^!oz*KHM9U3G>*#W|k+$B%1 z?VGSZ$&tAF`8U*3`}RP1H=U@T3qtPTD`jxb*TyZ0=_isWya8J&oo! zA2XUom#0pEPffH>exl}oJ^IHSWxAr|tT87bPoa{z6^KZ>L^k~1D8_oxj%N^MV;5ag z*dmgi8_)N%kba&OKXgf9NjM!Wgu!@e9YeHqDpv?=tcsqo-{So@+3~`H3RJ#WL7rFt zuln_(_0M|C)xXq-)ISCjQvYkf-DNdM{X=(;axdg_pg7!q35y*HgUnR*W4hRI49NzS zHHz!{u^aSx_=~g*w#!v_r&pZNjX+ljXGHJBWTN=Sych4dx0}?%sTY_)C{qldI{uxB zJnT%`Q!l~^H-sWNdnp@FjkoTum<-O3NAq486_1MM)z^XXt%W!M*wsI}W9zWvox0t1 zY{~n$*VzwxqLgXap-g^_bj{t(Q;2pIh3Fe9L@$BX#xA;G?Ef+>EwA(37H>hdrv%!p z`1&J1;O_w}#S8IDf&WymJk*Xc#St zKIHOxG!-V{UgwzE1n_m~SSvvzZL_eu0mA)$vTCeTx7(dnA=RCk2V*{4NK{sqeEF@%R`+6fkg@iK_s%fDA5$^BpE4m@X_AB zJwxLh4oIYe*9X`&=2Bf)7`S>L-Xa6%J@8VWa~$3i-4{}ey~UL`I74mxm_mZ4+qZT= zQH^%B0OPA3qa(90%M2xOI`ZygC*d+U_`-%4k~=x*G#Z;-7-i;PU|(*>xs~mIA{jW+ z{-$pRo36tcaE%(kh^s?cT6u~}&{<;j4QbS&pla2p==%F17fYos*M&bc^z{MCqhn4% zPD7oeVUe2~V)7Dk%fYzlmNoZxeC#p^!xY|gZvm=fF?p`IzGE9q@VI==xF?B08_rYv zBZD4XJUJ52jRue6VKj=7R@B`91b~;e(da^15|qK(NmQ;=ls$5XqoiezTn2`gO=LGO z^MbW!cMM_YdiYjjkKBVOx*qJqAeI~C2z%?W#2J!#4F=pnp>mFp*{9-#{CV!P_A3yzZU+7;h)5xKjO#WkJjh7_*di4 zAMuyq&-o3ky!rDRu!>OR`Z)C5;9f6gH!#KwJNv>fv~G+%=ugsvjDvSI zi95?!B~JC08iS_K^K|2p0=3~An#q{Nuf7j!Cre52sXEcGp`xM zAeu^Hc1!ru}@(5|)od_aGm=#k{pwu+Bwl1YXJtY!%T5t|S&b*MWUCX?<^r zV`&7p7`hLS2*aim0_Ov;G~?lj3gqZFJ=(6`QQfSKA9 zd27ZY8jGl`dqbqF6mmeKRK}}{`*bWthFxaeu;J=x2E|u~<11X6$F2puW+@G|DpuD0 zJ&MEgScTU}8f&7NH{l!R&E~-ky3bk&1g87~S>^~O^A<~V)V^lwxD-OT0+wY!*OaD5 zVMd{w#D`(!V4qXnW3;~-K% zB9=6dEXiDfFf|o;@}VMiC5)L}AoXCzqb6l7pJDSyMQ=UiiR}Ty86FIZqrAZ!hnP2E znGFH&+c*dQC`V!_OE@`O0Af5VKjOE>pL1InYU^YM?8MK6eGNbi2bDn$zX9MOz@cCA z@tlMI0r>7e;*mnG!1?r{$a{H!H3G}wF{$k_ry^E0hN~l5#dE46IM^H6w|Q^WTO(pH z_e>9JqzPB>eTT9@!49L7JV4jHMJziJ%z`_NLClWnSAJ;XLr677^zI=EF~qluxcrhTCVd z4Lu|>Sso&T92y$U>;U4LG0X<#Vzjf}30^%6b!MFD)kD~M7@);W#FAR#q4l zVX3f)JkMrvLCb)<)ZOdawpXgV6P=dZyu3wZ|JFOmo1IHzA!<~a>F9iGG5h*H5-U$v zBH9mN3UQ?L4N4#O4`FZlNR#;~$0D|;WS}#^?y;JoeGYmHlw=wM6X}6ILTGFzR}n2I z>WRh?G2*390^c~xS?%P8fGFe&3)B^;(40ZQd~<#g&6nT zptFmWMO*Im<}9IJJMRYK@3&IKI9aY~BG|h&KN=A|3`&pD)jZwkL!V6s)f_eBB6>fY z<>`%ZAelt#7w_DrzD5~ZdgND3!=bZK9xegNB4GTqACdXnK?U@p2V{d zK<9PdCyl9Zkr2p_rXFG8M>{@2`C>a0Nv%i^FOev4a>Xyr-lCdFxGK^X!{Y?^qu@%U z&@q>|gzvU+EPE#6#@Z8fh5P*eJly`8Zw`p(mGlOjmL@^vF%a}935s=m3W9K1HVKNS z+wk^PxKxP324)Hpd8x6kL~(dbJ<{<5rSWG7RVt)mLh~7UABk%b)Ne5@nWx8u+aKl} zsm_Gtw2B~Yo+KS^l60_1(gsX~9Ej>65%r@=Baul}#Zz{Tj=*y;+7)RxQITFt3o_hR zThf@pAynM`LA@c<3uEmFzYO1~jpMN=FH&qPwMb)#G#>8w8NM4e%FM5fB$E0Z`NZ9G z!dlwHG*4700->fPJrHMPC=qIS{>DUt6kJ(pOSlS>y+j4VQnb{PpfHzrxMd#tQ>VEe z3qAO;emA25zo0G{&XeDRQ6z=$em0!hh#-yiq02EdK<<_^nw0+^Nqyjq%*@ndDlc>I zPRczH#UiaCYuFOdyWbABt4JqHHBQdQEAi30fp@~G ziIicuqb;dEzQLu)s&T<)7!Enc2n~C1zFZigDpEhH28R;$QCvKFg0q)okP_jTmVpiN zSaSmJ)={gF`p11cYLn`Zv`i>%!BeJ8S+$g8@s7=F7w@PYN>jSAc*mAlvAnFg6S3@X znoy4A9{-Ky5vfva02SGU+sjl&Q5Aru(+8tjVI*E#ql{Fnvc6b3h;KO+2RX=lr{*)K zvC`uoUH|w5Wmk{s0k-P$bU7dNi>dUEwR|h{&|#Sqqx{X29TK7}T?@^H!mVDqdSAMI zGU9r?Do9D=P0VdYksEQhCMb3%5#aujZ2%!NBhK2Wh)-FMS$foC?0*NJV$2~Jyko*3 zSq2DY8NB01@-FuXLxYwd#+2LBIpXd_farH1vgG_ja(01&Lx?4s$W)9Ap6F z2e~I97(S=e;k*ES1_yA8>4bzTW8GrmHi&`XVDH30JQL6iExD?=1I@q8Wr&_N0>hsC zDIiD*%v6BoSV?FmQiPcoK`xIJ5SiH=7M+bi$$FVP27$oGGR{8UnfSC0X+n6BaPK8K zJ?VF3_4Ad>vEW(??>dSm?8{&QqaR0-mY*?KAP!BJ+aR!nHg`MtNf*!E7C^3#i|PFo za?~eRLAm0@ER+;Y{z36z`LRS>Y7|qFE4Os0A&zlm4C6@KZKh2*H}b;}6Dku+5EE4; z?f*j?!%M@+a#>Glw7HnQHgCMpH_^{<)_G8egdwNP+2&a-CtS(pJotfA$@xv5hkEV@ zxj)RgdG1u1KrSi<|7?yJyO?1^hI}LoL)snm7Uv6*3m5eDT6!e-G-cS`6@JkkClh38 ziDW)ONn>7_7UgT1sM_84AxN8E!c}?nmg5I^H}OZ`&4=QyJGxSNZ-IhJOC~(8_rPi5(abo6#9s1FCM{E40pcwl&adU}wz!I= zp;}DX-4mgB8`j={6awpnQc=ju)ZG))DIx9IT6KncRVtMkZqKc!KfM|?mmnWS1NL%wFSGqrotXhL1^ODS1GMxi-M-c#x** z11YC%uUz||5Byi4MaD^)iz(VG#T=3i4VnER8#VW-{~_~bX;ggbXP82Bf5A6{-EUD~ zAfwA#K0vyd4EW6-GHJmyL+q2PKxqUJIa!U~Ci4MH$)j`NM5XiQxznVb6|+gn=IAMi z&X7?ec^6FA9zbFXLf}cDj^38s95+HwQVf!PDK2|F&Y(H3m z6;SX{vtos{Lh?AXKGdw|3cUm_$0JgCG2#I#Mk$XT2Ls6Z1Lu*x7CF2o@=_LU7|q3` z{xIue(r+kWjQaM&5tk=Pt~zyr<7`c70K68gDXr%03lqR@#}%wZec%(j9iKq+>V`s# znCSriCkQMnF%$$Tmz4?=&!A00&w`ePwxe6&ieSJR1TWf<fU@+kc#lk^d(ht! zi=B|2guQjWU>#Y5kklfnFtFu4ZCJ%({%sYjCd%aoiB{0wB33_;hF$=xyx8`;dM~jQ zR(H9z(HRGU&fft1|A&7a>VSiVebH0^WDi7tn4p)+SuDzbhytb)rclCjIZ&ZuFyQ8b z5&|}0J+pz`5%LRV=}^~-LZe~eiZ<^`D7E*t;({$kAojT*yh}H-FIZ5b znWEVf3mkeQ5GV)2k)h??yOzkn73rcn@rE|ok8N-^xZQ7V9D9rgz2Ab~@GNK@{qUe6 zmzkadBa~tpth}nY0=K6`kj;|XOgSRPy#`V4bxWY?d${0Dxxks&%Hd80>w@EA?m7HU z%HU`uhfEv;P#$eUTiGclZ)x%rQ5wE6R)J{1MqoTKt=x(y;$?mi@3?#WH5m!^YaUCW z4^3jf=F@B&?7VR?9vrY=lc2XQRAk)BP}r|oiFhhvva6v3kE55leKA)T^PbzpEIcK0 zRV*EYIy3`v71_&H!(U0Z24Bg#tpP@ZbJsn6a21X`O)9graxG3R0`xfDeYthLeq=?g zlS%1KRm*Bh+iyaTT2-oAjsv|%7(((Uner}!kwauTw6{Pvt`l@3yXenwd$XJ^@z>#C z<(mc01pG0_?exK4^&-XZ2m3GhSK;sdXeO>4b;T;Af4Z@)C1DzXKj+u2ea%5>+Pa-5 zOUduLkLY_ujs9jY2tKzCg~0O+^#XBasK8D|r=CHr;XDIv`aS|w9^5WemYs+X^bmYA zec-73JisAx&LJcZQw9z?psRwb$tqDS;!|%v#(58vU!;l0)H?(=R%D%s7w63)-jVt9C z41<4)TM3Ald(5B`f>h;62>Oy^bc2{c#2rjKN=&R-+B$|1wI@pKEN}w6oJ~;do&$i} zK(oZk4$x3mT(We?3}qmU5+kXhXj)RH6OmU;6Z`yf6toEP%h3YE?lA&!si(j?cecPz z^_F^8`G+?DeGNVT|D(pa7E*K@@nM`z0>kbwfe|+)u+AMWuv5LI7HgcerPBD|9A-x| zpu2!sETkQC&pz!J3vGC#Mqt=oC@|t)BCyWANMNUWOFgIQ&{jY@`Z>law6_RtA-7dv z*u|rh$Vi@sPTG`q>4P>!8UKtpLs@1agZC zoOT8bcruvk+PZLP?4k>3>kACK8wiZJV+7W@V+D4qx73RoCv64g0L2&Oz$|1o zge%H{=Gx3gu*|&`G)Otz0z+?fSgsuC;+4ZDq3n4GgX=~i@1n=DTsB5%_xx3r%Zfm` ze2Pd|E}sbuyI%;5xStEGb3YN-soqjAX&z`RC>Lm8K7VY2lo=Iw2SOTggUO;5xj_=1!?^QNX!YPFj&wxB@vt+!!0<$KV}xA z@|tH41o}dv%c1=6LQdUtg?_NcDf9Z<0Rwcd;!WENy9LVA+f>rnQqd$&opo#p?6K}d zx)r-y5nxskfQ3gZAzcYQ{3P1B=R^!}*v3PMVXWvlp)3=`kgBy~C+d6GG231rI5s@1 z1hryk2jFE}`0d(`(Rf~@PiMbdggOh)f+m3HlQY}H3l=Nz&FqLzb0waU0Th9sL0)8z zmA8wduSB?r7j9>GYAK0kb|FkgGrIzEGaYAsu!_V8xwI%#eob?CgH^bW6!k_Y<12$m zY?_2IVmFB*4Zf30-6ZVOC^4fwNX#p}nOj%qgjqkW9lIlVFNN2RyG8M{mCWrV$bENec_0kSMilm-TpLSW-m1z z23#S=ClyF7o{o3_M%Z}(zSS7jEdjON=ngdyz@eQhB5#pjFs@`F+PIQ@7jd44pJL&Sd(pIvH)aTL+z&+RT;YueXe{83a_|Q6bFaro zc!Q0zH;P8$otC0YOnKu!FoHK`fHxSg`w%`k-XMy5*8{u}%039BG6?yC48q9<;SarF zgA`*R^)P|F6Uc*auaP~_^MXC-fPoZ2fIAop@sK+p07*xQa0gAABiV)NaR&*{=MKRb zcaU(SR2~Q6>W^IG$C(P*W2+MsLMk>%J|c$Gr%aAX!bpCXxw9f8fv8^aRLz-QTrEw$6b>sCd2W=_kfFY=8& zXXxYB&_1pmo}(E&nOLSr`cN>O&lwDVESJcvzVO$WnFSBEnc4U@Wsbtv>vWjvO-NPU z(6=59$F4c}_+(1o%5+O4UCd&!Z#@QHqM2jymAu(bo=1D}z=6ih32<7yPd|ne;jKJ|jVY*;_MgdHpCSqDhI@l72I5bG zhpvDrj^LQXY9jEXm+68bly(t;T;nIjgGg;vZ9 z=eDHh&?=F=d0;S^%&B6j$)E3qQRabDDDIK?2jnp%uqTgmb%i-D)YTcto7UBQn5?d7 z^y}(OSWs7I5!Ab916W-NCQHP{v#=GnpI2As&}Vi5zL|6J`Qy4``lze(2s+Qlm%VRy zuCC~Sx*`bF6+`9K6^YE%m5`j}H&|Ds6m>;_`55^!3%R<|3^5q%iqNksTD-avl7-g1 zy2_#dzv_x*;GYGcZpHo;he1(S-=P}0-hzDrKfoC1SUa%quFU-jNVJzM^zyI33}DY6 zfeB@amxIiy3lO>cKUi~06JvtXgc}oR2q@GXgHT=K&?KNPkqEHE&jk8-G0yq)u)@A) znpryFs1HFvU1BK2Lv=}0!s5b(uwY$9sN0U}f#hm+ccJSgWs-WS`%5l$u*=&>z2}%v zmRRr#L4a2zX>HeNkIZFHAIwB!g`O$%UNNCy2&C6Cc%TI}Ew>R!YLZFs{sEaj%%KbQ zBnV!o5%sk#{+w_2e$=C}iOo42|3JI^9%%*YI?Q`l9bD&vy8b%~2kmlejN7HmF2Xl8 z6GQjaTo$K?uowypW)~B5{u5tb5AqI+=OA3=4m(!M2m-~!AgF0wEn`}lQ&AGqm0=4N z*0iiFBx;EhWsw_Ib$x zzP)u#5GUxmvb1qY=~BS?f>ixuD#{5*1Tp`kon3m1P$$E$^uFR{K$b;iW*N7(V0}2x z*CM!f{0kqK31N{*o#h?Io9n$ZqPT)VLR}6&rvL1W^pi+G-2P(>nR%C)iL`exWA91E zid)KsHsm9kE(*I>AZ)0(B_5tX45*GPVNDm+x>pg6Jt|iNy4T<{;!<3}4%jIETKZtW z1O3>`OPOn7zKSv6jHLKeZ&*!JU*V?u5t-{4509BJRI$6y!23){}UadU_&QPlA?u@{bY)xy`+m6hXteEeJ8PAfC_s z@osF(>IJ#V#M9Jt8k@vH4VIhiH-OJ9(YW>CPJ)nt%)jYV^r2gjH;kvzmiZbYq#GYc z#NCgZ$Fftf1SZ$E>zO#JF+3ATH6{aSZ$UB`y2c6ueM%9s4vTx~o;^cZVj=4Y0tez4 z1d+_-RtLPEGYA6NYrhhkM1%HwH>lKEfgHLdb&t@l?Kk0c%=6oC8KMoR?iFXrTMOh^ zwd5@VO$d1l17M3`6IU}gLH~0pG9Sy%0n=pQm-q4y2e7MV7zP=;5Ak6+9TxWaA0T7h zOA#!TrNbU_W$NdC1QMzB01P&zA_-yY=fPY` znELsMMR+8}+Y%zwN!VM5E==cr7zh>e5U>?JqtR3JiDf&GRIQ8MFt|-q&BwvKOm#O& zMe^aT>C1de4qf7}}g`1KLK)-M}9`_BT;o&A?+%hEOV@*-#%_CK-saWKDuBEqTvY5fOO1 zO6Ooga`u+-YKZ1dLs^EG*LvjqK>I69;w})SJ~WCaK)BiiyBtn}+(m9s5YaBa&*kTa za~cDYMm_2*Jgb>~V>I(5qKIamlJC>_W`04rYW+@w{A-Z<9gJv@&`?gK*n z&0EHlkY^BbH9DJ)Rv80ywqXSN$`*7s4E@vHSfxX*=>WBjAfUD}l&NjOeH_dot_8!G zIIvBwPPfTr`Lb7FuUvzW8WMCU%jdpyX(xb2 z^CV?_C|sQS0#gs*-xr90=nx3rFP609ls#d)46Nft_-Smw8g&LkF}%Mfb2%L^F(ft~ zVEvqE@Z!tBbWKBH`n)&<8pU=&L_3x!U^g8w^(6wzBlNOe!)uQoq+S)}Js0wmTO{zz z9)hPnLve%xH@>IL0_g(=o`r7~GNeqepnnBqg}EyyorVw-NBYBITcEJheKML`29%^z zQ^9LK?Mxf}qx`VJiP5#=L!XeA$HHjXBVlX-1>!|15aa47@ck(TsR>9Q*RKf~C`ls& zvNz&fi8{oT6Ug2Ri6Fr#0MJcFSKx|**N`vwb$rl5_lBN=2`lI+8wz22$ahbCGfUy4 zKJx~?vP$zN4V;UA3kF+OV&uHAU>Q(&lN&b9#eWT2x;X+2W$D1_c*5Q~%*d#E!ElJF zhpxEsAmY9alafG<2G^<8<1lj!M}{UMk9bXt?(!~%nXv|jDC*^jiMTz-Rf1jRF>XvQ zTUKfVXr6MGH3XhX3alY0-KFk3h}P&X4W+O-FWoZ}vwS40G}K8LkTybesSOfIP({y3 z2ng&8W?A;uKLO=Qj|1U>A1pyhB2p+-<*DWHqRM6tU6OhiSpPmqOg}nYUxjMszpusi zO__{M+RncC*Td}n*j^6??kM~N?Ul6mQ(Z)gF*P>UpC8Yav$(@3akN zw?*8T@M>^rNTGS)n(^R{F9aD%JYd7;LtZBWBS9d@Z zUQbez*%P$aXFh{RX}_P-!1ntE3>X`5S(q7T``w99Zx%-T{hsY$1`ewL%f?ICTZe8z z8?W3$T%7s}(KK~{EWEut96cb52nRG+3%z~yjuDAoqD8~}8veBfQwNC@AvqMt})`iaNuNUr2U=TDbcVy1+k&G-GiXm-BaVv5{vY+ zL=y@ghatwJ$}!cjH+?sxdPx;r_o6ROL5Kkey3=7F&p`~W9S(N$bn%c3996>|J$Db8 zp1TAin5Ge)Z2_7r7h@vy&&~ch|KV8|q0llVNE-h0Y`M|gz6fHYx&0Yh+j&2fQw8;h zEZuE9*T?QFEJIQ}_ap5&|Gq+YUsy4-a2U_=m`6oSR;^-)a~A%bQ^e42IRJ)6jK3tF zt|*lg8A5Sf&2kK-<)czL&oX-la1-8s5npP-`P=4F%%^8j9xXUenMUj35!;r*q4q^+ zrtW@-8Ul$aU{p8D62s8#5ZphQ8ij#-W*92T{TuyZ3`vh^=m4~5)`AOKPE|~!>ElHs zgG2f>e=<0HHk4waU~tH=Iyfw0DRJR;T>so1f!MFZJv%x`L;)OOL}_H4`<29pAaODU za}XFBidDuo92;Wqua&co4OxA;v7wMCV?!Re;nA;)fHY?uJn#)hD0O^K@k%>epI zJpkT9q@K#Q|1kdRl4jilJPG<$^GwVc0XAS5Ejz?ZGq0gIWx4|ghN2uy;=qqLzruJi zqWFP8_ZVYD@dG4VcPrw>G&>wHq9Ew4`#Uglkb$8P&o784eUNBY4V!23~5-LtjMNF1Q?sJai_BrdUSP4`h zj*#VkSs5a4B5xULvN89kT(YFa; zt;3udM$HYQr$+m1h=VZT3MLT4kqS8|5^V|Br*SwsL+NlfKJF2Il=W_g=2&(Zdi}vjK@-HF*u0-|4lyx;%xxNpCGGg25V}l2PW)MJz@Jc2xdG zGN>?zvUI>{icZ4by0Lj=l%;UyGeAa9GnDyZp-z@$Dhwyw$*LA~bMhu<{*`L(p#T2bsZiRy$lUOwz8jaMHcRkGvmaR_8&$3v+VB>Qv}MJP*$8cb{x z1}3?r^y1onvfizvInW+)JY3piabA0@g0I5%7(pMhQhQ{|S>{38BY24zylCsS zN2Uk$S=uAVv(g?po(;4|79KAUh6n?AuVB`Ju)0(lJ;1_2F>!x zYmfQlS$pK=UeX@fFazyT$tZX05Q~w4t9GH0d+m`97#w#J2HK;LQLgRLC&O!xEJ?pT zibdKZ+Ejjfq?6wsNp^3v0pE^J$TeQ&ovuk%CsVRQ!iM>PN;5tTtYjzLKJad2CqgO6 zP_I4G0WaZp5(XAYgzSVZl57O&0ac0xs135Fl8sE_u2nV;aGxeqRhe1?{(FY~sn3#B zUwFh^;9qEuJEF}!wu<)nIB>7zw?}eHIMt6);}jsIR~L_c_}cu`@T}`7k9a;LG7FcV z_LD;*zPpZ>s22_m^zr4D+Q(N2taHl*b}BlB9dqpCXEj0otaH~C z*s17LMB}2(@8gS|zoYNP>=X3Vi;x*ekADI{rfhx-2n}^0s;GM@P_Cv)+&8s7!Ze)80c&G@{rsyz z+U2REz^liGIxmCoRY@t*`v+RX0zbWa_gtC-Qp&oj0Yd=*NmRcZ}PIm;sPwFY7W zS_9MjGp&KuK_T-mLOuHgtpQu6)7>9RcTERs4TJ$H#c+9A1Is5*O68OHCt8D&QRZHb zSd0v44N;Q8B@H}54+m-ugaIifWCXPalHo}ymZUGG#IkCwflj`ZBH6uB@bq8N8kFp~ zdj$d++0YuWQ8nFtEg3sY2Wkz30j)vEHm#u*LTb1&YL+a?OHZWiXsLI}nV~GRm9JAs z(zV)X0?esYkXIlaL9~DY&1HIz=toaVwGbqfRjzxC!_Nbc%~X zZa}Bd_K$5c$l4&}2N@a+kZb=#U~`8`PW4M?cdY=Tk%*=M0;j*q+?0>V(il)Hy!OxN zg6)5JE(DE#z5S1X?^U&bNnrI_O4?7a-fgBi(EeAgrL@3TVf$aDmco>?ED~Q!Ats=u zFugz1Qdk|-Qd$W+N8(E@r6kw>=|C-oFwp)PE>BBg`Q)|#eDeN8OHne)T`XC7WI#*7 z&S$Uv(}7wFVW9mB89^gT)XbQo+Y z^XDlVOo!=XI!wLlFp5rL*D!S$+E$~(AaA}7(*^=LPqD7RI(I#Ror+FjS1aS9&DUWf z&SY%tz-A%T&LhYSWY}W>lwsK10UZVcDC#}|R4A)oI=i<85dS6O_5gw>Z{53mM3%-? z=rD{fmOB*d-jNGIV>5Qy(My(=%xDnZGEluMzE8*cz%^D#xDqMpQ0J5ItKv*O)w}-& zM$NVEoiKB9qyv*9IOUJ35*k)7=I-_b*Sq)l<{U+17qJ)rQ`z^Fq??09>Ci_^8lzmSV>Un3#K5TPMcONd9rUPXkVLVdlxceDeN8_9+?V z?lXwR$bjs_E>cegqXT6hVLDU1L zBRqkTFtgShg`5iNM;yh;lqg4Wfms#JTEcx6fh=o~k4a_??GT4=Xsw-t-I)KiM0o`UNN4E}%HMr+N=EzGkDaf;E zA5rpCW8tv_@*#SxJtZ#LG1yMll&OPV1`Bm6{)oR2GInb~-2du$>utninNrSNd<}@D82J&;h0!x$=m4ID z=>4d(VRGIHL!Je6wntGy0i7-4><)MAYJ|Mo5XFOn+z22i?>2_b-2@+8r!QYRyPF0O zn-MWCfEZ82<~|}z<0^DEMi-QK6LKMFq`ae-EG-4{j(C%IahL9;ChxX@*^_tlRPSzy zuSSH+d10o!n+17?^$akY&`@2B{g#{^;^b2WZokRR25;quu6MWg%{h`*5_nNrYlQ&Odrm@LgaftOF72|P}*I*gHXQ$;Y?6tR*~ z;cf?%kx>y!VQZ8p@aRwjaYPspctS>nPD%M>cmj_l=?gruL>LPMQvQ?_opJ)NkS%Z^ zAMPsf$P^HG%vx`Bd!lpGR+W%8GHpf47nruvtR>wY;N7x@jaS%_>Pp1zK{BM799x|6^vprb}0v$3xo zGW!!`2J-DQ0LtuVQDC7CXtYuHOQ1qo{nFWeBY^mvh&Ka>FNo;z5m_2np`$XoSnh%n z_pMwA8Y#2sB}+?Y7Z6Pym1V2=J{`LP2OX8}B~sGr(76ll(E-S7x`1=^eai%lhv5yahRqpA6$v@_14QIqbx&TIVC2boRWw? zQ%+fb6t!Oy>ZLPKPO*18-91DyO$REcgaKL2a5?2v3LVpXEX55@SuKr!qM<4+3n`P=tZLx^dUTGnLPA0X%+bqriV?am~ z(;LNT?yqR2nw^CEEdp6~pp|0Vbh?{+nL=4QP%9-2Xr+=J)k=E~z@U9!O*c!1Y~I`~ zWZ-;#l(YpLGrNJ)r9xKHHO&_*%O?8zoD7=6?C*gOwo1vD&hDN8#9l<~9YE|u#8e-VrEwK{Bclt-plP`fG*Sl9 zOO}=b8AQCvptwu-Qj289sm$+8fAg^`$m!bl?iOkrdNQeixRu=7BCsW4&_GxicouIWI9 zkuV^H7%rzUN~uGXu^97&P(F=+qBSZl74AWZ#b|-nh|Qwu?u)?PxQPZ1)EWr`LP%)w zwZEpD>4O)qm|65KQojTC)KFC)WtN^CJrcb|Z`LRmWS zGAF{o<~D}IAX7HC?IWApcxqhtwgtAdY4lMSdo8`_aR(E2Sf;zNG>hozfKz{+gn=z> z5`EORv}Kr`{Zd1)Q&ct&4W)s%KCJ}<#%5f1*MwqjD3=g6v0;m$cSi*sxQ~snx9%`3 zmC7bPNhp?TL`*T+auqm6N>L!QL);-@8|K#V(<*htxwN3-U<;ybm?M_@4Pl@YmV`>Z z4Rf-oUuc#x$EN<@u&+!H?c~tbANEIu39D_YC+C>5e(r0}=xpuhQLo6HddUVtEzhEFVcfiTeUg_8V+FY!px{@UrZ2M{8r0sJBHl}N|f7te!2-|)K zq3)zX+sB5PboWk3C6uKD+dg4{7Z?swM0yX87ntTBw|z}5=FWmoOAT!w%k$~(_kwB&!r=@+fFJrJrGRV*J3qr6 zCq=*yTy+FLa1pYAA5Mm!SoSuwkwV$P)iIF`T$PGtZ^u{n$*)c}FcHdzH3(%*liCE7 zm2`JIQVC`0K-oYT;0IX}EszaN^N(eNrWSSk=2C-fz*1+r8@suX8XYJb2m|~esd=)2 z`IbFbFKM|`aii>5r3X?esg^Pt4uHx7!LB3&X%Plck1P#a#_9vn| z2+MGjzxF3ebeY>PM>JRl>lGqHh$YJq24sj(jO%I;jn|z>JW|ByPIAga4xN)BP&A=Z za%?Mi{IO+v>n)ya`44c5@elA4SEK{71xhO-!8r=>(t0Qf@Dipi3T4X~h$EKW6b^;5 zg$oZNTegNFmK}$$^3v+`3MN9?ax|f?a6`6W(lXtB3{t^%dpJg$xqA%aGRiT@g~?QrLBw)~i!dOAgzR!( z1|_JVNJLW5Rf&KM%Aq|O^cVQ)zo?;?^ZBU_6y(XKU*L}2&fq7`HiMry`CK5IPJy3T zmJ_{&vWb(UBAYlV8OzGF8^9GA!@&Mn1s z_URAx9wtKBlqJ-a4ag=a;py&UkqXXIz=5)fFu+T)6jGq~FwH-fO`2NF?aZYH*#tE& z-CZH6(SfpwFu+TankSn$tx_nEh>K-8TjKE&XJTT3*`ZYlr>XQWqo+R?PD*;Y>mrO5 z6oeBr5)n?sQaBL?gp<%+AeV`8V9gAC}pl(cu@usmk5ozH4A9Cz5_CYUAO2 zrv5qpB`~z0QD6nwIRTSEJlBH~b6Rjg1`lG=AOGNg-#iKS5Alx!cP=2?7)Ga9fKopQ zCVuY$JPCi)2!6efd3laHJKkC3T=)j2j-2ejJ<~yVd8VUo$H8(8Hfo$-;D^7cGaVsb ze}*BteABQei=4Y8mR%7-O)nt61S%lvya?RU;@W<{XPOLG#Z9}T$l3Tl`r97qYRr%N zG2aP)id*jE{^{f1N6hMajQxLa6C|xZZ@ii#iKoviu@7rLXLL&$JQZ zQ`~d#_v%Xw(GR$1aUE0C+3-Wpbp{l2^>^a6nvXK46caa!iz8;1TGXk#!SnY8*h^g} z`sH#aN=I=EQODg7Tv4ZwAItZT7CCqJ5Vyq>Mb19=()96Dp6OXX#07|1{k8k4{R)~j zm+PW*HI21yEpjeH%}1TP;i{&CpZ8p^Lyk1W-Pfq;EoaOUug-J4w!c}v5B+^w{MqTHbX2Mm|Xa#+0deASw zsXuzFIOLF6vJ>0q<7dcxa2T|v3(4wwS`?#fWY5bP1&MjWdb$%@MC_km;XK(|l zA69hE>sl^XIG!o$9Q|sM^O~HqdxWhL!qg7}* z{{ot6daEeMe>?c`-DoxVm|qJ~r^e6QFKCTg8cW~PQmc1<`d^V#3b|VEG=Q5nSjL)u z%TM>~^SluEeD0a9Kuv4e-+zUNTN`}ZC9S8)mm7N`KIN-l{Jf2XKh5Rv7d(kn;+uZ; zc|3lrSF4wxHEN5>`n5IKVi_9pIPC5KuTA}@N8kR4c?38m>dgI4O+!PMKI^sGiIBD$ z^WG>wE!__wOEhm6BMmhTg{zwGfwE2>uXf(Gwp#7f!o;xIkXO^y&d~^~@txzhyk1C5 zO|2H?cNaoLoy|aBozU0*t|!gzfxq$h()B-AdZrIh`-=MtQcq2TuJ%leQSOSn(2u3t zuj#m7`&WJ7rBR3Yv|qT+N^&p1B%{uF)T-up4qCU;yvVQBDzrCs{ROVtM~#6rSKM;6 zeR5b|=NfR*)*mq+XPobG$@M>}zrIfW&z|da^lc2=*SX9Ou?J+6a?Vh+nLW_@qRuRz zOCE%5($p}2Vy3z9qquv(Im+XWxVleqXQMRKv^L6KbM)0Wp1;{hUGuT+Q=VxDzwQ5s zu-Yo_g!IvV;ZlUq_zpyEDWwx2)3i))wl=+{b0q3W`Cwn)b$ve{SD9=Y8fx%)awD`E zjk(xQWAU+GKHA{Qyp=gs#+~R_QTs}LInvPnW4=%Q*Dxtn+xmR49?D*E&sgn8o!$Kq z+k(EyZ-5G?`yDU7>wQ`GD{xBRVn4(L-}S<;ls;-gn>FyupJ-E9**XJd^;vh3bBK=_ z3$9}M5Ch!|eojYg_b`}i0p@#?e22hCvC{?2DA3QJi#yn$WdU;s%K2BcQm)^{pea^5 zPt1c>290I`Fle9%(AcDyg?O2-Ui|dMEl3cMW|uJi^R`D=*W#g zR60*X4jyrD5z@M_LNS|yrxbH>MOyqU{mjE$Qqdwegl1w$=BF;`b?C73&WdakM1Mlk>I{oGJ7Sui_d@Tj3~tvKA7 zhg{qbiA>Di&Z89%i=UgI9jTwkDqeQxp$zAMpA_?K#oJQOUtFBSe1;mRbZ&Xt!#r2< zg@j7^p_Wv9D>0u7smXXAc9v9pFY)XE&exbu ze#t3~Un_oIyUO!Z8o#lqXt3kVfYfF@3!U=#eUkc4=$SO;1Tf6|C02&6lZ-DeV(qMW z+w)Ts|4RJ4V)cHdQxpGI;(5kmc7gd#N_Cp~S>V*gdnMH4(CwJk;G+6?EL4P;cS4_~ zn1*z{mFj0M&kL-+J)o-i%Jb+(RQC^5f; zevc!bLxA~*VBQa4E)q=dojE@j3ueoJpMMJGOdm5TzECi0`k^MpFBQyvzMpO4iv+Wt z?`PXM_F^Dk5Bq+$k6$C0MFGsUg4xgywL|>+P#9%+EXs$!gtKG(#!z^0rSryo#kkJS z@!LXS#9Ue@ULYZNjo&F42zdFq&Xo9Fg82yL#-Ho#5x++;A3$&`X7BiYz&Or)>)#eS zQ{xXv>X-Xz9S96q!Py5T%HKlg;P?}vVp!I^+`}9SOd04o0DUok3!IE$j(x?$%#1%J ze!h6Z!yFl39I8O5oBU86@#jM!pUAD7tZH|m*U$>s3N}%m&A7zjO)|$T6|~04DkIdjZYEG<-VUc<9iC` zQ6IA`K20#k_&M!~A0U_y{d~P0KS(fJ_%Xi|KTI(1`0*@{A0e1FNC5s8KsRp}%x92M zig_bd;|ztK*=#BG9^|AS%%7xhov6K4B5(rnLapE~C)wQ5qC}v#ZwE}v^CzgiesMBLjk}PnxOms`k2lyPdRpNWW zEb%#N+r*FIa)cWBu$TI-i4{^lci5~2BwOP5g0!Y3$|G#=qx`zqFOd+8WfU|Ykf@BX z<-YQ`7xTf1YVq@cU#f=yLqFcAb%8T8Q5(rG=h=zA8Vda>e+w|093YsT{F2Wm1_~x8 zX}c0bBP@+v%<~eBg5d~C<2fafj!@dPU8R_X&S{Ajp(j@tX8}W*@FKK9{yugVBt{D6 zfdFP5!IWF(KX%Sdj228^A9H?U!wAcH4m2zN7C09qHpSECmCjVmr19rE|43{mxmd{Q zSixMJm=HN0p}v7`qnJw*TMA~;n;vEnFjv7b{-k2CBM}(Vd?w9JLiD`nF;Y+0dCiauO zclr|PiNt{s%AW`Qw4P2JCN%%uTJHAFGl|0sXnr;^Q!xK7_ww~h;uyiq@Z)(k(J7dR zd_S)zjuT9O-_IL~;{}t;>061DwB-Fz-HB5LgZtv-=Q?jEP8ZBS{2pX^V!mKT`sMR! z;w-_u;7iEw66Xk}#P{=S;@kqBcarBz`EWjmzXeVxd9jqnnSL8APA(G6AS-9ri6yTQ z3?5#TpX-z)Z;-UsK1VrWfm52iSukt(n0WG5!A#IV;JWJM?Sk1Bqjdf-`b*v~<&)EY z`XwKfwo~?i7xRGR!v%f@CLfh}YJJ`qoO~P@$NBvh4YkloC7%?U$6!u^znM-mF@y8u zYVui$=WJh!j!Zr;m|fSHhds{pe_vZnyERr1{e%%tQ8lCLG!-d$(g}elivz&{OtFYQ<6VOT7P>~%g}Z9O8#6BYHITL0?f2zxR?@qxzXb~`zB+8+0^Ha z1Co`3`AQ>386KLf7R(gCUCd0@3T6|-EO2Hg>jm?)kLgPGDbBCcGm?G9&z-(*d}eZh zU^0Hp=OqUUX0l0u1@hNl8xf0zuy0h};0cJ?$!~#sJa_izIXFcdTE4rGTjWNevwl#Z*tev>#<87@ZzyW0$<)+;q=oL?v6RjEjp4v_E8%|T0nWymD ztopkhw{*>?sPj9ID~g*jHhR!P~KP%WxG@#jj=XC<{MsEp`9> zWrf@SpzyE*6vjI=+zvOY{hp5$etfFp=gd~vvaZ6t*HO4ZUxizl{quUY&$jq$tsH(r z$3yx;dn;Va%75ZrYQOp>g@=#P@PFG{;WfJ`eqe*zA29oS+o=7hi`0D~+BoAc2R{*h zyoK6#KSSYWjfziOd0jC{?cZ2>Jfh2R)!;+IDvN*m&5FOz_+$E1bwA@m#kaL8+~f|0 z*KMe9>#X`az{=sb_0_)ga&=D`-@N^y+FjfM&UBC3N8wFJtN)t^DO`S?;n|!VI z*5efZ?ke1Vg~CIhRQRB!ccbxB=xoJ*HAUkcGg0kp9i;F;v#)3Nb$?g~U#QdG1@L=QT-3%@@ev0g&?!%2g(g&;kwQ&kh*+t=uw>ACoZEA1cRqgi- zQ+T?S|J4K3eOs&7Tdr02hSwCnkWzT%ScTJ1Q~zrkpN+Bh@~O3liw3Iu`(LX6H+EF} zbi+S@+#Ma38fFd#J*N-)s0+7Ad^k>T|To&8K!!f45sajn>}I z|55!fFnh@OCXRQ@SRbF>tgy}Kxz5Ua@pO%^%G%9kgVnxdw89RPSBtLF@Y4=fxYln9 z%cm`?`>uJ32v?%Vjx z$?7j`^iMH4eVN6(*xLWX8V$ebaD^XPyZznDq3b)1Z@n^g|J3C2bu-j{zsa}DO#U9a zt>WKZs^JEizjv(uBF4ur82_(mR)3?P&7lTRsPvo-os}-!OhpTR9K6`q}&zb>G#>`OJ;fKIIaH151_u0}cO$mEVg-*9||JzeCjDA=duy zH-0SHSKYU_@_clJ+K<~v{oguS;gfBOfABzsOHNa`z~IjYZ#S6QUERZ$?x9A<%qoN+jsy2IA;r0=QXBu4Gt#qF-Sm7)S z_xl=Zue5%23zH)+R%rNktDlQ@RDa8j|6e**-G^GcoMiIh{xuZ8-0JC$H#A(E)$7gH zPOdTjKE&GpE2dAqW^(PW9u0T(FpY2AaJ4^g`sY^GE+Uf@zqhrEIi_D`tY3T5^!4~U z8c&6$_$9S(yO-L}G=KM+eEM*L;@=pe{`TKp?GtuT`^%=kZnK`+ z_nW5fw_Kt2QmdyE?^k=}`U>Y-|I%*$I*!qB1FRi>Yy9_-wa@1a9$@YGXOkljS^xQR zlg2yB>Meb>+J}u%xZUmwAGZEFZG5=E^ydBERrfPYzgTa!+CTnDVc7WSZj=AV-=X+7 zOfOy2`j7pszK%9MeDiVYZ!a4sOfx>-&)Vw*gL{>#zk!tsZ?pRB|D4+U8vo9*_-l-R z&M^KTZ2ia2R<5&5@A#xl%k@rc7Y7-C-0_UYJI3VA+g7jrmn;6l6E)mdTPyr*Q-$U8 z)&0l@wLfBd%K5)2enE-i_j*9>Wu^x{Yi;#X&;6}_23UQ~dsN*wxL4s7*3OPE*Z9irQ~X2CYJb}J^#p4t z8*Z%bQw-K0qxKK1e#h>j_6My!-FcG6^KWbCgU(g=_dip(aUXRbyS3WOjlQOB)&9<1 z3ePcp^emGfcN_m7_Ahl$TK{$D1dZ>3fr@|8U{96e+l-E(majU~Zx#+y|8@US_~C8} z+l)`lLb%^y(eJs6Q zTGd~@)#Iy4wV(dH!r`VTyl4D0*~+Ed!|zm7ZrX`sqw63{(dlcP?zF2G&t7e-Lfef?r7`hUbJ?++hvO1c29**n;hT9 z#(Tr2D*h7Fi{~1CqS4=C^_H;yX=5v&{S5Y4zMnUGZ#Vdb@$p1!SGya(w@y_0A30rN zY^0`Ncbmc!tiL(a`1he=_4km; zky7iYG8d@(iRS-htG_F5R{WhuDjav7!rgvTSY`Zlq4CpAhJVB4(ftD5_zAN_{I?NI#b7SCMkR}bAy@h6?F{%6_v;XEs^Z>?Of{Z`#SHht&LSJl42_+j%W)PDXp z8egNikGFg-HF?l%@l{{1{)Za9cUnKR>h ze0o?&-Ito2Oqkr|6+@hVSi{h7za`Ihkuc!Q=?pJJ~?k7%H zICYrf)5fRoSbLaha`n(t)P4B>Bke7~t2(x@|Ji#d>A|Hqp%C1?xKoPL;1nzFR-{1D zkPwF`?k+__ix-L|K!M^EcZ#&QOM!3AyzjX^aPR&8_j~@m&vW1BH*1a0teL&f3FjvC zEqQb(xG%@A-$?LP-diTIpT&4S`S4uX#C4lx4E%?2eYL#^PQ`OFJMUL7Vv*i%GSqnj z9m_a(;1>8)PW0y?iNwv6#6;G>EukXKjZv;az%2XPOzWl zzI+{mb}i>~)z#EwY6RzhWkcjUJ`OsnCA1R9{n7z&!vWBHJTHCrgUd8VxfQrha+L=s zXFtc40sqGRwkQL*%LwFeOg;Z6IQw|mzvex!LjuyP{R|zn8Ttd`!*(t|sHgZg`2CUtoXB|GkNq#62lmH|CyUF1JNAKI;CdR85Bak`M0)G> z(EhEVew>FxjBhheBRvDl&&qxzn~L-$jJt(d-e&HHll5UA+7tD;CO`utkRGVO&2O+A zuKN_eNUy+s?Z@@ep%&5)JJ8~+|IPQvzhyPF8Rz*R$IT}9&5nF=)D_e`?~!i++f|ji zm+Q}BT+fw;?Wzr($LE=$jgbF9Y3K^}dtgs+{a(`>wLQ zQp|UQ$=5I&d=;u^X6ci`|=j^)r&_t0W7}`=XXBa(~I}yb$j5Khx?>9*T*={$0g2N0j`6z zyWk&I8ucEbZlT`h{8r<6zqLO6=3GX;QC#=0xxZcXTlE#}w>bXCsW<5tM*Ha~_^s-T za#!|)=Hq&PksJ2jTz?BHf?IwMzlQz5r58b;E`$bAvr^wLKzd(t!BOBjTyM*`-)}Jv z-uFlO&xb-onn7QWhBjq6CC7kojYWA|YJy*Ie@$k2KXJSc(QnBV_*WYX|4%zW@A4c> zksmxFC;Xzrp}u#ar`o}ur#841%gf;lZdwEO3G7!Mj#p}G49~A$eue+B;?Qyp7h>7Yd##y|<(J@dPR)5p zpK%SEp66P<^5Cm;p>}8Jpcc>~tp9t~KacedbI^}#>)@A@=V&Pox}U^OZKZVIg<166~||19^{)%9Y#G^3F*Jn|8r_e z-t*q^UQvPbxtDSDJI1>puFv;fQBG&-yjS3Ji=bHpq4T)!vYiC~JQ-Sn;}kdv{AEdK zz1Pr^)c04xSGi9oF#pU5rZZ0DT>(z|8hViPv$qe7K$*=2z#Dp0OPK0!x5* zGA`xid!NrZ&x32j?=;uP=?3s0%lA`OZg3ag*SZx4e^Us0JtOj$Vw`nR^Yn$?pSqXp zXg$x7*Y{!HUlsWaasGQ{1COLW<~~i^5B`hTu6W)b{v3z&hUA%V!Fwk{Umt@`=DOU; zc$a%N($7|drab}umHnw)20S4U?RmZxoQ~(-OWxb=`N6*RHtg>i59dxqdd?R}pL7L! zaV`B4puaPo1@YYLISc7$+1}GEztJ0{$8ufzZvwyM`8<3+xHtD{vt+3MTlVuhwJp!1 zGQ78!<@s=S9`cXiehohap3L*&Hb1A@{0!;QP^?ZWyy+b3U zpX!7ByYqsN`a>VKg{J-l_ItdS4rKh!{Uz+}IX}Doz#|4iqqu&4;d9AQ?%Pk>!Jd`( zhLhZ<9mk=banu4m;Ma)yOJ{JOE>Qb>XjiVkH+)Vg+85>cPz!KASCoK%Rn}jU{Yu69 z>aagw@jXQ~_TyDkl=oM5Mao2J_dN5;|2%y)7a(znrmn`(2PT8CkOUkAFP zA?m3a242p3d#wYPodbQx^;?*6cP-=9ZN{@?%y)b+%3HyF7a0d8u)HnYznSvDuUL7M zpS~QlH2q#ggS#?rR^)q{IeU;kr5Uso@6A8b|NiGl?_U`j!}&>l1YC~VCKSAu=Vn>% zx4~?8cIqDL8wkZ&;k2XP)6aGY-Egx|GKp&Mqx zKM&LQ*F*ZayGWn!3%duAqM<;0Q_FFy-UAAdKKOezTtju#B*lk1lVtJ|C|i~zhYci!*S?y1?lZLzdaat zt8o0ba~^y0{_Dqa`i*huJLYQ`h;sIPgLXFM{`bxTUUv=lH9X%w{R8|7<5DXJelu4g z{ZKEcZzX7Ho`0(?_~l%U^mMhrUF(5+T!IFKB0UY~CtDqG8@^|%Sr%MpH2kMA{T$;& z2Hqdr)rH?*To08P7jEZ5zJvRqnV8j=`In~zx2p|K z;Chebevjw9=DqtI8w0UN#$NQ)!|pMILfaa1`S+;^p(69w%!T;@(wgV z`#btJINyC}`HRqwY)|73D9@MuxOf`&QZA&=XFJmNMtYZKNT1#h`~&y#V%~cvGw!6H z0(-u;(B9NjjMoz?qMTo2VK2^cAGsEsmir<{H*nXc&|O>yr}u($hC?e1M|tl)gAQVx zt3qwn5`Kqy-yL2TT!;6lZMnfotgqMt@D)DCU1dDG!Fx;xw!3I3{5DKLy~p^zVnls# z68A&0S@2uV`i4?Bbwv8y@$g^H`^0qWJdXD>`VHi|?jH#MS$&Xy2KQSK%jtHK?P56{ zOM?&a{&V&haG3%qr}tv;6zX`|QznN!vKs77xNh^k0Y?pmKKYJZAL_?_)npoYEZbLx zep`9o7O+u%^bq)U{1*CCf27yqeJA-Kq<_kL^?UlS;yMV*4|{UP!xdk!9PY<+toIe; z&>xRsKgIGEu>A4V-7LTQGx$BY3|+C$w!R=v~gk+N$8G zTu1d;&tASSzW)`<%S6A>Aow@t`;+fkepB94iUz};j{BhzdB!@VXW+duisw+4#z}`9{A*d3Cs6(=*;K z=W~q@+dY#0*E#;Z_+IAkyU4$k@mc@7qWW{r1@uoJ3HGIbBc?lyr@wQ)Q*eFXVEnE% z4&{DL%@xXazeoC?r=a;yK;Q6ww0k)?c@g+$<~dM{_nD{M7vvNI6E)7m-0zJj@f{ueL@jf)F7~0j6?aNJFUIOWzIFGyNH=Oa( zhjF3C0hHHxH2jZ#2`=6UJb?F++I-H5V_ZC12KJY^p@Vpi#`%Cp978!_JV##DM*2z4 zV+70FIu_|GLg0Uj_r9Lo=Z&fR*q?azBRntsmr`@(2QT2cw)`Ntb7$xXj$>-xpYHSi zUx)F0Cgazxrtsf>8v2m^X~K0dknalya=c>M&k9UW&v^6`=i#w8`Zr}d%5!ntCbRyx zMPctitwZgY5$UVg->uz|e^))|k|5}mEbzOY4?Oe&v_IFsi|c6iXGo7}50!r=&Ft&k z9KUCL4!e{E>D#IO$AI5Ff!cpU`y@lXW7)6G>yh4_asL~C@cCiz>&oZRetaG-$9qej z9SB~4U`rt^$(=0EM|5O8{XS)n8MV&Ace1h}dgYAAd0RH)S zFG*Yhze-(@9>94!=e`f_gFS8(^lQ%B!N0({b3$9Po=2Rg3*4vkGO=97)t4-HOc2r^ zbN@Hvey#Q`%4^DaaE9~n7wb9A=cKvZ=MQ*({xTBz_KbkOSPe}*81>BKx$_J6>1%4H zL-0FKp7a8K`HF2&zu-6XI&|zc=;M1( z=PI-s_gy*i*5=6n;7jN$)_;imz98daHjc;bT`1>g?lb*MSi1f{vqSZ7>1nQX0)7`b z&t18H(oy^T4ErD-_^T1%rL6x;-e=zSMtaVyP{)RU&?4~f8=x=VLi4cYt>DGgQO<=3a5U#{1^3?;ra$C77G^x2#s1Ywjr@hag>Iz& zRRZPpWP6+Eg}njo{)}(USx!V|wuASASJaza2L*U92;lj-k#V^%`}dsteJXV?>wnAn zX~K1#o^fnMCDhkA58Anr`MzU2&oj;(X8c%1^}PlEH#ec<7$?7>{=xTqDX9lJZ$)yU zzI+_t^%;e=;59GQV!Sx(PT}C}z6@J@$qdoVkfp;=KMzVh! z*#0Az~2&1&kNXxb9MNeR{{EyynZGWw>5HFNJbe7D4)A&f5~sTgA4p_v3iSQqTVY z|HE9rW5$9v@;zW2*MIyYr0aiyR>z%HBo*gX%LrFJrq}@SfX^X3by;pnc&Sle--;x>=&eG z`x^O^s54@b9z+fahW+9Sq_@uooy~Ep!FVu$`(bYc{O2%^b>O^DW&U#9zpKdsj1!Ic z9M*~V^8jk6C#bL1bm(uVpd);tm$@HOeFdJy@gB?hZ0nxip=g)G`*j%4-)@{Y-w5Pi z&v`oRUZ-5&SDPUJ4(h-S@V~@;m~JBMc`8Bs)r5T#=OKjr!(gP(@Q2?v=HJKj;hQtC z*J8Vy@ErbSCDIc&L;tP_t$!XGME}qsDEC$~=oz+u6zAz2-=d7ptY^1-ZU+SO07N1|{vb^!EXA|4`g7ZFre2uz-<1v)uc9iMo zIDca}ZqIt6o;1CnljlHf#*?BY!M@zDug73Ke8)l;?1ud|bqDoZ_9Kb?8_ji4g5#eu z8u@bZeq5UE@@Kylup0L6L!tHsXjETl*WA#W)CY_Ye=y$s zNX-!mzbo$XszM0QEUycNKm`F_~FCqa)e-p2PpId6Hsyj}&nAJ^gIf#B`b)6`775C3=__UUYY z6ze%N3gu?Z0e!{&-TWN4bJ% zW&W#NfAu-;IoSSP-1prXx9k3h^8KijER^${=XQR^nFa%qUUE46YqGwT+(&tTMS3sJ ztM^6lNUrB-j_&}*rxMgA)VjPUH5rL|;(0%hW4YB>?h%gL2G0Kw_P-nB%rx?>;;27U zKa|&=`)4fI&y_An-$m`&8GMcLYaHWT?uIDmCC`D;EN2_zpWg-8Pw;(7x!d4lyk}1y z1KvIX+L7!1+w9;rLC|&V_cq3X&$~Mu zk5i2Q5z}Bl%KAz%eKgl;(o@(ou-@Km?{_SJ+hW)^a-N2*1kd6+S;+g}5ysaST*qbe9mHTavjrRV@bAK)CFGEgW4ECw@knij^=#9zH z_2ZypyFxc~g@0}Czq3P-KC~NjF3-jCg~5a3puQZx6pW|$8Ha`pM|lNDK>K_N-Ou~b zJ>CNfaa;n~&%*I2_e@RbQ=SL8H-m@sUeJu%g6ni+CD`AThc0Y_`j&Y^&oVu}BkYfU zhUQ{>U-G_Kb0^X-_C>zY9Jj{hkY1JNOeo8}_y*}a=)dUjN zZf!^U`@GPO?EkfwV29=1I{!G<5*gry}yLBcG=x zF<&c|_d`DTjiLHcn^3pTg1zW@Xg&+$HM0z~MhMb>t_(d}7W&&W=$ppyiwy-=?*t92 zhxB9J!F{+7n*|_!KF_})*bfXhjzpjLH>D((B_P5FC$>@F%9Y0g265M z{;BHsNFU4d`X};d)GRgOf42bquCjcef?zMQYY%u9=c7U<B)bCuKpb9z|ws=@o7wJ+24zE4F_y_s3xNuPgi8m;Fg# zJ98C6zV9wVM{_=>GygiC-_yAMQV)aQo}thpEZ2+U_Z{oMOP<2}%dOY&_j&`}NBdu# zm(y%#2+Nzqb~a_a_>1kG#&#CtI5y3Q^2#lP?q_d zKRfqj1m~wF+dqKZp8fyrDDrP*c|++}ZynMb{t4a3{;g(z%5mJ@HHCd@UFfv(XlGsC zr|-~je0SLMb%u`a1TD#UJB9J#5XYzR4cN1AUw@Yo<@U0miuNkx^V~-nw;*5BzVJJ6 z1bl@4MaP0?UWMLa`rjMDJvTvHGhZY%c`(vLI8O6;URJw~^u)H%cs}2EOM&_etw(x3 z#+?Nm?@N3xc|RBStNo!jxK19e1s6}N!yZw`Pknk5dVRa4syddM_}WspInT~demzuPTkNxkm+kzan} zc(LS{dZMMg*9?*yW5_X!<(E4p-4?&^q+RRJpj|n) zN*{$+vK>`kSZb1R&f}Jf75~$sMWsEz?2UANWT`~aYGz)f4KtB{$PBH1>f5=N`c=w5 zYUZK&_=OAg@5Pi-qgPn!u(T_Q8bv)vJwlym6!Z5YrKM(_mR~>?ov;%13_PUUX{q4( zx?D>Qoda!6Z6fI>qjf79`eW!!XohVQb}HECyvj9X_}AHgyY zcg0U#kiLq>M@qe-`)^3v1mT@}JmeRt?_ynUl6gul>HcQj%6i!-Z5F;nJ(OUntin|v z%X$_aLM^z)Qu&38Y(f6dq`gHZ_^BG4=PJ@q-7k0j&F<;?{8aS?SXW1OU|zo4Z>i5E z-^k0Bsx5j@)=Oj2U#?oJwP@F9j8iL_r_NH}SKJrh&$d)g;Wkp9UbhQm{Wg+*!j9kb z2~XB)eA*xMc(fY-sjR!ZGH+L8f9Q7V@zU#C_eBlzF>9NS4VEW~!l-Lt8HywXa>eK53^;)V6k;UKgSI_l-2Km$)-a+LO4^Qu9R*n{oA1PiCV2Z%?6LUp|4pkosnOrBksi`2Uk|FpfF%)i!JO#h5rggn{! zl~V~){;vV$R4Z!pU9z|3p}o3Mi4W4hD>?ksE1ACqIV@F2`laLTHQ6_M-zHJL=UZx* zwD)7KAoh-_-02bnWS_ruER|}W!~*$H{Z1yOk|tzQZ*3)U-AC<{^&g(hN8LPXsZpZ4 zF3SAL{5DOY)UZq)n!xNAm=lG}`5--<_4wCt7E~@=?dTUunFP(qpNw3Q@GB3}z zLi5TzXik_49rz2h4)vl@X|J?X|CYxH(K8h-3GTS?Zyr*D>>JsbSCcdb3p0LQ6f9^wp7w3yox6UQ2uQ`hG9zab{o1 zyqk7np1cAxsh*Bf$wccWhi*v=-TNu@LI!AmxgTmjN9H$^=ntZKL=T7-7nSI!DvDlq zDfNYDYDs7+8k|h2_M)AnT+RKZ-1dP!s)d|8y+uD>9~f63^_7hCuK}3WJU7yd1>695CKWU#HC#)xn<;i(1`$5n11+!0OeVY05Q7)sFDx6-4{om`?>+O~v zuQc-e@qs8;$NO~BZmqFWpN=atWjwZ(uvD0oGerCbOZv2Ya?g|L6XWm;PY<{8Tc@H%109J}RTElQgpad>&iskY1-}EOkuu%5_Vf6=gj7VEtbDH@n<9 zWgKn>$~fuuDyr9!9ydMS4|Ta8#mA4^u}Io8OWNm-6S_S8wG*|vyq~H#OV5j?PMP!%_gB-PR^z{yb4}|inNO_+C0=TMFXw{RDB8Ok z`@fI-aB1&rk8!Rb`#PbpvFE?IPs6ak4kn<--|3|%Y3zy{@!1r z_227puN$3T-5ln&-O7DN_T91! zmf9}bUFs_(etkG^1Ern2Wxj`sUY2>&n$An9F!5_I?VKgLe~YD-O8M^b#kl%$ow@g8 zDHU@-pI@caa-;wFqaSWRKhBGvDzG2>IEU<)AEf-puW_$V^AP<>u?+M2+Vrc8y0%d7 z?=s47yW9_CU!Wb9IxhP{&v(z&df&<(6xN#al01K~pNYDEvc7+naXx@`VdkZ?v4C-LqGMm?31j%ek#Ajy^6BV+~?O+eSUdie(F!mq^f?R@2%kU5;s%HeoroX zM(!`8ie*yYN&GEI`($AqH$T4T>h+_~xjr82NAGhT_ucmhJY_d5Fb^?-BIz5aX@ z&O5}5|5nbleE*!U13x-%-TbGFdvizLH<!g#>-}t4)|KaTM&|2sH=gLD zo*dQt&_^x5XsOACr3{Jd`rfAJVXvtBK8HB}@AII`IiCH)a`gL%|JQQd^ZDWt;`k~# z=k)uNG;(kJRn&7m=;tEO_~5yo-1*U7iRGsyu9mb^54rCSE$OE+OI+3K-hYv_Tlncs zdA<_6+poWzA1_kkIWT=GKXp^@zfvF8H&Vt;$Dcsim%5(RWk0m*_GtUuoUrRSr|-ct zOZ~TV9{!?zPEN`0Vhw((-)98DX7wVC5Hose}-*fDfIFqxq{7$2cqt;Fmk8+mwQ!#V2qP{kH zGN~V>zUq18zLFqksOV1;2X)-KyI9^6=0!h?%5&}r+AGMtrc!PnHCOsQL+qN{3;W9Y z)9g78xuiTjt~!6$V|t$4``=PCq}^vr%chg{5|J0}|65p(`?P#$-_n1L2kw2N_&ojt z_hW+C^?ufI4C97;8<_7pgRU-Uag16cqX!*!&07vzkkKi z6T*5QpP~I4Ie9ie6)EvY-}5fY{YL9G-fs#m!2JYvd6qNjXzwkSb63_A#t+YX|J*Av zjwge#-X2MNJ;&Mo9^$tm7{@=$U>yGz)z5Kyz3X`>Q`9~FK5FWIyr^casxa<92v?*Be6|IPn@9Uss97=QG`3I5;u@p0U8kI%>D zRw#;cU&^@tFXQeWA6GE;iF=zMm^FC8azT=+PC>Gx6kJ=DkR-+gZDIPjnH zy{hz|Lh+3x{~Hwof%2lVz2Z*F$bm`oHliF4wu2a!VKc zDr1jRe{YgE0Ksxqrd@O2V7W?@7c7@gEQ3?3vVJ-xPCdD9ses^A8ccbbqk_|_cE%oP z+CMWmgX#u$sHGZwv>zT1$U4JGpg>(LP_5L#6RxZ}pkV zVi@h)5}Z?&^57l8xl~26Zf{bspVEI7=Pqw%aBkHA%>L$4Uwh;~7@S9S_Q-!MIIrqW z*8M#loKKA=>;9e&E}%jUqraDf3#r+L-Tf`B63OUq5p~(Hd;Jtqw>{Wb6;b-va%6p} z$x-rl$S$h#dhp52Mb$R)A2;>tE2iq@)&2qM{6l$?@h+y88%Fuws<=7{R$t3_B-ka? z^n9j#GymSIg!&cC`bw%ZpD0n~U##={gjD+%BY!OwiuRcP zd>ZnFItF&-ovzpOm+BI^jlBKSY!}c)1gi_1<=Y6kzEtVR-K4)KGuKr)!KS?Tc0JV^ z>`FdO=Wn2TlIxrD8z}v+*y-|GNq)y}prSoEm(xJ`7J~hWtnb09p(^UZS)7JyzTv&9 z^;S#m^l7A?8+ONoM#?U1@|*U^dqI^EZ1&4w;oRiTQogs#s(WvEKYuD7l)fCwZ1qSIDQ$dhu8O^6h3bzGl7n ztFOtMPReb_%U|hlKkM}xzQ|GqL;Te+*x5gSH3sauBm1kTlpjj&a8Jhve|3h8`Sn)? zi<$adr{wKZg6*#s8xC@P`#?USm;B2NCnhT;<>~yZ;IF*bq5V(E_00JBtF*;Ud8&?Z z0lTT%Nxr)mm*OpAh!8zE<1F@22VU+Nzy~15^PS z@6Wv3surbm{Q>Hltao|NR0Yiz3{bnTgXbGgO1AcyJl%w}SIZ1vwW>(`s3@FZIMEtP zzVf*)FGiJ<^P#%f3han-|)d+I%8MJ3Sd5*BJ_=g!z zOxE*}d}@`Uhl(aYmA4u_RSz|veDo=gf_hJ%#mUqgnfzYWKz4${A)A;VN?RqY?6Lbu5$ z!1i$U(r|#f^jMcSLKQVfN`PAZMD}aQ2o*$5wpQCms)E&Ze({(2yBRW4JtPOqdcGVo zMkUsOUHAV<$XHdQCU}I*=jD*`YCbu;tk<_80V-`R*hg=+RI<>CDwNzq)=&D-P!&nO zCHa$uhN;Le;GbLKRo2i*<*EZ7ChISE=pgZqXoQ)3Kczdp;mLdB5vehm&?sg`>1 zv%IU+R=-nbp&Yyh$a53Ql`8KJ7#y?SE|7}%$$=H8emHyXT z^!hj>-||SXx2jOX?)&CebrS3<{y?9%KdTGycU2emRzIshU{^1tzjH&ksiz*iDs;Q* z*G!imZ0y@Zcc{^Z-SKCaiZtwwKf6?XbL}6a!jI|wy<1gip*cYLuGanEqppx!$a!@r zbdM_D682HTXF?NIFT?KnPg2tjPgVN9ax*kZt@hvtp?lRX@{z;x>3Qfrb;iSPhyAKt zt#tWQ)pQxp6k!Kcb8?c*U$(GADuCQm?oWloj;b*7Q~9*9Y}j!%+k>lyoltAZ%YTz^ z=7pV7n+?aPGg98yVW(Aw*1EnpwNU=Qci4GV$M94YEBA}9&BEqhzD_?7SfLbf_H7)E9<=+-OXNr7#EbNxLVtA^W z{j+>>6n0zXlD}%v{nxxc>`%3(y=Ls6U14|C3ByThne5MjS?;N;KRBx$2JUpM3nCiz^@ zJBO_I1iSpd8290SajN=qo}CN-hX=@f^;G|2@8Oa1Ez5uG-q9~*eR^;W!xjEjewlb} zulO$>Ia6~bE467K#w)F=Y-I-X`L>Fc6Re(^@vUO{8NO-h=YxIus#yA0hvfT5)-A(T zt(NrH@$G(iHLDGIh>VZi2(0yBo_E!(ZHD92203q^ihs7Ay1Y0w@q&EQC8CB^)NqXI zBF`VGBWhYBdTD!%x-IKHV?-@0l)O#K&lXYJx=B7N`SZw6G`}Q|+9cm#iTKj0(i{1^ zy|7gIi2Bxi!&smBGd8kH_0jfV_TS&CLawq?&zHY-!SK~&>CF82TQ|t%%>4LUw+zR* z)<`_59^r32AurPFHJ88T)mN7v=qfv1&!@kYK>l6w*Af5C<=z@!&3c)Gmsk!kBDe)<;mODS}G`_ zg;kT>>YD6#;rirUN8~RTgxizz$$0AgYsu%Nys2WpLViw8HvsKMnPfM%QKwV$38nIWue`#s$CI2D& z?PTUw)p2t>2w6hY2==%0J#TV=N*3mjl?kHR+cSq|yxvQ+V7umkC?ivnM z6NLw6>1=Hts`Ce$=c$2Nx>)mvfiFvYEY;O|Ivl)0_M_&VBfwR6%WW;9tK~HkJV|(4 zL^mtQ@C3D5?r%vEJ*}OFV^p-Pzk|Z#zt{c&hA&6-wYrT4*B1Y05d*DFebt#PO2n-!5Gt)1g^{;O6e;Yc;o+E2#%8EG9LWBq(@ z9U^1>jI!>Kv3^EdKI2gy-j|HA(i(QZFBxNf5uoics;2CZ>LFvS`Q-BFB>qK?v)W96 zJzSozN=A;iiUxwS$bN1bIl;;m1kNV?=@}VlU6=?SEYF)0BZI6?!I}e9$IH^6$cfgO z5Y3oB@v!cC@JzAy3N>~Y;!}uqmt0fU|Ki9H>#5-Ym%s2z;kUFqGCw_4sFgAd`OoYG zXEq$@N+$P3ZO=>2Zr&$_T15>9xM~Qmiww0sr~PNSKMhx5Rt@q`vc5M*hFQJIdxZCg zg;^5}yWdZRTayh3s}zgm+t88W)^u`5IWK#vaBEw*X`dQQK5uxh)kWfQqWC|c-RGdC zev6E-UK)1aS0XG|gw7wR4oke>9~NO9B5#%bxj!t@suv0S2^pXLVUw)8<-^5#e z47=xdiZ$4S)2b=fC=WjO=~Qc?VcfT`eLCHW@~}UOoN28Bb3M$mE|9SvW?6U0nEzSU zb28$=EbEFzCu6>5TV)JmJYGi5w!S7~Jmy&K3@38D z=2;!c7@vh!AHzYauZ-XO$c2{vb!2@X36cA}_oRi^GV)?M4^mEAWSt?O-Ky$UQv)z($=IoXeOCaty7 z#iIPI!YwAPv+|Lfossi@(vMap@>;3?+ez!KzT`;Zv6D7gg1`GaM{q zDbLrFlB{qKelTgTHIKaKuzvrz-&*OxuO|I!ZSY{%xBn*pM2c%nyULBsCrBM8#no+b&oto;(6%gQE*me7&CjV}g zCFA~Z*4kw_$-?vO1-W-?|0D~~vzM%AWIWGaw!Egpj^|-Hrwk`r)8u((pd1SAXJ~tn zYH#B0b<1}q80Y78tD4~$<@H2=etg4fZ#Y2d{x6t(!;1FcjgxO%+sGT_K6Om~WXyk- zE-y~?v*nbWe9!7)c&bVz_1&3#-x@?dnk0XvG5LYDjjZGCyU7o&&t~iV?)&*8tBB!X zm%fiX_A{#jSn2y+F6WsQPS*FoEY5Q)fvoR)-d-=PlZFG8zAp_{FRj;x_t?0Py|ldM z==%29xR1TG(vfi=du8P{9H&Y-a!O`=V+{nmB2UP9k?XA$Z`i#*-df8H%lo?1a-U26 z*4kqDs&)UA{H3XSYwacD{_xg1Nq;^5-qu^oHCML>_ZM&LomGXb?;{25_ttd7fvWpa zUB0qc8IDm4!M+n#3F9q+yDC5ETEX3O(kg-^WfRfhMfF2c#9 zyzIY_pU?N7*e^Wt`>IcD-}$=y0P{STKFVcRFdXbUc1Ye2M zJ}RA^%rN@bIO#;$R#rO^c7C3j z%|7YDCo^ZWD=gCa6RlCkKf9e_vE~@{{V`cznSJeQh6B`a*>5j0=dcGE4m9^uZ!5Q5 zV~O?;H1p$a<*{#(^?Wu@lh<}Fg&m*g<+VE*o?ym%XjEQ%is4|s56y2cH$2t6zZxBt z-`2VH`-Z|Yeqm9CKH!;AMeLWxf3Ky_)Ados?bOS(zx)1D+|FUxeP1YU7bCBb`;0_D zyQJY5^@*HkTcb+Y?G2;9yP`_k!^!U@9{(0q+Ft9y=cCHlw+y@27%RLxqr~*#ktz8lE3Emscsh{_Y}?|_EO|s zGc9$`r-ogZyih)W(cFRjOzy9mhmecN{?HsoPA=oEc^)~I`8SXkGyg$ywx8jDm7Gl8 z=j;40$nh*M)he_G*ky;?J;^y_zia-Myv^iqZpV>rv3skQ_FVD=8Lx3! zTiGkYe4p0F{?V}e{ApwFG(1&Rll5ICx{aM-t!^*4adca|H#yUOxj#mCu;+X5@aS*s zGi2*X8xLi>}jlaA0&_d%WSP>irf= zEsP#uUm&-W^}Zr{pk44s?LSp%-Vpt*J%s$^u>4hb^bmWz2VaaHWd*S-xK<{aqR}#r|wF_}xf}uQAi@eB?trWqswCZkIGHpVyf2nPEqJa8k@H`!;#f zaZCLkGuLjhMVIGZAM@?mh7o^N?)ml;unXUZS!k=R+CR{B?+;5ok6CED3ifwOdn@_jCb?gvTWX&o>-RAQ?B(`D@=E#qB+go4C;Y7I z3s&En{jkE`PS*FQtDmi~lMG+A0_FasVprJ5$+$nQw67QrRNG~}_f#wGFShCO;?zUg zPw8S;+FyF`*WN$a^$feupVhYiN8IKk?gV!2lK%8mtLJPgb@p!`l>^6<|dyUu>}k~oyO7&%+P~2*;Zd)hdq7h0eih+_x_64Ll4;0Skl3Z5qS3^P$+XWJJee!v>ncu^9NwAs!39*OmLx$a-A04+<68tku z{+QU~wu`(IxSoqkYG1{jYB7`q94Qc4ad5+X=fi*(K#K zj6GpDBsY-wvNGg^-JHBq)<;iu!tPIgBUTSq94F^%y^O!xvkk|n*Ankj*{AIc z`?Y_7dihj8|DCae$olifwXtXHPQPlqJ3gGVhZ+uW-IC|4p6Z;v!0=v$=Yezfax$Jb zFW4y#==|>WdCAUVI8dEjEbq5sFWC*rkL3NbykW9O8xBy1aDhke4ZyZk?F z{cD>#|5ityYGVJe{~-G(*L>4{K;E5J^DX-o`N*f5Z`;lxt^M##~jPDP;up`0A=Krbp+Y39Mc6^`Ug*}UQd>`S3 zy_oid-{t*q>`VI=8TXG@_Cqqxqt|xclb-E+ZI?ETcv&;q8@rZa#AB~~Z|$}o_CUY4 z_5|4ZdGvdGj$!wHd~a_dV?QeA6#UJ8Oq7oVsqx^iE0gAF@8{ za8Y4m+9w^M~&M#ekVJCE~)hkxa`yiNnrI*fX#WaF0!N(4`z9#oN3ID@7I)aR+7>F($04H zv%E6S4#V#8FXQ|UyD8sSm2oc9U%&ru9aq-5`+>cz^9;=TKX+alcK7FVr_puK{*-g( z8g}=myfYtc>KmA)ytAHmU0;W|3eK(%>=m3-VAfaBxj}z?zo??)bp!RG{}r7!hA}^n zlUH*3fzA9xm#XZH{J>ttnFMC}Rh`-N*X0kEf4_5^VR!$kI%)sV^~I?)5-+;ORdZSx zj!|3WzTLyA?yMpYk^Q7O`lj}Gk9T!vsbTkeukNfd9H{Qe`j+>F&Tk*tPtkr>;?K8n z)t&p~)N-K8ztQG+-O}Z|<3~-W-W@QWXKFfa$T(kWIjjEiwAXUB8Af~=8CToMa97&{ zUGwCAIU%l&lb?)uP{%25I9TEP_jR1ghTZ+EG&hR3h-9){ggUR=si=u zYHca`JgKg;$S}quB(9#b*@HjLRo~eUcI`FKhYg&ghNrsp-@i?cYv7zC>%V`S9M{OX zY1kbfn>a5GyZ`>JiIeNTt{;CNH$Cnvr-fnn^O3(3YS`T$e<$9sd%pag*@oqL&qv>H z{GCYY#&77=;168c}uZnBt_>n)6`QH%N+$r#Ze+#Ds z?Fn*U+7{QssqJBx_j^t!!&fcbS6VsK$+)kya@su7?Fmq8(&+Wl$_X%hHCZ;fzs!zp z<;Yi9<-e=^K4dE=ns(e@q&(X5%l&0fTx;h%8TXeq&UM4+pSSwjc}qLm)7DXsQ9jz! z)*1W6aI%h4|4yH_PB57Dw{<4bj{4g=(`oM~^&gIF=bR^_{`Ssw!&txj!#X(c3@5tq z_f;Jo>#43UP`%wMpKr%?bdniPRQm6kPRDg}%9HiqGlfp>;Gw^V zb3ZfXnf1LZtgG{d2OkOR=JWx(a+>GW9?nq1?#~~3I0~9 zJ~wWJW4+Ps32-Hs`0N!w!bxs8*!7J(??y+Abkfs4P&h^WNGH2tv^RbH_f7@F?)Hvy z4jFcj|0w5-VfXlta;_l1IxF!lYy2qZHu<(Z&t#1s?K~uR@lvXA{21pY*cB-Evz}_K zli_dO-Z+KtYm9aDuWD(=_d&)vq3^)>K1hJG{5=@o=LmBAWtD1we4iuO=|{%*Il`Qh z7VN>7<^5`WxRcTbHIP3_yRdE@tk` z{W*TAbJsAQr+$rJ=@d++^TU2bIMlHF{mdHYcf;=c+8XBy8TXI1&RzKPzLnsVO@a1k z``Xw9XJ|^z?)CGdGv6@kyBPnY6P-%i-Ro_=^OIqGp1D74y>r-bplgl9tDb6ubC&GC zN5|6*&P~JkdxTr@8=RLO{3L#pQ#ZBgpZal|=#;Ha2l76{KRbQNeJ<$tiQAk}PAu(9Og!7}Y%}bRN86oV>9xN*er|WZGmP<$_5Q_) zH0=I+f*sB!`19`xb~t~*&c8R@;XEYcJlo+6{#2KL)56~$?{FdwyZgJtnQqwK-W|?- z!+~n7bkv{R34gxeq4TyPPWI z`swxkYL^pa*qwj36G?k>$sdztw=)lH;``w&dz@{C-Q$tuq|a>H!|_ORavFB8&m<== z8RL=U#FH@|NzNL>81KVblAK=*aerv1OH>rArE_4)Cnh7R$U(Q&x|_d3?<|H3}>7jhSA=kQD>Z! z9{yob=bVDsJo8_0Mw5~Mva`={qQdtbE<2|UyUV-m-1W#G7IoFBk=?Vr>rOlw<=u2H z8%F*tQ*JuX4F|ijZPxqmj-z~a{$N)DVPD~XhGl&nx76dPKb;uZ&G^Z`Tj2^lP_ld?A~9GoKVB=_5H|+ zhQI16@gmmyku&cD|HsY`ANW6Z*3&S|hTf96CR zcGv&hnQhoz|8r+C{V$mEo;&LeyZ84CXJ;;5o;x1BaE_Ao{?Y&b?Ume~_Lt6m!zjOU z+$$$p9&N{Ym1oKu#}{nor*hmIr#zU?vu~X*47;CS-#SCdct7yYSp?Fe>GQD z^1v*~z50+xOEX?%OW`$~tY7=R$d<}$B6+sh3r$JmHJ!Y|%y&Ako#c(5%D*~1CB4@@ z@)5buRhp8)>y2S|e=>P}lF!T!_gf|}d8canpIV;xV!bnYl{4)2&+PSon0p_%I_LlY z|GKX8x~}v8bk6CVI_GpwHQJUrn?|Eerg6{+jWZgdk*yJCLL+1gjnF1ELI@#*(1y4|`z&-3-~dj0=*uJd{wF~NO2Iaav$ zq5d8oh$r-Rva#{gPYNfv_mg7belfy7Jm4o+OmLq-uAksOfm93kPhq@0Jdi->ZAfF` zhscpk*Yh((a+tnWdWx+lLgc~;_DSS2VLuh)&o7oFa^D2|Wb(*3`-^ElwwIY?gz0*EW)af?EWIKHN z($93gex#G;wDIMePTGae%Xbd(9XQ^84w=SuUVl~TV3H;5`F_M9q*UnCKYkxcq6bm` z`u@lvI_>nbUpqj zkX20A<9`CVg6V6e0L#x4$PGeYj{bFndLpTr;6IntPw<~h8io5Po3G@O=O(ycM7B(D zzldxV?pI=b+n_EY9|?UHd;Uq}s|o&3CO=Q`e=^xE+|&5(4xCI#CQYxNzQx4JbUl5G ziI3?#eTN4YlT@bb_3czrI>G&^q@3w`eL9tt%paehr;;^H*PoY1ZehCqygX9N^tBRR zw?q2!Nb3amOGw8A_e)5ZaDOkxr^|0&LV6~+KaKQFaDN&Z5boEr`Ppg2emIREuisbS zemcqIy6FSd-`1)#Nkr&Re!}$}p}+nU-CsD9M92B>Tz4ipPuN?~zpT6cEV4@IvCwaY zex=ZP_yuIG&^P=@!z&;+3H>4Hs#HK~n6Bs7Qc}-!J-?QcM($qvik1IT^1RTOp?+^r z&n6uc{GUU*C-^^yY!~hakP92sbI3PBzYO!64Qe479_L<_&Lz$)UY@)^T}HBn&im74 zq-+7T*Zb3Dgx)rY@m=(%%Sb)fMSr@CJRknIPnfRf&v~Su>1(BD(7u|L^T_lFbw6gG#&m9PfPD$m_4<2089ruw_~#Rn z&2|3#Vp4J3c>7|qf$4gAT|n+-y8gTi$iqxuD^;NV-f{Z{bH~SLCCL*ykMG4KJ38L}VsZ-8_4uwLXER-o?<#U0)7MJb zs9$&7zKX1wU|&M2gguXM33+dl{q}M82Bm}q7xU-y_*_axmyD0krNnmHc>Bx9;F;s? zFC%|2U61eOL_3Sx>+!vuIGC>I@8x9L1pCz_P1y7Jt|pgEvM(EFZ%|f~cBbq3dj&}^ z93P)6NJQv7Jy(*pqVe`uk}jch`!X_m-gx^mVmqJf-2N&uSUleTDl#f`Zhtiyxp2Jw z)x>nsc>mWB)5YWMuOU96bN}TeddYbEa#ARCZhtLlxOBYzwWLMp+gyf3l3=yI<<>WF~QY!z6t!zT2h#I$!$l{wIg` zKk1XhpR7-Q9=$1&KA)aUOl4OymkIq`Ucu5WOGmK$QKXw5;O6w^0h%s)^8ocXQ8%!g z3ut+8e{jP7@V&?YcmMx(c=W_}r&D1!ia4D-J-Vdvqc>;j_T$s5r<>+0bzgw=Q+Jc| zWqiIX2v2uU{p&gn_m!8au1u;2igZ*BPq!Y^<01McuAjs((MzU zM{jPU{l!UlP)XPgZ}ho5KlJn~?1ne$?sU=asHEjjZ~CC_@9g1nygfD7^>xgjA{`<6 zoAL3Y`SsKD+`nEQX#Jq(RR6bf*UfcFpEtg~P@Ue`K*Q173%wD7nm3E`*82@^KG~fj zE&q(VH|+JV_bcP;D-Dm{0HW8^|EBBpQhy%38H&2Q@jWi-4Qo`VHwRKlbs8SMfsN{V zJ*GFEjem||57+4pX|!HF$Rybt-#Z?m{uOpp4Go9hz&7@$>nQJ6c{ub&8|qGF?M7iY zuhI0=aB2O}^YP#8HO%p;f4#q;H-fTq6!q@t7y(PxM#MijF-v8^m zlhr4*dlo*AKYcE*kILThfZi}n&AC*h>kyC0{T9u)e^~hu=>^gLKVbQ!NN<12{ZG^p zB>rfGprgkIRL-eKG%_ z{aM!I6Vp%aX}(Z%YOlwer$b}$A0My9k4^O7FZyr2KBchsh;ti%pzajueD*wp78t$`V9=iJrp04?|H|O>gsf^Zs+J-_v!yzbV_wpZhG!PpmUoJC!BfT-Wt+Nw3dbD$<3bKj7n& z!fv9b>7w~Zr5=w%`nWzhTwS01{M{YgJ(r5qIx=2I{!Fsh>znTWH?%|ApByau*~#vY zZyz6?BCTch$*gLAnMouse66? zrpt-XF-X5P@cf)Ou8y_$iRSt^t4luK(sb$dQ1T>{`|oVL zHb`IX;_(e(UPt49x`@B-UzZd6U%baE>Id(S$Kub|MPs_rZPvENWh*o~M9_BHrCaIC-8{qy;>BG!YrF9q$7)_=Y} zG)Q4K@5Jx^I>)z*vGhzdA6x&?8;Zuqi{30x)0M==hcW+LAIs;7`8YXWaeg)%Pw>0< zUuk%XwEJfsF4bwgbzM(i_fBrk*CmF%^HQo)|J0twE6Dn1tUp;f8l=my_f6~Pawh-N z{vBb@-KqcL4(EA_aN};{&*3`GxfJH~24DJou48|ng{w%fi05X%N$nNs7Eunm-pl4k zhP~#zU5~AwChL>)N4Mwejj{C=pD*a^eSb~;tIUqth7qWdvj5BGl+4)w3Q)7L9h(s57U z7t+gHPZxKmNL6Cq_doTI^d?aHoXPI={iIo9pJ=jd7UlZCE8i0HL|xK#GJWo3|MPcq z^M8}Ne_nq4=1RS`{ioE|UpNP@k%p^CAB%aiUf#MsK7VPv=y){VJ>8e0?Lu#VpRjVr z+lFGkHF)(J1;8eP3+yKG|gVe4HLzpX>Je^K_}3>yq!2jqQ(3G#^W+ z?oPMY_n~?E6zQ*4o=GCtNKGVy;NtBD8FI>ld&4b*(?r!q;B9nE!U(xr=Uc8n2 zKSuP2yj@~FBg)}Gwr}u1*L!-S>A(Nsy?fDq_3u;kbn|lm&+idtsk>$>|6(GUOkbt#dq5$#W}r~fAP^|f9;ljW6So>|DGvUlHT zqCU2M*{rLvw-?ZPEyuQ9q^+X{Crie=fdf#5#iZ zlYCvr$6dM})Z6=Hdu~3qFRi!3iE?cG`bC7VuRrzmBbR)BNApeBC(oab!}mATUYC0L z>-Fq>G5^>P@5)kly1DL7uUFiiBAqSP4|+S%^@}hr(|kC*iOR8g-T3tq4S(YLhdz`3 zO*ZH2DjJ@?KK}o!zlrS~-?NE%hn{cx{*&H+@%gAC)(QVUPt)D&a(~ueDSP`ty}WdL zz1(!Ek4qEh@niG)iSCDN>*kZg({(+6bbYe>iS~ND#@d0NpOfXs zY+W#xAN+d~>>Oa;MEjR0TZiiV;@zSLpA6?g_UJrEp$+{k%Zm-WDbe)d}ip2Nr4SVyPU=wNrD`c&^2>hwPmyLwQ*e*R6nvg8U4Z|K z<^6ET_zd-R&wxA& zVV#Ar3h=oQcIV>m-gDvZTqyv#7}75L1+ga0+~vqqYRU+Nr)|0VMExcl~cJm-3t-+)x#0J9q;H{@bS zzkCz?+zMF@xgHX~0G97W*mok#T7142=Jz4>_rd*r(C>%d0KEZv1N2Am|2)iI!2c%r z+XR2Fg8#+xR=9l&cXhrE|8GNo8+sS=vI}u~M>dXU z4YO{- z({8zxBJmrr9#!}+Egw~=ez_E8zr0u@J+06aFssl$xVubY{-}Y5*C5R%RN|chVP7ch zFJ|UFQkl@JBz{u0OXcoo3%P(v73X?Tb09SdNVD@|={m%k#V>t(rN3c6UD>8qJ}gT|D*f!as?;ysFOumECM7W6iq+LBX}v;EM887W zNuI@Qq+ID0@$Hu`K)O`KgFknROmB*-Q?|(8WA^(1B)=(Yhk6fom0wgAvGT!LRq~hb z$kH2l{w(bFe5eeHbPqH6k1{Or8=r^8P0x$uyS~PX-7qZCo1J}-^aki;!zlYUBHchl zeHxX%!rMQG!JNKbcQPbhRV+2^P;)S=SO%SrTIU%S$^1s+Q4x+!__xVh@D{>t2#?;7 zzDnAu{*3av+wh%QiQV9b4O`WJkl#-kY;p*@T`h(s@;sCe?!J&$vgg@kep04~g|}HA zm7aSICq*GVeq;0~dt2pgLy+Z*LGiGgyI0|7uKdLQQIWnB5uX$hpA?zS7Df<%o-bjU zpWu%h*HA92q!gK-z!{deF@2Z%7xF7WA|jj|`R`Y8J~?!ru84?FuOy>fRMaOL-bDm= zY<`S4l}J?P^(HFwo1LTbL;bj+kmT<*e-ZVu4(|BP(NXyd)bsnG^L#B7&n*<`jLQ6m zSOWV@c9kOQJJ4~lF!0ZrF@y!^QgG7IbY^CLq}zP zV>E9ke%FLgUGAg5IOfM!jAF zcXzUM*RXcCTq=}#JBqR!;AE*-#HVI&J4``)#YKi1y}@9ES|ReKipkBgSzGuGX3{W! z4(+I0tr6yRd+oPi_AF~=Ef?-)Kwgb@b%e&l=~m6!?(-46Xnxa0c8%6i)F zr9I;0)hX&)tY&vSSS`1rpFP94TBg6OTV~v&9tL+y)Lvol*B%+d38gUKhW_nJ z$dAzuZ!mVTo2ni+_RD2VIfDw^GC(=dPKhTuylN4A}qgFNkojBJ6QjUc(VBZYMQJ3zFn3y^8!(>HYVfE z9)<2^hs{BzFEHDbckiGl2y%I<`8%}={oNAPrtp&nQ3Q>9ZD)KEV@@)yrZ;YM_A5X&yEuY^IKix>jleF?Goh6%a#=ypKt6ktVTV4%fiROZXvf@3R!r+ zSauqIfxW}Jnz>h{DPmqzEb?Otc?03?Z!J;YLVZ2VTE@(2J#9q$Ji$7JtVVs4;g8R+ zmdKx@|5}dwXL$ZZL_bwA!QYM6h?rMQA$LEBlX4Lbm7iHxFn7pdaxwa&U#)Y=W#~Wu zw60_EQ*29^y<%IT6rrE82;FJp{ogFxF0~8gJ`d)%VH{9w+tg2>A0^x!2YKc5_{D>5 zokq*IU8`c{wMMEDv#o%a_jg}lOk zzcv%?zrjmR*3MbgufEz-sGxb&rf#M89GPkyspH+Zwjb0(DtyvRVBi&5%F&j@op0FE;I0( z2wFt=ZA^BnZK52?n6Ba^Bbv{T8$0&;qxt`-twV&{CF0d1!tWLCwraG0JJsDK;;~Ep z6W=PVahC}9qx$$N+|QNgZIY#zV9&$v7vT@?b=l>&>Vbmxm3!zaACi?y!N+8;1?N{~l%Wo35BO zFUE_SSR3K>&?Cb2i16-b;{@K7WYQ_*C$U`rGIoc07y98}Vn>;Mw;B}vb&!bl8R7j# zknnafS9uuy_lM>b!f)VOB)8Vm{@G=q{rLuUKb9Yxo9~_OD_*-|CsGoP+-EJx`d$gU&bUO%QuLDNLW{CG0t?q;wI_ zbTS>|XSO$;@NqelnX7Up`3m)Kxs*wG|J9>#Jt*^=zaoT>dpU&86E=Bs2z`t0Z9@*> z>y{kC=L-?S$Hj;U->+?W1G7Z$Hmw}_@IGWc^zGiQWFE$?&mn3381P03?a$KD+^@rcb zRWS2UZDpd|7vQEYdSZH&$j2&?k1kQZyj{(TuOWP0S4a4|u7U8Ivl>`<*T**y`c_^8 zBz-GysiA?;xAK~y*KVNWTLYnQ=cOCgD+m0}*XuO@o`XGoORp`yNyN8-91nkQ!JO}Z zG>}_vr8fdM5PmZkpQpNgEy8^Zq4T~h=zLsl5zlWC&ubCkwGe)CR}0}McJcj!g}yyn z4f1=buZhrpV7k&m_z7NZBK$U%uB&}*grD5i!OStf#M)OW}1m*RtuZP*c z>ywQ%eNL&D(Ds6Lu&7u4B3!fjIOgFFf4?Y)t!gjom0dA2f7#wWq95O*&~}4yM6}C( z(N4Fj)ch%fi@8VpQR)1DzJG!8@o#v8)W2FzLA}ZK``P$>3SsI zgkIlH_Z{Y{FaCg=r~O=BBcv*EeZV`Hg@boRSb7e#4l}vgpHBF^bd;rQm!GJ1{KDT7 zAnJEdHYRKdHW5jy!{4MecsOVEiC+ng}<;$-^P3192Wl4)k?(ot3W!7?@y5Y z#2w!6m=pMZk~txh#czH>gvo-09F^e3Q%fL+`CA2@pEMLv`3XvyDnEHCqVf}zwki#% zA9V>)mCDBw@>#sDH0P`IZM*lO)3+GX4f!hlmFR9;zKCC;$oE2(ek*JUE|TAPiq7MT zRR?}qpB5-)&vyokReo|2k2g*bQ0ZH7{$QcXPY5cRkiQ263)wiZLEUM%0{uf#Fv98s z*4M(_CM^-|^@3oT&?`i_R87#I4c4d`$cMB*4U5OG(D{i-b?PasUh(}j65{oQ?iap> zem@x6qCEK}ZdQdkT^G#^c~rhXlur1%ra^rOCwZg=8d$h1LJcZEIVn^9@J+g|Xj19E z-_4;GmA>tFKO}wI5A$ahzvn|8O!mN>emmC(osVl>%>3_A50g_9J5(_*QTa_sE$U-v zueZq^>PMI-erjt``8=m%ujK3F4wcWJdR00e-;vm_@^QXLjiP*)OM@(Yv=^1nANy54 z?hi8eS(ahpet54rk6(w%=Lw@Co-NG%PQ;Tw$K)a!eNM8=rtx_g(RjF6ry@U2NqU;? zmz|NcN$huRk-xkXzet46=gC`SK8|jY>HeB5Z4vw49yWh^#NyF-JMw6}9R)Ss?t&Wa zXYWl4YP`Mek@!hTd|WRIZe#1quadTj_2o9UzN|~w#riRlyhr&O^$8<9>(647Wig*B z6!GEX-vP+&yZ%F!vi~ zpRKAI|TVd*`2%4!3>iQ%j%E117?r(7)jT`c?s z75X+`$&{ej?+CMS)=mj)^sT=8Ao)H>Ix~NAO1ehh=6eN_o7GC z&!Rrokq)htJ+Di+>(cH;xEoWtvVo@nw1n~5l*PPb1Ld3>T9!-$@0mZu!-$Uzd3ai zZbrtNfK$z62Ih&&@qG^M->y(LXmirp8(X^H zST!w0JU`6(o4RS~Mp_O}PRlg%a>!SB|D9>1<*^Fkl(KO06&{~_g?~?yuke$2TQz6QyN|av}^M^A{jJ$nT8F~Aw5%zUP+7GRf z8jO6rt}^oQhS~aPx>CjLO|B+ppX_Q8>1#6badw#P&pmEz6aL$Td6kjR2da#G9>Mor z@Ear%pAI9R2bc-}zORd!V})sSV7{>1)??)B)*hCRtFY5g*AF;(Q*Fbzx6BYW@cpQ; z*xy*q_N~vD(JR93W$D28oko7cbiat-4wVw^S&057*+5LZKH5yYzI(*UsU8!r=T)p8t8xY5{b&W@{ab}Z$BUNzgC@T3 zA2iW<$ve>byre^{Pny^|d%BWhqV82WY~t|?oA`PyY~t|@n|M6KCNX~#>$)DXt_z!J zIlSvjXW@Km%QVsc!xxUQ=g)wo&p!x~zTKDs$;X?Bh)<@8_cNL7=Gw;+a#(oSNf!R2 z%>U|eRQQhy|54#T$HeD1IVQ2c&-`ze^F=s?BAh}N&X#bY2&YhlQz*j87vbcKaEgWh z65+pu`M1t25&lbr{}SQ9Sokj%{>x0es%bedV)fK1m6=Ad@9PhinL6&J-v^hOra{h~ zS!UY*KCDY2?|^+BsSwYtF!A+anaPWBZ!zq5W1nSzEC2p-R4y~|lZ?wu{Dk5%6F-T# z%*0PLt}t!KNwHVXtT6Etf~!QhRV>_FX4Z&!*O>Tvu|}k)%0$pA=kUx((yo ze7JXEd`rjo@0+k**fFzC)XxS{Kbu7TtTEAcW0+OL@@N4?hsLRC1 zp&p^HP_r<8?3mRf%zH)pds+HdCG-n-{lb1w*bg#$XK+~P!%Y7*I4bl}rmqMQGhfHH znD`09HKPA-G4T_IZD!goFtaq%a{MXaG4u7N$IREMs}%$K`5O=5^J7&Cn#DTZ%-6d? zvmgCR+W|o{&G$DTH(>s7qd92i>)@c7uY*&}wEcbnd){9K&Ai<&k{>`nqopko{b*Q( zA2##y4x7a~U-%0%f1A9cD*fK2AZ=7#hIvK_BwtVUsQjc@8~c7|fh(P*?^7Gm_&OtE z9!5X*ZrVn+F593+%(?j9>HV}EGkss?i?oP29`U@Kh=g;rwBM4s2lax)}#HG5M*jO3Y_H$|A(;*aP|c@S+3x_lQ*o+LT1p1LxEV zZKF$)b{yyt>!M;aA74t$e0(W0^Z8T-%a73m%QPOJGBY1Drw~6PsiRX5R_;rc+^$7bOVc%r_>IFJ)Z8GzH_FfTgFMG~G;eOE{^qSws zzTW)weqr8g=Hp?%kiBL;PWB7gYqp>sUNWcO+|KriVUG279qDELLg}1d)_&JO(sn;1 zJZR?ivDZxN@56Hj%{>45&GckJgVJlJ`Eb|lK{L-s+zW#Bf+`Q1c|MNn{Q!&K$edA; zj$t#OhY<_UFJhtjw>oUI@P3Y1Xu3w`*n~N;@O0UPBo>}7+g^Dy>gB+}#KO~Ov+(r6 zo~4giXunrFhgfL)Tm#9|M=U&DHVaP=vGDW+nf)ejkUf9VAwdyOk43CoSUgoJg-h9E z;ol$e?`?lRBrM#Ang1=}bdjzwOV^@9(uH|gq$gd-ut-n(UU~n^cpobxEYbycHMG3a zEiCcFWcxQ@qW{PxXiuC0O z`yA%pIx{NLmBZ52pAi-2IU+q#A#+4}qI)Gx*Ee&c7P`-J$sD+2>57WZJSorscK^7nM2P_`w57_hf%*zz^5n&$@_7P$4kZjWD zhdIzw{Rny_(|m{IlMVuLD}V{NSSbHma?U* z7MP_RX$_bw-2g_VDlku44;D#xfW^|?;7X|;EMX?4%vTxnRW3aQ^9ts-QhE%ZtE8vE zYN-XRVWHJZoA9|#dIhYPUIQDXPOwpW2W*nw2b-mj!4|0(Y?XF`ZPGVjyYvItAq|0@ z(r;jw^at22{R8$$x@Uk;|rWw`Wij{FhwJVU+~pXajAnez3p&5~~dBXTvEE#D62$af*M<5_6A z@_jIg$_-$i{3w_&KM5Ad&w_<=D_A7I3>M3;f-B`W!4kO(ES0x`W%5U0x%??uA@_lm z^4DOM{5@DL|BU#oXYr|#hhb7H@4?eIvZvR{f8+B#>~p6NQ*^bYT zvd>Mj8@A1IJWQTuCM|LhCav-muuYx@w#)m29da7jDbE4By;zH1|>U!vSYc?s2mTICgmiUJi$zwl~eKgY4*8A$;apC*ymPdDO|QG%V6>{Gig`O zhe?OB66{ni1-q0hz;5Llut%u?w=3(wUgZ|BPq_{3S8Bllo+z9zmG9SeU~~ z6HG>wr(v>(nT#sW!$dN?1QXdnOOP1aVPZ184%!TFflkAFpvTYy`V2e3py6{c+3;0F zk){}E`KA~KV3KP15eyrCL1;5sXlaJsFiAIz!sQ$TtrZyt`6!b#*FgKROoMim8*hKp z=VlqKN1;p&PB7cx1#=7mFxQX-Mhz)oo?*YE6x`}a!^t!EHj(}mK#n7D+~o-rQuw#%5WZ7ZMX=mF_eI{hSgx5;cBqnuoi4E zRDz9$o53c-2C&(1C)i@B16vLEgLrcXY&Sd(b{Lw$PQ!Cxm*GXQ+prnzF?1Z|kUlhI zm80woTaor1EbYC9cVXLS_yFuTYzGGnpMishFTo+hw{W?Oxg0hO;`49p^N3*=KJQ_l zM-9Kjr9}P&36YLQ2@(~w5ew)fF`$QdKp*jgL6Qh2lYPMyl6o}yRYFT4mCVHF{n+O) zIS`*`vd?Mc5PY7^KI2`JqfwfK^|WLGKF?*JGs)2iEsGonMo2E)AI02flf^K}A*X@4 zkXEY^+!9T)npNJuZ-LQlX7x5 zSV8JxejPKfBoE=a>)3Ov$Yc0?Gy7akp2Fw#>~jrifv;M!39KWpfc4}xuz_@fjpQA$ ziM$UslaIj`(hIhdonRaJ25cukfE{EA>?FT|UE~k2oBRXz5ONI4mzcp`;sEFjc((46CcaH1%>YT`dDM)N8>^^?EQ%y$Ot{)nK-IJD8*11?H;vf%q=|7`L=o zrS&0CeH5RUu+RDGldvsNp9KrmR=)1>3Y`V7qoc*rBZi zJGD!}F6|1iTe}AA(JH|0+B&dTy9MmiZUg(ZT5v$S2OQKM0Ee_kz+tTk9MPTzN44ic z$@mgTjP0Pw_&R7az6Cms?|~j;&q9=lk(G#X2TX#-&tVc`CdtOHV3J}S08@=Wf??w? zV486^m~I>eGmP@FC=sIuW*Mzu#OMUGjb1Rv7yxsPNnq5N0_GX_1M`iuzyjkzV4*Ps zEHWMj78{QMR~nB2ON=>Ssc{ilW;_KfH=Yhw7z@BknTnm#1V@jvA{sf6hIu4~{QbC)^0y<4GpvU9^eI`E`G$n$`rhUN_Q!1EhnhAzY2ZCv)L%?)X zCYWJb0A`ww2D41Zfe}+Km~C1N=9o?cb4_P~QBxt9XIcT~n=S+kOqYO#rc$uTbQM@^ zS_7^$-2j%Ds=!jydJsGEV7cjTu)$^JB zE61T+Otik$n_h$Y{p@ptsS_?6P4B?=QD)L)dLJgurjNlEQ!mV)W9F@ne2YbvBaJzXS*lRuk>@%MX_M7v-0rMH)p!w|M zP129-xkKjVh{G=SdDvVG+Y$4{;HddBnE%DhCCimCA(ryvaSDTlrpsix4kk9sjiA$V zE9kM*fIiDcFlf0KOtw4-rdS%mRLc`!*zydRW_bZjx3qy7mMvhWEyYxx54S!AL0Bx>o0ZJy;jFyHbMSYY`TEVPV(MV7z7VvBMD%FAK| zODs09)ZzlmEOB7DCE*0ObS(?5!jgP~NxIHL_bw_eQ(;?WnE_T?4ghN`>0qs8E?8%o z57t|b1RE^bV58-Du*q@~*lal!Y_a5nt(K)=n`If;ZaE+9u&e|-Eti5_mMg$+%Qaw+ zr2^b;SqJu7ZUOr&w}JhZT5!N}4>)Lf035PB0uEc6z!A&S;Hc$!P_n)R5^FnXvc3-5 ztZ#u%>wBQb+5`HmJHVjzb1>QZ6_{cjI00uWTWM*gT7QH|*!l~YX59^@TSvhRt9&9# z$Etx@Rx22>I>BtK7tFB+z+7t*7`3LHh?C{5bVSax?gx{6>nyOqdJtG>%>aw6hk?b` zBfyo`W55z?4p?ek1eRG(0n4qYgB8{Su+n-iSYuoxTI*`C&U!UiZ(R#E zSS!Is>&;-3bpzOJy%TJ))`6|o`@uHr!(hAhaj?VM40c+d1G}s*g5B25V2`x}+-}_p z_FCTs`>Y>;{nqW^fb}zQ(E24fWc?N#whn?L)?MJJ^>4}n#-$G~daQ(%p)1+2Ag0_$wAfc3W5zy@0<*l2qP zY_h$N*gnBx+id$7CM~vJm^{Z!T5UUF(q{VxY`6UYcG!l%PTOx_m+cR*+x8FGV)9-4i4MG;D~KDIBGi>l_>q%`>~+Y zej@0xM?s%`2^h4W2`1am0aNTnV5lf-CKBf+hAYu++W{EVF+E zmfJrCE9`w>rTuHL%KklAZT}gpu@8f__B~*o{co_|Za4{LVK;$|c01T)cZ1FLc(BDD z1Y7M>z&86du-(2t*kMltJMDA8F8e&N+kQCMV~>E_?F+$P`w3v5{baD;o(B%t&j1JQ zXM;ob<>0Wr7#y)*4363_10~0mAaRs~CdYN4&2b~>bleJh95tZNu@MY9?gf(_4}vL< zMljX!1Q>Qa1Ex7%0Mi|9V1{E0nCW-}%yPU9MjYK>w&O!E$MFf6>-YkUI{Lvp$9G`9 z<0r7d@he#97y*kMe}Tmgio>JSfGy1d^C`&=m7JXp4CZbjG{~dSZG&U(60L81p%p9P<^J5;Fj%#{39| zV}1eCVs?Y+F{3BDr8zOQXUm9@qbQLW4a|zMM%~f^W*&)g!X!J!3+BWGz}%Q5*e+tW z(U=sN~_5x7-?m?A&*;Nt(hwr#Mq#o9dhihMfn3Y0g8ybY~`*;amV_I*$gk zoX3F?XD*oSTny$oPXlwEXMs^?A(-b}0p>d|1Ph#(fQ8Odu*i88SnON_u5{i2mN=`x zQs;WG%y|b`?z|hUaMpvB&WFG%=VM^C^C_^#*#g!&H-UA|SHODbYhZ)36F*;g$VuB{ zqw^h@G&$b~o1GtnEzVxB)wvUFbAAK1JAVK>oI_xz^Ea@|`3KnT{0HoDl2cG3PBYl+ zbbx)%Sg_ye0|%TTaL~CAIOLoT4m-o(h;ueL>O2^fT!(_hl?9qyM}aoiv7pm+BIt2N zL7!_07<8QpCcDl7Q(Q%0s_OzU>{sm0=bv>Bnx(ST9s=;j6?O=}U zE-=@19~gBtfO)P*!F<<~V1esdu+Y^C7P(#qi(RjRD_w7bC9W>8)U^#PbA1GsyFLXg zTzz1r>ua#e^*vba`WdWo4TH6=Jz$;dZ?N8FI2EPfGJ%aQJJ{rMgUzmZu*DSwTU}GY zHrF(;-L*g1;YtHLU30)L*F3P>bvW4Lih$c)3&CF331FY=WU$|r2M)N-00&)XgF~+6 z;IOM09C2L?j=C-bCHIveahHQ8_jRDneIw{}-wJx%HK5PE5e&NT1(V$mf+_AsFxCA8 z73##ua=#5m+}&Wd`$I6t{Rx=s{sN4;`@uZ-cVNEzC$PZ% zD_H0r0gK#!fyHhm5Bcvlf+cPnSn76xW$rkz+?@bcxRb$3_f)XTJp-(E9{|?4)4^Kz zT(HhPAFOvD2{yR1!AAG-V3YeKu-Sbo*y7FyTir{+Huo~H-F-gT;a&-Lx-SL0+*g3z z?rXpvcLliJy$u{*$E?B`%|>{nn)>;RY=`y&{R{RK>m-3_M4j)EDn@)G2K ztOjPqTER%H6U>hFf;q7PFgG>{jK-#bd9nL}`LVOWg4lz=!q^P3DE2V0IQ9r|W$ZCv zNo)>S8oLNAi#-J_k3Ai%h%EpsW6uSvV$TDsV=n@0VoSi<*wtWN?A2g>>{_rPwi0ZN zy%}tZ-2gVn-U+tE)`6|D_k(S*4}LCNzcNIcSM$bXLt+B_D}>4^b7 z9uMgA_`#qj5lr^%3#NEd!Bo#oFzh)HO!FK9rh78M49@~E({nVK3c)OIz+%rDaHZ!4u*6dZmU`BMWu800a?jmh zg{K~@^gIMsc^(6+Jx_r(o))myvk9#8yaLvHUIQCEonWKq9k9vsKG^K}7;N$Mf~}sN zV4LR~u-)?m*x?xhJ3YUFU7kO{ZqGkpkB6L&{P&o_UXKIp^TdMv9v?X134w#2eZV2l zba2=c21h)z!BNk_pyWLiB;G90kDGrZS=ncnNcEbmQV#9Iw!dv6DGymx`Q-uu9)w*k!aJ__c0p9BlM z&w_>CR_t4>js;>@nDNL2)25sfNkDsV7qsJu)~`Mc6#T4UEXPf+VgS zG{s#9+Tv~mopHBjtyqJ_K{(J^^#%z5t_f{a{|)cVK?pPhdgZuV7)^2v`*N7g!vpoPqq0 zGlC^?Hn23#1(wCdf#q=tU`1RqSQ$4JtcsffR>vIx*2JZQwQ+O7y14mZecX{?LtHl4 z7jxJ$vVxGTW!xNE?kxC(H4+&Zu~ z?iR2w?l!PLt`;1Ky9XSMdjK4YdjuSgYXV2&o(4zbo(HA)mp~HV4w~X$2W|0hfzJ5% zKu>%R=!@S02ID^mljFYvQ{o4})c7C4aQrV|TKsM>J$@9-h?mbq{>N)zR=gFA#5=+4 zcrTa}9{_XXlfYI209VEz1D3?+fTi(^z_R#L z!1DOh!HW0-urmH!uqysMusZ%CuqM6)tc_m{*2P~9*2k{}8{#X$#`v4TruYqDbNroP zOMD&J8h=077XL8V9{)Jl5#J1U#y=`~1Hm-kAz->M6U^`}05g3@gIT`gz=$sw%=Rq?b9|?PxxTZ&sIL&r z^Q{2$eHVfSzDvMDUnyARy9zA!tpQj1ZU9SsRbZ)aJy_}euK$HI{(B?lDbox&OJ^m=@^DhB|{xiX3|2bfazX(kAUjT;vtH3n>d3*82@h zk^g=Z*yy)|O@24n?2iXq{6VnQKLu>_PXpWi`-2_+G_cb@2ki3C1H1i)gFXHTxZS@H z?Dd}j_W4f+`~7*~fd33|(0?{KjOuE4S{U1F>pNC6gUZN4x9?M1oFYw zz*4X+uncSuoDX&cR)U>@OTn(d6<~MZ8n7o&0d5bh1A7CvfPI16!2UojI1so891J`F z4h0?ohXYOENZ@I3H1IqqCAsug#Ez$ zgjrxg!a-nRLIzlra2Qyea0IwA;TW(aAqOl?SOk_OoC207oDNnb6o8cp=YmxU=YiD; z7lAbiC17pBYOpThYOp?GE!dDy2{tC&3^pZf0Gku;1X~j7z}AHO!M22l!S;m5!H$Gx zuruK~uq)w3usdNh*ptu!Zco?>_9naw_9c7(_9tuy2NFI52NS*ohZ4R8hZ6?Dk%V2~ zXu|KH6#Ns!;hTlX|DX!mf)>yji~&7C59kZ}!C){EOb+e~rUX;L)Zk1o96S(A3myWd z2Q$Hp-~uo+cr=(5JPwQmbHVK3VlXFo8kieA3ycN}!MxxKFh6)9SP;AfEDV-{MZv4U z;@}!^W$*^DBv=KO2G@gS!8^e6;N4(FupX=oJ_J?;9|Nm{Pk}YT7O*zB39Jjg0@ep# z0~>;!U}NwduqpUH*c|*AYzg*)t-+mOTkspOJ@^CI5gY|j&K4K|13!In@E zYz<8T+d|X8_R#)dM<@;K49x+%Li51x(BWWDC<1N|Ed+Z*CxCsSlfnK_9yky>0~`#U z4Gx8tgTtX>a3pjwI2yVPloGE5Nn$x@O1uuVCEf@+6K@4Qi8Y`vaU&Q^ycbMPd=N}Y zYy?vip8&&&&wy!(FM#QZZD2;?7BDmM4KOS5Z7`D94Q3~P2<9Yy0_G-u0Y(%1!Mw!p z!2HCYz=FhI!NSB5uqg2_usBg!j{HwFf+dMIur$#HmLAcs$sYcoNv0cq-VEm=CrlE(O~Xmx1kx=Yt)I zE5XjhOTn(hE5Po=Yrvkw3UGVkIt2OLa%031qu1RPFm0!I>` z21gU02c@K!K$6rBnvz}zZAou|&ZPH1Pf`!)OWFYjlRgKNlfD8|k_N!kq#wa>(l20I z(rz$4X%x&zl8cc4Ng9}yWCbHhPB1&k3+5yRz}%!HFq)JC<|XY1<|oYp3z7~33zIUy zqNKyX;-n+Ml}X2dB}qA8Y0@IFEa?=mJn3|>BB=nZOga~=N;(g$PPz!JNh$$rlU9Ru zNmqmQNo&D|q)M1MDgX#?1tbSK!7R0p;u-4C`UJq)%dJq~sxHG`c=&w*V@FM{1k zo57x>4sd(YRjDIpe@+~I+J5SPqGK}CHui(aw3?Vyf2uNoC>BU&jiEC2ZCwIhk)tHnP5ip0x&cA zXfP}JI53i&3uY%T26K{619Owl0;9==U|#YHFhBW1@c*IgUErds+PLktXNIHaJfV`# z`NRy&04gdb2$-5@D6K3ZKqV0n(6p=|(5$R1Esd-oF*Pkwu{5oiz_Le6ODjt&2rMm2 zOD!v{_kXW_&*Wo1@Atj-Ti3Pjd#%0p-fJIcOvu!ifI0g4;7t9!V7~qVut@(PSgKzN z&euNyF4R8_mg%1bEA`dj68&0mss3efnSL|4LSGNA((eRU>)!&a^^IVyelNIQ{{gs3 z|1nsn{|v0x9|L#jTfp7=Z@~ur4`7r247gW+9^9}013akz8$7Jn-HG|vhk?iR9l>UO zSFlYV0iMub3!c&&!83XrcuwyEFX+ACMg0I!7>0m4LlPKjNCVp&MuVLV4LL9<~dXgACTU4~-NW4H^9H!K7b4CP>=VKJCwcmzx}ECWXxo&v`hs=x_` z7r+cdEjY!n0i0@h70fhj19J>Jz?p_O!F2@e6Q*@oO-{*al89o&={Fe*!a& zXTcof1#qVE5}0q)% zv#AMeGrbRMZW#}{EE%B3ax)ljxgAWfWP^#8nP8G-HkfKD21i=%0>@Yuf)gy|V1{KeIK}b^ zIMuQY%(OfO=2)u0nU)v8d`m4@WZ3|gT3!X`Teg7gO}99U=h9jv$f1@5qDi!lF|P_V($0c^5d z1Mao-1ovAa!Gjh9c-UeEk65C>V-^qCZ0QfSSq6hAEW^N4mQ?VJWfXYMG7h|8Ne3@l zrhvkF8>qA10ft&%k=JD`2X1D>%~nIylC<8=PSEff?3!!70{#;8g2DFw^=8m}C6{oN4_U z%(u3IMb?vGsr4stzV$4)(0TzZvt9x#t(rNQe`^T1)Y=|gX6*v5u=W5~S^I#it$MK9 zY5{AlPH??72Ha$g2kWeZzs+wSdN+8&dOvu|S_z)9J_Me#J_cT}E(b4KSAoLz9H_Is2!`6$f$eRZ zz|OWUU^m-qV1#WK7-?$&^|n2r+4djMZaVldu=Ph{kGNML0b)Y*!B{5#I_MUW~&36ZQH>%+Z*5s z+uPtNTN8N3_C9#d_91w|b_l#^I|2&(m!Qu64H#_7ZTReLh%bzZa~uKL9SVKL{?h zF9ny`p8!|bp9WXip9NRjtHEmfTCmpsGPvHp8Qf&A2kY!R!Fu~!;0}8uxZA!LY_NX- zHrYQ0_u4-L_uG$w2kkB3Vf(k>5&I9|G5Z;?*?t~uv;P5}u>TF7vg=AQ|MoEOoV_D> z!QK_TXpaDe<62PXFoK~D8`$3A0y{grU^mAAFv2kejC3S{dPf>)c8mt?j`5(&kpX%f zH-qtx+rb1!Hkjy`2_`vagQ<>UaHQidaExOiIKfd4W;hmuQyh39LmchrJKjtyX`<5h6JV;i{8u>&k~ya`r1-T{|5-UF99_JhkDAAu_zpMt9#N5R#O zX0Y0E9ISPG53YBd1~)m*fpw1G!FtDE;0}j&F6Q463N|=8fK85Tz`c&1;C@FWc+g=0 z4?C>j5l0kw%;5o>9sR*J$6)Y;V;FeKkqVx1i~`R&#(@_c>EK1j6i_&C19i?jz)

fSa80 zV4ZUiSns?J+~G_CcRNRd4bHJ(lXDWd*Et#7@0me?*~sgE5S3)hrn~r$G{8D<={ohi zLX>hB=07SJoD$UzoEp^`%#7*|=0x=dXGZk{^P|jQQIrELjfw{6N5z2)qY}WfsG(qG z)NpV~)b-%fs4?KOsEOc;sGGo5QMZDtqcXwjs9dl%>P~QdR3W%2suZk?S^(BZ-3RW7 zssMLKEdd*%9tE4Co&@(stpxW+tp*Q9)qsbiUILFqZ3K@+)q%}X+rhS|H^387Z-b|z zn!qzr?}O)}J_IjB9Re>#9RY>wOHk+f1`Kt52ex;e0z12Y2D`a_1tVO4f{`x#GbN#S z1%YN)IB0iu0$r|dpvTn=R(PamdTy8Mc6$_4Z4Ft!y62S?sWH7@u0-WNy z0i5cZ0A{*w1an-sfHPgwz2Tu+0mT+f25UDaTWQPq_XDPq}mpF#oPF@SLk7c)`^b zyy%Jm@q@8Jo!bb8x@};4w+rm-_JZBq1HcIP5HQl61nS*spxHedw7bWHE_Vj#ao-Ha zyKe^*+}U8FdnTCVo(-nDi@}lZyTCE-h2R8tIhf&I3{G)B0#0==12f%EfjRCfaHjhO zFyCDZ7P&WorS4b3`R;AtLiY}^%>5=<>3#=X;(iZY>fR47bAJS`aDNJ}avud(yPLsk z_i?b+{XMweeHz^4J_pvhe+TQ`e}OyP+Pg9T?ohD7-2rTJUjy!S_XPL5Bf*1i19;eN z1&_F+z+-L?*zE2Pwz&s`C)~rpQ|?sojC&M#&OHvi;7$iGx~G65`ZiD(eFqpCJp*hX zoey@7o&$D^o(D!m-vdTQmx21|MW8wQVbC7^IOvLA0eYgJ0pp{e2NR;#fQixT!KCO{ zz|`oi;K=CL!7?!Td*ufJ>v>gUh13fGeVVfUBbWfUBeRV0E+wtc`Yp>!V}9 zP0{gSUGyNZKKeRvM|29fJ9;G85Iq)bik<}Sjh+ndkDdx1jLrfNM^6WjM9%_`MHhk1 z(R0DJ=)1ua(f5O=qAS5O(GP*=q8|eQ&R}LtcQ7ZWH#jq$OmwJ~>s>thPRO);flUCaWo zKIT4fM@$8{J7x*k5c4S56!RpwH)bWcKV~&}Fs24P9P<)*BxWOcET#@@j@b^j#k>KY zho4^E24Z^D7wP`4f!v zhro*>Zd2?y<-PN2)v4fJ?=f$^TcV1ma4CVK2(lE)3EdSbzmo`K*PPa-(MlMH5f zMu1a1H-J+;6TnQ*jbM)F7I3C#8kq0N0gF6&V5z47obM?C7kcJ{WuAM%O3wq}63>I+ zQqNLwndb>`h39E-mFHP-wWk`a_N)bKJuidnJ)6Nzo_es(vlFcMyan#?G=jT5d%*_J z2Vj%uV{otMGjPA>7MN!8Xqy;0e#);3<#pKFq%-3_R!Q z2ww1X1uuFcK;gX>)On3ysMiLz_qxE&UN6|qI{=LE4gn**Nub`F2AaL2LA!T6=<;TO z9`DUyy!Uo6!J7>xdS`-3-q~QPw-_Ahy$c-UT?kI_mV+7I#o!e0Bj8l;GBDHo6qw_! z0%v+(0Q0@IV3BtNSn7QhobTNRF7)mI%e-%bmEL#2CEoYIrQZGEGVe#=3h$@jD(_Kn zwYM3p_8tdoz2AfDy{ExV-g97`_jj<~`xm&wtGyrd?+pbTydA(M?=|3FZ%=T)HxfMP zHGqe`R`7^73OwfZfX&|iV4HU^c)~jjJmpOV&v-|H=e*;<3*L0_qIU`?Vs8U=v3G!> zu`|H-vH4)<*g0Ug*m+^)#)Y#FGJT?CqA9|rBQkAtq*6`&{f88ANfc`zY%4VW0a z9!!dT1x$_I3XY6@9UK$88=Mg912baZy}zT#h}#FQj_X?%Dm?K|Cx?po_Y1D(g=pSN5lom-MHRm&!iN`n!gQiWU8rfwi*ddfBs1*6U?`hg|C5 z02=4;02=4W02j7)*+4H?mO%N+1j;W-pz)U`(D=&|Xv1rclELR_%M)p- z^@+69ro;!5ZTKbbYw#24oUl=})XJYeuTYTOpx(%@#r&g$oCe$ zsuXx5wvQYRr*l4=^JL2B%6#PF66vay72HmycJelHddni&9=UkAw6AInOyiTOA9+E>*G?-E0|k{i))54RtZu3Fg)r;Da%j>AS_TzppMeN|co|HKCU$@@h9 z)*!ey=Bul;uSyToawhl?`dPR=iSsEiEuSv)zN&1F$uwRG=gVLkXOWDtf1FTpIfc)ADOMzfBtZ2h(ir*nXwQ?J`@8P^QNZmd%t)EQ$6$aD&&BX0wxj*ne@%7d?8DqP-olNcI zeIj{VI=5$YJDJ)`IA0<2I8K~j&iOSmkK@F7`W;WSTq8`^_a2U$;iKY%XUMIhR~7jO z5nt5`%kvMW<&Lwp_?hmMCsRI%9VYFoGQqUGh4U#e^(Rw*GVOP&jD1yUoX>=*Umi@? zRRzanS`I%o8peH+^JL1`N>{C1%kc(jUlsWtrOTE^n8qbj|2^zO(!Q!@Zg0KJ)bBX= zI|>B;7H)TN zdz_4M9l&y)xSe9Uj#6b@wGuz*QI0zbrg75ZRc$?@|Pp0QEnda+#+3u@4#BPPDADQ}*so!zg z9=Z6eG_EJS0&f#B^kQr|ZmlO%KQi@8lkJg< z)1@(A@HUZFPo{ok>WBX|RL%?j!UV=V!E(MhPw_S}r=Cp9k!iU_+`e2I*C|ZPk!haE zv>ch1BhzwgxqX{7<`t&xCsRK%_1go}dG$U_^KppX47ZA*Rb+YJf@!_2vK`MCc$-*N zPp0w6G~RJ;KP!#-$Il$6`5;q2GW83B<#{aatLn-&!A|U#h1=t#t5zn#t>VTiGHp)^ zOxI5;{6{xDmtfkDbXcCZ+@33A+}Al@2GjBt++GRO@{43Up2O0ZXKrs~H^J0zk8H>O z!?c}by3ZWv{7GqCxA>Xpw0}YDFln4`FfB)x?}OZ)!ueE~?u%)hA0>_Rieoa}XL4ZL zo?OmXz%(wI+R6LG+x3gMeGRvhseLWy8)Y8%vCCp=--DRmi(0vzO#4ILCl1x0gnz*2 z2W@*kjxfb0jxDfJ3|^c9({W0ZF^-RH$Nq3WSH?I#oUh>gBF-=8{2I=$h3PnN<9s9M z_sBSM@gdH)!t%Jlv>j(TukE1je-KRjW8#=h^JU?D3g^jquGXh(en2rls&O7I~Nn_qQ-ork``Bs?5Im@xOqq;sajT6LiS81GA9FwWt!f_n8 zr*KTBcKmQ#x&7Ifnertv_EnX^?UdrG3T`J;`y!5)OXE6$<^FN|T5jLQ?Ty?{rsel= z`yp;`mhJc)!g(_FJI?W0X`-UoOWL953Q{4aaLaZsd3m$E_S6=U9v1JtE&PV0m4zE$kGSjx(9A zt2EAM!?Yb0>^1C0b}LNFY4N)*sGkX@m`wYFA4iTD?*cbT zmT%>lOtH4BIu4oQFd5_hi1Xxq;$nRYOyg&>%V64$3XUsbx(}0Y>0Y(6f!iCoy%nbI zrQf+i%V}X6PtUQ5<0Ot#IL>C5alYa*(|BtT({?v-zEK+Y-OEhvqC2nmGSl*5h~?)Z znBo+6CilzcxPoIc^&```Yh*rh@dlaqRW-mz#d}qaFzsIwepk{_(f8RDn3l_iDW3xy zMbMTqSk5Eo*RUJet!!;ib$K$aSI4pGGE+W<*%j_&DgTlAvk@IC|6`ods(kJEGBBptapNgC(#WtPVQvD|)G&NsVS z_QU&}H0E9AG4GsjzRX9((r2~3)%ELP+8#1(4_S-%Dig;k>`ZnxERPpV+mQp){FQNg z1$zy<5vF;5A2y05TUt3j3DbUS`|!N7lVCZo9A~pD*lXC0>}I$fwxg9}{IU)iYhk%R z9Gf^!;y8ulQ83+)GvTA+*JsHzUN%hIodeT#TgLecn8vNu^NW#Tvqmh0g-mD@8ppUwFkn2vuLEU$CUSHraY z8jc&;t!$xJ+qLjUnm?G9FXMbQyMf)zZi8uk!k{j%gXML{aS~f^RL3*Jw7<~x?PnpZD&q`niqq4 zJJ@Ax-4Na{c3YwvHw;zR*9_CViR)Ci!E_(Z97g-``*UQu{V?5!bV=&+InuapV9Ga0 z`>M>z>h`6wD`9#3U^x!EiSuo+QT$YA9!~DNJqbQ4CO+Q;({j2L)wQsEZ-Hrhn>cQk zan;H;8RPvWmD;OT>R>v4C9-GINhQtF@2lz!)hGUHHW;d|KcwQc+?b36c#LnbAnZ_-HkBVb!$rM-1*z^*a;s%(; zAyeGUZiDIg;ul-Vyq;YN({ZVV>9{np#YA-+9ZbuaVR^izalNy3lhnMKodnDC8{Vbl zztk*a+=n^NOy~2O-2@xOfbIBITk7@AE@QXB^gV~TQEfNF)IW*iRQMaT=djCQI-je# zy@B1#7B{Km=wNxjhiQ8&Ij)AaxbHT@N5x$)=_ivveW@DWi21CA={=x<<0jZBQnoj9 zj9(Te`|06!O8<3bFdYwZv$|bL@KLdHT_(q6?3`QGc`SqF{fpxUj>T>2xJfXzXR@o= z&1`YI+OB6Ov1?)4?l!h=ni`wgN$^o|dR;2Vm9SC#Uf0A<%A|247pKCM&*Zp_UCnM_ zH?!Md`dlEg)aCW;Bz7jdj9txcU^lbH9qRH)>@t{+Q#HGREwa_To}I+bWS6lU*iA5< z-)(Gtjyivt>@v2<SP{$F4G+%qxH^VevNk!^@m$92++O9U3#>t$c_A6so zOXGe5Q@_k&b^qF6>Mu&v{(5#9yPDn17NvZiuybHK56U>MteN9B89TR&yVZ6*JBgjiE@M}-YhfCv0jBYrWbE9YbdS1Snd~xlB`lvS z($4KU3)Q$%+PS?6rss3*z3TRt-KUP*2GjoP?pIw|#_NUKDZ@6j!8EVc<-Fbp)cr1l z={zs1Q1cBi%?ExNBhI(28}u;EpBa|($#E*jIqXVygKWos!u0t!bCEiJ4r~+sQ}8u#J^4 zZEr2Rf!mv9d(Fl+&Wi`tamh!;#f>_cmNT<6xxGxb-@K`sWAah)`ldEm&ifKF{=NmK z{mFrERc_r*Hj47?mE2w}+wnYs={-|C#OD(`38wud%j=X~#;#`9!nEE7j*}jyfIj)3hxoVDUWjpqt<0g)qITnwrFu4LD;8@RoR<2JT#8P5YOuM3V-**WYoZf|DmpWyvtSHm>#&20UXYMjX~ zgXR5*owQty^()kQO=34cr7ov`T6GdTlik2>W{Z{FpPj@mV>iRJUuCOQH^B0K@C>gP zrt`B}8uMSp<2|ePPhwZI%T}xTW_IRtYX1gUuIG8x4KSTA&1~@kuMd{j1IL*hlc|3h zyPDnLkE?lHb~7yZqegWmyNq4UZeTaF^)GUNn2tv#jQi9p)zVMC(#-ApHN0Q&QPJsD zQA>XC)g+kKTgKL}rM$8^Q@V6>H7w5qcG*kResXhz^t3v$PHj(Om$4hzVm-IB%h(NU zv4Pv!$@tyIM)6r)7EISgxr|%uYS=#MpX#!n;&zyx?={j`?rAljwUY8b)%jo=$FNFu zGEDEe$}{AkEy*w)C!dU4>snyypH-#i%b!)mJKgS0CVvmtz;xeIR#U&Km1J7pz)ogo z!L(guYA=Ur+#0s>9JT*cXMpMNrIOiMGH+Z=rhE;@KA4s#Q@({`GR4aC>iWnO8`#M( zEk~w&7RO|Y%h@%YCsW?XF`42Pj>!}&FR1G?TxQzOEW~pDVCq-Hu@9#97S8*sd4FIz zK1}TjewQ^ZPo~%aQ+qP!$rKy#yX>i7xpdXa8jf3Fqv*ZGu!gq-md636@ya>x<9rLp zhFZ0MGP|7ZW4HMI67{QEnY>=X|F>YrZB9 zvCG*tY#+OYt-Q?hz)ptgIhV!uv6YRqe&b>TOzp|+ESX=jrJQ5mCUv|Pzh6=JTX|Kr zft}1Qm&W|Ev+8(xnAW3gQEgx+v$NRc>>9R@-NIJ3^78Ctb{4ywUBmXVTiD6l)aA3- z{yO>hIs+_^JICehnjO@>VoUN)YR7#8mggHR z&o_1r+sAHUD{rXFk>&X=V;nzr7F&5!?PrjVTwKnsVf)yIx2PYMXP2{U*e(9{x7B_= zb_-i+;N@Z3o-B^b*)?pRw6CfKrhbY~UCzKxW@oX>*)?n*JNX@Txh!@$TWRF+*vV|4 zH16kn)b<*-kKMvHysI9+WLO>-c8fIT=RGxF&aQ!JKYZ*Kwz8Lx3ryoAOXK=um$Pfw zEz-D8zpwT;{D;@iZeb_y*vB>;Q2QstM)Bg7ERM_BHEbWd1(w&#LEe6t=F9gH#X(zI zVEMfKnAazb=jS0cPL{^@vCG*t{`jzZ9BSA;SdPze3tRbwj~6Vj19ld>oL$5Av0K>6 zr@S0Hi|u2#u$9l$ep&1mwsJ(xx4`nc_?))~miG^ivt*3xm|es6v0K>67wUKhb}~DQ zUCypy``9gP~eMu+Xu_@m0kX&+P{YFW4FNa z{P;?B4NS+Ug{^$e+sQ6x*RYjlTJDW42I(bRYB=`6a-LhL{inKQSf1x>AG?LEe8cNu z*RXx;tX8$XoZZ4!+IU=cIlIOmA6K`d2B!7<*ez_sw`x9_oy9JP>3fJ8j(swIe@hF; zhVOVeb{4w^rsaGbx5(JI*l>dTv$NRcY~`fdZeS;~vtXn6bc>JU7PjGg9*>>HE@#)k zbX?v(9oJ zmh;E4;T&%dyN2y!E9ZH8*yZdRwvXMyR(@5t&j8EoLdM3$HN-M}tq*RXx;7Pj&yZ!avjm+g~zoZlBY&-VG_OKQFb zmfOd%@)xh4UCypyx3HDJ)qctBEOt4&gh8-$`#Vz=bR1rex@i$!amFJWfm6!1GV4rf0#;uv6d0O+Dra^N+Q=&bl zP0(GZ8=;%5o2px++oJnI_pQzqlo~WCXj;(0;MkDsLPms43MmhHEaa__??O(8{2HPQ zZ5P@n)EatQXkO^t(0f832z@K`$IwfmxnaA)M0k4m^zggF9}BMvzZ4$UZbrMBcCWSj zv7NDfeEZwl-`l>j{rl}tw(s4+)FG+EiVjsBws$z!A-H3wj*~my)^TRXvW}fQ_3o6^ zX+ft&ogVA7yHjhY^PQB=13JIcc|@0|x_sYd&NWM}X}RXRYm8k7bsgDta@YK>JG!3g z8q{rkw>!Jd>$a@h)7_4C>(D*E`}pn!-Jk0ILif-f*Y=3%k<#Npk9Iw8@A+jk9|kS8LzPH}0AEVFE-=@Du|Ck;>hgILI zKdJxNaHsJu;}N6ARA=gKPBJ%}BQ3)$4_G!@c3FIu4=o>Cj#@ffE!J7qeb(-_>uede zJX@h{u5GhzyKSGX#rC%?)b6nlu`ji+wjZMbE z=Oky5^KR#I=PBne&i+xmqW*{qcHQcl;acKan?MzbbF#_ zN52w%BH9yE8dDW>GREO~$g|ON+%v*^hqvCl*ZZOOdv9>;rdV6tvbd+?HpThk-iy=6 zyW%It{~7;9|8M)Z8*u-CxPik4<_x?r@ZE%u6Mjo59b_3?Fu3cGn})nKBrI`3;@gP> z^OtA)kkyk77#7p8%d?i(Yubt+IS4D}a6QyDc z{xW8(n2&$2aJQ((NZZ8&;&riD?7#?bh$UjTcu2e{o)mA1r^GuLtx-H9n#2p@U5vO_ zydwUCrT2-Q;v@9_7`;Cc?~6~7J%a2P;-EMtJ`-Pw6XI)eQhXy$iQ~9NZB2@J9^ZX- z+@XjUVSj92rRJyN{wUj5svgUE>i-h@KaA%;wf~6w9(gLBS2T`)`6)Oa8xhY%ehb_m z{iuB#?)%$e=W2DiV0P29YWy;LDSHO{7xrgt|M;QU4jO;e+ltr)*BnvDc@WPzAL0vd zsqtYvpJ+Q%csuKT>h@{YDB?ZjhvRup`*jxY6*S&`h(Ca*ZB(s$S@q3$U-}67u^8_d zTzpg=*T3I>pL<6ge-ECU)UWvqwcpm|iueZcIy`4jzzICBr!mec#NXpN^Ba5%+G(DQ zI~8#Wo{RUmP<#hn4AXx2>J-rx@jSd2_JYj^6wwcMysox?g?<*qf3P*^=Rs_JMs2^X zNp<#?5HG)ux9jsK)b@wDe-+Mi>RKN|l-*5l*_cPAV+35Et zj_+OY9zGv7us_3ja3AvjiZ`g|w?Ciut|BVXZ|wVucnB7sDB^MWRh(x}!3{WHpM{gK zopha~KdT<^M|Y^cjjua9`#QCF}U*5m{M)cc-{7cwx8vj+yH=UQ~ah}q7sK-1~`~$9YawV>R8pnSh z@UM3s&MP1C*Sv)L1zi5IB0h%gIIli~{p&liSDi0iEv|EF$9X{G(tez{EcWOBmp{UO z{dC#5#e6)1v3<0^{_PuqnC9Of`|q%DS&uAC3LPxeOt*%+6O_tq~|zt8ib z$9>j%S^EZjUZZ*X?{Pv!2fQbD79By2=!mxq4c;e$z-vVaI0Ww(8j*2Tb4s zyqjq7USI?7!TX6uEX3Q1M%;_{6Aj)zV!-=_7c9eDibj;#K}iRV%8j5ynG6n6ZUzS{w}L~I+rUI+8aPzR0}w{ltQ$Q05#%zWezw}DFH_*bHUNdUEmGM0&t9S4>(r27aXVD z4~|#LvFrp;BPJ>p;3Q=cn65ksW+)GVg~}sfk@6^d&H*)|Sa}>QQJw&oD$Bt~m8a19 z7^o4CD=Wce$}`{-%Cq2;%5!L44r;^-%h&*2Cz=q z2p&*g0S_vh!H<+J;K#}~EPDvlh{MWu@T~GWcv0C2hH7?!X3d-65Y5|QqQ-~*LqW`{ zrV$*b*#jnN-UE|0?}NiN`@j^<2Vkn^0GOuv2ppj~1YWQC1RSaP3>>BT92~7V3f`dk z5*(xX8XT)>0mo@t!SR~o-~`Qg;6%+yaFXT+FkSN_n4vih-l+K*yh(EwoT51oKBV~# zd|2~4_=x6DZ1Yl3Bc9b<0-x9X4OVLud|F+j(So&_AaK1V1bkT&2EL+crzql85Ob*M zfO;LM5pQZbq5c-A5pQd{pxyv#giq5Id`HtAJfP_b9@O*#KhpF8Kh|6e9@6v!4{PYt z@+TS-_^HMMex|X3M>GzM_Bp5#UudGhqZ&8(r6vaaO5+8;*2IC$n*LymW+3>DW)PNY z1vR2gGXy-Y847-@83ul*Nd`}7Qoxg%H1M3}dN4ve3hb@D0W@mIf;R1VaJY6NMoR&4 z?6m1%n)XI;gmyA`z4m6bjs$V+w6~%@8pN^C-Ueo9r-8R>v%pMkHaJt83l?f;fOEBZ z;9~78@Imct@NsP+SgV}_zN9SyH)-dBuWIiCw`v!FZ)ooUKh)lfbsYdPtJ?cf{|Lma zYRgeS1Y%aT6{vp#V#c(Kz~8hFfbn{GLnqCWAOL zbt}P9x@W-Ax@W-~bkCu642UyR_X6tUK%AMn8t@L?8gQm=EtscU2i~dM02b&rqGut9 zD^&Li__S^__^fUVxLUUjtkG>ppBF)#hq~9n*K|9<9lBlMUfrAEue!Iv-*i6kg02z# zL$?P@{R!ea)x8H^(!Gz&Um!k{2JHho1bv|Nz^AsQp*``rEJ%gwFb=w?LiaqQ+{R!4F&HE8YXgt zHFzj!4<3fkt*+oSFgo~p&=Z^v#s=R2#s`lD2L#^;CIn9u)5TycHC-fPseExa>iJ?J z>h}pv$WTxhG7QhEVASsyp{Oqw!$Z=*)R61Jks-H&qeE^0$ApXp$A#PmP6(NZCsqb} zJ}7QN&j-bnkWt_*==q?Sik|qK9WoxwM9)XWLX7{2xDVqm6HlVPOsqitd0`G63R**l z;gho~bgZZmgORBbiOAH7amc(TUPI+ac#T%%;`-SAA$NlF&g##VnSFJI4NwR_)ttm{}09O z=zlCK1KbM=p3E~UK4&j*du%t7!iI0*gJeI7#Thu>>EB& z{3!I{LqTKsFmXn>P(LH0QU6(ZQ2$xPqJCZsNBz7=Mg3PX0`*_TNYwujQ&9gy+=BX_ zVk+u?irZ2DTNI%FwN?MS%|t;xes-%Qii%tc>r~t zQi*zyvKaLsWeMuR%EPD!D@#!iQ657*L|KMPj(XG7nDJG&lx3V;T`Hp z@vL}RY{7RW@8Gx`#s4L7N}Lmy@PB!BRr)ASWsovjc|h5$>`=}sqctZrziHgsf!as3 zJGF` zhuWWRuj|mhL;ns#J7je@(BV>to*nfa2X~y)aev28I)2&l+m1hVR65<(si@P-owjv4 z(8=7{-FbHBCptgZ`R~r%y12SjbXnTvtu9Bpv~-ETCheMW*KED!oofzUbL5&{U0>?D zx$B5-cXT`5Evb8M_YK{*bU)o)^cdKqv`2LhUk|0Ht>=WElY8FT)7LX0VqU~E5gQ}k zjcAQH6Y*@XZM{zR()7Ne_szYR^j_AxsrS*|1Nuztb7!9y`~0WRpM63jjgdriXD zHOKmtb)9vG^`!L|>z`JQE!9?GTV>m2>utB%=h*MISJ?O3Kel&plsYatY|a_ZMb3Ae z|8cgDDv5d^>WQd5QO!{&qRvEhb{Sn0TytDcxOTdlU0S!-o#I~Xe$Rcv{j>WI_q^y8 z(W|51ivA$FIa-N{h|$N`V{VMeiOG+tkJ%qH%yYlzZO=QN&pe@Chxd1HTkNUWbFnkx zisBZ;y%;wjzB+zG{MPvQ<3El+8lTaBYX7DE5A{FO|Hy#m0hWQI27WnkTEdKkHxrH} zd^+f>L2nP$p(_*k zBoTxUlj`^Ei9-wU?GXLJ(=_nMIrPaF)hurG$kJ%^$2rvbhd&=IGb)@z6F&Fnb#f$s z|6R@gyt+=cf85YN0^@YKY@E2EbMRSC{X^^3@p|KiPQ+*CfBsPYJ-Nn-_@p!mpQh6B zSt$eG*WQRvNH?KO#-}6tgmg2?Ehx95Ohvg3<#v>5D48f(D0iS_qvW9EqD)7bAtJ;~ zlsuF>QD&j!qs+$Vtpb!nlp_2s$sCkoloFIul({JLQ0_vRkFo&eZj^ga7NXpXav#e5 zC}sE#xg6yId~U12r?yIA$7d`%o>z7}iR}2+)`4$r9pYh>M^KicJc{xd%Hw!WFGG0( zpX8oIS&p&-rpnKyo|CDWfMO6y@K*8%4XaP>rl3c;rQlwIKFotj_;j^i|r_{ zp}dZ=1D^``DDR={MR^}@7XLxnhq52# z1C$SOqz~XoAH)&<2uJl}9L+;Gnuk$7LHQI%>ob%iD4(NzfpQe(7|NF@U*Twdjic3! zBh`YV^bL+sD~?bb%5fZ(Z!z=VVdhU@Hcz5_kJZkXHb4d`319d z7Udkud6ZvKe#5L?K=~cz50pPqE@Bohq5OsNH;Pa;;%fZ~Ppi{-N}a{i=^UO)7w|Ot z9Z#W4c>4S$PkEzw4&Q9iAFF78H`R1FJJcF}NPM8?5x3x*Bn7P=@t<0CiQ$3PoWQa( z1G%C=t~ih@3*?rFMtMgOn2!m#qtKt11N}AyY99vH`(a?c2Lri-f!xP|+{c03;Xv+i zAopn?hrfZ~{WucH9SP)q32ec+KrK=6&(L*T6ZrJ+pQ{mp){%kQ=s;^upf)p5yE9PB z57bHnwRwTsd}TYnZK64vue^`%m*~&JKUwn_0H znO6h3R|C1aK&~#3+ZxDi4dm(rx%xovwLtE*KyF7Mw48A)i$LwG zK<%4A?L?q!#y&0%| z9;h7+)V}1J4xelN$Je0?+ohg$4&AN~)w6Cqx8m=e0{uP+)DFlR^*kV#rStToz!IMa zYDWXL)q9jN^lsQsz)pT+nT%U6Xq$Ug@`fm%qQ78a@;%wA^ z5btUm#o(X{R{2vcZ||b?AR#o?)ZZyzTyL@J`1S>T`dm zM)5+Yo%oE?C{DwFcB)XebZ!(sqs;BnD7JNZL^;r9vv%e+jUv9|58^(U#+u&sJMHwY zziDY3|L$6^Jsy4p1^d?RI6hbP)7{_c3vD>Y?AiSbjif)`&*&V8j9R`A|6?{)Qa;cjOX!HHyc3jn^Fy z|4ruB_L_|LFAz71uY1J=t?Io~tVgNu9TT*_wC+zdo#Kr?JH;1$ zHft9~Zq_~(`AE=bk)g;xg>qcE=Gx=R*S(G_wEhX#W-H;HvX##wt=Q)CK?VJk;Kluh z>DKk@5`3~Bj&Df6;BFm$(=NfbbnCE4SE(NqT&*7(TpWBp=p+64pk9XaK?x|yD6_ItfJ|DE&@}TBj?U0auRvaH|Zpho#^Fd*@ zp~2%jR49+zdTHP4@Jz_~4x6=2w(~(pZ0kaPwOO=u9N)BCv^d5%ray=RN26$T99LfG z^h`)`@THLL&PyRjo!vuIdY%uej@l_cMG>wWLr1uFiY)j(cmw<{d=~EP#(C|&6w)F3 zQb@n(^FcSE?3(1@Se-zc_wW{2JE zy%bX6{SepLyh>a+_!h+&q2fBa6V`zJa2#_{LBD%xMrXuyxYK?V$i^0x?2XW z3-Jv+A9Miz7WpL!?(nJvNBE|Monn8&Fx`&{>q5p4Iv;e~pmia$24VR@Sbi{;AACM& zG)g+k)WPdQatB`uS&On2MKk1l&=8c=A?rfM4!IPv9HkoN736+G`3-rIcqwEY%B?6f z6VC_LqP&v0F61@Df1|V?dMTtAzTm*0#Onr4n-)LK>k*09=a!DlDwr`Tx2UkV^twCz z>B(7nr6UT9C*{t_D=95rkTMf}a+6CI6l7nQGfgfyBe!%~N>*v^jKbo)+!B9wbYWgW zMqYk?+U%mz1%dvtSP`w#>zRgHdTv1utx1ip%bqqZHLs*7KWjlsepX3|n*G15e+K#& zjw>w9o4#Nn4}qa$<VHZjGCTYR8(A8RGf#smfNo`qb^QM)6QeVQnCuNbMy1F?#R#0 z$SRqo&I0YPTm=Tfu*un_d4&b)D6}XI602@PAuS}gS;kjxbDWx`*`x)d{d*{*e;v)M z4)Md^>CE)f1^IF!Vr2?DmcL+9 zZpqyI(u_j6{W6_4KR0`BY3}I4JFdf#8Rd9Q!R5>PMzA5c0x9%=gla{%1QSSDVIxY8G26D_3l(%-vW}k~KZ| zYAsjY2f0j2aW1ZsafLa#CAf{yjQP*36r63j^6Zz#R`#AySRxOA46ZzCYLd?P0ki|@ zI8*ZTah?^ zE0~)_XSsTw@dpFOd%_WyN(j?B$3 z%2jW3fhFT)ZBz-JOgMqY7mO*yU4Cu>olX85jM|50Ms`jv#br0sfA{iV`Ra&QoM5pD z{w++9HUH`TuY080jAJ&rI14wv9RI4-Jgr(T?|&qyL3Y->Ts&^*q?d_*-C1OoE|JR~ zK>p5ZTD=3)KG2mK80pFbCI_Oe@D8FK3Oqj4@XFqtMR(ada1c52--%`Tzczy!(@Z@o+ACsS#~1sbui5na;NMRFTL}95 zZwl&a}kh?3dbv$mb{&wRPspHb8smEYk zdRoe~QR7m^kDZX5F>3gjv}uz^WsICg>9}c=(vzp9k4(O@f813T2y|749W`NEa%$?N zwDk08DdWeD7&9s*0~_`;kBgIkQe?4Eh6>pJOS&z*Av%k0nbN7K%`Cm60>T|`72A3SNfzya0b&BOR zLklF};{D&34x0FyxZ0~M&bog({MSW;^glNPx`6yACK~?hTBNsOY{gtvS8P4rQSg)e z{8|6?dt?2zSXsMrQ?8nfqh+q_8Ba;NNoC~C&c&Msy}%C$3_j3b zlNEj?4!r#*_*-S=s&_h!7U<<2g#IJu7Gy({bF*em%AKBDoQpd&;{Sf@{O6rBT|V8> zVN71ZtlXS2_!L4f6M-evC&~Ef87a6WP z0`BWMdD(b9LH%maa(QnZJ){wq77xNru&zskcO_^d#q(0M{z zKQ`rq}+dGlmz= zN1e~ZQoK9ojxQdYRj>d_^>Ad}P4yZ03{B(EJ!0UrX?Ninic2EhEbnUhbjV7mX*NDL z;RQNBe*q$F7+!lzcn6)UMvb=!{<=Z#5IL@`{nCy9QFJd9ppLcmZ<$tBVxXljzZkeBo*J%l zF(7-{Dg9sDgeL!KMn@4Lonm;b(4CVr^l>;le{Km*UfOLwY2>H3|2pHaFnxDdSn|(z zgGgO@A|OQvI!-;%apM25_O8usCP$vHzR+>(%y_+fA|@OG0w4*C1keB>N`AwTC3d%V z)M76s+3tz`@aOl>OWmFav}fZ)*e#+mtDd@KW#z51?rbsttt^1xu>jfA%f;sAVe_xQ ze|7f+Q~Ja2W3u5qw~OWVX1jh^ESI|z+iwZOyF-cEAJ~k)_v!xq1AolS3Z>1g@GDF} zDcMjm(V!qyiq(Jqq0JAy!qG)JFDPuX6Oa(obKZB z$EW8<+lURB1poP3y7({u?SH)b_uV{6RU~jmL6ah}^xr@5$4oy9_TN$-TZl| zwb|N{-LwVFX1(8`^}a(@_OC1to4fUaVNEb@ zHwY0lUoc$!*dI2udAM3XB*Jldy}r$Pfe{>5+lSR|eS`_Bg>S8Tl_JK^Dece+_U+#Q%0$*k@0 zZcaxil@GD@tMyStd!s5dINQ_BO%m-@Jw|#?9T1SfiUU2i#TFX za8%Ry?L+BdR2Mb0Wj32|*ww@O?Vclw6>Y)mw;N`FX{8#18@sNBZkNm_EIwAW1s!(K z$Q&Sc=IxG+Yt~w09HySN^%>CJVa>i>->ku0Tu5(g5v-kHD-3tb*4y1K^jEHlPs{Rv zntR}cxWs7R!yw|*-Sv(wwV`prMT`aK=zHaOhdi*_Wvj`dSZgsFZJwb0*XzS}eFHDf zf)nhg`MEqKV0FQPx!c|yb~g`g8K)+D{OxkRx4m6JN4WKcO-B%@=w`coxQ0q|OIspghZo?WK*W06yvxD6pZbduG(?Rn0!<)_eUYoMRVH9sRh(=lx+Zg%D^^p<0 zOTt6)*xg+-;tmN*#%f2Kv%p1|JGvTLSZ%-f$}%{5mC6c;mEjtPZT` z;X!H$1kJRvwl1DUtM%~D_1rJs>1aL+7pWi`wn(;*@_2CLi~VR%%X8NJ{al?ID7i? zk8pIx-iamqL=96xr?ub@H=E0~?eQu6cJWr*^TDL10gP`9c60S`ak_*u#tF+MqJ{10 zR&L!ZCd+~NnF!u0J~7(%N_N(^AWrn7}J;Po3u#ZpM+nr#5?04GEe zvh&LhDw~EEkj0ZZLYR$z3O(CKM>_E(iJ31pE{iKda_Q4Qs%Hz#+8j_uXB&d<_12xI^FK)F>ZE#j`^I;HXkCs@?LRK#4kWi&a-6$(H4FDcmb2c^2u>&0+qW&7S*`8JJFGWbPEDy0 zA+WVbQq5tG?>HGbj$24j?)^e1_i>M6UbrGWYKcZxexql&HWB+U&%{flpX8*biy*Bm zUvGE!oM=}qWTw>23&?AWZN;>YXu<5P>0!CqL(y;KClGv69m5SZ9ASq<3w&6TD@U0%&OY2&p z75a74ax8JqH^zhx3h~nftB&p#q;kExBhH{{V!?sBKu%p8Ylp=R8^Ki{M!eoM7)NwD zhz>5ZLjR7#QUl-dDd9s?o68DXui%sL`LM~DXo3E8q;JOt4R*SIOFRUtw}NKb)oN?R zy4te{9QdJtxcwmd0GXYEtkFAKgG24KsU$NXY3m%iCRFn0T7;gFdcR)0ez?EBym-BiBczORx!6m%|Fi8ExPlagW;(^hOHs9f#G#f4gYEgQ zp4+-4%`&r1dnsr}VQo>uc%s%)7rna{T&~}9z+*h?AgQX!GIg;)OzxmI<9$&F*GRhp zsThR`LcfKpbXcOru0Zxj%%<2$Ak79^2NkTWuf_Jj)|33WgV~wIakhd(9@cMmmDpzs zjmb%sJ{(SanX053zGD?J4%MpCeOdUO+o|E?xQLS-o2hfPyTc1E6p(wjpw zJ3P+>FpP@8c-E1)r_8k!mcAhu_h&QB{COHqFYFF5< zuP`S1iVa9;;fHr_;u#@`H2c%Vjl>0s2b1}lmNJ0DW+l(%fX>g?Y?l3EGXZIXhKTyZ z31MRmf%V^7Up7URi1-WIkdth{?@!DL`1tPjMlJSBdj_aoAsNKAII+sU za;0fgw!7~i56g$+;myMei^mj-dcJr!QywOFzIuBrp4m0&tk?Cg4p10FSIYFr0m;D4 znsO_lr$Y$&MWQY45_p47q{SiXr7bjW0$4Tz$Q#qWSJ_S-4&LGHdVTain zxJ$cJ49rXi%rIpNc3bw-@D+f!2yi{9?p^C!HTZQMFq4)JpK9-ycM$Iy2abdZglu{0 zx=Lg4_I_HmX5eA@d;!D9^8$i>LIL}|DQxCr-qb&ZszdBu zF{^cLt=1PO1T$0a`yp!~(&heeiI?Ge3YShT+sz!jvc=^U>apAd-Ip=o&=)+fs z-F>Z4H)*p!#YJom%v~Q%S4`s(6S&JeMwV<#un@b{&-m5Pmr4FMw0F7SI~aVu3V0AGujl^ zZ|6W?KRT6rXo}(NR|_|V^&5H$pO)AOH&YB>nU8N<(u8^^=UxL z@fJA>8o`nf!6cfZrNe)5LAO`!5Ha~7|J zFG{C~eJkT;*P1kaX#6g0cg17XAr;=>`YE>F)J}u5go#StFh<(IX?n#Xz}ZI#rbCN2 zsOJhU@e>HT*y7U1640#uxe6X<^-oq{ zf5|AC#`?62j^j5pk&QMm-rAS(&^b4#6lbxTQJ-rl$n3Dkdu8U4N`d2V@7q{n{@@V4aJ5*~O321*;L>^acxudiW zNgopgS>en<>MhA)ZWGhCqXxt{F_5>#m1hrtoU@^r3ru$!O(hmJ+%?%)aT}`ZQO3y9 zbBHll{G&<0k0oPKGc_7{0M(Cq1mnr#$To>_)MX>k09x8%bD`7Wj!k6ZqQ!n!BbH)W znviS{4G%Dl;x%=X1s*Np4sz-uggo#dkv|cdT6*7#jOthioD}5Rn~3_uiLfHrd2KA_ zsazsCa?K7sj`$s1Svk~3TE@Fp%WbE$1ty)CNWU|qqhct+fE8YL#Vrxzk)@?V{Z{MT znu5a#u3=h$okYZ1H$(4sn`2WvaFP23VUIbq+vNgw>X!yMbgs8M2E~D{^@J!+4XSZc z3Xi87bKZAAdDo0w>_54X@|x$Du*BYQj^M%x?@kL8k+mk8H|x7ysky&7U9o-M5xXU` zK?kd@tZHLsnLlLqdW59vwb~cRsZ(a<=OUO$&7gKIp&*(wBlDg`z>!c^YDZ z&Ce8}1nh5UCp7_0uT6P}65{>V|%$S;Q}4NaEKGpB&Unu1feVpSh}#FAb8Aq zxZ|W$5rT$MbUIBnW2+9giAH=gDs;6RgR#-av~&ts40b&Di$q2fMl_oha69CgP4c9 zD#4W}YNKRgZ5SHPljgLy0QGZd^(*tO$aF5{VrZQ?XCW_HV!<_hvq;Nwxd60w9>(jGjTm}KGY zFuYM_-&?H&z2rV5TNOr0;Gk4VH(`}dp-Cd{Uoj?zC*8O}a&qi6CYr25GRnRyWb_1O zbVar^x{|I?`I3;Tn4x1E4^&>i|hh%ch+20%95qlb||RMNDp#bD8O zNrbMjBHHxK+y$m0oVj%#9MLYq#3Wg4=+%B<^>7YUTy{p6)Jy!1Grz;h*$F0<@=?=D zY?08%XAmUQ;oFnSI9bR-$c#lUuntL!(Rf2jW%?}=+3+tKK38*UyAuBuoErokDpG@h z)9V&Z3a!_C+qn-8Z*gXXLEBBq2}$m2oxx1AB-W_(M6(T`>chTKauN_1di-qcEJDkE z-H%Z}R{5WC=MmfrWYt^vW~1Qh(&1cAqYbpp7G|E#<92~xW@k)lxkCoEi*7j?_4Gsm z@H=n`VwdO5%p&4XkU}tuZCx+YWg~HLo`oaW+$`7vT8v5K*BkDO>RMj5hH`rniC-d6 zl)~Ogd9Zu|1(=&J_51;B%wu=SEjVI#Xh=evE`v_$pDDH_GHcR+&^6pKjIMb@^GgTl z>w#B3{$?pJ!B{Fck6CGEV6zv>xnbea+%pxhgUyugH&`9U?-Cw^&*^efZkACC7xnvc zW4*>wGJ@EJ)fY${VeQ-n-*R3m}Xpp8UTvgOh>^|2L}2J)~w|_ED^Bgu93!?S@gg2 zC}GDui#ggo&moHU;F2OXbnMODT(Ox6+@d0}W2l5iN)tLOEVP}gmZ%TGbJiSBlIv$>VhRf=sF$zRf%t@to~L_+4ie!7RkRu^ypv**C1!Ji+}WhpBj2Rp-XqMH+L1jE zY6Z3&W8dTjwk;!FHiKA!)I8-AY)03MGfjG}>;GCNn$%{5m(XFrrT9p+k0ejE4m zic~m`$7a$Er0gxfpfloBk$vtO~z&Sj-SM?G? zLuqg;S%BnU^QgqR2D6`c+~|_HR4ll2$U1U2OJZ|c1~rFh^JfYp<^cFTvZ%P}94fNU z&F-Bg0(BSbEY@7jSWLI9&DO%6HCt|Gf+@c-jy(4zGLn(Bh-(x}BCX~Sbf5eJjdBi_ zo7Wl5O#~(k)SO7M!_Qz{yp#V&;d*BfVoEL-cy!6m#6hV0{BymMQN{#G6z}w#jTBy2 z5f_TGGR-xF9gWqMpfLwUo|f069>ipHev#na=EGS>FWr@L2oeS~y>V zLiFl!%qIm;lz>F!rTJK=Ep^wI74;$80{ehd?jIme!Fg-juVc6HN=0FGn4n+=BFOAe%h-Ww&l)4j6ezP$e*JCP#8Rr^gW*)-8}h5aE8wMcPsuud zn^~=v8w3UE&Cw;g83?VDm%%vSrP6FA$Q2?5yKr;$d*ofz*4Zbv| z7*;2H>2=ZAN~CL19`Y8%3%K}I7MdEH=eRWS0{Sdk82mLmetSvM2c|x>S&h-N-_F;p zS=(MhD>j+=MhHz>ox-j3aCdXDNzN{Lq(Ts)ug-urrQE11a>ugX7JS#76L_5~ckGnKq4=qI3%54tMqm~W$*%mmqlo4cU+17fj3@yA{T+M%jW<+N<>+KaTvc7VB z!q_E|2pFPYLUW4iHk9VjB;xsooeU>6m|9&pX?Lb6*%69>kC1>W7qfaSCs6IGIcQ@; z?5o8vxp1T$wp__jzvPQV*o?Hc-j}*^!R5mGD7lm^P368}BOz1827rhYqx}AQv($Im zkxn|JuxXhRU&hKVzu1%yXKX7YJjAaQfDuU{N3==DJcwXKTkcOD@6h$Pjdm={*!DG+ z&LWQbp-#`m9*zUaf-KT*+e4$*Mrm=Mp-1o!E0b>oJN9689H~tyr+Pp%TqtA(7n#M- z`T;o$pCP-bGR{vBUH_Ga##lN9O!e>xuD}aRKV9LsRZqZdD*9 zwT7z}CB@}Nwl-O$#c5%=T9O1>oYPjmEK9kJfhPq3lLhG+9n}#RCj|j5Ia1yhNop)_xBEsAji!eLL1dwoMK>boGK?rJZIqZZWw_?kHFc zm_6V!N_uhvPJXGp2DMdIUaG#rN+0UG=v9O@yk&@UFUkmiUFvWJ6H8?&+wxvQd zLN(823Z9wgqcZ_Sl#A_lyF_PDvTXNFOS!|dxCw>Kp7;; z30EO!>t5Xt0PS{vEy9@!-KO&-uP7g7Fu3a?9ch%NvTj6x;zO43QlV@#GFe#!8Wv_d z2bB-wAK{f|PFuw@$LH8bGBI14qLqTpQTPMo6z*|$5Jm^1+Wz|8QR*kLJ8|m{H#_O! zT?1(w+7mxv0k!UKYC&*0)RDClG?$i}&+~~3MWQm{rm2wWv<1^UFp5!E8=yxJQPjj; z#c(J3Y};XbN5E}*|66DYfgY7c5n4;i{8*l1DJXYTd`0vW{QukSeC2skC%KP#~^=8Qe4@w$m+nXFqLL z#rHGCaT$)70Na>mQyF_3hd29n793WGCX}r0j|k86?Ds@t%OiKW)YS2dmcSoP*1~X| zwnmgfbR!^lzpQyODUx*K9Lg+kRCdS8>RYnX5oQ}P!z$zM%ZSrb%?QJv5@y_X3fmes zs_BT>IK|l1R>hJ=s(chbZl{}~JBy|3=d%D@IuP(IXtvNOWfqdF!m^pJKN)%QkXh&( z=(8l;KJvf@FDuO>vPtqS3iI&ByE4#utOdSZs zI$@xhfV4wpmyvaI3YGdlHdcC5as{+~%@NfsKVyANKJM;stGToz1DSF^ja3|)hU0Ts za#6swh-T(K6$0YeiWn_-p2uP$efN7~bQXm;f^$I7g5^IR;Sma8n&Jr4(nz39FGD+G zWycutm)hh6E$+A>H38E7_tP&2; zf?Jhs(z;zGtziUhy-Le=&)hTAjSYwuq5(|CCEgwm-L_2^xyMG<+c$3(?p1A(%Ux-f z0iOaQ%vdqWA0ZT(a0+jReh#GxzfFTs$x}LhE;Pwld1a0sF?@5}os7!hf)aG+ao9L7 z!maC;D&`DY%F$!<#(>iWI|89wI~K=uorBujci4iIp=+#aWS|>0 zBVew~UH%rzGNLCxa3@wQ56mAydD3*?%GR>Hjz_%4_WbhpSZXtBZmuP7a7`L6>@p@~ ztUh6wFXC}2_(ga!-t%~a$FAK`Ql>I2Wh}=VQWIOZz_3&lU$oNpX#tChBas~$xO%H6 z7;O`&-A|CZX3k>elKX|4txT{;k3?i`cCD(N`f3S)IE$gYAs%06HY{1+0@pW*C)?r8 zisQpIb5PYf9v|Xf?hWpKLSDkw(;>ho-1?8`CCfquieqOF_f3<2nKs!B=K3wBF|@OG zWR@gOrV$i3IUn2=72VQbieg*+(OTZA@6>5UV|9DF+?_gT2rOM9+zG**<@9yx#cKqnKLxV~`Ja=lN5?#T%UMOW{_Yf#QFke5S3HFOB|FwcJ(`Rqn4* zf7=n)Icdy-6RhkelF#nYR)^%wR?U2^V-6d(D#jPDKem-x^Zgl=RJe4TID9v50f~=@ z)J+d*+YNzn&gUF&3My z9kyv>6D5sK$xl{>U&Am$Ne@U(2aX-D2WfD}#iid^??K)ZHlhWuV6Kv8U%$o889Ht1 zeiTZKmaV@SD~%9TsTxi5z>_pc-q}oPP%vY&hfCdV*x6kznD|i)Mz5@jX6(E0bFe%~bvrMPp==i!&phtξWX;;HPmruGExXAqDun7Xl;&yY zae7Iv|M@NC9;~}TdI30c+dtf|FD`C)M=xsI-Aapo-Q1l_;km8AWF*PZl{?LD z=w)REQA)_P;jv$(R|Kr`#^irw|I?-Oh8XPbecvHk94mV1)ALo3F zlw--65s75OVL!}aa@@tUsgbaqt-(|L>l&5J&pYSP0z3zQm>}#+~E- zWKW7SQzniec3kCH%>C^=f@?!$B5Ghcvvw9i6pJ?mSD3FM0*T6q?dmFmxu&*<_}a`lxLmB zJ5Y!@ja+5bBVeIJZH^QV$m^ivrNNxSwT?9f&X_gU?8Gq|Nh_|_^NI%sbD59>BylYp zXv<+%$B*n-y($-%J2Z$nvxk3EuRm3AQfoB)J=JWGcwz z>2e!*FWGq)99%u3$!WE)ks2(WmyfK%Lssxh(v~@Fgh4ktm*$I6esmgIUcV6orit@Z z*F(CIh|XJwzIRwz15wl1HFeA>3)!31WUOMN+e=$9B?FP_!v&#f_I{0?RK= z@y%E`EjAf$TI^XZc#Am?lbBr?L*6%>0+DnrlZ3d+6e>Iaw6xjpbsEO6+O`N?Xb|+L zEy}iRC#c@Ot}Qj2Un%)3Aa?!j#lP4IIs$wqjMRp?fDp)pcLox1FXzA!(lQVBOk#5l z7vi1+8gm%Cb=VPrV9!g>)y`$YvAif3AtxwL7clg)*L zAl4zI2r3UDbee%9vHyzG!@e9Mv@R44cwu&zPI0RThU*}bzqe(Q{BLy=Z7eJ)(p!Ln z&8!AbF?x9=hHO2=-nN=v?D*FsK{crW=z@Fgm-boQ({&Y3%0|PkU-QC&=4%!xyPJH8 zX}xZce0yK7PY2X}?oO>1cHfsw4M+Qe!{hoH;!z}98sN?a+VotpAo2~~ZmzB^4e1PA zqJHaMpFznv15Wyt}q+v3iC8rLY=b+S;)Ly?4(z8)%Efl zoRW2r+!E?=kD}paBg&CsqTG3u&;$G?;!9}Flh<9B@>^zhpM_}YZ_YQp-{1DYY!O|4 zI}cgi@8+K3(4^azt(Y-IuX0Gpt_IVk0yV4pfFIn?lYeQU``D=;^+YhFoxasmh zTxAqzakT=oX#R+UE7VPG<7!IF7zx{Q-eK_%&Yg56N9?Vs)K~=ga{&4sI*Hkg*8S-iSWrL|ftRb{DA59@~3dt6a%9YLSe_p4l zRA?5t*f>owq$oP5?-Vw$ARQY(B*NgCklLiWI#=!)fAW+&Zj$>pV+hxR;)vUF%kI*b>flFZb}zD`&Y_@}wmBeeF4P+q%?1&ca%>%dSgk5d3` zJ3Cdj*0eh=>g7msjKM?fvR2ei(CzU`mL3OH?qXsmguIl_G*n4*iGkWG0bR#${BxZD3jMwA27}31U*1*d{VJ$jKR-qC}O=jF%=zLNQql8Zno{qiILy8Rz!ntmk2JH|VwTvCm#eh1q-*NI<#DKUd~NpfVb+;er|KeyS^J;Ssr)I&cqLQCaS63%;to;kW{S{w*|(ta(+N-qcw>Ojo_bVG6w`Su8o zCAUrO4JcZwbKrh%3cXqbwcDN}n!YK+_^_ZeMfSECywYr14Ls-A4$?NmXf!EnS|$hx zH&8(07&hIVLtXZIb3|}z*n2sCrUx?jWH1-%NTLoE2LKveP!F_Mh>K^)+0}R$8Xo zip#R~p?mtI{SYS75ToRdw(>DcT1s>(p_}X-fWJUIjQmta; z=O!qU(@Z{t%uD7fc+=vB5Q~-@I$L3$bRIWc(zah!g-STt%V-foHX^|WOcy}I9zopU zBA(9n0b%uUN<(m|*yK<0LC30d*-IJcl)1U-XnI&x&qRj6mhf#ak+~odr55~IqGTjt z1b{DR?2MIG#+x5#8_#){7^KS*(MT3E^E_tP02*&2I1QlnpEbqpO;szd-N|n>*sWPE zBbwmKSX9)tS~dOM9#-j4pJ|;?gso`8i)7h+0PqVSMvLT$I>FJvURKI0#SqLjR5GlD znA&_})aS!6()Ln)FiIJ!<&;!d9dp7&9%Eac!LVs8k?{d>P&EMUIF~7;r&@xcy6VhM zR&@5#RMa&Q+q=!vkjpg%iWWEtFj$)NwSG|ZfV<9HtV12Nj1oNR{>kPG<5bs# zd@T|g&fwLE2rIpDFxe()HB&4`f%f)fzkd)lMbgD7Zb!HBOJP+AIPVC}l;&xe+EHIe z+s{Ij`{M3XksopV)?6`mFMAQ7Z!NnZ$KU`dE4A`>iWq&kQ>IBp7p2Xr>rU3Q1JIO@z6EHve5q1e(f-V`+1H5Nfti}1 z2l~e9%d}daghkAQ91q%FJxadDFok6QF|_#G)N|Dn=_Qo1lxQ+~D9i5TW@4+^MoW#C zut#e7xq7?;b^+ofL}wBg{9iZ&!*8 zL!@WF&)2B3%}Nq3M}*>+U_V^kr(LXwm6O!Boa^V>WRpYJ_pe)XV>C0`C~NCyAiA(U z(~dFmYU+$;>T>9bPtqa~_GWLuTD(F(Oq=|n%Sm~`n)?cc<0-W8FC)tbp-Pd>VS|aW_LewC~--`f>LI{g`D#&JJ*1+kc}`s5!H$^7F}=mMD<2` z9a7FmT+Q%^8f@hXgT(e|PlGoC3*^Nag6wf@#hAiukQ7*VGvzCgQ30o6Wu+?FY`#?>_)5Hz+}N_?KuOE z&9jTA`EXR%2C-2YcF{JiT$QU^Jzr7YqZh?=Rm-Fm0kr9x1M7{xuBHp%X)NeKVd*dx zzZgJ+DgtJfs57uG@6{QcCiB&ZAqg2O=j>Z;U^hvQQS5hSU|Xpgj(FNeEI6+#c$|h@ z+vcOHO?i$LS!8hFwBJY;nVZPYax^N%%6S}N?i_Ba$#qKGEWSUW6`(k?=>Qi+c6!FD z&Ya~~Cptq{N!^`n@a7~xlVYfLdsZv{t6`Hm^^)7y4=eX{CRIGY>>g{Xy9L7el z^Y(PJ!lmHuDLi=2hLx)5z!f&~C3Q7Y5so~tLh9g6ix#|YEljX#mty7=tI;C?G;aiLZ)8QMuVu2W8Ae#V=`Oh(7fi&;?6U40?v#MScagfFq=V4M2^`u3L;|*Yre_XrbpR*hVt+R`VPYgLV)YcyqNdm)Nrfa@Wk?FI9EygYDacH&qe0-7GY$f_l|ruB zZdkzRoCcW=gIRzpLE72@uF^?U=vXvnOI3nv#}+f_b}Uad2(7;9SWSy*Y~q>&yy-P2 z=C={CHUnEX@q1-6F!=$Ih6W9SD zt95I^+WxGW!zMH4jFBg**jL;WmgVzGcQ=mZ{4^j8eC`F+ZNOHW1acok#a;Ol{kYpkI;I{ zn)bb6>p}Lnfwq-OS7QuSJj#mpcG#KPe!>hu;zWqr(n^Yx5VdCMiEp_iknsjXg|bX| ztPi}!EumMLvCdSeP`0ff0IHVo_0=4XPK~{l^ouUb1S67~*GPG;97z?wk7_xyY zw8kGHf*Yb}D15JC=-9J3Q*A`MON|Mk1IH)C-C0azN?3z@)}b~vxVYhpiJSFiBM@>? z_NU@Zx>et-+q{#yL2CPMqVkICo6*1&#?|V1aOMX;i{Ndu z{)fBTLY1CtSsAcUr4pFwc%6M}z&tWniuH)o;>Oe{zf(*)mSz+sUym;NR!}R$qM~!= z5-1ea+R(^@-fuEkvuo8aEY~Z%0#RkkK<8kb)0PfHx@UzaBP7L$U5mPTeZEy=%Z&Ey zXD!X+O9(+QnzCp_4k9Quf94rz3+8}2^qT04tz_36q7l)sEi?(YFhi8qT$vsU&6~mt zHa(_?WGG5)fYiw)%QNDSdnfzajw3ecu_!V|hAq$pld~0Tc7*Ej7@9`z>Ut`DOBVr$ zV$MC+&1PU8_|!L3_gGLiOT(ruQ`f>%dDng)ane6FfRtx>b6B3Zi!bI!OhemtP2+1p z)VweSOM!vta!M?zu^@;8g^KhBy zXc^qSB!jQ5g;BBGYZ80YcF1N3f+Dy~*JD&zDbk!^vi#7jo%(*cu#Q1;wq9(nZDmqD zKS{VuOKha?y{MI%+$A^n?veLOjFH5f9u=C8i$D_2p$tU-Dc0O0Zydw_05KdsvxwSn zh&6f#W78!pYldBXx2;+XChhYh4mK5XuxH_;f-XdmL zT5b(pz)I=G4U7rSKt9QpJI3C5Si+g&0kjaU>grs{!_GZ3bQ71lnrVfA$CpP;Q5Z1m z+hXxS?go15lMcIfJfMERVQ36PsnxQBt%t#XQ2%k}5=2ZIj~-Zrac(8_5UODpmm1>v z+9yyy&zT|~)*0$XtKm%RYf68z9SNIZo|JRm#MYR=Rx|A(qS#{C>p{sJ&CgXyA#JVq zVz?_r(Ud(aO7&MvVf`pDteKZz64gv!XTZrAM6R{c%-*$lmWoj}0QV3%@WeKGNTqz$ zt=Syjx}t1*|B5s)u#g%%kNkfHkH{?L~v4TwobtsmHHCbDEzQzSj;Vg$MD znTcPAdQ!#cyW{{u7zqxTuPr9UHNzR85)DrPp~VI(?m7wwL+`NUctdMB%%V>_BX4W7 zthkyKWd2aBZ&NIBGj|z5r;`1qD0z69pKuCJ>mh_}hQ zFyJblhXt?yg0uxhe$Qt%enck$^Jv>|XjWv>83BVva(*TB5^;!07(|OZ9vjzYOqq8U z;RTChd<@Y5@kt`JM{19sn5>cQsbM4$U4-UAu8w|k>|#ae3nPrVS?_lw0~qS)u<8!v zmb7|d*Cz;({sKx`qmpCm8(Px{Nb^eKC0;-xvm-ABy@1)BuICUBv~kQHXYEEJaS`i%%wf%?L` zKU5BiRzR$r6A{1^e%yZXMW1=_!%6)b-%N87<+(c3SFSRph2oq3ltSKs$`$+KMjS!p z7m4@gJ?Rx*krli~*H{Nsl(d%6LW1!Z4dXssymbkuR>D)|(Ly+iomBf9vSthHPcEs0 z$`d4co^CXaq#kX_W251!ZG>>+$vg71;pBx}q(yfymMVNlNlZF^uSq@=l|evJfk+Cq z4G695V(vBbspELsok}Bh;3<4bkRH0{oTvqq*w>&mi-u?r6gERdz66bEi)qspQCaGN zH30n#-MuNz-snMdyB#`3QJ5xYIHHLq3~eg6-rC~UtzAJM{u9Z>+fGoVxD+LuYkCaT zlS-#4QeXYW)EpJ2{-U>akTQTUU+9>gMQ~?GfU3?@u9?XoS63YOQDabPV09sr3|G5N z)Jv9uWjb9MY!GhhqgU(`$s5oJao0yhQEv`Jhk;H)%ewtQex=$ev$I>O!qw4I`3|74 z;mre^h#g`8SxXrOU`(|Q-1qW1XwSlkD(Gspk$F+CsblMTofX2*uBW!}M3nMi32Fsa zZ#i(JJw+`Ww?b9pw?>}1OUw`GHbXdaK`G8xyoM4@3&15rJAb0JoI_jdC}SOY)Q_-d z*`5;5_SI@f@~gHu1u6ceQ@0Rg2QERAD~`yfHI_xACFL>VnN)3eih35I_+sGLM3Hu< zscp6f8N|BM97$S;nhMxf&B4u{T<3tAKVes~g0cb2>JeR#wNthf*7o@BwgFHhQH$%Q z0f+L(l~aNPNMD)Fv2uPRw5GD(9c=LEFp2`pp=Y#lFyYPq%^$?0bm#O8$~@Hk$mN>R zJWkG=eI%ZQ=`o!_wja;fxaE3p8GY<5WTFhGati!s+205%Nc|fgr&ymDOl$z(`DWd) z3+WuB<~)kL$$ikm~F(@w69E+Fi`EZYRD0;tB)-FpG!R! zT{3q{D9U|mM?SkPdZ+8GXn?gqOgcuTW?K-g-M{9*_S^RoAAM5gr<8ZMG^%aIS!#lz z8o9vaA*XObK>1(Gk7!zXDV-eeh^cSs@Dc`-{hi|U@FWc$oK|o^t^pbvycgq4ElWNg zgk$?@K#`ifhOr>YmZq2lT%DLc+LFc`;`eZ7P{Q!d60NZ(M8{~&_&wsVgfOEWap;PX z16nMzj;NqX_)kbiLh9tCv6ji10%?Ff-GDCE?{)~WZ&rz$A2mBhbd@a?bkUZkF3u>( z9T%wBSi$y)51IRwI5I&^mXPY=kr@w?RWDR((2yfPRJKB(35-1A%@IY&hf`VrVl@+fzPuNM8_gfkS zHm}k^NZnW%JU7V$0S0gqv-!1n!R^K5ao@d@d!m>xnXRE!*+A)yE<1sS#;vOwBN7W? zkrd^NUB{A|$qJN9n#VYoNHD)*CA3#93OuDb&9*kLUPg$jQohSg>!!S|;xa5Q!di_C zo|f^nEmP}eA!zaZ!CKk7AkJDpCoL_G4X9Wln=;LsTa24RZ8{~<(VNCosP(3PFob1W zrM3;NTJsz6czgFlTfzlA?C>rE6Ws21IcvKcEI~|p(}by>W1%^y>eFcrx20 zv8aS6%0wuKZQE`l-Xq*22J3X3;AGO2rhO@dq6UauH-|9q^R_z&O5+?$f>LSt#e$&t z4rZ=td1T|vJ~wT}Ue6{=UV%Kf{|i;>M3zd3Q)3rhL*J7xg)eIYy;|+FiczgT zLfjf$BvSDeaA~QNN|$$stl!x76bonXwy*^8NuxQL8aK+*JpoJPVp-CwAC)+f<#S=P z@_5)`haz*E&7rxLJZ6gY^^kxLF4rHH1>_o4#%I)2R_=~lcZy|y;0*2QsLZ- zUT89~33g?n!qS7M8K|CZXjSXsp%L-5d(!d86H)p7!=(fq2wGX= zXh5L_mcX~GXqu>K-j+B(mH)Sqiv;!T(7~^>=iH^^1#UOry|riWh?~0EB)CxcZ7C_1 zA!k*2{q<#p8E7`Gr!i4Nf5;E$Sm3qw8x%pi$%heH?)sRKtYzD#DYwa2jm`4*;cW{b zLPK$y2wa-KY^O$h8ynL8IwcHM;T9XNd>#>QI()nl61VW=-JwS~iAZ;xmN!JeV0n%&Hy*wkB5C(vhiPxinBYEsYXG)CB|F!+Tf5z{ zwA&9YQk7Jb#LTcwycqIabVS2s?c1Npzua9N=Wl}(^3`f*c9vT8X0!JU-J;3{zsmWi zEuL>_Fe~%FMHebORkIdqCLN~6{B}6)qLPB%M0G=PV?K7%4M8e@E|nCCDnI+;3M)cc z2~KT{VJ2)A#t}d$h)-XvxyP|#v}x1^_jdDky>eT3hpQm|2e_B%^15X zmGH2y$;^01W~2+E9J0FKVpze7V)D$kjjpMGqsVRBeOd6FaFN8PgZdRkvD-Er!sD!Q z$0CsR5KGF7fn^HWqVN5iJ5MXvMJs4Q2ddd1MwkVrWptrJ!A69JF4HSiq=eZPk%D1c zd4G3o&P2-g3`_@M%w3w(hhjU2%KH;$xh7JA=t7$xALi6aox2iFvGMnimak(cRMI!? zTE_ATMEdmtmZQKck3bW+_Wcx5Qfp}t1dAV9{R-0DA) z82hz2A1`wC;5HEO4Uu&Ttt=@iOi|5}QDE87J-SW7jae+RRethz@u$j4V=l(bGOa&4 zP;#N%&WqhP`{dtYepV+^t@Wkt3^vx%Xj1&6imw)&HHYNvuiKDKw=;tW2LwVb-YM&Q zT*L7^SAm_{2%jytR14_JWV0F2OeYopfyYT#;-Wr=30)t+Gd4nIs&hvx@=@0Y@+oK~ zEH?SMZ9S*Hd!$^F4;swzU(F0-8fxhdrvsS-P&D!(rqp4l7;h~-!VF#|H4P!n?xEqK z&&zL9nq!j@Y`DYp-4sTQww`mAG1>IZ27IoZh;qvh=L=fDp%_>QOmEPPAliqCYa5IZ zUBa3x=hS~aLFPEu!yscDp3A+MrY3N{UOmb#NsLW^f}o9*$}COlXCi*gd*sBPfH7-G zBuB@*+8UA0G>)py^dKHgt5469v3{&m6{^D&G2*ev79D11spkU-@(04rUb~<&1)8BO zZ2mHKW4Z&$b8U$A=>Vy#%yEe8kyvH%_Ys&IAz7J+Mb|*pLXYYEl+_ZJ*o8os(A9#S z%@$*47)4)vkhU>zRVJY47Me7A0nlqm$syKTCA)7&95R)kX3DJqZjGUdCUQVIatn`} zU}*`t`;KIcE@DRy=EkB~MpKPK53LPPA{(QaRLQT7O+nVlxVQk*RIAJ*tJ;l;T7Qb* zf!Yy#|%;)ha(7Pa(L&~?4W8KgNmr1Ad+G1WsFrd$e(G$wweNb&cK@% zbk_lMl=L9wc0(-Upj&K7 zh%gtfshzs!TYoObRBRhmIe-*fEk1 z7o0~C_lQ*$%I^~Twvg_ zZBais5=j@NV8-;RB_qYmC#yHx-sZCMG(AM8=T6&6(=LmPE>R!ippW<31a>?~ys2xF zFW=07yrP0VXMr#jxUt2-%kqY3+P9q9kf#u-(Jw$t?2B9|1Y9NAx+wFtK9zF}rAla6Y1E*d;H*&P}Q)Bp+L1MHGNPaa&hV zC&;95hN)LsC0e~#WJIPgjq)Cl5MZ z$r__rssO7~W0@qdAWt)t$$Uv(glteDjOpOl;^IvT5EW&wJH{uY)Mj@m3t}v#m64j% zs5slckz^(Ia+t;wjd$g$V_w?^p-KaD(5yZOV>ENcO@li!4P$@9FC=Sh>60pYhSsLg z#P{ZRe%S_;k$4T9Mr`u!_DIOOb($?4r7x9L(Rj3iAPiZ&ob7azK`hfDGIGwtqTT|Q`ohI-88U>_ezV@O|3<{#slysbAwIO#4g(G8z%v) zbhjirvnjGwD*}FGdg(AADNf1mMbe7qieuSP9-C_;_Gd}Nz-TSdcvS0J(Q{d#OPYVG zKRZWa5r21Wciqh)A67F4j|i~BqR3`SWMO(?NHJWlxFhV2sTv>~oc9uhmUb4-!x1jd z!aYtc^9js0k5;!f6>ZwO=X$w=l}usLGyGWOQJZa;e!T!qm6Lf8qsa;30P(zjitmm| zLcH+wN-~{zcvl03!Yq?ep%=HY)#{2hH70=&qg+7fzuB-!$@RDP5}QZzOrliwF5)(E z=U9Qn8H>H15?jGTLy20mEt*N@b!We;l!U4m-S0}sx_R46!!Q+3m_c@mQpm`SpP7}4 zQPAv>B)?{W?C48tm7Jr6b`6wSZZRZm1hXzVK)MgGd(Ai5Rq`0=4lnMuqwchrQ7V=> zKq4KVAgywEjVRDI(2XD!mlh$1otHOSn17waCoXohu)bmD)+OBmrREycZ3?+EV&17v z8F2jSRFyzSC)LSn!2sOM5myUnj2VD3?}^k^=JeyKN@qb$GgOBRJm zdtD(jA6GnVZz%s`*pNmv4AwH1pvL|qOt(Q*Eb|A1T;Q;=ZEnR@^!lL@ZPL^K0&3fd zu3e)ln|)cb6dB`b>pP?@EXe1fxgH%xE{GC)J;0WyOBLCc=3(pbwsjRJj!M708>=mH zf%HuxjiMYxb|wX%0WDrCbid{D9p)c|+GxTyYU_lwBp!q|7mQXX%@1)O2)~key#+Qm zJ!~yo9Wbjl(aBM*6DPYmCXY6^K4rP&>JZhx@1v#dZ6OV}9x68)!^F_NJ;C?#F4#IT= zxo^ruxomDnV=2|Ai(IB-gp<(3YVNmZP1_CAVirF`E09dv*Hy;`z!U?Et4Dk!G}aOC zPuxn^MCHw)=()Z>mgOv)VS)LY!o@7nEBK|Oe$uXSm` z^un=5HW^`V5vMxAnw%PLoEZA0tDa%Dcx6^R7pObjphEMsS$y0ZC0uHjO-B%6kFIIv zqA}SReR9d=fbZaWMv-e5%F&xd?0_hYCS+EUsb?tG*Icm;JzPEz?&Y+TCDde?VgQzPLzg;pBXlRC8Mt!>CU29VeRf}6yuHj;EQbo|%(U-ygP;t7dx;9e?#fKP zGX0Xvc7bWB0{rbK8PFsX+v-(}d7+%vSG#OP{F*cDN(rY<@JOOqqxn{_FgDjg*Q9tm zdc1f{dRvz>&N94Fk7sR5lU4pVuP81W<1F#PcWyij5we7!9y>S`r-EC=p_hBg4%9HZY@6U2YwyQ)_7RfLaTVSN}S+^fRLbjW| zmSMRCRJPVQwp#=&bqE@eYFqebbvrGT^mEtax%!v0(Y8S6BS43+6+&BDSfvjyt%_D8 zYLJt=t&lh8=%!u+?O_TaX4~e)udW`8F;_k#$F zqCZTQn@h!DPb&(X?y^a%0{YTobe+~^nmr7w1c9_24P{Ihi@2@r&u_PI2BNgNF}S)6 z4XG^I;%ybtH&#YvFCEJ><>^>nwBvGjrfskigNN~!eujQKq%HJtQcg2@ZCijwX|lo$tnB5sLiH}`1hQ*)E%=})nmGU;I$JJT zqU+V2V&qn9*_QG>)%GLC*=>%M{HcS4c}O&nWZJ=HWP`?Q3|3b?59=bgIw?iuOQ2Tj zF+24fihYt}#-#olIx}gYAwL^a9O~L!U9TG>T*HAwug!DaYt-Jc5^^g{KAJgVx=%Dc z!QM=s(sR%)58awEf6KAJUG}Cw^JJPzxu5-A1#zdcXY3^Jz>rLdKEYqye2F|t#2>dM zb#tMEVvHETG_}23`3q8_LyLAAC(I`%Tv%=69b21$)B0hvy1ml#8>Cuot9Bo@1h#KS z_|+0hm36nRmy2q`T6DM^^GT*kVNo>}OKAe-EV&k>oDiJcak$GKP^B$A6ZUeB&uu}X zr{V;8dl`|GP;Omvi$<~m>k;CmJ)0P?uD1g$>**Z=#9w>Ft2CM;Nu)vz6U@dBV}}Ei zRX(1%;N>cDp+R#w3nurZLM1A=5>7)FZB_FKRDAi_9*bG1dD7I`K$!cM4Vv~k2Qz|iVfY6p9a;n0tb!EP*C@>fAmq2O&+i`J>-T}se z!5wW3S-Q!E9+M#X{y50r;hMY1vgWF80W)WalpNUHqbP_|C82^iu5eQ*31sN92)UbO zexkJNcHt~mN9m6)!n4n^v>+2MI4OfGo8L;H$`Wgp*E3aaOIea73x$Nn(WqAvWDL33 zp^oRrWJi2E3lTY7uDJj%Q~lWNrvoNSjv2BpcI z85bS%Lw>KNjMvh%AhxU%t}ndNv71L-1#IPkMxpbUjz{>5Kw3Rht=v_cd=R4o)yB_s zDqzN%+WW2}WY;+d#N|4;#GB#@UFd=z=iN}j!gP?Yn0R;A zkrSnS8Pn3K)-1(l9~r2S3@yUqzgVW=QuUyOd(P#o0+zSxt(9`Vs3(|Z$Rm? zN>FPyWn)-QjUsL+qO^3!J#fTxNB3y7{s{7Igog&0QzLg{)|MFI4he{-1<3c56;Sku zK=g$0?b^p_nrH95dpCR&h^Ggezf;b4;MmGOko+0$N$`m#A`DKgk#`}NCK1km!he9SdNs?iFOt7;Au zxvBzWVuUZL3$5~&yI(FFW)W?tD04}c%?i~XSR4(HuFa4S+>VpYK#sPH2qOxc28PQ9 zhPtcW<}O|45$}`yRA9eJQj#W^8o7?>LMOkUem0}v258? z|CzdFfD`0~8i@_xzy}~4V(YRa;x-Wk>CdezrZ|D_=oZtr;KwXhj8on|4mwi8Cp<3s z38rzM*vZeh4#&o^*WwgS$$lL%>`;M~q+id~u;X<>ytycGS;R&v_^fGy4RE>FtI1;i zq9*o;vGBwZ?+ls$kY()}PMBtVzi!VR94+3C@x#FwwZ*nfaIG}gw1abdDOQ~*htn*m7D z5bv6UarGZ1p1D8BZA^$F@=M=pnfJWwuiPuuLXtfzgP(%f3qB+AX=~>pS|bqAD+v3wyK02J+n%kXA zCh_f@*sd_rnPvBI{zH?TUb0VxEh=F83Ky@3(n#AYpecD~)NE?_D)ud9M{+}0V&M>c z$G#GghjStul;I|8XN79HNC?tp0$q~QIqC5zLwWc_GcRBd&F<9$TVp4VqVxw!37-#| zio9q(1uaTGC+w+qW)Q^GGIi#(dUGQ4(AIj*yE0RxOsE=3_-8O8-=C+-o;HvpwV)sD zuV9=I8+*Z|Kgn@DfbwW=&+NXT)#g`sqwV+27)AY^Q13wKx}EMuKgY z5Qu3L&P`v$$oPqAWgFYkV_ilP%ArKK*|f6g!y>xlFzlwI(!Q*DvZ!=mr+!n)pjytH z`R0@S>LzX}ID2U8{xZt!ddyb|Q9IPRnU2-tbh(QVW_j*W|C$Y04jT!-!6dT3U78Z* zCrKIhjjTtwiL!!L-kyWXf~Hly5|zbJxZCzZ;lm7kbzPu?3}|1^n%SlFLYbX=ty`E_ zmlElMr=`l5gCiA~w9ErBj)q@Xy*`xo>0r4<)20W}6jf!!r4JGV zED4Bflf%k0&E_?>w*)&3ZDVu2zGX_XUuh(iIWO;cwD7We3TEn>vyI)AMBgGKh)q=o zkNB}EfQrSMqHsM<{L}C?P(1iR4xX;nm0qzyFEJl}+jZYWy1Tkl;ihj=wMeJGy^DHw^z!P4lF6YFY)p9_piGuWdcI* zoB`Ug(B8G~aN0uy=40VceIMNS)m1W%Yw94;Te`s8%wg$K7=LDf^`dqF>xOr43_2-R zh850QZ@I#U%aib{xNg)}@a>;gp0lk%H9K<$oyB+=3dO#RP;98@N8|}vh7NfDWnv>5 z?x@f(Ga``M{{ zWJQ2)ei^C9_$gX^7U}3u9SY?ZQnYv=Xa!eXbXeMG6x0<8t~5c^BY$0C_Bg*1=VXVI zussQ+$bc|@yqXnyn8Zv%Ff5sSTPK_IbnGpJEzKk-BF7$nB0?d?2p|-A7S2ndkvRs zOM|lE=ss?XKmZB(3FQOCLoK* z$R2c6jqV3X{Sv-@dlk6<+|_;~Z;5R^*g(xsmuR&CxMKG?@ek6juDN$s`U-`9tWyDQyVku4%n>SNO;r@=K6Qq^~6m`%(}U?d8; zUc_~S`;7iE95bZciNEr!?4(}gdtr7?GOA1XeTrPo#o|JQn^>8~@ zV7iQ!SPI{qG!dc1Zx5WkcTLk?{w~VBp(cQn8Cc)k^#jfC`0LPD`voiSZ~VmUr8(Db za@D%AYdU|dN$8BIV#)4-0lOB&9a6Kuw8c73IXgIJIaWx^?Js21db-<2SPa&Ro0Ae( znFpW&!<*vmSxz6;4ROX}{Uq^-lyY&q4)h?Cq_T(&qMDZd0Xrm9Vpr2@Ln1p!#3Gt; zMOX&ehEihoa(W4I!VtBV`K(#5VfWlS+}ADHW42(H>K;Rqv^;Y0t!7Dz0gTTEbd5Z` z+N`K@S;~S7ypt0~cfpi-C(upPywD4lTr5P)T;fWDIkqUS*GEEsES2T-OnS@itq zZ$bKA`N}OH28(zLMZ~vgA}AB$+d`IsohDNdKIs;qOk?r*M_-(-{TN;g>^k!LR;Q9h zwE9G}n05TTKS+*X$WwbdSH4`3l&nVbk_KkFE^j4PY#k1`u}fvC!+7B}R4g7@tiHf5 z9=OI;3#*phTqbDX3iQM#$>P0Hn09IG5=S1YJ-+>>FsUwG@i>;aaNm4iF%dMiySrvT zmQ;zc0b=MfCU{QeC~$$&_DGaS{hgL-PeE?l%v{AaH{&&Xo+yKy)HuH0kX#z-k5UO4 z(pfpep_(YHVRaTDiZDoMj}c!W)N>;rGZeYh24s?uvsT=OlL?8{(?Cb{hzl5t&DZZ| z>*mPXk>25E`eF}FK%UYnd@gD5EreU34zRwIH z?$CQmQjalKj1(b#&6HUZFi5^HPo7D90J{H5#{*XHoM_k%eqR_Rwo~u2-mvwDP8u9^ z54)^uaT5G+tty5@8ywj(MOB;*;To4Usj`$+#G)5FU@*QEA3B(_qh-+8QY?ZfKzu@Z z$oAb3NyJ?^B3nzn9EHH;nq9dwXIk+Eaq7k?bR8hSm-WoJ#cmE$JCQ7P_B@!qD++lf zV@V{5anc~5lquIacsiglX=QuREvb$FObUh>(4A6-Oe$a}xt=NZSHvYpIju}9!f<(C z@g)qg()8g?>x(Zny{R%KtZ%!zcxSKrv>3i-cW)t*^&PP!oLG6__H$4fv!1!-Ue4={ zH2gAsru1LwN?ucF_7C=qHhYO=!-9kt!O0tTEuT_QEHXCy08Xgok;IhebWlN{Ni!XM!LmDMi$;3nBtoly=k> zP!Bcmr5>Q3%aqO5M|5nfXwNDTU)oFAyY5s%YrOUao~sCvco@G2k93Xdj8bwR^aK-+ z+7Bij~5uts1FD0Tnl4EU2m3K)wxo@O2r$5R5dGo+;qA35`D`%i%c$Ln3rA%2JO z0+Z{*pSiNZ4`@{Y;A70Vh413_jg=@&IfzZ!8}#;dfF-m++KPCBz7H*^3J!7N$Xy)O zoDkix#I-~0Z57s-n}p^sdQ_x3fwA4}$`KN+Ih49~Jh7B%1jzx-!A{2R2Cp$n8K-SP zT)3DNRZF;E7K{<0XzRj9+KjF@f6{q`O>Ipg-oUYIp<$Agq1QuajbW0PwxBf=P+PUy$f;0-)eqv=SQ|8uQNK(@1{?+$N!;eCf1A}yw<9;1{<7uoirpZLr)Nq9Kg>iIoq`(AW!g7kYm8!CC8`<3r_-y=^Q6T8;hjdvq2Xa8?PS)Zz$WO4vicBoa zTB++gW>e$~Z^mwz%$j|IT&0@@3MFZ*Wp3S+87|t&w-cpd1e$-D9zlb zqHYseHHXCwt#}O{Gtaq}7(%`no~uMXl?N%xj(0g|&sH!RJPS1e_C=`M?9Zaig54Y-(aetRp|V5AK&V+HnJHL8 zzp!TfRc=u=m>~({k;U{B(sj#}3~zJ@BG58KaZm zt^^ucVj|w9=ea{}AIG=#0vw#$9!oJhuw((Hc|>6GoJ6Yd0{(vud$vtQa9~1Wlx%BH z>e_!axt;RL;G^9yF#Fp;YQGwhtLyK05u$H6PBUg-&nxyYc~bfk1v9%t3rm7YYdja; zqnM(O1lE`KzfhPgN8U`rhgg)c)0odNi1e)_j|!eWK$`>P3_^7%`ttX!yMA-M#+!{V zqfkqjMKTYB0CgjWR<4HHI#p~PA%%%+CTsw0y~a^+{SH&TA#JvhbIg)tK&TJDos2}J zluj#(`J)0Ua~ygsz63tP=K_{wg|uh!01;!+VCd{7K2H&6j7gW68{kVpeJgoH4|*$7 zpIg5F^5OCG)6 zzFyzQZ}mAvQwhA=0+Au|cC~R&wtph(nAFmIIf^-t6?VWfTgZ~KD@4}<0WZ_tH8un! z80o%Da`wW{49vc6=NzDH9&98-VM$&+l&^W1U?>W$U?^30JsiCqf9(_S;N0`@o})5Z z1kuMpt4T{4`?xpgDYGWf@Q`&-J}bMdM7)R&n*$&44hcoN{5u@L`Q@l>0>lVNL5q5a z4IUQgV5piHG(Liw{=gz8VE0rh0|1n7xNXxKkn@eM+5DVtRHHDEhA3tz0d1K`B+D%w zg4yd@jI>LW;!}Ef3(AU0G|&MWw!yQQZIuS{riWxC6^0$|>T|TPZDf%lM@00$5#pyn zmI%^OBm`_z=8G1k;g5&7=kQD5| zIU!caf!ee>1W}X_Bx4*{*;b2pF-p@32&UogIuhTGNRxy_4wSB}vZP#$4s0yd%)(`r zd${vHsg<6+XSS8#p7WCK^1dn2#in_FC0X$O(b6Dh*lxy7eI{9qwB^Ri5se|N-oYRO3 z&Z;IgTJvCsl2TH4c{1BCZ*xU^;zTApYN4bvDmh)oVgwGuXrgE0sbKcC&B{$q;U($1 zjG68fV-K9R=5-$qBBYRQDYtG|q)k((hug-o6hqULFv97tFPQgQBl6!( zyCQEfV7x$_qP<6rLNPuV4e>Cv0P8rH)#Y9xd|S5z$|RcF53Le1nDd=mP@Y9ae-!}j2-cMFNjYTo z;xicvcX#Xn5+d#PRH-}Cj327VI6dQ4(24act~c^D70yvTtQJ7sBZ&`2^Z|Z!UP!}x zZczspnCo6bp213*zS&$HYTd(I4pdPffpUyQT)F}!7GyOOhq8B+NAE0RLYcL;Xqb>r zi^jW*9^;jKH>zio3MszAEgQwi;k!$Su$ELlBN?66JE$f#5~D=Zkri(vWn_HQL|tSLh*R3jGH zuCn+px?S)#TJaCHNHO*>U9=Fko76SJwezz)U#OV$@;iBXvb+a-wzEZ;nqnHL_!t?C z#YjjwTAQ^%k>)q{JcUZMC>k09EQ+7;vIg1sbnwiig3jg~4^Y_PxhgUy6etTHG|MvdX*Zkx5 z(}(A$uTMXI``w#QU%$WqeEjzP@%i@g+xw6D_J_Z`TL1m=!}o8Ge|q}MtEazx z;WPT{{V#v{MAQ27fARl+|Ko>O$KSqwd;H~h%cswuA3uEi^z`K`AO7>-@kl#^`rh1E$_ap9zTBi@ctX7F&oO_>u*4hfBW?9!_Rk5x9>lFY0GzC zE*^h;dVail`tTnI>}l`6K7RBX30eRB!{_f`KmBzUtH=Lcf6&7>q8UfteEIb4)BDe#{xg1`e*NkB{l`a5{sA)4 zti|_OO#{`U`)3xv{uI${pT4=>(w0wj<+YEWe){tMbM)`~XZrm)eyNt1AHK&Q>o3rh zm-&473YO2sJY2v3^6~TI^Vev#Uk#?bEZyRR=HndN^6ATm@6XSWXNz}y{N@#+=U+Z* z)x0RyZ~gZy&=~GMeg3@u<=1b&InKZTdl}dte|mV(kK^a3zZvlV{M*BS`{Tz~FQWX9 zKLk!tfmQtDUml{gTf|!Y|9trN^jv=)9)Ep${+7Rgf-&5_|MLE)+&G($uYM`JWrVzE zQ~vdFEdBcU%llt{h9a+@K8uHpaD8LxvpIsGpXS5={>RS`51*X)e7n*cp*)vgYKt}g z34nN7{Hc9J$!7?Yf4)Is{3Fz>=cn(#^7j=h_cvopS@PlO%QwdP_}oGDEh>Akf3(j}vBP zU7hl(%lDsT>VIO-efW9(_g`U&Ia#khvkpEfR(b#Z>(7_ZPruwhKYjVBDc^kcAN!}L z&rNaVhc=7NPfgkp*7-9HJ$?WB`L_#Asx4}=&{wzbfBVa$l{XbXaDdRg-Iu29`0f4k zSoZw*_4_Z69op_o^F?inJbvz;SczXhKYr`+)yK`(u8B|m&!@H*yDxXo@4tM7r9Fw* zn#15#3u25N?BHuZU6xmz9L*qqDZ9m1V)tcN3D!!)@M0W%gHQhaDOSb6u`^VW(5 z#mA4Y{%_B2(VL&+AAX~q$B(bxf7WsTn~sb39FUa!3IXxY=4&09t?*D*mtFv|WRVAd zKYhube{}ZDmWj0+e>?M}&R66A_Jy^rx$jxdii^i|biEQ)mmmLd27DH6DW5)n{oN+d z9j!gb(5D|IBk=d{c3(=P8Ug%XWcgeQoyN+~yXW6v{^jR~aKphCN?+Nk(36evUKKScsK9=^EWG$*wK`i`f#NW|FMOw zvrcb5J$)A2Vvv{bkwA2wtl&4|v~X<6VvoXlV3MjslEGR!dBT9 ze4?$nGSHU3vfU{}F`Ac88e*ZOK`cTa7?Odm)SK&-EATevhhZee?CJ zetu{ehAnpkJHX5zpG_2gZi+RgA|LO*f0NAc|IaCMFk<-ls-GFe_ou%_&t;x5MQjQ4 zdwgc$TIk}}Uq63({Ful7r~kAWFC47kUOfGs_Cg{=9r^ewY4j2)K?=&pS2TTi{P6VC z7yG3#*CTB4|p>O>e%IKYa+`bR~ra2A$d`t{%Uw9zVd(9zR}w(#ZbZh3Y^4 z$HT(~oDwb><#k@Cuy&i4^K6R7;r09*mVuw2K2CvmpE!ZkmmJbwHB{Kc5>v@4~jXW)4* zJ$}^Y`U`6`ZKLH_=dl)Pf~hk1w5iP(DPYX}6qFknZZ?l#t2wRL_U;VI3HJXB6WgLr z8wzuYv5zUVt!tlo8Qo6#@6Tr%yM6rSFBlen{`BkgLwC=ge){S0c?vLHU|Jly=oFw? zIJ37;jErkbOS577b*N4%H!XL2{?loy*mTlA`MT!ABW5oaKg~}{P{Pg zJ*m1smL@gcfBxJ1-@d*xp83o7uiyMHKN@|?o3>(ym^SnCC%EkYLeE{=U#Mi~&{2R5 z<%9hfD*I*qMM5+G5r=>Mi9fKpK8kbN53zgu1GbH1k4@$$EFk>pLXr4+6o_rapYOk- z@H`RU16D0=0GM{6uZEKP;vZd7pq z&#qhdgyL9LV3CZTnAOOt&m_ z`Re}hJ<3f`>8rnWzgh{s;xLbV{zK@qAN_QC<;sP2Y*%pe=?e;RbBw9tU$8X6trfh9 zzJa9J!OxUyiN`b17GzRrm@{W%)5j{LMsL5(;WJ?xkddhmm%c^?DUe0WsKqfYwV>$W z>%T%RQCao}mb)#wOU>`q%@b-g#DTmbk))KP{n;V<%Bb#FcFeaO3;g`)knkP+T!20U{xZxd}+!k{fKRbr)OLR$FYf)mAL-+G?xTwH2$aT5+rU(rQ~)q_R*EtSZeR{c&Y&W4*aC=9$Aa zub0&3qet2=3Fz6g+~AC*tA)uDn9cX83!5Vr&gOu$3?5(WOrqva_d744TpR{|NUwHf zDv55MOH>!Nq-r%hyT#ng@Mr=HkHpSX-M+A`wZ1-Dk-qSIE;6)h!mZcd%d!@k9b2p2 zXv~grE78c$MH=)rCq;*|brID_k@tHQrkbmCvam0)uV|N@{zcO_--R+22$aFK8 zr#w{Aiy9WUOY!X+r2JO2w@%HH?9$v)K(_$l3+UT3atift-<#)ZF-Ib_XrU@xa zIDNN4Gxk1H8npxE-M0F05jA*-gk}0nK3RQe&01HVHGfOVIZ4X7G=D8aN`(B-PT`tt zrLSvKVdR1S-B`2I?j>&ex-JzKYQZ8l@g%p0fNK$XjTH;YPi&(R^*_6*J~~ml4!>H& zOQh8WzP7|G8?2}@HBHf0t?c2A>@!IUTBS{q*$ubVg?EQ(ID}c= zWO!_CsA+0Tdj@^n-#4YE#nMuyRLy?6o0nDB$j)hB*w|3(ZNr!fWg>ASIr!E0umK;@ z1|dS5_Qh=HULDm7lHj5ATh%Bo)a<&EpXE~X!5B9aNRtQ~erVEOW0K8@J@=_f15wM| z!^|Dzdc2EF_X!eocGH|@nT#}Tc|}iJpyY8#Bm8bMtxZKp>h3>yS}>Y*OVo7FZhoI% zs!c`iIahIP8^pD#+KEHDRb`S+9K%e%wKZAUrF``>vM9V(bg`dTXzQmhk|1hrZc%Sk zLusSN=@pVt-HdbE>fK~iXFJ_QxW+8@IxYS;9U-V=Z9T^{0cQg&aXI0DoO1z*y~swN zQ=DCNiO6|POPjP69(thjpIX1L9mB(9ncB0=($0HYU4!iT-8{pc8X8PSwg^F8une@t zE^lmg-m;!@L?{^ncAN81o~&Y=ik_X@>~k1LHzT*ZlJK3Rhqf`RIiHF9kMlx4YOQI= z)+bxEp&IXklJ{sB5bnPRZEa9U1_aovkdFdZq4r|`Xt&44yr^8(L~Lj zZX!clV(ffG^Cz{nwKgo&nWb1=&;r@cGbJI@WDsIIHSr0`vmIJet)+reE1x8O9FLVt z;ytfPs~lNLXwm$T(BQM0nrD;d7qwLVfO z_iZ^t0<}FahI=mgN!=CBW5rb!au@f!ByzVdnFOfHbP^4znfL|W#5A9pB26e!cf1Dv{C24Q7 zUHV7o2TeO!s%4f{L|m#+{Rc^BK0;Ej$H3`L=o%&uY8p3+Rju=W8ec2t)VD5c(4^Q? z@~TnO>MV_opFXudTie>;7C3R%^4cxA$6JP64JY2F?@vpV>1+~oP-D&F)TK{gsv2$? z+l$rpHLbNv=G3$;Nkwv_+p;UkRCBVqQsJTAbk?q}y|yiRSO}QX+_F-Z;w7mdz5i(f z4^=9;!GuL}Nk4G1z^1??Aanz-UkjJJF2N!C2j2DlqBh+UVjf4wZSpBRY41-Y%kS$hlW<2 zY-4lT?wp>T#Qw0Xum0dGJI+~I+K{P}?A)L9c3R3`P)6P4LM#WIRAWUHX)48->-8G# z%SP49B+#6iujI69!E(Ja{*@t7W;JB@;EH|+DW2z62F>QA1%NSSL{sh?Q& zml0j|S}O_m-RkL;^J1I(<~CPL;gLg~&AYG`G-vU1 zI&D%I1|R-;2lvRlEPQjD?cCTVqp0~?+qy-vSxe26nBBTnN|Kr%=;T=Ez_s6?BZ^HX z2CePWi*&|<77P+o$$4^}9nzdtyTlsF%%HZWM7X-O8YT_xUadU1RYzLQBog&7DcG}S z$hg_I#B_DPDhn%xh8?H3v}j zkJHo8j9V@Cbdq9Yf22x!pCrDaHnm9-d(tmvx7v0{?B~+d(JAc$C^+_K*KBsHmgtF> z?;&xNS_vuk#TWz(S`$@V*iy|2bmu3fjhzZ2Whb@PPhQEPP8Vb&P`eE*bd;1tp)KsD zEUDL($w}wTE^WvY6Qt!rT2Y=jdlJrN*{zMbo!Ze1pr>=t#&#^{9p2n}B=<%&NDOlk zZF;ub`X>(2K-*N1QxVcJ8TxiTUB!zRPyT)vVo!7D(BeDQgiY}ZjKxZF7&?wKJ!=vr zzE-{x4|PJDo8nNV=*>&sTBNN3H~GX-wAn7HWS7qP6RxbZ zE;NbXS;e9r*PC**Gzvo#wrdtl6tjHU^Gv&ys^ffW!yc+V)t?45x9hW1S3}-8NlT=Mb1LTF!*S)w zE2SN#rvck(4+1_iYoI;w2$Uvsp%s}!J<`o=vztK|#jVG)7wN>CEcP8Xd{el{-`(HEVf=%?b_QEBkgz9k1pVy$-@l3VNHQrfGKT zw3FK9YeUQ18E4citZzi#2P32N(ArDhZiqxZyrMRH;fXph%-*u{5#C_aGO|g9aK5te zJBjY(iu|P}G`hXo8THHM#0D>Q!@UF**%H06k!@SOP9(<)|NBMy=$JZ1wk~I{%dz9Y z;?Y~Rr!HO=oOA2-Vuk9$yz21hu2g#`Z+wEG;}AmEYq6@Za+oKp4ruNR9TB;@USe$7wk00 zGrS%fO;#<{>o>ozX<=jMQ0<&fwN^ZqiX8!=x22_(^E}b-Y}4_b53S>RVCwvc+oee< zMlP;bLpMHevgwm3yvUG$HbtG0EgG#cU7}<%YN%~)($r*UEB5lM2P@0$>hx7`2kS!0 zkQAF!d$J$Jfgypg3Y7L7W;I&?`?olvO}^g|h2w+j1*U#U?we|-N!QFa(UN8+W#_J0 z-mIBAeGmu@%Li^^$Z7g$sB^db3K^r{-NuhOs9EQ&TmYTcj**c6pqI9~eXew4S`~&I z=LKjdZKG3=k&F%6P|b_SyqV{blGJ(rwW)RvoA;@vh^nQP`l-#PGlrQmA3CHTc=ADD zC0EUEK+2zv>ZS#ME7CsCqsOkC7lT{Uxwamd7b9JajYCz#&QRj}$tG{j3m{+IIn^Hl zwb7O5u_PTDI=94GV#c)Mqbsz_OijgwVrYTM2ucTOit6rFo4S+ipduy*=n$M?vk~h| za^Yv4gBzO{s$06#^kFLUmb@`K&|~lPx_n8Cl_G!woysH^8Zer<^e(Ooaz=n~mG=_1 zkHN`{P)ZW;-cFGB5D-kmK3mReV#S$mNaL)6v;|LgA;wTcAsjJ!~piVDYxsrzUVXYJt zUNoWsY)ClOn9GB7UwC0GiKaR%z191gV3c9e9apl_CRa6j z$7o)YhL(;K$xsj?wVElhr;u3cxXzWn$!TIi$xafB^#i}+NJ7F?u1bjCEJ{MBt6>*w z2Q;V`wr`dM%L1i?F*=mk-Zp!Y9f(W9f>@}xP9mLn<8xb4xE~cQxf2y6xpEs)>}k9C zC<*Z^%(yy|5J{G5={|8?*4DIZ(;>OWV4_87;*mc*%xsnfA_Cn3ahlY2MQLgtQtMt^ z#6JioZ_-f&XGWwC>ZC}PJDdfDX-9gVZD+?{Xy7za>g_ZJq$H81zq!pWD86D7MV@Af zXXZkKa)+1gilH)kNNgpi8X6fxd=qvywJg((9YT`)N zXpJk)x3z_n;5w0yYTB-R@=|=59_BA=93w-+N#WYu{sg6VOl3UPU9CFy$=eUnbaiAI zP_@IgoUH+8dOSkflWT#=?K-X+ylKN8yyJCuewgbmA%Thew=Gz((5IHwOr=EAbBUX! z@TI+VWlEm=x`6Z3VR=qQ=+L-3A`vyW>7bU&@Z=huA=ZUjM@z_XHFsunQ^Qhuw}#~W zHH#2=WAR{tr18KfCi3zV{A`h9i;m#a+?1bh3FfRn+1MH_@kzz2#=82c&CB95xOtO2 z)fom{t9|1jxyt&1*cvgbYh9Gs>chr^tvtn|8V-bqjP&Lu9Uvm~`fQlb6J7*2jDk)`!E zdueKJjWoSU&uL3MP@F6zKHtXb(ZAImj4i&!c-_TWU-Xz-W-0dyjQ0zjDUL+x-Mr>w zw1(RWk9n9PYxR^ zd2B5qTF7g-R?l?@r-O%##=)7N^V1U5#?v(EIPthnD{HN6q~&@AFv<=C1!O6(_;}%QQBz%8qwp$Cza8J|B+pz2U!n zC^i3Y+?s0CZq1|nQ;k*c&kLxFjNyfP(SE8WkQ;Se-@bvRsS~YVp=_=8;LR*VusVWm z(X&okUe7-E?AA##(qsvouIZ(_QYP=()apLHww=?aTbkPVX{}#mW?yOe^?J8rVHQ&} zscWj|$PII?G+O(*fsYV+NwQ&XQq3RlP3@z5dz78}O?%h6gTQI8w%V*ElK1Md@)BNd zK;YU28gH{@?JFQ!IO+_RyKOGp?lW~ZL`MgmFIsb+N8O6N%cO%%u5EO^$t=T*^gdcP z4C$~|juk`cg1nQqQ3SiSxn)zqOj_xeXyWv}W|95Eg9T&UXv&TW%1G90GU_zgl(Uil zMuWXdz!yd|Hr(r;&Zjm1(!I@;WlKq4BWPQpV*()_hjpCWUNel1|LJf&wVS`X=TuwM zcJp_y9%aq$>)T2*nD+Mk9zl4g)ijtMypwkN&puE$tDbq?^=*4;GUThaL6!C2rn*=& z{O6~vxyElaxFMSNSZ<#pr9fYfA{Wj|7hh^Y7ed@~Y=_cq`Vt*8nEy^m;_3G;6A$Z( z+TWO`qf%O`>po6H>orK6!N8HO0cWO6-r>ncjV(@F&DuUga35LI=swhz+W5A;#4NJO z%VW+p**NtfvWjU*oYj15Uzf3{p-OB=C(A&UN?eEaR1tY6Bt6-OxhNZ};VC<$p2R)z zX)D*kOmnd(dDn8xBQDI&`9bWyoGZOH4)^m4jB_vI9HC$8 zW}~^L`fFLAjcP!=Z@G|E^wp<^tiE$NVZj1k6AVHjB^IUm>p-s>b7fZHNvF;8UTB{# zG!5VDsPUZguC}vRh<%+gSIcTgLUt z#zrTT8Z{I12KYfnb5l)q`3scWwk z1#9-0Iq^wnD$%VlXaHN7_atb|NhqXX%jqo}2C{ z=~#(H+NCwy&R6?%)fFgo@XJf1TUc$kYZ@+{`H%+lnteYc)~K@D8|5k4Xa*;t=e4+p zdqbJGGr5UK71B*g>BO&1Q3^R+@{CI}>sZBNl<{+Huw-NtQ${wP1f0czAt75#yOP2p z!L3<4^sTMG;E~rheyO2o?z5$C=^5w8SzJQfhYz@>Ti-2C(Piu7&)a#`K@ZoufDe)~ zdD}13QeB<2KNU&&lQarn#BxUN)GX*s#JW`{D;sJXw7=ZuD)nb@ z6){y#6Gz=Ncho)`QL**$Ra$b!o^|mj3Fp+X+v2+c;?fQe97Ym!sW{B}$7jRiu*37; zA5w$bEbPkXJ}gL-#GgXBInJ52UCewR)U5csDBW~bzay887MZN_hjeW@gI>|@Tt%ilgdZo8ls`G_q`X!gdUHWbjarRR=T=8Feb1JmCe-CYrgb7vE**RH z*G%EoD13xaZ&0*JgG(<-7_q#4kQZWeMLNV~!zbx_w$>8*j0F4h{#rV>a^)}Dq-iO- zs)nB)j4omMu66Sm8O#)^v3^loqFqJyN`^l{q+U$jQQ@gqjycbv7ejO&LP2ut*t&D` z0X&SNwy$Kh;@>2p%1j%b-5PvsHJ@B+H-!BSyU9DJTYvHw=*ixxw7g3t*VFt(t4lz` zT?Q<4ov7!JcSrO6sEejcB|6!i>h(qmH)35tz84SGTXa3#>dX?nToMA+mDmTP-)P?s zmlP!X)feKNFt)2{P0JhfVOev}pW0k&yJt~daOgx~_?kr68uN!8<~BPifs7;h9-7&I zC_Fa7skws*F03i`ALF-K{=@r&W$Qn@JJH`av6S`A%|w=T>T=R7Xmr#~m!zf~t1 zHsSNk|7E@W7b*O&b@K&}OxI63sz!fY)`|O%U$CIo?Yp@RGPlxX)(PHrubYINam%}F z{qMi`El`_}w0|Tu!#S6@pJjGX&AF{Fm}O2Mu4!_9tTNo!k9`}vDUeM)7XeY_6rrU5 zB%vE^6ec(2Ew_?8D6UPs*gU*O;%>4TeIwuQ&vu6bm?W$uS$D4$t^1)ow-Yz1o!9u) zDlXAaN{} zDvqC8JyRvIzb#Wu?+WSXY5(>tzg%|@rqF5S*7-8LHulx@o&U)m%XGDwC0WrV(V?ml&9x*s!a z{mBvp+QW*c#_1Zq`cP0dJ5ifMPR~tLo=yJGKUlGLJL@5>>0tXnj}M5ZN)X|E zIz;J@#@M|ZZJlfMNX4;_(DfKbZ}UbMXFmw3(d&8)z#b4E0}HX2rS>&~Uz`npBp1da?9c2Y4fuq{5#-R-Vw znMvILC&WJG8=k@wZM9sjS6>=soU{$0^y6kV`!PR9Ct=b7n&9|ovrdx5lxP}^;B z6W}IdY&3{^$X&MQtSyp}BA(Aer>J$aQB>O|;nUJuzg)W`nie(POX{+Dt$ml~70CPG*8pp5yP2B`^K!h39sCQvBp7>wY)|Ri}@XV=l0>Q+1P9YKD-I z<{c7N$kxBj5a4#~RvsRIjFOjgB*tbhnj(X<|389+ZHwBK$s1t2j_fC_RPcX0?9m)B z@z>Ea{;#B`8D4MqHK)>&#V~(wSOuty?R^o)F05YojbAfS5f|IH1Myt~e5Gb_2VDbq ztJgbl>#*}u{kRz+k||4{0kX8i@qF!gH0Xcxq;p~V&`_P5Idn^6Ii%>IDS^1wkLSN}~GxX5HgnMRSK7txkLw)^H%hT+0J+Do+Hxk#@F z=$K|odv!b5p-Y4plKlHOzSwan^W1c|)2PW^-+5?T$(-aI*z){YLbLHTX-~jT7CMES zHuZ9io}uj#_azjo%~YUmeur-h=&Miee>)I2LD(d++iZPpR!+TG#>TYXL}UdT-qj12 zmhY?!YSfvuNdIl#64gXHVHh<;wfe_ZldiG~X^^YILTVztEHRRrl%zQTenh0}Tot6U|Zan)MheOWP3U+a&*k<-?Qo9SMcg#>8uk z_Ek>EFcs3IdkEQ8O@eQe?%!4UY*8u;)S~r@Pj#=*m8+_8a#77X(W}rgifKh0INhF2 zpHRhgy!iiTfn6n1B@0xXm8zuiJr_4~xK)ilUaWYo$iM&pv&i(Cx__&~4OAg9shWlADf+~zxi`L-`zPz)SpA7Aj?{g~p8AcR zF-1?$`}Qs3PQ&apJ~Z)Vp4TJ1TB;xgQ=x2qS|Y zj)V%SL>&)L_nwP&d!v$cL!;K@5EaIdsnQi~k9=Ar@_<^!# zXnJ~+`6D2h0={g|ag|CHQC`Z|7DWTeLz8mG-O*5OIf5_jEmlCosGa&ryH! zMIJTt^wn$QmWya0QwQ@VEf5W)=AFo<4Xg9Q=BC5?(yPdO)VqNvDgWtQ(6*E1gAib- z^9*`JG{nu5A z4b3mxtl-}_^vS4i=#jL2n{rNF&{LDEXi%s*UqhRRYx)Cd?T1=j zreEY=G@Lt^>uRa4rs^M0MW)iLquy1~j#1QWrzkq~6p8oKyaXJhUu4%Q8j+_-vhAqY zN#8{~tka)RTgbYx>KCVIBHAaKuT)P{-9&w>qS4X*3M&}m(s9x?q#X@krYUce<+D&E zn#<`-{US9fjq+XGtdV!3Wa%Ossg24_T;rQ>@-B_XcJ(*z(L~fAmCDID`dT8p;}#pb zLS=M{B7L1chUAR4>MpGrfo^13_-JyC%k`f*$}!`Gyz5hRx}uLU3a$NjB@Zj4LVjK> z`mA3FXmlY{sC`CJoZCUm^#tZUH*2N)lFb^MpQtp*Lr@Ch@{Ie^CPH{>GVhF08N5cG zsa77Cb5<%fb)k@@zJ~COo%_%Fc?9oo$eX8tkLfu*++!=Z0<{-@mPRWsS zvn6HK7Z`L83dhRmFy+FJfvsHFXkCZUswf#F1#x;#*)fG@CuB#`GNC?n5;IRuF-Aj+ z%5BoEyTT&>&8e;K{#DU7x}&EM`D=FB_>O2~@~lagyNz;_nW!7|lOdX^07D&}xz1=l+IKUiAqRA?rQ!QdB-WPG^(gQN((JUoXK zKR2|0B1NMN&!#Q)zqhw}Hp+A#J<(8Vz-euaX|yNi{ph55$_JVny(_F!gKnx%&?~0X zS3-|>awx2%(U9ECxydWzRV2V z7j22=%-CglN-wC7=IL2BgRA_kqE~9{(O1+;{TIpQ=eooGv&C^*BDma-vE?)6L?WtX zW>3=7oHYPRTkY!=Ny3Q#JZ+e9ukA@|Eo#!Vk^`8toAigU{3Vf-6Zw9juY^TQR6W)1 zM?yPID!b7V>TrcQ`NDh?>S^O8l+(#HYm6q2tHGHXiQF|=Y0NP5Xlvv^9P6-uPx?Dq)RV-bH)O3R zX@6UNDf%~4q$TKyw4EE7b!vC&HLPYRua$5l`rDTkdW3!xvlr_pUk5vE9K-dDDL!o< zZ@*CP{CadFa^svNEo}LiLd)??jCQmDsW3y*lhgW{jwvfdyZG{@XEVNh4#v5V{2q(U zpf2=ct7?GQM|`Q6N$c4om$ zMl~ZV(O0o)&gdW}%gZF=TfPWMvbc7gcc8Eyhlt zxAvKBYa7>VqYN?W%|UC32Ju8!&*U(gnO0hnI+;|$Q(m-aq zr$MTeR=pVo*vLWH(Z$@7KuYAGMfsU6c14JG33)~skP9lTyHZNGXHy3u)FwgggwRGJ zrPk%ui8_WmB9#)k_~aHBIc4$;n?_6`&WK42gw7I$)mS{1&PfW&!w?qQ$#7v=uc{yE zlr^RsC$xfqbjyB*Idw>vjD55)aq2yBlVxyJK^|R55PVU`_0`H$x~g3Pf@a>mDL0-+ z8KEnb24e~rRZWVn=_oQj;lXJcK__5lLz>bRYSgI6Pp;^%jC*7{vQa&Jd}^G&2%+p?Qz%jZdk$k1{SR9#Y8`mD8{6M(xR%Uf~Qt;J+7csb|(v{z`9l5Igf-U6_j_L zienrO9yq*I(L3%aD3mYH&6ViEidPYZ`1^(U``M#&yDP%{g7RFQ_wQK49pl^`xd!EN zy*zTu!Z@sV zKg&wgtDvy7bfCO%DF|tAX_-l`$x#R+8@ZEU=ky^}y@#m`(8aEle?$5O7)@q45)JV*o7*6hP(^=RQ4WHKBu6vk395K>YrkX zS40D88~-TPX&Bki~VEzlodq7M?}5)6;zf)s=xK6 z!zVe{P!PWr#l4i|e7V$Xd+SFz;UV}G^-dr%IzFj zQl%cFmPQ1S8B46h@_&sk$ritbeG2>a*{U<6%R5xr{-?M|Nf%lrUqjn4WT}k!0_mlj zHC~i$^;-=o^=V(*6xXtSgAT7MPCM4EoLQ%^l1{FZlotysgTvZSmK zsauK6vIzaoZES#HJ^jNr-op(NMR(+f)a`8fS_w*^*2;now7rG(>kn*i=Jx<1qPpD&oR=lnD>JsW+XsYjYDZBTagZRF5d{+^Mp# ze{pX;O!up2_A4$5ZWBxQWV%Mu4auV9rDh%Vj8bHk1fY{x9qaobz}A-{!ZV#S$%*@0 zXcEl2!l`bQ&QupG36c6rARnuN)j3?kqCia|K~R3I>SUlMhQg8(FBd!8t?Q~v)Hy2) zO9}__qq?y&7n)~b;h^Ha%0B-oq8_h;Sc!zKi_6K6CY6rsT}RW!dd1cwN)P~rg?*zU zYP7Vnvabo_;qo;xet`+@3(S3~xi7UUJhe}8A!$_<_X&CFSW{w;Src0R)WXm)^t?5` zlgr_<-myk7`@>pi_e|T zg$RDRuhMj>7xpRXFOd>LDdWq^=j~x$?R=B<@ zil3rhNk5CqyY?PvlKonGhLZA?kdv0kJmET|3sN0O^NZANa*XfmD~EY)#$P&xX03`> zDzTKy=c`kCJT2-4veO2S==FO^##BiktWOCf8K5Dm>^p_5h%i!N}<5tD}ONQ&W z#9fN{SAF^w;K4}DWpGhNQf<(Vc2^aZ=Y~rt5<0vTHC4Y-B~^c;RV1#gN_SVi4KG#2 z46h_Xh0?hdlVnDtij-Qs(ad$Fr6n$*;guy-1?64Sl*+(jgv=yj>n|0_{Hxp zcxg##NwMSrF-(zC9JSQLQa(sW{<-0OqF$x?Z;%qWmf=pILI(6pUG$|#e|w zsBfuf=XNSp3Kwc^GR*2@Kg4csCrv_yeY9+`AWc0blFR-2swjxb;g$WO-dHD}?0LKlbZXCX>qJ2_VOlQ!y8vsARK%5=O+h|{BN<}dF& z%CdAFwVm6MsgPtDMPzvbx}WOK&8g&l^^{_D>5sHZQ`#C2b2a-g2`OVdb&Y)0Q##f- zr)9(%t9L+>1^taaZ1X3G&U|g(^m3^f!0P>F$m9SIXvI^NwbjQD& zhwI8aC|8mPuE+xodmRpPdfjk}WO;PqrV{GTj_VM6u20yw_1e5Ol}kc8HYK&R=&W-1 zyQddRlTbYgaqIM0U#^~fX4KX7*P1zY@YK9?dtDIMNxr($N&R5!BWFA3#xPve!EOjUJxFQ8?e(fg+)ubq<%3bs+O+M{77E?g4Gt2 zrbAd}^GrI}0kmZ3xK|qC?V8n<`%LZxrT{Y`N~a!yp+Pa$55eT(x?(2RrZ&A$Qn!s( zGe^0UISp3R2xxKX46;jWgnG>8eNva(N9SXrrOM7=7@blJ})H-fc7 zD#WX}SQ(b_qnG|!ljS}r=_@TxDPj^)otDUCB_&(NjPl$E`dcy}>W#C6es*DkHM&q}a0T9_6uQ_^`qf3AOnO>U>-? z&RLaPSp7FxQC_Z5HOcG30_Ija4+b$ApUi7; zSuad#muUcvC>Y^{Tj79yl4xgDx?3f<)tDAvx7kFy$|l-XjDwey{|c3aPKY_qsr#Bo zG)5Co^|S$g31X4@Gr{>Au>Dev=ly$j29t$){*RU*(WjWUG~l*UQMY)-mv?Wapm3QvT;9ajU#tGKrPL&;BvmGN6Jn?1uaeW{xighv^D_f^?o3%> z%5%4;{pCY%$la90L~yQi-Tch*uCp|BBmlI6)wt_Am!To$o?oq0au;eG%G{~Hg@jbf z(MP`}EV}fg5mZE9(jP1UlpD8`Rk+-O^a0oF%&r&QQbQ`#lPU@}L-6L1v--gxXDw0b z>Jm+SEb$CRpsun zU%SU#TC-Y-yGrzn*~Tx(DVzMf>{34_5h}w8aJ7pWCgh=|fRiQfqu;-&2v~{NdN)!N zzj9an*o3d@)UHu3bx&Vax9UbIQ_mmi9;@Gv{K zUM|xWxp!pRK;?&fsgf#t^smcMTCY?hRhR@@*%nVR52`fpXzoT z)=RLhU+WrqM6^X>q_AXcTf`YE)HdZ^Wkazi={`+6x7gIHeuxQ5>(;`O(nyQtTgp2% zFWgaCQrMpgAT9+@vQ}7$p^w|wk_X+7;`)FDFYe01ZN?Vx3@2%Vzv@_>P6@fpNU@YX zQ@PIXkzJ85q8vz#^4z=fNNogY3U@<>)EUd2HMY9Wv8Y-vtDtghf^oeYaLGvXJ)(>O zoNiQVxhOofNKY-dY^8S!$w=3QG?}bi-lfNs*}%32c|d_$JatWQdyU?PrR~Ow!g4)s zr21&sc4Ym6P?0xxRj3NPhfA<@jkUzp-IQJbq=9H1aWY!$#BNCfJ;|k5Xd5d9U-EXt zR4moN!}%G>3zT}BcO9or369FY(XGbZzH9l$>G}molEE@f&w0sfR`1%@ifBoB_jt_f zTI8kjQGxET>1?ZdH@ZPy-R~GA)uDW%G=>eCj%U?TBrN67-noYHhJIrUHD94^u}wo9 zZDS(H_Cha2s&?2|-ph^UiE1^*GQTvw?FqWUj2FYK^8|(yW}r;xv6;>#nxxA+J2G7} z^jDK7Q&s1{Oy|k=l&RQCI~(i~Q%kYwCozejX!Mstj1ZltWjb4&q`$F0Mv3({K+WLP z*{xD3GDd2HhnxRoZTdwm>YUk+S4VGgJ=G)IgT`i^)|NroOYMytah? zhN9IM1*)T5I+SJDRnAwVBQvRXVdp#SK@P>AWM;d5cTOVqVJJ-FZ)W=W(t8H=0yl z%VS95((t@XQN-@^Qi4IndVIY_zQuTl-J;Yl#d_a}-l}qIJac8 zs!>s|i=(Otaa2-jDXl_`Y6YR*p|-F#ZLvqTNU%t;tFXOib1-rwSCqf5WBu@80yj}n zlA*Wdg_@r1wkOmpRO6LSDXEmxc0;Z$#Hl5wNHFWj2V}##9&h$&lPgS%ohMfoY6(zL zuw$`uelmL(HcpfLsHhtD$+c66+&+p%IRiNfWZ37$CU-9GkmBOXLiV7Xxj=P8_BF1w zyM}}$j};nvH)`(=xzuL0K{(qth!5wZ5$L>ZZ^nBfKwYh9ErYt&Js%YX)Q*ocm|cSI zF@|p9zQNw6ohqdgb7ER&R|*EQ6&lJFoHLVsPV73lk`m0hjmGwPmc<}gdK=YqicyJ6Q^g7>1uRoceZ6ZSqXQ~MpsK* z1b4e^@~Zf9f1ee|1>or-J7MlJ-A@)cEnhg^;`R;VerJ8gmv}HsSU=F@xZ0jsik9Ww zy4~6M++cKWH`)d;Q_EOp{e<;Ma9Vda-ys&|GHvrI!7E*XJ8r~o+1;;5cEZ96-|y0q zbv8j&=(5 z69fb4(yW^JMXyBHU^&OsVvdyBE+vYax-M`NlOAQ__X2lf1*>7Z%?FyXSVgWMqN{6M z9i@VhF?n(IBx!ji6)GqRZ;*15>3p_8Yt!{gzr6E9%Y9DALR26Xu$>z|(`0GQ^sF+g zvtxFL+ilz+A3T&0Dx^8ICn&3F3E5!5uB@9sq0h26w_bIuH0963ErLtalHO2Y$|xzR z@;=?VxPLi9R^mLTRgyOCWW7MPN>Z94Si)&J)giUTNi@WeHlEZYOEX>93@+|hSW;Q3 z?U+h!i0B_y2Suem#oREhTT3dnpSGX&&`O4dE$;oam7_U==p9e1&r7bzQOJRmc9cyc+FX`urtP3q0J4TU zw^$>K`>My($%|FnMp4zb=pkX34fCV*e%;T;TdqnfA$yM+rxuT`H+HRTGcQ-gQuI9; z8B5S)(CzeCM!S9x14b}4m}VjvIS zbdvsF>yh`mr0$oTQ7z^=^=k(%;X@?2R!2*(8VvQta16|lEna>u284_NI?52cCFJYmd=}&&YLbB7VXMt7r&%)olA#H zTlA-HmO|>23n|%okFHNGrB&Dil#>0D(hZi9T{=t9Em|P0GgZi&2sMAoj%MdNbN4e% zuf+#@87aCjrYWX843b#c2ALq@E=5=OKslF5M7sSY6wW2_l!C1RaqL>$S7X2uQDaF{ zQ=f3Z&-&l|VL`J!qx;Cdtp%b|%*^U%y347-{(_NgY2dI#WjOY(jPGprBug)E4Do>N zG@WcRTk-5OFi9wrdp^uX&!d`jJgZn_7iDCKGe)NDXH*Xr`Ywgh@B60un1aypL78b= z>sjtNs}V=EQ^kBOALRq39A7mAcB~*$P({yi-#@{C(7Q4G-(|f>$ox9c3qg_ zh}Bi8gOzEi+*=P)rpXGLQ2Zz^+?uV-T2A&SCLu-h=j65Em1=M6HaXp7%_?|gv20uB zpBFcE!GT^|Jr-IoH|v+I-zh^?p_UMZ4CBXXKAFFGdqKI*vuqVg`%mRZt9l(dVO`rb z%5u!Y!&}5y3YD zq3X`O&En%UTp}QEEv6fT?jDPyV>Oz^J5R`T9&0C!KHz963d(_|0(Q^AREbX6S4wRJ zFu$3pg_U}Ip{0cq?1=kAX!W@?m0u(dv#~0rRDHw*g!eC$`pIhFt(@E%sH|VN6_GSz zTQ61S*=}V$2u9mWWIx&}FVHRLLO4g^MimdBCY@!(*7LUPk|bollnzk9X-;nvvQFmK zaq0{bgsfd%EPlDkY8Xd(&=i!8U*dvd_$X9* zt~c8~k)J`{IIG^b-3r@3QQN^}GHbUubp=VK|Km(1rS z@5B7Gs))&VRgs%Aog~Yw;+KKYb+;UD+Qe&CahdXXHM@l!_o{Z-_nxRLYXi-t`YYcz znO61ts{h^Kf1l-7H^jN7nk)$%78{4%?kdilnXY?Pd^NJ}Cft(2Vd=&-tfUo@0>323 z{NfBbWl;W4dA0nQ>|&kmh2s5kBKN7B_%MM}mZ#{I3Z`hJ3f=9+Lb!O}W+&i%R{h)Q@^mn6+%q2@{sPP`R{va5o@7xzX%~ zcCTK_a*4QeeI$+#zfAt-u+sYHTADjpX&>t$dv1Z6)~_h=fKXuPP&o%oEH0&-2%a9x zX$kq~>t_?CMNY@1v%AO}^caEDsJ@b`E8E@Ko)ODa#Dfp0k`z z@C&n!*o(8yMPAnN*x9oF*G*(ygJR=c+hRmY%_`?mt}734xu%bAGS{T_g&9UD#2Mxy zFT;40Ja$UOzaAgG;jogM4p?wT=IMU>bX*;68%0GOQM5XWqCSO!t`D!CG%hOA3!nN^ zy#A9T@Bh)W?|*m9svivc(PsnSdh@dr-#!1U|LC>6v1`U<7mc`i-#0FQ_UY&E+i>}l zdsK`pyr6&U#E&~JIphA9SCpOqVDXCCJH0u+^rE+Wzx(Q&Bk#TTPj7xuckGM-7vJ~8 z%XU0&;iwp3z?Vbl~`C=lq~uqCM=*^a>(7Dz z>*u7(l4p%onq#9mJw2>mpC{x)VteV)yb{mnNfzo4IUlFrJ@jWcWsffnj8mMw6^pOl z*6D*Us{4Xm2Oo_auT=PTe-ZA1{AO zwNQ5wR;%ajt!GeYlw^^7CMaDRa!xwRzh}ID$=O~CWsFQvN~Ax|@=R}`CaII%^k;(pP`j=^@vCx8 zw8$PsrH#`cqPV87iHZs&GK!EJMG_cMQ3=q$GN1qj7yV2B73ugyRHOqDTC#y+APcQt z_XPdH05A}gf z0~5gRU=Oe-*bD3p_5u5XiC{mVuT?}v2Y>^?Brq9F0aL*=psz|sMF)dJz#MQms0MSv zJa7a!66pJ;QPEML4%CB1U@=$%8o-G_A0vv2^nKu{NT1M)ikd(((3fwbqLY9=JrWhQ zgXKUUUW$tJb<(IvUoDA>z6?$QrviOWIx0FHoB=vOC&+;=unL?Bz5>1qz6Q<$XM?YU zbHKUaJa9g^09*(z0v7|OqM}Q{H^4W+rQkAfIk*B`39bU)0^bH#gKNNdz#8y<@B{Ee za3lB;SO;zew}CssUEpqT5BMqg8MqhR2YwEI0qzG6fCs@Z!9(C-@CbMmJPv*Zehr=g z>%o)YDeznHJMav67CZ-@2OGc(;6?Bfcp1C`UIVX#H^7_VE$}vY2fPpd3H}9o6$t%6 ze^3DigCSruumz|BJA+-oC@>m~0lR{+U>q0^b^{Z@?qCnFC)f+@4fX;1f{9>1us=8e z90(?X$zTeY3JwAXgG0b{@Fj34m;q*jSztDp0}ca+gK97r%mYV&Bf)%d6gV0j1C9m9 zf#bmfZ~~|S3qdWY1NC4LSPYhc25=%+3L3#O&;*)63pfe1f-GnQ?O-`r0Zs-h!I!}) z;8buLI31h;IzT7LfiAELoC&@Hz6!nu&H`tHuY+^Ix!^o-KDYo}2rdE_gVo>?@D1=y za4EP9Tn?@PSAwg+x4^f-)!-WN9q?VS23!li2fh!k1J{EefFFVzz>VNX;K$%5uom15 zegf8kTfnX0HgG$*1KbJj0(XOZz)!)?z`fu;@N@7Ba6fneJP3XX9s&=8N5G@tG4NaP zJMav67CZ-D0xyGCz#qUH;7#xrcpJO}-UaW0KY~Aj_rV9?&)_fMui!)QH}H4x5%?H< z0{#I$1)CKLL%}exIoJYh2`a&GFam4^s=!FFHP{Ah3$_E>gB`$*U?;FM*aeINqrn)k zD;NvLf!)9aushfT>)`FYCPry2G3%C{B25tv;fIGom;BIga_$l}qxEI_9ehz*C?gtNm2f;7F zL*QZX2zV4c1|A2$0>1`Nfc4->@EheeePJGx!VmEBFxn4g4K^1U?3zfPa8b!Drx~ z;9nr>B@}={&Qn1>?YYup4*<`~kcQ zUIVX#H^5uqZSW3w7rY1l2>t}#2OoexgTH{kf)Bypz~8|~;A8L!_y_nDd1q`!46;gsseKA870d@sr!8kA;>;@))-N7DU zPp}u*8|(x21rxyxFcZuIv%ws27&shMgSlWHI076A=7Xca(clS2aCXBumm)K6Two@2--k9SPo7HXMhgS338wdtO93(uYj+DuYt3`+2HHo9B?i; z51bD!02hLbz{OxSxCDF?Tna7&mxC+7mEbCHHTWL*KDZ9t1lEF^!B4OelfOo-r;E&)> z;C=7`_&fLrd<;GT{{WwY&%i&yzd+PmC;+^3QPc}y{wV4V`ha4fZvaXrf_|Vs7yt$W zKJ`^J2$X>gC4d6tu6f}Zmpb0dC7H|@11zFGr+QD+L0-Ow1f-i$p zz^ULga5^{xbbwBf16^PhI1_vYd=-2RoCVGXUkB%abHRDwd~gA{5L^T<2CKm(;2YqZ z;8JiIxEx#ot^`+sZ-H-vtHCwkJK(!u4Y(G34}2e72d)P{06zpbfE&S&z>mRAU@f>A z`~<86w}4y0ZQyor2e=d51?~p-fS-b&f#<;n@B(-dyaZkb`sS2|Bq#%uz+^B5Oa;@x zLEvC;2$&AO1P%o=z)Ua;%m#D7Vc>934d#M*;0SOem=BHuM}uR)vEVpxJXiou05xDC zs0DSP9xMWj!4l8_P6SIqBUlESKr?6oCxKRw1#O@mEC(yV$zUZo6`Tf62Ooit!6)D! z;8XA!_$P>pg#u6rdI4<3MZG~EPz*{yU(gTq2Lr%BFbI@^3@8T`U@#a0HUmS!Ft7|X zfo9MGP6DkU3)(xWpD~O6`Tf62WNmLZ8{WP4Xy#- z0pA5{z_s9efPIOgC7=PE2$q6IunaVTX3zpo0<9nm+CV#44lV~*fGfdO;4$zx_!amy zcmk{kPlDfor@+(Tx8Qf+8SpH44*VWG4>o`oz>DA|@G^J>`~kcQUIVX#H^7_VE$}vY z2fPd31Ahd60`G$lz@Nciz+b_K;Gf`MAkvmj(e_{mup`(B>^_ zI0zgJ4gu4_m%yQ52ABzEf!SaVI1C&Ps=<746gV0j1C9m9f#bmfZ~~|StHFcdm*64r zFn9z!3LXQGgI|GPgD1dx@ErI(cphv3FMt=pOW-VRbrqcrz7Ea-=YsRV`QQR@A-D)! z3|50nz&F4*!KL6ba5=aFTnVlM-vZwTSA%Q7cffan&b6uEgYSXw10A{2#0-7_eh73F zNE0*o5%@8<39JP-gP(wP;1+NzxDDJ6?f`d!yTIMx9`I9eFSrl<9Q*>@4;}yyf?tA% zz{B7X@F;i;JPv*Zehr=g>%o)YH{dDoH25v}9e4&j3!VeN2hW2I;05p^cnQ1=UIB$e zg&VgCSruFcb^}n}aRDmY@<02P42% zpbCrxTZ3)DwqQH3J=g*42zCNHgI&NVFdB>jyMnP`92gIF0~5gRU=Oe-*bD3p_5u5X ziC{mlKR5s!2quBaU<#NDrh$XN!Qc=u9efEK3TA+rU>2AS=77V%;h-AK1@piW;7BkZ z90iUB$ADwOao~8c0Gt47z(P<9>OehM1QvrOpaGl+mV!pG3^aje&;m{Ztso29Ks#6t zR)CYiO7LZH3OE&<22KZOfDX_Ja-a*W0%wA+fUknr!HL6!hc*`;29JP8!DHZY@GJ0Z z@B~;7o&>)EPl2bwZ^7@tGvHb99QZwW9&7+FfEU3_;AQX%_yc$qyarweZ-6(!Ti|W* z4tN*52mT2D1l|W9fIox3fWLwd!Qa5&!AD@!7Q$#S2J8yPf^lFx*bPhoyMsNzo?tJq zH`oX43nqg7!2aL>a3GijCW9$pDwqZi0tbUbz;y5>a45I{TnH`#7lTW{H^4W+rQkAf zIk*B`3BCos4Xy^)fbW3sf;He;@ICN-a2>cF`~dtA+yHI_KLS4nH-WX_X7CfR4%`B6 z1-F6Q!5!dEa2L26+yj0Jeg^IZ_ko{-Ux53;1K>gMOK{Yd!qMOua4a|u91j+N6F?1E z2x>tcs0WL{Vz2}>fF{rkTEI!*6mS|i9dv+BkOQm0ncysNHuyR?2b>Ge1LuPaz=hx< za4}d7E&<;F-vpO}%fRK}3UDR33VaKcR0(}SKhPfx00TiO7zD~d29$#eFc=I0n}MNV z7}y+a0k#B{U^o~7s=!FFHP{Ah3$_E>gB`$*U?;FM*aeINqrn)kD;NvLf$?BBFahii z_5gc=y};gJAFwZ&2=)W}g9E^UU=o-Nrhutn8aN0X43>c=&Q z0p9@M1eb!#z~$fya3#13d<%RVTn(-P-vQqRYrwVOd*J)vI&eMs0r(-f0o(|F1bz%| z0&Bs|;3r@mxCPt_ZUeW2JHVabE^s%v2mBQL4BQLu13w490QZ9jz=PnI;34oZcmzBO z9s`eqUx8nPC%}5}B=`+@3Oo&d3w{Tl0ndWx!0*BHU;}soya-+bFN0UWAHb{NHSjuk z1H1{|0&jzNz`Ni*@JH|`@ILqe{2BZO{1to%{s#UIJ^~+uPryIGr{FX2Pw+1gjT8z% zA?O8)KyT0o6oV4b7xV-D!2mE2l!8H^3}iq#r~re(5U?2-3WkBr!4_akPzi>E5nwA& z1xA9c!8Tx9upQVQ>;QHIJAs|SE?^WG4aR_7!B{X3j0d}c31D}y2iOzr1@;E}fPKM4 zupihT8~_dklfYy!1xy9gz(L?(a0r+Vz61^hGr&wR3(N*{z+vEUPz~mSdEf|eB$yA5 z0!M>mz_H*sa6DK5P5?DvA*cm)pdKs&i@_4m08Ru;K_gfOnm{vX0Vjc0kOgg^9V`bc zz{y}G_%b*JoC;0@r-L&<2j~Pj&;?e3Gr?EDSHai7S>SB&b#M+i7n}#q2N!?~!A0O= zuo_$fz5%`oE(Mo?%fS`kN^lkU7Wg)}8e9Xu1HKE^fNR0`!1uv*;Ck=_@I!C|xDosa z{21H>)`FYCPry2G3%C{B25tv;fIGom;BIga_$l}qxEI_9ehz*C?gtNm2f;7FL*QZX z2zV6ixQ(zA*ct2sMuE{_4A>Qn1>?YYuou`H>;ujL=YsRV`QQR@A-D)!3|50nz&F4* z!KL6ba5=aFTnVlM-vZwTSA%Q7cffbS8gMQ69{4`E4qOj@04lc=Mu4qA6&ML-f!SaV zI1C&Ps=-_^9~=da2FHM7!ExYtumGF@YQREJ3+g~U=m4D{2fDy2a3=T)_$v4sI18K& zz7Ea-=YsRV`QQR@A-D)!3|50nz&F6n;3r@mxCPt_ZUe7^*TC!G4e%y-3%m{90q=tM zz#qY%!293>@MrKL_#5~;_y~LqJ^`C;FAM{RfG>knz^UK{a3lB;_%XN%tOYlN+raJM z4sa*93)~Iv0r!EQgI|FA!2{q$@Dg|#yaN6JUInj#*TEa$P4E_Y8@vPl0{#j<1b+j6 z2Ooit!6)D!;8XA!_$T-mh;|SPKq2S_I2c~k8}tFipak><{Xl;(06a8aco;ka9tDqq z$HA|_ufY>wJ$MrQ20R6x2EPTr1J8hG!E@mE;CZkCyZ~MVZ|*L<1>OelfOo-r;E&)> z;C=7`_%rwm_$&Aj{0;mad;~rQpMZaWPr+y4pWt6W?+>WLKq2S_I51z-8}tFipak>< z{Xl;(01O1BU=Sz+8Bh)?z+f;0YzBscVPJEx1=tc)g5h8U*a}pEkzi}E4cHcJ2et=0 zfE~e3U}vxk7zIXyF<@6P7K{Vq!ERsz*d6Qv_5^!@y}>?UUoa8u2lfXCfCIrKFd0k% zQ^7QF5I7hd0;Yp6fkVLzFcZuIvw_}1l3)afgK97r%mYV&Bf)%d6gV0j1C9m9f#X3v zSOgY>C7=PE2$q6Ia1&SyZU#RA>%cAGR&X1*9ozx#1b2bE!9C!o;Ah}oa3AMYuGXb9fW&vgc<^Vne%mvH?%m;i9s01tkECeh9ECwtA zECnnBEC;Lrd;wSqSOr)OSOfSHuokcmupY1huo18cuogU<0rP*a7ST4gg1h6TlhZ0&oSm0o(yz0B=BT zfEZ8*P!~`S5CEtTXaHyk2m~|&GzK&Q1Ob8p5J8J z;>!td=1zS_y%wQa2X)t!pbZy0agHOfDOPFUz&&<~&m=m2_v0ni^%0w@D;t^_<62|*B80B8tmRsd^&4Zs#)2e1b?02~2M0B3*;z!l&Ia0hq*JOMQTUI1@^51=N% z7w{gS7QheS52y_g1L^?k0_p(*0QCV401W|wfJT7EfF^(-Krlc8XbO-5=!52+^!YA9 zD1g3_-$|eE5<~##iU6oL0eu3#)3Q0B1t1y_1850|1+)Uh0a^pv0OA1&fVO~kfcAhy zKnFlaKoX!6AQ_MXNCk8Tqyf?a8GuYc7eH4)H^BRV?tmVEECA0%p;n_%m-NJQ%~7=k z7640t6~G!`1F!|y0qg+|07rlmz!~5Ia0R#l+yNc{Pe2WT7r-0f1E>k`1-u8S1@Hs- z18M`rfI5J>fO>!cKz%?1Ktn(vpb?-kKnkE@m8BJMdit-JYtA*L|8!g~SHLN`LJpTd zNa$BZK3YygE)ADQF(u^IkbhIIKlwGKFWm9Xe-u3_xP0;<;Cd8Bb*V5+nmaCW8OeEchukWp9uJsIP;SXYN%ml< z4xQoAo{~hf*i599xI7C0GUWvnNG`fc2vK1;tGpCW5{Y{`h?b9bq`YzCHkr9D?`?MU zCO5kf5+S{vjgQOG#`}>>be-@jkk_dvf-7`9J(xwsR~`PO8gq{lm^iP zGc%Q}I8^QK6=g0^tZKI@gSi=uu5br3MJl@q^J+|+>3TSK<8!skj!eoZ@zz8D&QW5qYAz<1n6B}IpU5o`A%P->wuEFb5YItE+#qrxZjfM~q!!&RPKF%a%kJZe zY+f-#)v#M~-%;?!6;i*}B6}+4p4pv@W|LDSvKP}$c|u=rCFYEV-pWQhanvt_yORFm zA8uoXsZ=_;Pv+ms2b1kPL7CC13}$zMmMs@ida`{2V+Ul02G%F&rYo{Xqo8LNq!*0O z3qu33PQhepcmNAi2t^?;xTz~+w*HP$$3|Bq6FNJSkSH(8mJL1R3n!Hi1Cgr;{|O`u z$n7AuBuaP^iEPCdh$#|L62t{z#*kcSuA1tN>|xW5@=>tGS?&&98|7?&8%711qTXy0Z-8bWSt93<(Gl|)J@xY$+2 zCd)U}F3Iu%NsG(>owB#d%~E_vH{J;;&Ql;W)QW3KVV{8*!?o!o(47<{G9`auOzy~`3dlv) z7U+vOx~dj-e~4Yvg}Nd#N@KQYVyfn{6|6ewMpztot;TV zn4UYknkZ2zsK-VmP(wT-#Il6L&)JJa$+ERSUYtD(90F~d$*wt28 zu_`qFl-Gfr$esoy7ti`YYIKX4Cy9x8u1S*(dy*I3X%0ieAV!aZxnPn%=>_$2744Ct zye8#O{7xmU!w+f)Ei77iW;Q;VugI(k%xR8Z$$Ac^b(NH+S~NH*5EX8$gGy>6 zsC2cZjNuS|russ*tfpXhgiYB^zb=fmN^?zm2~>>HO~j|NQk5-cqAOcY5@9t>BA~&B z?(C#aOiTsqMqSd1>Z2U#og0~NWxW{PrYUq~o>G{4BZt|CqEWX>{4!5c9qN#)xhU96 zFairZqtz4EBvRyl-J24iu5g>RL8uRf8&#Q!It5ef^Tg0>&XG8Wr>~TUImp)uBGiTQ zGLxW`He^1BxI8A*@p4q5aHF)Iw7`KX-sH3q3kHP+8J;nACCqfNV33>aXs}|jADAmf z-%UM8)q~JYF?$;%D8V0diX~30t7ic;qd+H3?RPo4%d(qzqFE`E<&vthuV6yM-Jm8} z3eQw^OzUSuX=vc1>4VvlFJ(&heM~f1Wtc}Nb1e$xdn5>aEgLY(>xf91nOT-PG?}6v zXgpI%GF(gDtSt@nwq%US%J^i<_$Nfo-8Cln$h6q+G1V98k4O+*@I$ z=|Yqk6Y<0YU3g#P70TcSvre-V;BeuL)=p`zfI**(l{2YSE1QT+F`|*diz))0im9Cb zTSnuTwA(vwz?LsO96O0AIWS1tw)ca*QV{TgI zOIf=M!h(gqYx*F)0Y|A9MXEEh4PF9fx>-({Sr}#9WQWg?M5N?h!ak6kLax z-x-FN*r-7Q!=O}dKs;y#%cz(#0`+1>vcipYicRw>Y{4;2_#7Gk#t9SHXEPF3oU)Vb zry{tj3^9VtX?4fAsZe01z(zKdiVa$@WN#c3X`TTFD>_jm8XnjW`N2hlr>l^2)p#w; zsM*S#x>aESG7mhafk@y5kubxd(Hs+;N)gQz*|Qs2!V=g(`@rZ(=xS>oVli=rqO)WO z6Zvwa9W0tD3-cI=qEK&2u}F$c?qt%+><3j9#zDkD??K}X>fC^qW_%{I-6(B^Sg?vs z3wG*|sdjGG!rZ}~Y%Y)$a3-W{XbrV!8EEWdL==NfB4Lu4EQ*k^0h5IjQB8zYIjcRg zN+V_2*LhQ$JhLTjaX3g#ACD~ntc(aJ7>Mll{~M#y;G z1YXIrVvhs4O;%|r8rhYBhtb9fqL6Jip0i~;9{xP-hGdAmx@zUc$(o{s0lCUzY$#_G zXf-7|p5n0`6V9FIoMe%ba7jprBqXw#j82>RQm1Y7Y7&tv56f+)REEnWX=xniOdBf7 zqTtMQVONEAUuc(wXkpi#<05#jrX)EbBi*zqZrT&?Pn+Vzjk9N4t-MfKqS5w^SLuq? z^3r5-f~Z|5RjyW})8y&d4vtNlQmvHhlpGhzbCTUl#O7de8;!PDqh)*J5^?a=koHttk;J2k4bW!m9vrMuAe?L8B^?=ctt#a$VoH@?5<}TPl{T zDW=YxmBye`mx^=Ln%ussqI|KQQe`I6k5(yHi1RdBW4@4rglMXC;$nGjUwOV#Opo&7 zVtPk_9K?DJu~I6AKuzA@QXE*M(Tn>Sbb4_YmChhni_`T6g-X+iN?xDmszfCbf`w2C z)jQ=+3~^jERe74SSff*c{Y@Y!5Gj&R_5E9r(tSX{6IdbR#g);C3jnmHerBDZ>C0?(v|1Z{x-2RWxh(M*Os;^kQe1E&17ZLcchzG zM9M*`o2gf+sqazhn36C$X-axUSj2RNb&Wb`40XZp#P3_^wx#yiMpL9$6&YB67f=0Y zzFe$dr2hj4S84TR_C_2>>u+RDzKZwb3Ol38)(oZNzyA}E%iR>uMQ&+F^vpOqEoe+T%}Ie z*`PF3Qw*xWa(WMe4oJjhWKwGOf;nC#&o9#G^r~E)Btt9DrT$dH`Zf$E|L(WRmLLia zGBW%BRsJc(xf;d4{e8BzK$bdxCJjtC{=3ou2mftpphln@7XK#=QaRKJjnoeG!yX*j zL)loGpwJV|7&8rjrMpSW{z^Jq@$Wr~Va2Fg5f9+S`G1HPm;WJNFz5eYsUx@l0bVSL zht52g^p``6c`lxz(Wq%Q(3Pg$ZRAC{O0}Ae+8AIl5op$1#&Ib;*WuqrktU-FJXyyv zP453>jUdS=R=+Z&0{L|0PYvMUs4AX<`vg?c{3JK&7@xbj#fAY~u>IjashL z$+D$1F$u8=CeisyeRdm~MdoX?G<$^xyz|_b$>)t6j7toX6r`k~1sIm%AWRFIVxH^!H#vW| zIU7yE+AGz?N-Z*^7NOv|?0-JP*VZ%wMK-fHg_sK^qXtvTbNau|*_^D%ZzuDC{fI(T^rgtpx#eYSgclJd*iK&9>x?M zdlp)~xdFY?EIv(1vv;kWX7I{Fd2s=)bDJb<^l8dmO+M`jDHT=TCRv(AN4?WKmE&K? zA_QGvHqUkc%ldhHCbVy%Dfx$mpryz=^#p&Heke-No#!(DP6^n$_aD>%bp}~H*Y!U^ zIt+aGy+f}5uvQ(6y8t+- zYCOOys(R#UZETEzJp=PI{IQwN{)~rRMI3wsc&;{fw6XCcF%GCSA0St?eerrc=WmYG zR;wu#)*VVkwK()X#+t|@6Yxg4VYkA}0`oMUtfkWg2r=?O@re&(S+M18q=YDlXo|*C znH(%1V@X;120S;SFWV~;Ik5)Yi9V!I(e!{`XW1nd(e#IArwWduC3*gJGzrhuN>*wW zIr5^ul6ES+@s$+z-XI#CV<^4*lF6bZQQ;9ZSt71%2C?b%5RR+KbDqMx1*M|7c#w|0 zfKVzZ#Ea+Ls)Z!#(v^Dh4&%9|?6rkBMm&f;459Bpgt-lgm^|s#3MM*AQ({UarI_WxH$`@99r;PMD+7fp615 z`jDrZqI%E{(ja*WTT@Bsl_2zo^xb-p@fmNT25E&Co?6Lk5j}a%WsqqXKS`dWR8wkW z(;=Zz8#8qh=sQf$Xj4^@$YE@g^knj962c2ZBEh+)YL&%u;jJq5;CiKlaXE`7Qgw`; zl7qr{+MGLl;NEsTPo{tBH!9y$)55|pNL;AP)o9hKoT{&+!rt{Oshr42d3bJkge)pF zOet*^RqxHr=rtkjO_=hemWU$Nq<{EJjf=LxUZkX^n)W>ejI(S$HuucQn#kX zezl`=M$lIppNylOzX<;BkKa?y&7SRc{>OO5^`>Iq+s`j-{bfk)M!zTYpJ7`gua8IO z#v7g|Z~o}ZE!rT}-I@^>{>_1um1W0L%0KQt!2ZS7VKBWinS|1U^3R~>_S9|SMLA4J zWzc5gj}+F4{(VLM9`p|ufnauvUe$AVDBg$Uu1E2DgMa!fApaUfXF5IWDC{{sKcSvE zIgUP{E2dB1RP+g(g0d*(ir9yA_;9X>d`0!27#Zg){J(aNZ z$f{)W7sAvlwW=hIhsuoA0eNs3IA8-!^1Y){E`Vnp>^YkE#)&-ivw zL4;Hk2P98Zg2stdjQ*4a@=;J(@fjg_f+Px=+?32m!9AzwUav+svD%nqAMk2WSH@)l zE1TY2CM88o?LeL?%GM;840_U00bUh;9K}#DKZqaJg-w+NYt=gTX`-H0Bu(w#m8j`c zM%1a6h(g|_O!D~R5kf)PA*RDbRGdT+22zAB^s8o7(UzVJ^o)oK?hZw2@Ma`IZ`v4h z5Tc4nO`}cndR4fB>b=QQRpleEjzpj}DixWlj5T8t8N_KI)=VPO8Fd%mazgu|Ap##T zEhl}OVrMdWqxhL55G3eot~MBMYhY5M>Y9i)lh0+)XQ?J>wxg!!*_pCcvVRFoiS#7H zVH6OOPI2R2iI1ivRIv7~?QJS03rr_!_!PC6G6H8x)+kL`mU8XMM@=$1K#|37MivwX zZ4836rjDWcn~~Bpx{mvjOf)R z0aZ~^LL@?*GW2vQ+!2Zv^s0V?El62t7)mOZo?Phha>>t)`qa8__ChIC-Fhmmih2{U z1A8reYFutVgGx)&N3ojDO6bINAV)YIqZ60VMwVDEe*3#(;Rp}r**Y-}@W_R&8wsBn zNA99vLoqww!A|~YaZ(865xGFAR)}*-**T(IN~NR&M07$aS6&1%IZClHr9#3ti^l;4 zElu6%I8;A_l8y-ByipaoJeu&stFKs-CoaJ}nq?#5>#=i4I6i~d5aL3dE+W#!23-NM zoTt+2^b$TOP7PAT3T>#-;UU_sqd+>Qgd{=#>&aijmaNHmh**iWnwg;bfGO zPF1mOONCgTFGr>%wf?ksE)-hAd&HSbk8-HAbgYX{t3HDjD>O<$jx-~p8K#MgT;at$ zaYT}zz} z(`rkBW=ff)XT+IFH8=0xv2%CE>SwJD?Tfbf*v4^gDT!52BFsm$hJ&O-8cO))EJvMb zOIeKi6Y7mlsbNn4Xj>@X11yZpd%|b`rQf`5%ffQ1EGm3x|nW~mGVA5|yA=1hL z#k9*0Uv^$lBJN5>LqPS`XFUEw?3vzqF##i53D$e244@MKuum*0pm#swRC*yJE)-U| z=5}rDBE%{>+o>>~ViG!A>Yl0!5zDt=b&-dIrK}!aX-BLwj65h*d3n^Xi}c2xAeTC+ zR@9*Wq`xN7Rf(lqj#ZUSdO;L2sMMy8K{yWzZD2jM(10NpAp#pKsF{LQQ(r6L%{Jdc7~`u^@9(u`(yFMnoTe0a}IBg`KsH+VL^ezcliwLF@A$zt(+mb z1GNfW&=t3Vlgh8{-Oi2x4|H5Mj^jI}()5b^kp9KDx8~v-)5vN3qv<6b6X$RdCwG*> zj#djp6h;IO#=o@m`1Fr`x2-rd`gGf6MYnsUPVl97y+pTpmOLvPXK1rzS-LDuPM<8D zHuo>zcxD;jJZ4opFG6RN|1zDVSdqh}w~q@6kKl~#tiNSshl=cQtlv!Sqs&o1eo|tW zSsSL{jDJyh7MonJ{x+!=kKPv0!RC0ix)Z53$Ck@Vr9`1t3rYT{Pefi9&8yV@=UqH2 zfDaw1d6iY+oSgJ6{)pF}{&nkZ%~@B;l%DBCC(UBhxopA&E{&cNxfGggXVY&otp`(( zl-p)`?)|KiEXv(=H7tt&CvO{95Z9?c)|7r;_w z7-x?<<1AWO@308mDrO;)C!R3J6lUC5p}tC~HBC}^c9#wAv!VOOXhlsj;9l|%$zNDa zVaNxy%#8piUWY9avt_82^Koc&4IFXZP=aMEU>A!H& z2MP7s*fng<*%3YTZjfLhYi(%pe@;_MY0*>u-{1ed1X@|cnkSb;XRQA3@Be=ifcXSY zB;uqM^$pf`jYqW~^~8y{5zVcrpGRIfBA%DINS&69V`s!D09vF zJY1nWQTI2;+6V5=t#HsvD=eQ$D=eWR`az zmWIk4=&n5rx;4y0l$kE`kh;NP>tRnz;{w_j&})ihu2N@s+IZNcDHVm9B8ALfS_?k* z9yQGGGpm2QC<~M}K)8iR?dsvQ5rsFy*lkE{6DJO#LQ4I;okBvS;WC1-NNIR?a)y#q zW^_vR{}KL-{9F79|I!M+ZgoLX-C0!dE>zdNy{LlcxhWx&9^C)r*ru}5k6uh|Uhm0} zPcDDg=}7C<7cSbzWv-dmaZ{tmH+RJ@7X{B)7INi1*H64uJ=XBX^w~ITQ^U`*vsznzvDxC(@K$~LU-@Rj#BMXorO~PPchB`WqMN4+ z>lHP1`Q^Nzme)3o{qTZC3%4l^d_~Lm_|2U)G^&qx?;`$}lhP9zotvLBggzO1=gSV6 z6V~qh;=+timP;QGx)kyA=F4%9Iu+MlQZ{z%-r09Yq|9;OJA8cbf}J_dMkrR+PiXns zk)MzAmOEz5+q5pBb8*Xr4cjA}<~%yJ{>LF5&)KZL74!A8u9qKJWPJSP7xPEWPO*zj z6p^CxpI7juBoTwOHr2IXeM=vymsy)*ta)o&(se5<8w(4mA0jwgdRcncYTS-$9>}HuLZC9BfZ6j+WZ3yLY@TmIQQ=DSjY1Pp;jY=(TU!*sgg1c>MT7_()dNRmoz7nO6M02%jNul`wIc>2uE$*v=Z_{F}MnM~)x~8PkZ8QqfWK!a6 zC~>efGFTcRp-9s1rc(2~CE9lflUphp)zX+nNlD4uvY=A^BieeYBY5`U`9Ca0w5WQu z9g}+UT+5L;125|0_SepAvQMd4HFa73hU|2|PBvRz)=#eZ_~V12ve@0e3+G53d+aRZ zR>TZ^GJX>$;6N zHv9Y9cY-EIgkP7uKdW?Yx412t-|e1d6Edsw%h0fyeYQ&-5{|zYeygPaS2MKoDGo7F zUfn0JJT!gs_qSKKZ4{NgX-@tr(XQe{17asSW%-Z%aX{nW>%M<5OE!A^^e%pDW-ht@ znN#=cyFU*aI&{ypfS+|XM{Z?*FJ4jFghnhDl|S=>Nh6XE>by_5S&< zdcvQa6{)59>-JoIVaFwXI(7MzE(JfwpEm;h@YBJBHX^l{8r#*TiST{EkJ5NquYB{BZ2}?lJ!TrhdC_SjV+1ZO;ratjzHHI<>Mv~*cX{V! zd{b+i-=55zuG-)7H`N!1{m^saf@!^$1(tn#a?PjLE!O3pSmU{W*Z#2$?B5?|bNdhH zJ7wCwF1f!!`wq9C32gMXymQRzGect|^TM?eQ8pU}Nfuy3g(AEU)H5$x$=$Y{kiSO!!;|f4=bHka$WS@{aa_gP4<6JK7V)jdcMDWxHzYC zLcZx&CD z@)H+rPM+0rL8?*xV>+K(7}frpNO_^nh4h*S7oC#t-f?C4GM7tzXH7dbB(U?UF&#Qr zexlyLp>_vfXVsF^=XVV~mRP)W{faHxcDdfq7M_~FaMbO^uJN;S*RN5HvHrU4sDVDQ zH~0G0IXUR5s9x~ixPv?VlJ>y4Cy$(S^7y$JUHHT3 zFEZAowd=EUsmHYA6WqR^ncpkq!`~xE9y@OsIs1cs-Mfz5z2kz@#1Cf$-&%Y3NW&BB zda0gOdRg*|0`hf7I;E`t!K%y01E2hq*6C4+Rm#YHXB_TNxYOG1m{b3&^|}nG+aO~5 zfz=-tE%m!L^80q7ITI_tnH-wk&%f2m8Om?!-fUf`{@7ZTZqll9sbCrTh4%`Zb$2%RevFqhXZyfDa-LCx4Z_=GT~Z>FY0DKj$Ei zX?*&lpu>^fTefN~tE}y6ySvNm9RWQ%i{|txJ??$t`(0Bf*bJ)QFMgSIpC7;5cd_0l z(+zuN6*c=yD{5+KzAq)U{Vz|a|8&Y2~F&))+i1# zXPR|Xxob$9RwcBQ)wL8SSf$-*cvw?!#a9)_!d8|a$lVtA^2ARY8w9HN8p?0XelBfY zExDsCOd2xRv&{X?jj4IQWj=q_qN_JMnu%Lh@LY85j9HHsZJ9E>pITr1aMP88+AlNI zJ8!MFZ=pY8z4Ds|GoG&9a>G9A_QrwEL--@>+qu3UA8>C&*V4-h>}A#{Te0 zQ{SY^Ma9m1qZ@snbPn5oB`M&GAve8(1A035-h6aH$DKaCM-O{E=;s>eW9G?km$;=L z4EHID*i@tMj)@kJW=Ov8{YP&}S%(LPMVC7y#GMNo{W-U<+sx%3m#W$-#}v$Rc38J< z;hN+H&SASRd%90p8BuX`p_iZMqW(|a%AY;Sd2k`pb$t!1+5pAPUjpquA4v5G7E=?LZLl?T}+|#7KvoB8XS>9Uy6CWOW{lL5mZ(59a zJvR&2!h)Aoc-pSGg_WTXowTDI4xjTOOVsfgF zM~IZ><^(iTj-qRL!b6*Nms*yI_(yZgk5-m{D=k0pADN8Rm)65%%)z5p)nqKLkd9a9 z%B!s=WDTSNLNq!pAy?C}i;VPiaYA}>^MvrYh~R{f$Tq>@Q6UL3BRPxeI#iD_~8GD0E{KG@bIe= zKsAnEU4hGF(lA++l$PO`fl@P-h8UgyPt}jKLiFasUWA3ch!*xVoG-|JaIWQ7eK#H2 z(os8Uef0cpgYrA=S)8u>p^h@-v))m^<|(+mk(XvaTw4_LT}15F4^n3=wd1@ZuBOeM zc=S|I{8vZ0Tc2Ln$JV@fKVbdL)q(xK-+Hq+u1<<}>b@G8`}fRUHTPb`727qn?r*(( z`f`8C^z;qCyWEQk{(RT56U(EuW2LIrk3Zck`9s^L#mU?_YIk?T>fqPs_lMvx7kd5Z1|+}1e?;z4(-(0 z$vNWMcMm7cDQ{To;?vI`?`zTabAJ2DdLO*#^K$(v$?EOyQ*5RVm|iPhCf6Ss_q&yI z>)Q34Chb_9Jop>Ql7pEiZ*2V5G@Xy2UNEHE_LakXhmOWO^-rM+l_(YWbC+YPCInU`tDLAaajuX1~R z1HuD^t8eKjwKrvIVf$Lo#%9Q0Py2nFu62WvM{~Z+`uxViU0biM@tw3|MZk)KcM`6C zck!pEBi(*p{ek5Pzs`pTjObLdzn0_LFOU83VrKEuWrr3mTWmKx_=`(h*NC=_o8`E- z%dOROm7VX8n>yz`%_`Z`hPM`dbMHn-lFjI*qaGHNY;vhxT=4SDkcNRzr!MH2-FnN1 zod-RXgqKDJGD0&HMEGS>Lz1>75=kaq+2_740G$4j8_u z{-{NM>PPLajA-|`v)A$6`#qXA4g0`-NKm_!wUaj0pR@b(nn%NXJ4YP)@!9E2f3bQ+ z{z-YH-EX@Ow{5uOS@g^gqwlSWPINw)|Gb&c7bBN07&~M72eK6#rUf~)_kXXW*W=~B zmpQLfd%WsyO#8UVvDx+Fi0qxSE}mWb;8^!<{jLmJQd-;k-lcC340TL)+Pc3>=k)i3 zJ3KF!#jlLa+4jg|^P+C+f7^8J zj|>wKQpXXfFypPiMhk8pmG z*XYn71C59Mq!m{0SB-~UjlDPeekz)kIFoJ9)Oby6{>QdwLS)jYP^qk0NJt2_r$eQJ zGZfDM^3eTPquI5~3zKfF)z)z+oqzCjKb9{+9*|7gWc-P1LFm;DZ zSGH|x>D@c@kF1oh^PWsg@7Mjx&<@>SZj8tu*|whJy73-INh{Pko$g)OI==Gi#J@R}1@Y_d|{rzHIh>z%o z#C_7%@a>-LunX>EPQ6$l9y0X#*-sNLuGcm_Hzd1k^SPx%BW_0|J#JF8*uC@39aa{f zAJZ-D6sezDE3Crh7uN?H+WFjBbaUq5*ranSd+mOB@{BH~P4ceLsH6#^t*r|ru0N0H z-1f?`ZGC*Y%X!^_{Q1332lf|T3H8yQUL^iy_cM3<)43YQZz2@qddyuoyiU(-seba* zsb@B&K6Mx)e;8pM?lYp@x%2NGd$H!bT6_CG&Pwat)BRli%_~!_2CDbE`DyQsf10*u zr1zAa(KXKbMt*Hu!zXsYvV`@&`hU>t`-z`=X;u5a7_?zS%RW~mD@>!=1scuHO5M%d zDYQ9d#lmQgY~HXEVSm2yqO_NaJ)dl^m>k_UywMTYKbl(Jtu_q4b(G7(Kp?ivl%`8N zTRR%}zmkRzp%rnQG}bgY(4I}`UyVrd*tV&0sQF)4$ezvO#xF z=8)%&S6mLNozKexdR+cg+wu7l&Cgk$>suzbQw&&bJ>}yVS?Ic`)4Tgc#D1?(4?b#$ zD%|2CyS97c@9Jaorux*q`%_+i^Yl&^W^7*XKj2J+WcHGZE}X?GtL4t!=n=X9za6-(!hXogvk1M+@eKKu*U}nRk z0oz*5-BEMBySrP@n1+{HO>egR$RE{I+3Ala zKAy}!KD5Sj{ypOP3EgW>?(6hfW#IYznt=hEn|1u8==VAqefuQ1wOew3 z!x#H+j_H*$=lId2{_DDC*sWIa@k0mCldE+v?YG>H%ZpLHIJhe=ap=$~+YkQM;@XB9 zJJudr&5GlXO}f8-S@W^YZF7d5 zEzV8vH2!Wy;Q}kyUHz>4xUTif4DI&iyyCnE^D0D#X;DM(nQ2?txrwUc%Znp-|xT3%K;^uIhzS9?`wMb=BK zxErJVn@H>WxR|y^@cE}Sw7c0O)aW5Cp*?S5`;GQtEO}W|YWDU<0(iS%Pe4~)9}>|U z0UP%0mMld0K(h=HBB~`9;kCSZKMxx_qPg}`TO_lvnJ1oSdge#Xt=^>&%NFJ3ocr2w zJ+40ZL%ij^#U~ytD2*7oqH)ZD;=qm%q#1!r?H(Vr_;lM+nRT;Ag;u+NpZeaBXA@&W z95&o`_Z}Vl^SRT33rZH%yEnmqVL-;Cc9oNSKib=@q?i56N!|X~e|We@r^(xUEcJ19 z(>vLew%>G>?>+I>^nODp>^n2g)n?`wE1fPHJUvIqDlDC7Tg8rP^pyW@jk0alx9#dw z-)61gJ4k)an{l+y>h#KX+Z$V{{I{~@XOA4xSrmKPtuOFexn;`ls;}3sSvjZAl!ptV zKRzxke^!lvsHv>{XKDEjY56rNS+o;Ry*qa0ipS4yZ&R*2@`anrm=mpr-|sbS&4$Do zEnR#rJ2sV;&-fo`3U3!2?IX*(^$2UMJLLEHa`}6^y2k4wN9~wU;*_F2*W57W)3Hk% zRaZ#bGPA4@aX}l`tO?(|Ft+sDj|L4ZocLRt%CTOjE5Ba!?GeMBYr#h&3mc8LT07w3 zZSO0+TTVJ+lhCAIHXj0m}N&AM4tbHTe z^5eGOIEUNaJ-+t$v3Uol|Em3|;fcF_lH4r1xJquTy`K5)&~BV)|NDdut3Fuy(b-+Y z23MT@X>=o}+cvXSH6OVnb!SW$@2mp{M;xg?q;|p4m?fcu799F)&1cTRtLF8-zvuJ$ zHGiEu>{Q)Z6Y74~{Qc~$4?cb9lR5Cm^P7G1FQ}e8UOwU8mQRL$_N8WEMfr-vv0IzD zeet;Ey^qFjX)-PB`NQe!Z|EQFo@H0q&U0eLrT)mb9 D&=S&) diff --git a/Modules/AzBobbyTables/3.1.0/dependencies/Microsoft.VisualStudio.Validation.dll b/Modules/AzBobbyTables/3.1.0/dependencies/Microsoft.VisualStudio.Validation.dll deleted file mode 100644 index 4966e018e7dd63afdc73ab0d0d1d1ee5879069d2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 33664 zcmeHw30zahxA5GXkc6;rf(jS~5fL!#qD4U#MMY7-T_KPFQ6QKE6|D-0TCGdncg3}J zuUp*}75BQ=eM80Fy40oBx_sx%y$L~W`~L5H@ArSd?|ZSCJ7<|QXU@!=nK^Sq6MB9} z1cVSFd_R69WGg)J6G_v*Pl|wSU2nTJ*<^ma{#K^L@%qWxYMm@!tI5(Ta%CBcygZFw zmadX%3-V;@JXuVqBw4OTsq(k7l6vx@6JrVKzzE1RP3lWSZIz^f%z}{?1R(PWdGOw>2s0uU8G$13Wkh5}?txg5IVd86j!@TAelnkW{xK z$cW(E6}~2)Na!wqttv+YjHoN>j5Z*>;cN1VB&4+oNVA>MuJA$KSYk#>{R#Q5B_ZY% z3+>JYJAhrL4WK6Cv48z=XT9qYBK7IZJz3`otq5Tn))LGc#y~ImH0SYxPeIUE=+m`+ zQB36F4|6X|oOLn~Qv_-VeGD=`e-4G7HI+%hYPO+vHOUloXNTG&x?001PQ%5+D85=l z3Ie+Wr^HZ4d=4=-0MXDsuC#FRFiP%PlPu)0CMr3hkm@=p2zAt|iKbv{c0AauuHy%R zqc;pikxz3Q;$0ui!h>^IZ=g3}H4Ok)>jTT7*;*P83L8rGWWB+-z~*Vn<^z)DEa?Va z2}0~xZ}0+5*aArFT8Mou#XL77Z4$&5zyPRgDe<+GXh09B3b1ah#tZUR=9)%4>blh2 zS7fg72JouL(HoQ!`49%WgeBp`GL}ej)EL{ueAXsfpfy`iv(5gjuUO#i2g1C3`mw&X z1kMxc(*6=I_HGJTo)pLWS_y=v7=PB!q@dql7xeq2AaRg01o|GQke#D$AXFlC_GLvw zbd8~DU^k>g2ch4rLAPfXp^tI>gqzM2z$O?o9>*D}p6zT@ggkv-aaGGF9eCx3qu$+{(MCxnD zYQg|&D4nQw4ibuL&GBJlIwz8T$f<* z*qO?W1YW7A00skNA)@XFR80R%6|YOhz9KQ_mwY&X*p#o%x5#0&(`1^O&Qv;e%3;>8mNgvZ2|f^un9OpKL;SA zzt^;Z#8Bsnnmit+JO))ht?E|IGTx?T3@Sny(D9Q-tgKnEj%h(_VGZ5gSshG4=@9fk z*i7%PkPK-K21SU~L0?OUK>wf*7zPwML` z;JB9|TQ!HS1J>ZJg4$}EEJ+;i;)X8OoOI>nIztCCYWgN~7?1XZTc7O-SNcOOT#z*# zv35W2EU3X?HC*&Q6O3Nk&|P%z)CJlqrSr~0I~_Wh^PU1f3+)mkWS9Uh+yt-?h&6EB zkorl?gq#EA2Ylrx1D+f29>lYa!B4TI$G=cty-(`1F@ui97Sycv(kIpO^UQ-Z>B!Y< z+$_L0BoP$%Sv%Yrb~S$P+AYw=Q!e1~={`o&8HhTth_ndll*y;gaG>MsRMX8vvdh$I|VmNda^q0!nQt)Fe~!hQ*&N19Ocfu=o)R9DCY$P|q8N zH@Ftu8i{<}SxpKQqtihu@Rh)z?TTVVx^7e&Ef2d)uDqYOz)w89J5ZWf2uunJp`fs4 zL3EOiyfB|UwpPfI9(AJ)4UKH^wGLqCz1w;I&(hC`^-r=1Cgx(=z2 z7i<{4`y#P*QoGg+uE6lY^XtH1f4P584TZJ@I^c*N%2zw0Grd0gabU`z(@1QWBP>&K+n&xZ-LKDbEJVK z$oHaGmLgIh#xzBO=?me0O9#^03aQ&gSEV9yfu_+?Co2&-EyQ%XIKfs#nwy^o{zNgR z%gw4JBJ!04`QKCiU&NSqrRffuwlPDDn-J4@A=agq955G=8P=F?6Jn|qrUHJJa3a*= zY=f9O0!)X3RwCj}`Nx`J{;AkQAR-+pl_ALEM>d1bmNaca(=?g}ntct_wHC-TfbvU( zh^bBSea#Sm*An>S2V$X0I#} z!jWi8Y+x+(fV_|t0ptzCHy6&9aN+@|gJ>d@v&B6yK&dtqZH3!KlWY0rEWD(dPhjoXur85bp?aSk7A(Zog4OcFVLOpnya2kL%58|P| zgn=3uk-JR~Qk(RroQ}3wt~U4vL48|N3e8*u&_Ea^YOA3lFLFaNLX=cAP5O~ZDq?9` zi>6ir#4Kkq4FXIMxhE(A&Qk<22L+=c{}W9`wupIQj_GOUBU7JrXGV+alNK}`%#8gc z?@D=)YDeywPk?l)V2UVF22CNOT~=G-Na${a=8IshF+z(08exQxHjzS;T{c+$0MJq+ z4W+EE0d1-Q?c^ZIVo3sURv2mi0G%~LIP$LWoTGu0CAW<9<#g-Hsp<~d8-x(mwry_f@h=(o-;u#0B#t6LN-0k^6kPS)g?kkvGJGGsso2L~GK5ht}D|GchF2 z2)z=;ku)PTNE}aw8=-fi1Tu+-rkKYtiR1?(G(y~&{KP}M%two12VjIIiBrf8BQ#yy zjXW|!^Tj>L?>tmuJzCt0n0s-0_P1Rr?n7dDXcx0moJ!^yX+Me;gfud6ZWU*c?~Kp^ zv5J)Q&}Qqc;w+K~=T~g|DS*^uD-R8^JtOWjcRn@`Djdmnp^?-pt|kE#nkwFal^fJoLn7v}6q_;UO~y zp;}un9}* zK`J1ZX?y=8n60n}VTmp5-UPfg1_}@}j#}7M{${9)AvIh2sg+RknpUdDz&;Tgff7(Y zhaYQYXq}~>U~~y+&kCvaxH-rYQ#?w8xE!5XrX$cWHx1**VAa2xn>br*jyh94 zO~+xTIkpR1XK2@8$)~-En3}!GS))75P}qrnHj>dY40%lLbJxa^9EV*Y?x*b_HG^G0 z=IcW$B>|AaxrnCmkUGI>5~&JEU5T3F2hg;Tro}WJOVi0TolVn4kTxJIAZ5s2NWIAs ziaAX&4`}+Frf+D1*(QO^W^O=aEQ(5qXQr`x$OC2xtc>wYCGM43bDJ}ykO^n+ zkg-f8`v}fhkt|`Nn59I_G-j_7D<**5XHkcVXTB07K&d~Z9*~c+Z4BvM>mUXtG-smN zKtT+oyJ1%r&th9Tv(GI$F`d~c+b&EGz%+omRx;h0ZOj78Oy(;x-ev@Igc)W#5z;8z zsUWA1ZFfdN%VOGqoMt{qme8`c1SPCuE-{s4Bh=en;K2+4%nq8`l1t>O)e+bYMzXh< zOVmoRXSTi1oQ76EVT!5DD5i%wa^^wVu~a^$a6Vv%!8xrnWBPu5Vp6@xrZG>xL^E}9;p>3bHb<^n8RTd)&K zxk26^PU|}){&06&4ryI-1X2%jAJQh|Iix{EXzov1kb00tQ_l9pAM!~g4ANdC57G=W z4ATB&9Hct38`7afAoV9BY5Fbkkw%lLP&OJ)Pdg+TG@rre=MsC1krXqMVn&j=B;2Bu z>;TSba3elbw1g}nX%US3V`TRz}+@_e@6my#(M!?J^%Pj;9@(UQm2pN>- zz}S;@QW=AqcmU5%3lGZUL3tW8SD@8FlqVXfXDp&AHJVc6DK&{wGicciO3k2DCB-Y5 zo`M|`C9@Lb>j1MtT14v_$uxjgjHH;6Q1-sXNLqFzEn7-UmC{mEshlO0e+lJZLiv|a z{w0)uDdk^E`OB&N{Z!lilxIKXsbK1mg_aeRvx0KorZR6+nYV%8#_~4hzfJk8D1Q~@ zucG`fs3r`Hwi2*tD*;RG$x?f=)RL51pQauxw$TIdE2NPW6GhW#ijSuFXck9W42$+r zP-+InDA_JhwwPi{*|Q*F5zQ~5WtY&hODRt|#qXu*eoEa>sTH);ZHl=~F;$SRlfIxS z5ztl$mXJ_OfdKUvP>fK3^?C@fT^@qDWU!^D0BesF><3Jw;26o4MhhB%oM@OUE2J?3 z97QpLI%K6~8sJw*(=^2;f{oZ>5KzLMsvfM=$Nm{C2=T7w*+8R{dW z7#YPx(tH}9ULl*MX=b;{Zb*?|X@<2ZX{jPJY+aEV@)QBjHAs=C6nJKe%BX}gidjne z%PD_3#SnXi3CaI}syB zM)NY7kECfD#iY@E5lu_QSXZeS%a&1U8O4{=v_g#aR*KOwm168cBBAoZpFy8WXrD@` zwi2o>#mgu@l5$2;OeDpm(Y#WEwk@LhGMX->m~xu0q@^lpzKY_BIjzwgYZRKJJ~En* zr1(ghj{*ElQH(iCPNVoViZ7!1BAPFw`7%C_JyK3FD35Uq(tM>9^HsEL z6)j6(#Q-~7AYN!e+irn#N=EUXfSD=sw7|MNEwHXgN{yt{G{~=$rqR5T@+c`!5yg~J zX-g@7DaBV%OcljcQH;1G+#lfl{8OmP#UqJ@@-Ilj1878rTHqF7uurEF}Ac%ZE2s{QXY!0qIn_Q zk;AN~X{jAjDP; z%X&H^bt%OxrI;#bEG2ZIrD&QDyR{8u8*yOzFgZ*qQ^A~IUNh!!+OQxj>=y;Z3eG(? zaQk9Q#IR?Sz>X0PIApnG0i3JH(X_Ai;!pC=+3$^*Cj>ctELTCgRI~Q4F(EJQehX# zk~Fx-!PAcuh9wzrUSf$7c9$$s5jRLPNj*rj-~`2zY}jwIa87CnX+H>awkENF zn+p57Kgb~FG9xU4D`#jwe&A?HWUP|LASi++&g=pt&<|$3;OtqKmJyN=vKTNfB#b@@ z>|_xp5KYFXkhJ3IQ9M4He=(&oTUS691e`pF(I4SMPNC zbRiqb&(NtZaDU0+xA4zx@C=6CelXks2gBPf!^su+-XNpN3wYvpJ~JFHkXg9v6T#O4 z?w}mWukalO79U01MmiScQSB`V-|0xG>q+Yufu`=_S1R%G;tTm3k-DhJ42RQdvKUROmReTOb)J&ssq{KM*ixazmS9(P(ss*M>s3kliVPLD;WJzp4In{X9p$Le zGFp>2!)L6=$D3Xl$M$$Jhl1BFLjmaSC-#7eyYh#}wu%a@85} zc>^{5sU|QQGO}^(n2sY7&l#D+SLZvW>r~o-6x*dBPY>-)F3eYP!-lj`=@E+4YI1o@ zluifc$|+1%>p}kK%6C!eGzHoW6*in`O#w7O9N3Lg5HR)&#pIjzFfmj^NrsLf{AlC# zB;B-N{|+#u_z}gAJk*%bzNR^71J0(DJf%vTQwU?mfTd48GNU%p1vxN=R77WzH|TGm zaeP`W3{C?oUYA&qo}xxtzr77X^$+y;}!!KmvBp7e{vc;3%ZJNzXV*eX+I1nYj z4pWawU7^Wp3NGBZvQnDSX>;sGuU%cbtwP5E193SfU^DQFnItYpk@blK_veQJv>sO) z?mazPOU*5S2_XsADs_e`L9NqaDe6GT7rK~A>7dHX(q~hT-d2^94=Y7~l5NP~Mv5dT zw7P6XjzKRplO_+mJM4l~IpDa}IV3@yq1EU#nR@@OYF&XMCrMwRRBQa9i8xtdl=>@k zat!M~FNh@Lic_;CFh?oUu%;v^@(8zdv{w}-!^)j!bn+(i$cX#W^f3~7JCc+fSiix8 z7+fx_JUQvGQ9?(Fs{V6hXq!9bgNLX5)#J)!S{kg?2HumT{+F`WT$}x&qhQK_bFM*D zW%8R=l3{R)*z+a}H{ByrZ%I0(_k$fSziujx8zEvC957uvWzsFs=QNx>)mYdXVRsqZ zRZUUn!Dh7@gq<+A>(Xj9HPEy?_Mf5h>M|eNlG&&E+oa_M%I#KWE&`Vw5qKsD@KU=-s9hK?yi_ref@>{iFz&Ud<=EO zs1;dx8XYWyMilRd{HcL8`TR8gjBL>AGdjPK)R~N6{y-{S z)@o&JjtWm`#v=5j)=5ieosk4n5K!E~$XFl?w$~=p-7uY~)#<5EN4SAcxMLCT1*-eK zrdQ?Eq(@6!?CDvOTlYy@m?nsVuAon>*-%}oiKa$>0zQd%|D5d#=tdvbE@%Vv8B9Pu zN6^4Ii9-`u|MWzctr>)#60%)XxYZyDuu1Nyf}d@Jekw&S3qzp9XcV^?Pua!uwBUT`v3>kNJw4|OyMpwJc)O@1mJXRyQ@W};zJYCN*inhYJ? zNoxeT3?WuJi1p+_)CUf4@X~+^ey*c}H{3G-&L?_^_h^7h5~7F<=qkW#;7wZORY24z z2XZnBX#uZ=d^X^9@Jt6R%9T;cddO#hG}wFKFE;C;Bps9}fHGK90+h;wZx-Z13#);U z&jBiO5r=%hVM#UcDyS6Vkw77=73E|C7VkRsz^MjFSy--76hK)ZB^OHP0WB3GR=KoQ zg#>BXhC&FU{T*K$D6fXPN#nocGOd}^|D3ZU=%|O<^QbmolGPC?Iq)x*+SH&i3HV$V zS62bGXFRks23nU1Ey42oFSfcH^okm2Xw7`!M2nMvcxn^0H(DNR{lw0;~dwxs-9TFPZ=(G5>TC3t2u3kLf^x$830Ttdn_GBw!JQ&1D>q0}+ZD`y7#& zwa;-UW{@vhCLx&G6`Pw8Vqf$MDz=sofwg_HowX}y;%X)Z`d(1p)y)+Zb_GZ%<%J)C zCpOj9ftbmNeX$cZ)zwubX54tu#h5`_(J~0+vhaZaL^6VCi1yNY++2kOYz9GJhP7rz zE|6heTmZ*fOF-44oAyP=sfe3WF^g@-)?(Z6DU?AB*j$WOqM*pG=nmEd5BQI2{{Zy1 zwuZ)`{_tD`fo0UhRU#8G))L5pSx^$gx>|@06>wEN2Ld#n^bnfcjYje(oI@D*s zv(SF^rfB+zikpLMCmj?I>eTptp!Jl8W{<1x*Dqi8^!{^Y?+%tz_pX}l-6!35rOMas z?fD3OAC2Fg=fnH1v#FR7;pIBcK3e4>%PpT8oY3>kRJdYM(aDMqPetkkK_^gCtWL;zQvZXu?smdV*GHWf*XVXBgEG zeP0M@p8>oIXq6Ib#&)4$0|9PE@e05oC;CbyA({Nxls6r zc+L*tP$nFt20+Plcm_d=b_|E|Sg#T^Q38Jka40DT@yHhn7}N)K$B}_;ONWw3!+{VE zb)e0#C7FQ1{=tq6qa{$U43HtGm@uGbQYqLvlqv^q)Jp|=$Uz3Kwkj%v>$MEPqLr}q zSSAysh5|i=)`ZjyD36-J1p(;AwXzw|(Kdnb4_96VUAUxh*#nrhwq*q9&T(;Zbth5) z-9aw!!*wM%YwkZW5uyg53HWq3SBWhyqre4=hl`6fC;^hsSz7`cWnBVU)K6RUq-#bJ zHp&R#LQ6Sd?SNm)VIvVlwc&|1TDwY!8GS;ABHUcfX$CBBEu}QffwCfCqglvf5zK?8 zoH%R^8VE(h%8GhI)sD7|5cNf+;DM`;wRJ69#_TgBZ}bOXTWBf14h#B1qZ2u`UAa{W ze$P%=p*Qq8WUS33uns?<=_`SRSPNl<5D7zn-bsi%j+kV&79OP`nr=M7(d#rF1AMr4 z!7hOzRsmt~~C<^I)3Wzf|hPB{o8CFlj z^#uuHi2uG7G9y_QtxrUfs(}6m_YGnwCWJrrdm6jeY^D2ThIdp|Wq5MT(R-64f;gl?b^c6x2NH<4ky z&|63235`J&8a!R3}V`5vUw4vrG?T@cUC$m=cK%M|+S#>_# zxh1pa@p;)`Oo&9I)jGhBi~otODMMU4sit*^0FXe5Air91On)tWa|QT4#dzT0iiJQ;2*Uz>i$pW zgMPtj%R)=}EZpSd=WAF(P8@x@8^^(9_~v}3j-hV6p;u{rWx2WxjW$P}?kh9QRs0D% z{PUIZA;X9~?%vE-Rx>;tkscPN2+0Tu4G0ekR>_-%dwgCQcY$lDGfAaKHSskR{3J%j z;C~)l>rB`=|InxP|Wl1SPkcDA7J$UJ4Vx^bvs~|ea>9-bUo$E62E-F zJ_pS5&n5o-85_s{7wqt*V|F`WmH(?J?Qfxw>)#!=j{*bZ-Ds$MSR+|3Tu{j{#-xD1 zqNvcz@E%$(gF6iwTrXqD&YyATIII8Wq9RYG!Z$5sS@5cbKNI(tbk4QOyc;xVEYoPw zt!wqNLEv^}`fQaf58{0?c<(@~$bcZaKNFPCCf0tEW-Z_N51tFB2Q;1C(gs*?d=vy4s?bi7- z5mC4fau*3Q6$V&knhdxchO2&mSt5Nifa{_Ry~#S8RFIFMLw}}8H22pqK`$jNpL8Kn z;9><;qMf0iWw`XhHJJaaX!jD!XT=tevdY&T+SHgF?_~yD2>d!U)HkZPsktn;Hvy1H&g3^D+Ze^J(}anjAJ2HdkZyh*%8Bt;HMGSL3Fjg{GAaq%ic#J|;KcYb+=GA?N{|3MQaC+Jje6x%>4jiv z1?9wce|}bmy$xvqWejbP0hu~Dk)sACHv?ZRi;*de2LDH6Rs?=MWo=SdSEvgvKtTq* zeSkWugIb?P*HBL{DEsLuTiv?P+xD;O=MQ$o=sXT`{A(EIEI?kFl9Z&(acbb!TM4-740%$>hEfl}DkPCO@$Bh5wm3_4Ko0h$}&uVjoeCPo;JEIqY?;N#*D~&i=<6N5REGdV;NytM|lUivkAsV zZZ2R*nQ$>%MC1XVloiS*&6pAQruVxIFV3+;hwpE7>yCBCt##vu>z_5~wfWl<3%@NZ zvCzs(gm2{~f?H(*h{3WBFf@hVSt}f8*$?)B;ffH7<&|YDK&9aU7IJfuAVny0U{jI; z9OQNgNF1cy6goUk=rwr(wsLDkiX9*>ri8GTGQeH#iWsSblX1Uk8W{`lmU|&x;84$$ zu2jjA;GGXVq$Ea1$pWE~a(8E|z(9FO03^X-@{pbY1_2nrgL3_Ui+;TRg1^vTUcxjm zH5BxnpoFo3zGkFs3B!=7f#3c1e9q}@MTJw|PiyY+`>;7Te@Qsmdi}K<(x{XTi`s8% z{QCahR;yXRS*rqX)wP{dOWo`0FN5Yi`d0F~DktCf_^$M!*#{hdFH1f9^sdX+x!W2o zN$uTQxOThX{K&|D18*IfIH~*WV)<8z&-ax%oYXDS1@{e~w)$qKZ_BD}_~wZI11n-!gW~?og}w zFVFvUcUb!?;`NUr4!!Mm^EW~A%#CXokDk}bJS?7tfyyi?VG6+_1@d~(*KQ4kF7jH& z(HtRSL=qV5W@ci6K<JNCZLww5n0U~aMUyl4QYa7C^V4M$OAPh za=iO4b?A-;q zp62&gBep60-x=_2R$WsV((sZKjAR(ZsW^!JO_cXMcVT3rp+ZkXvJGv!b z#h^ihzElOY>hEOh<(8J{o1Z3^%$#{FD4^B8I?LzFEqj$0ku?!RURv7S8O&}u(l+7sP-Ahl;yIk*A-^rmNcl>+IE!@;SYDda1`{s%R=XU-O z6g<1%Zn;J5nYtm51`XUlORJb_5fNUi=j3%i&zOAq@%p&N;i=o^XPsyF=Knmn)g-Il z?xXGw_W83xk7K<9zL_witJ{XzEAA|`>Un4165rv&E2eus)QL|{JTa@-UtS{02M^et z^L|o=WtR?gMG|~sEP3%a|1Dl6P%g*OC~#<8?e*|iFS2OpTQ1nIl0_9jh#%jKH~K&D zf?;wPw88R#F!X;R92kP&zuiColP7#&txPP;+FWt_y*cTyVA|^6yJkO(xp?wG_f9L8 z4g5MccKg}zDVvtMzj>o7sd7Fu>3z&R$$iz-6TT^>dxlAF`#1R^s)@^%#qIOrJM?!F zUq5|j-&pqn(~fT*(SFl9$;F?)Ip5!TTJxzVyjnfJ`yqH%w{vcN;$Ls@@jo|eM~_y2 ze7C8|Nd3_!8(YNPeij$M*Euu!i0dx5ij?$j+CQ?kHIxNk@3VZ_^uDXSi;kb$u;7kh zbH>>Xj)(Ui9_J(%nhmET&l9dv$Fn{&3?4&Gn+N)wz>Gcer@HTkD8**EbIlsU= zF+x~_iHYm`q93YlEa1orE#0MXur7e@cr=NUTi|rJ5u%vUavS5^H%xgSE*1Z`9uCGWj9M71yoU?*3k>?N@^F74TQ4u3kIj?`i>J$r zr^t&Z8I9vFkQW!rBMi=zWoiZdr87-zAKz4|$qYm^||s$V{uj<>>em{ zGdZcI!s$u_ryz_S6hfp0W8B=^bcVOh{AF&RxDi1KbZ{O0({7y_53Q&*YVg*?vkl&v z&tF|K^N-+L2n^&WFPzmtU~nSikX|WsB6~8%+IKKkMG2HqpN& ztuD8bt4Dk|(-8iTK#H?B#OE$)iLZL}z=+OQmWQ`J5~j!%UrVZe?ECYIeS2<=TxC<) zf9~}2!@N8HIJRBqrE_u)Z>iU=jLzgf8U8S8J0ubZOJCe5J$mGZXDD&(7)_IR4MDQKzpKjG8y*V9#!&_U*Z5 zHEH}@zek&%oNRP`QJZr~NV`{?@dc`MzjMqO?bls;+ck;y@+1KcCm%~Bm{aKCl^hT~lQ(k_LK zjT-Ay%jSaOt7+M3U7ntAGrO!P@`+RNpqBG0lU(W~x;2|V*F7`Hp;5T=;4z^mI_^*1 z@G7EB(odClu2?7{d@fA!JrUNkWn}AsrS)tj`?}8CYy?5)+WU*1A^s&WsXJmp9g>z)hTlMs~K%N?O-P^EMbVCN5Y)SCoP}d)?3F9 z-g|Fv%7U_>@;C1*9JgM5Hg1zc!8ey$r?+Zsd3k0%|M2hUt{d&{Wv6(uq3gaw$yeVt zO-RWe(_rb4I(|J)RlJ=Vo9sgNjo#5KameC++y?d z7894>N!YOOyTUVNS=R61Pk(>2t!&T8)*;sO8=wDB)MwqXfMsv1-ud-7TCacmD~0<* zn(t_sWj4h^9GTZT_j0|-^_D#h*mT;#HL-ytrfa>nM^`2W&gpp|>_O|GC!4Muyxz8? z^YjmkN@~5Am(+S=G_F9v1eDZz0JuBG9>T+Dt@D67!!m-;52GbaXOV?r6u>(oWhG1` z*!C+}$eO`u=0%tGkP4VDoJQTOha8HWT4f*B>K-ONL)QsdTdBq$F8vQpe_jfuX^Eu|YwxeqqhvP{NB7 zn2N(+L;JzYCb{{tB<=>Pti&!^ULv-HUFgf|GdMGA;KuO>PMIyDw*ky7(*ccV@UQ<{ z48XTc;NVtm027UCoWSwC9T*S}2XFoa9vIk+2mhbyA9)G;`N5vWgFOoedsxm7{xW@a z*Y=HH*lqoBW1|tyx3=gPc|1Az%b~NKo^;z~`Gnltxo)Z*>Eh5a`@o^*7EW*GRO~p} zwa3Vk$XjQ&uWo)aa^}TzdrL;?ct!;=XDb{Kp%?7_UHwhxN}YV}30C z(<0B~9ouisN52oAWdUpTV}uG9%au#-H@hS0HfD$2`MTFT^-p^-wB3>XAJ=#J{-$Q` zOV?vlRt}FJpIW-5Y~E0}i{F(lKl+RR?BQM?p04RNXG|tt;d2Js)|8PaNO8Yj=vhDphgU9qfwWi#w z2fyJ5E3zojSe{;dh_0|=CE;_+zF3qXib(i^XwF{iO z^;UMh;drBRV8Ephg9O%#kM|UN2Nu`gZ+ZW5qIKTlIR~B<{w(XK@c!d&_JkI*!b(5F zAC`4*TmR1W4LdwvH2J08&V~WM?yYU#q}2zVVLKlRUNF#P^PV@kR6Ak$;jlT$dJM|%b)BB8kdFPDk`?^UXwI68Zskoi3C+sfoDo-x!QkFQn<6o_D zO(Dvl$=A_9gK@ex43t+-SO8$kLW&Uw?|{a1GoEAE(n7c)P2Lv*jC{}q!VQW4SeGH< z!2O`}pKALw0O5d*YbdmoOAVC@B%gRTx1iS@N%kiM+;y zr~Wu~{*mTeOOD_DcEUGyM~|70R^My%Y`)vteiJHw+*K#H=ZyG>F55P`bZihD)zYHX zjhl97UhaHc)G|Bs#^cjN{br~RWSp4!Zj{KTU)E4{vy2}`v5i^}*DdR_WmLb$+1Fif zUp(lkJ;}V=wPVlhwo3o~ecAPz3o+|0+#&YNn15r^v62?6r)jglfBGur>An#j{r2AR+WRokbf5l{pCfJSo%QhSy4t13H090h z7hkV4w|q12>tB|{ZBAV_exqGypCO7l3vx7;!7tk9c($#z<@o;m=A!!D9q%?gQ+c%E z*xC;_OzN>sBS@R~xOrH}zOhL`!*>2Uu-(Lh;IE(Ui1f_pJmJy#3F5-OP2#rQxBp%} z-pf4pxU1*#r5rn zbFM9f^>Bc^#H>g4dPtlO-0Q!9of|)!hG(2U88!dI!ZU#Z^6(&eK(oNWKwKPygMte_cm$kTNExncEPi7m-V@lv+tkG6N}HR$mv*c_-IJC*UX5Vc9pkw zZENYA7WA=qr$d>)Pfr@q^VaZoJwI#>%^DTwVYzvN!^uH`<+d*O(}wlyGBRe%@`-W% z#f~oy416^@@#@}~!vlJE4hSogHp`pv>jj&OUP)hvE7&0wE8lC?>)ckYejU0y#7lX3 zR*UU*h6b%E>NR}4t?T?QAAY)@-tcNao0ENBewdha^8DjbT@#*O+c{zB?a7lig!^`$ z_aI+wbu`p3e`3Jl5bs^LH;wV!UwLHG@Xg7SuD&%(nU$N}VouzyUze^O(l~7Ou}33g z@5SXE4LnyqTHd>p@2&I=$G6>@@J-c>)l9n`y9car?v<5x{f{Y=-Q6PI%TDTsMa_vT zI9`z&e9eCB`S;6Y!-l`Rv>^7zPuiwehNTv5zp`?8=;P21ubbrkVBh)v9y7s`)4Jse zVftyV!6i1&Y=7I*#^u-V@6Z0aRfj9<`tEyi?xHRty5ruU@D3B%ovpL|Z6B6)j=Obw zS3j4Y3PyJ{YjNKT-UHcNK`z=0-^-ruduuPfkfE_W5~}>RSK0EB_4}mC^^>PfySOd! zjm22Si%?OBOKF=cSL>dBzu_0x1N~q3?$WuB{gsB>*Cm<_$vI%>rhPi$O_z#M&Qr_3 za=KC{?2yFCrPbh7u|K_XAJg~pqy@FK>Vs>CZrReZ-!1<&hSlsEtY(+w_Qr4u1gFd> z4fe>!fEA1Jd7tmQd{9=**` zbpF2mhvv2NH6QHwVDg3)y>7%W(Od3(Jh|vh#NBo+Gh1}pG5T#_ol7%bPI^6=d41xb z{{8C?T8-_h0{Ma9ABS8_{2=XqE%K{F$+`10^lg3DcWmRg*HJiNkMfP@Ze8xtiRQaD zGTq{nm6voEM!5HiVJ7yhJ-NTt!lm9dxtl3KT012|KS;u)uhsD>)r9Q&);nD z@L8kQ5e=u^)$4opJH4Rgufxj%U>QI5VCbG^`7x)zdwzIT^Ks23=_4-XXCx&|cv6zP z%*=N008u~NO>QYc-8U}E&-`ss3406pRyK9xvDdR-x8UTyXQ`>kT-C#F@{Fq z=13mi(})OyO+F&zdU^BeIE;`9@Rj?>rMv*VT@XXUvbFVm#%?A@y->d~QbSG3vUn$N z4CY}}hb@Eua|V_dh!@Eg8S>2NGE;v7`U;AR$v5ZxzDxGMSKB>w>-I2u(C9@G=BgFb-kexD;hEP(s}pYJKJOGa zm@5A!q3()7?H*rUe1$x(|6*33GMP=_la52z1g~2(;eCf5zZd@6u=3pWP7O*|mMs76 zk>y>hZf&g>t)CrGBD8{-ia8z5Q~$l)Nn@;E3h9`}SWB38@;b&y90XadYQ)+;i=$dh zUD9XoxJ6-_&C{28Tb*7n8m(#CztQd~--=c{$49?E=Ih3d)0J6LcB~^!jf$TH>SOLdx2SOwR=P# zJMAX(9Sa`!KYZ&*`G~e{*MB$p?6$sLg43LTJ~Z01Uf*54JI%d){a(AnCz6(U)sow! z7p%EmZkE08$`8HsYyY{u>Pl?$XFcxz@qS&r<)wi`16H=_zy7zr*^;LTb%JbGef`bv z?<$_!yqUIQPgOwq!tV|>%AL}_U{H$kqGf!mcCnpX?K?ZW>8ydbeop{yq@4L0V_tBvb+BYuS8zdUy@zb>{&(@E*Y4+p7 z&hvfa%;r3v&8P&{jP2Ly>W}+ z`45_VZ*0==>amc}1>ya+JtGyFU$t*iw0P6{vQ62iPRCU(v5Cs-Wktl}8fJepxaWga ztM>jjTs5lkouLmh>(5U6^}-Ox#xF-N%=7H2e6*mu#`D^k5lhG4khyGdzcSwU^`eC< ziW{A26%*1lscXu&AHG{Zal__z7nL{P_0DO2Z%1yO-P`^+c6RgcDTRY)guH37-uXq- bt^NDh-det6c$2(upD=rFF1%qghmijR1~GTW diff --git a/Modules/AzBobbyTables/3.1.0/dependencies/System.Diagnostics.DiagnosticSource.dll b/Modules/AzBobbyTables/3.1.0/dependencies/System.Diagnostics.DiagnosticSource.dll deleted file mode 100644 index a2b54fb042deaf5d73a734ff42aa9f50f3ba264d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 49528 zcmeFa34ByVwm)8X>Dx<^PP(&_1kxu|!;&Z)dC?*WdkdFlLHlHUXa$hnIxCE5pE_x)1<)yswZu z{^MY*p(GdzHi5`xdkhJx^b&mIKI1T4B|&d%0E{Fn$xJ$6SK%A?8OPZ8IFu)^LI3GP zvdPTAzC_|PH)Cc_W$f)6(IoWp!7j#nblR_72FT9-7_@@O)sj)ba$GViLm`Ze%?V@E zii}Eru{=~RNV7PTfXjgaC}TOG3_ZY)7R%IV{09l(?{pgTk*{eq~l zJ?lI>NckD^j{Hnzhtolg%ZhU#UH>E)`*X&Ay%_Ve)F`v+97NpD3GRWMJNpRk{Cz?Fipl>ls9TT=|0vjm_hQE{#WB`^;lTJGsS?NR6tYErWRXeB@G`Z+S4qBLqa#?PwcsYo*l5z{PoCLc=eLdR7n46<-& zp+yjm+Dfv|La|Lpw@+PRf|%@RZ$Ir zQGH9ljndS%!Z2t1wB1kiP*FppQ7mwLd`CYhpfYPCWyClng|0)#^5t%frCJ~mrJJ;r zuXa;6@(tZ2QNC5}hLzxI=!ONTdWrlHAU3amkKRZiiZw#b*zg^w~pxk7gjBK2fA3L^HXE zrbhwK31kybTym(KsW?vrQ^68BD-uFt&eb`VvP$HB7(VAof-U=4Y)j;vV`t?aJFEY( zvj!Y1%P;4dkCj&-=UMblt&)SU!qIhGpaD6!Kt(cvk^`LMs51;cMPW~1+~5`9Q>u`V z;~a?+0L4;d5!bv!6=69$Yl(9_5q(Oa8rNW_#@g+2U;@%Z?Cgp8?w+r47` zpDsIVNLs8lS1vMl_pErOj=GCSYQfBQAvm&!^eH$w5TkI_-gSF?JD6 ztN5GD^`x>`J=A~8uhl~g$EZhU3n34EbPKRK(P=G&#)R;NRbuFh;TyQY*_^4p860}I zZBER;xNa93(Ql|)l@SYNhE*v49IKu2ztzq_IazY9LlfOJvE*dgxs?zSN;Wt>NXrEm zfn_>G&n&SyF}U&lfHX9)V2ar=yooKYgspdpGDI*k3XQDBLN=nwGhqTA{7cyO@#(dc7~CbdEHqR@brr*D-jdfheS8^OLndx7QN3<2>%EN zfPN$+GiFBxvU3>-#V$G18Kh!dlkxWedY9%QbEpu9*N^J?oX4OuI0BmUsah8%BPL3b zY>Z9#Pt&-sryNm6VHh_CF)-Ii|HWg3KP{?^bgNJh@`mK4IO}N;FGu4vx@1}K#Z)Th ziwO%|f}8?4U$VhsqwMr^aXA|5ro3|5*??=NI|IvBzwB%WQjG2faE*@|1>r*G#X}E3;WVV+j16s8 zMVgMChO8(%cgWOQ%pnsd`YP`I^H|&a#mS_6C)&C zz$%&N7u>AJ(a0RIIWa(Sc0pc3m|DRVa$q(FA#Y?wcAiVl2+RTEO4bv3qYq&rAQkBA zahYM!z%XHm_qO*GQ5%ucX9g&U2R}nu3p`2xm@|O=mzV)j1!{ zrK)x{_%vlLpvK*z@j}hnNkZ@#s`8B}j3D|!lRm4$qV&si1WrYP0wu2`un-B0mQiX{ zc;gl&DyWiCC}k!nM$I^1unT{B2D*j-U=#c*FE!6Wx22`YikhrAVR9C+v~zrq)s3Za zfTHPrLXXm8h`Ypu42zcOI-q4%2&oI4t&q}}XqSV}QpZk51qlj5Gzn}BzDzW%;jmz) z^#S55?vSz9xZR-CYHasMl9aUvV+ zi`il`WTKDmWlq&?(jJkf0k!hTSfC3rI$nq(U5LEl+^|Ge-UyC3&qq=2pCaCAyjbmW z8ux7=K$mKaaD{>(6Gv?5ru+h(ly`<(;8@iXy`Q^aQH1+v^uev{?dRUBmnm7350(Jr zw-k((oox`N2-AV$O+h)&lLLtOmV#_&BOi5PgU6vBL?#=bO0oF>3y4jJHE45`N`2w9AT(6R1whcjhJ-iOG$ToiuO}h{RsilWx=4%~fvwo;E?@;I= zFj+LY8#7VW@55#CTMSX3@}JW4VX4Tco0Vd!h592itQr|Su`MqJHy?Q^p=Pv_V655=SZE0~;W>83__5w>pS(UwrvbiXWwHxoXqgSuFwz5L-xTLIP zDFe|RV}-HIAWO2?<-C;?w=Kn(%oHqmV?yuAQeH}wJ@Yr&*C47}ib|q2>n%*7fMc0$ zXL=3#RVQO%XTXwP3?B`UX!;bf!IWT8+R)i z7*8zKEWC^Gk1{PFxgS*7N|YTydJ@)=wII=SFl+yzWD~!SO)_I6K~7aOQVoS;?5fS+ zT#k|_r)qX)%+H*cK-0}))3TeK7ebi2-c&)e88YXk8f*r;$_JwS{$BUAkl(;YLxw!a zkYOn-NR~8Ow_1`Ba28NBvefcq<~)ILuQN-_oM+K6wA8Ee7hpfm3($UE$^wNa=It%m zh4q0eLCzcP(&RkX{JjNv9*!>}d@k^~IdHn1m+Veq*o|>%C^qlag1or||Co%yq8=*Q zP2dpyNybQVT9m?VwG4f5@IGWD6y_x}qYyXI_nMXiY&-|Q23awx=`7AG?Sx)m{5bDM}w_#id@CnW*H^*pz#SG@F&W-vo4(Mg= z`W)vRnB&{XZlZHM<#)_+UJ`ShB;s@Y41JDorK&K;DMR5fI>+NkkvSem>NUsFKg{tY z%x%(>vXfGn<;1SVRf;)I?ZxK!Jm>{JB09%=dp0aZ?NZz{rX?M(t(z(?5c3lEyfhCj za&K)47MK+^7(d$y)I`#!=<#b`+&< zrWMG1?_1%p0(W9Au0n#&RgkDCTjpEO3WtJZl=&vPzAY>&5PQR-O}=TIFRBuo#i99DPVaYnPdj3&BY|ABfvM@#zTcl{D*i&ot#22cj2e0Y zz3!%zz?0&4^UMfS(f#}rYs6j%*|Y=np5gA1zbb$)<%{*VJNH>d=V5dgF-e1s?#HIMPjKugJU^7ST z<(OF0QXxNr8(c1be#)J>*bJ>S zCAzq!O)5+A-<3QpZ|7@)ZeVy`lVNm`>qsnAO@Jn?ltyF@@&x;*vSQLyc}8d#24g1T ze@5xe+;{Xt`@^XH85TKhW?_;RxE&l?*NH;GU()#GK+a2Hs7TvFFCp6^I*2t1mJ_Os zXAHzHh|qt5s7FN8}8%J@%Y%|QqdY@OKW!N-VfntNJH`_EK6L*595Ti{KoV)^( zqOeG0=rzRXX{xz21?`ap(dOhX>PK{2^jeGvwqvy}>K6BJ?{G?1@I8LTQygj|E+;$q zA?5Im(g2)*W-^ox)dwW6xFSb15c~v8JR1+z#-Rp2bcWJSQ>szPJHe1S-(Z^02RPM~ zVKccj8yHfJHlv|*vZx_Db4g%4x?O}7F^L?UZo=+27;O5T6_ZX**W-LL~DN5m47&EN;RAW(_F?buQ3SenyDQbAd1gFFw7(07FFb38FrkZW$qT@81 z`IQWq2+tKl1lA!pOhjH8zYWp4sNUiXUCc*Ow~^mOig4T(uPB}(0WwEYml7| z;MyVWWg>3?IdmpKU?VY%MZGXgac`3%52?gc0HEYUCc$0lEAc-b- zokThCiFCyb=%y<@c$|zY=hV8UP!>ISBp;n5G4k)W&{=5QqKrO_Hsr2xU^)H)B$dD> z(Bb2&KuIze+09)wNEs{OSSBKoSQs`J4>LM=5LoA~lg-NcpV)FAoL z!bx%$MprFPlULIDhH*&a^u0i7V!!&C3xa_DRSW?Y;DlYL=JboD!E>j zT(4rH=}Jx{NydZkS`-Pr0jawwC3jI3*zPlTQ^J^nhmGZTi#-K|1%|*5J0(tZLMbw9 zO5m?3n<8mltwcnu6ICe1N?IXuA+m+<_!k_n_e1H%t(b)$Z$QMMv=YGL(t;(V=%~_7 zRxPXDQ*en!_eIfMgbVD*UVArRJvSN7Bc>a~DCmZ&#M4Ra za+7deOgtpa5F%I#jTw;}Lm3MzC`aMG3b39!TZQd z$X%y{-sJ%3ZU87O$Ib&KM7I|rg>Dlo@3vlsGw^OxN)#yG12@A_Q73=e)J?Suy!c|S z7OF8$ErjZ7;qs1T;{IRmqNapis6R2ia1pp(o`MFjfzahfK5vNY_@M%hS3)RJg zCY}oNtJX!dz)^qjD#2MVu>9^a5K3T ztjhIT>%+Ikg?FiY(Fyb5W{Q?>_?4S$v_#KIz4DZ?xJ#mt4Ojp zk(Hl-N8rSb-PpH)$9ataHGql8ujC(TzGKm1!)jCx?IY$_pj)v3z|Ij>pLL!SK{h`_ z30w_~j_q-;z9aBQpb5r42l}o7G3-DU1(vje9oVg>N@X>$4fIzAMOF_1*pVenX!j1J z3Qm{1=&I}-0#e{wB+t#~eqnswDdQ!2l8sLyzRN31TqPB*in7r}F)%2OT{jr_erxa? z1cej(BV88``uvMS#F1MCe`^M9b{(5?ia1L;_~hBO6OgwM_=V}n8{ZmeBxZbMbaigt zjs!E@68pDQ!7@NV5;KhNueIa)4!#%y+Sli2sj_j^^~j$I90wfsMbDq;K8lx5z!i1V zo;N?gYs8hYKUhW2G*+DOTB^qW!lBjDkebY@z^bvgEbEdrcBh%(g9!u|arg+QcX4<* zhf_Iy5YiU*Vba~H7G_Gg8+9HqQ_X)*_{FNRA2NTjTG_d_Z&I!7=HzccznIgf*(mot zM({rAK3QWg7%5#~qOuN&(qHi0Q8J}(2gS~QG@p}bXXQqM8xja!ka|v{#`duLa1T8` zgD7h`eRldei5cv5sV7@wqs_lqv)K(P)E9HgFE}JR6)k47dpPAJo_?06hw`>=6CCA|J2slSjZv1&3PSQBgpOW+sGtI}(t*bT58!erKiy!rCiS}ia|$9}O2Y%QJ@ z+KdgUwcyJ_ehPcQ){vS7%z>Iy*dXMs#aW3;o_BLDaavh5lhC9gy&?5O+^2VQ?3GNy zh5<99z5Pl<>bF=A3ammUtOUoN71Y^3g|S+!!FF(L9}K^ijbJ;Of^ua2wK#iu6C_As zx1F4LLCbYuSnHR*n_q5>~_R;@AbyL@hg+-OaHgR8z}NVSnP-Ld@7&Hkm!Z z+ndYVn~LXf3b?L>C-@NO#~{Rv?uceYp?O`v($=S?a;@D0ubqjly zDFaj3axTjf_8KpD3&&d78@%-=lBk6M+sDg&1_^ptJ9`^D`d8Ufj1qg!kOsIUBNK2- zPJcj)A*k5cyBYnBHug{BKw}xpx8@r&*e;vXI1n)}4R8pc#H!6jfb&z!!1H|CaO2FL z!&*r3|hArwOz(+DC1D0w*sNfG~D!bD>9q?hL25>HyVY^E7CJysC{6rzj zc%D9xHXi8{((3@vFxEkagS^yiZ7wM3+NT)FTMeh8-R0R0Mol|it})K(dEMj#d_?s{ zDVL{A24$?3;4FDE>NzEedPGoR6YOn(%aS?)&r9k7JeYkppqxYSGh2Val{puq#U&Y+ z88!Bm+KGB*q+JO(Ad}$LsRZ3g1Vcz`;4cIJl$33Nb2F|3yg!}vP?dWl(l;1y1$;UE zKESa?C-_I39|GJ53Y8`LMic2_e%j-JIoA0Gjd@TT)0omSHk|^ ziDKI^HxdRid@g36WZsDKW24w5i0ezD*uC&Kmqf8gF;kw5V$a}S@W&{&7th3o4&rs1 zHrY(3{%m3dGb914(=i9f8gy(V$J%r(Ng>WvIu_u0XX)6mEXun?$4=#W+jXonm-2S$ z*j=3SK^@EEb&_0+?J?YHwt-W8_87iXFTkD0Gn{je^qrb%a$cHl`)8e&sx)1Qws8I9NWYC zCH*3mvwnh;eWzAo<>S=zsJG>;If`YPD%f>8MtT{+_Hk@2n{RD5jbbghS3v8S^+Qc3 zvTZs>y*-J&E--12c7>^m9pc!Qtjg3!P1s1L1s6_FXRr$pA<}hhIk1V$!Lf~O6E+7< zW(9iQuIwjGlUR+8ZA$rzX)>FsV^1J&8f(?DuTq{g&17fk*sI8^XFGK4F!JWIhjr|J z&?qOHJou{x!2nI<_Dbj-ADg_afn#e; zH)eeX%%|tgPyX7ph%M9e7A5}xY?YpOKt60*%+~37U&sdYVs@^cw^8{;YGFePNV1Kl zQ&ht4(6Kg-B^HXjC(;tlEzG53Ek?o`1jhbpJ)5<#rv%1r(8oU0^EM=Ao0qW4B3=s% z8?()=Y_*QfRR@~=?1LzFoH@Xz77Nb%P37hw3+vcUU?KL3j=h=vu_?@+DiNF}8|}#t zDHU=aNc=?#vne|EO=1f2=INMOJ>J~G?$)svm6L$IqGJ!h<~!IsI`(PW1myjwV^Vr8 zutb+=Aq}-GXLoSyQd4v0bYM^E*via$VDAb}HZOC5c?Gjz3X)B%QQnkRvPzDv#h$Om zI@u;Y?{vGz+{td$^S;KYtYTrh`GEDDrJl`Jv8QzGp_~?T7n@Nb>KtnenAflt9h;LK z0(Kq8*0R55Rk1VJDBKoOEnj45z-|DU`;r}+%_6~{K3#%8WD z_pqPzyvdpCfu#?pIxjVi&E9NY%LeM$DcR=(E92M}b~>)9(hr;}Y`UeCVNvH9#e^9GhQg4$cpE$d8{#j#6q8-KTXBdgJ|v(xSe z)}mwgCf;v8i?!>RDd{QmCbolP8`)U+y3On^jtS4VnLQ{tP43*6&70XvI<^$pIqW@- zeI#9({#WyP>|c7hE7RXGpU(!@x^RgMz-Y-tde6}SVFGDav5vTv1M8L zmdn{nos(r2ShlilI@Xyn+;Sy*hcIaiOS0vwSFvw+p3vac>}QUV22Zm5krf?1^(WtLmmD;!(T?y;@5+{%9D*jkiZXSt1Ccw(&FE_Qh@Y#Ybcv&}5i zw2SSE%iGQF&eZq~ptl4Yyq9+p-`d21QP;s;m@$2PKe zldiKoz&4Dhye(`;`dyX>+0Q!WH$P~3hz+TxJkg_vSy2>w!tyYCNMNYtdCTMMa5Qh7 z`UJDmmI(VuO2Z2GNtU8xbL_8Mo@90%Tb{E_dWtzXMlHN;d76!gVz@VEW22Y^Y#ztn zlTJY&o?#1htSzSs*n^(h?+IyCLspnC9&$5b% zvG$&2Cvc4B!%xVY$1!19FEBbL6Vdz&Y_;HITiI&M3vAfQl(!xuc>&HNjpUdZqnFq? zJ?|>XobVFc%`p+}UuF--alXu+);TA$)P$GWi_yHCgjd)H0%QA=1|{re!zWRDv^qQ< zccv3Kw%+un=^6DeYzoINWuNCBm+%*M3&-|IRPGJ7i(@2NMZ#a%Uqv3Tb3f{n*oQeO zDKaZcqV#*2w5PR1>YY|tmV7jd%1YztOVf$xbQ{$`^(cBheJQG5+tKL;z0UYtQS&wv z)$B>6Rwyl?%)C-cio#O4B=_YKkKjKteUnP11YM-3V#5yw4Mgvojbj*@Q(1=}nBc3TGVm~4Y=O?X5C*y&2I#T^` zPuh=tj;|fxPw@4ED+Axp@wMao3BF#O+Vx`Bm139;Py=5H_J)T6(!F*`YC6tEQo4%6 zS`KG&IG;lghdvHF0duf!pn7iN@J9~K64gHpP-FK49?u@<>1X*0<5h{GMcQuALz7Z87N<9Tp=}s?vo_xkJ;yP zcoBzN0ZUT1OJ!1%GxdaWNL-d_sYwVCOywidICJF6Q7Ygc`oss&2~%I8TQK?(E3ca zf&HAYOxh}4hC8MWkU?YTa+%L%-mGlp5=O18?6MS@xQnlr8eGI+C~u!?*$tz$}352$Z*p1-i&>d(mile$duNR4TO3?Fd2{fyi5GN~B+ zkIS@=^)J4M`!g(Ine?oDp0dR7Ds-aZDFfM$iqSDkiGb_Wg?xM$@{zq8{M!s3X@Blr zhR5Yp)aH@iH$4g6zpuS$SSH=4yw11i=Z8I8iFxt#s&EWukZw{<>Lg?I)lyfzNkbGShv&TD!4Ne&09#8btg zhr_iTKE~le4##Q4)4*Ymb`CQoZ3DbL=`p}L)`Ng}#%4T+U6n?Q0Eed?G+vB)943MdCaSZC!)+Ws#^FH@8TOsP$>BH-8#sI~iRcZ85)$)Q#@vL9Kx%-~rI14tP^$9pD_E zR{G6FdP(v^z;EP6!0T1wS-{~H9PUqR0cC}e;P;7?dxE+g@I9pq@Da5K(2%|XFpJZ7 zWo||~CyVHB^4xuy=OgXOz8KKb?{dI1`fcx%9&O&4AY&bXr&j2{0TAc^0aKt4dXpys z5VIFB6*)4_1K0r5fyr1GqyuK+A3cxl2RIZnQ-bbtkgmppLqaUcHw3P{yA034l#_9*bu_fHIzAo&>lIYZ8eC0cFf`JSoPmX*JRvkWs>0 za5YFj3K?bgIHZ%YComcCSx6+~48?Txa+OpFxLPU(TqBhN_DE%b>!b?64bpJHjnYWi z(b?e4X6J%48&APX0WSn+HoFL%+3XT+Un);PmY#3pfWoR_4GHf)wZTP~VYF16{p_QumVv)-R z<0z8Aut4V@o3;ll$-cC^vHle_y3)s{EylXDFW))1KNU0!CGfFnJy?_WrLDugL0?)a zR_1+a*GKDC1N$?pFHJKEvIN_)tj%T-L+y2^f1At8F+(ZpkUQ+L#G8 zY=X_2V813Ns=$o#GGipnu-at2cV&mg+OaOS!)DW9*LfHp2XCl=EyOCH ze&p=?OlosHdpUP08zZgYU!%MNCm!Bs=O`=KOX>>t0SyFWW5zbQ-4lGF_Et}4b*m>7 zDtEisn7WR}P*c#?=pEbWc2^K(u{Z3l_bd*LUF>$(hP^>g*t@#2l5)n5cDs3EY9QF& zLIpTR1;%?8FZL|<_9`>ti2BP%9zjC2B~9T#kZPkQj*zh|j-iaz*7!TxAX8(jw}G%_ z9iDImncf)k2AAvDjG(vK*96(YRu$^>H%$pNd0K(Y@_L%5`&&Ef+C6^CYYO`Ul&BTO zy+Nd_J*};co~EU7q)5XM6%12+p)fAtpr^@O+g!#%sEn?j;NmjYUdEbQJV8*y0M&Iv z#*7{1cH>9uJgqpKSL+W~l(R97y26IL-N2$MC}$Hp{7ntz5xL6QWN+sjPiu#FhQ}8K zy>^0+OY8}D0;>-An>vC)uRq+2T;JL5ZJy{2H?_)O3dtUl=RhZdn8jzN)eSVU-^Ro58`d)rE? z1FfxI-t$n&$zH!V=xbtLe{;RB%{x2X#K;Eg!k%C_LI@o}h|eYV8c}*$AbdmxI&I7` z=fc=#CNhs<_sHi$!v3J8+GbW85?5*%C|#<>z)kh|F>#vfTY@l5WQ`fy>UR75zOc{J z8YQ~*QLb+BwGtDRhX%>`xTP%jg*zj-8_MJv5eX*wFkymCEtn3idRa1lJvqZe=A#qb z?eQ4R4XQbkNfy+r6p%V^Sk!>DURr0F6$pfpj7Skh!+I(d>6DJUgQ7sYuo4suPY+f# zi_XsSHU)ysUV+qxCPG1>7N9iDaVSjI8^laoiYz|iYC|=C@(9h$7frdF;RFLA(5CyV z18wcC-Z0Xn(nyCf{@j@QkU6cYl?JLalJEA3q7fz3`Y{!B+H_1k54o3Vo;GiMMx>qE zW-*f@dDFZrPVPYAG4ZB6cBvcgwP`61W=`~ZTaioE9ZBug+L77h6ON=#=nxVfnFGn1 zyc4{OJRPkVMj_{sT%y}Y(7AmF+S=f8pyZn6urO$vqfPpiSSI_B4?p3hS<4X&`UG!N zE3B}2syEyc5XuEr$D-kiW>kwW?1gPMd0Abn53m{|6NaKgVUHi^#FewWp+E<^5h~HW z$ONBfu|E(B`al_2?nM*=VY)Rd5ppoeIh99Ko}vy2Ys1{)6kQp--;pT9Gs0BA zdl4cygcK1eZV+Hg+@m0>bz(+zv)_F1XgbQDd?jb#9 zY?<2)(?xP_5SEQ)OUT>S*xCux_cSA_R)ujoyRic~HEoUFW_ZIGg{%n!7L0h?xGX*l zV%TE*6TFQbSh2ydVzfwm^}cXCS*!sAK`!M~58{YFu28K%R)MJ08=T~WaB=iV#Suadf|pjS?c`LCtU~uzRjocxD3&|16^q#zsxwV!ZLMu< z4+O(?UW$z~JmHo&CZSGl%Co$!o|QZmmmd)tHqzYD6pqy%$*2yrcLsfnTjH`{t9&S8 z%rF&CTU9XV>5S28Ly-k)j25dDF2f(ktWN{(O2WQIUn_!jtQeU$H+DXIMXD;)KFteX z9P~~iH|SrC<>d-QR*_o+=Me6k2&udvE+sb9O>R5Xiw|awnIg(8)z_zD2?&4aZN~sC zrzy}Dz-5Xj6t49*dsj|hME($W7Lf@Q^S7ZATD(A-NS0Xm5J5~J@=mkEi$;m}6Ub*p zT)R%8zVZbSw^E%*i-RMGu?lsr`arB!J=HA2o{rJ-r#>*ryHdy9Ezu-}BmT++CTkzX zB0%X&kFu)Z;@I+oW6`{dUU?ilTBxGg$|4SlFYK|{(!HlZ`7IecidA!8HpS~-9B#po zEbH)MIGU$=R_dfc;}Yh^!jRwZ^bQ*#+%hfI*ZT2mNQAJqK(KQv99@g2l|@4`UwmQm zvhj$+OJ@Xp{_tF1xFzBh=*FgIIkNdIm;wihvci?dTS6=?d{#+w>+j=R+1ASY3V+o` z7NSR9j*514W10nf4zw|NBXL_2jkJtzE-`LXd|`M%1R|fu&uD2v7Jw1vms8L$)(kEB z{M;+>HY3X@KGUK|pxq7Sgkjp`uOgkDpI%W3wfKd5b$!p#-{p0A(%dH z419~wPQ=n<46qs81pC9&JHpc!p*M?Z6`>c_my*%A9LtH6ic!4LQgKQb`vF3dxV42o z%7Ts+baWjRS!9HIafEtR6I@KN~|eo`|Q80+C zOn4e5*XRxMWMmp}Br*v&vcMY*z{YW}6oLbaEV9e$!h!baT~ay6YD1XLo@Q^8ug%js zC9uL9Z1RM>)wpYqnRAfooj}9f<8ZT?)S|L1SS?+5F4mm_Zx9G^Ag-RkR45w!? zILTA>rG?xrG;1rvgs?Z8f0#$6&LcGh&0$6 zf!VhD+OV_;vR0jymR@2aFic24Uzq7Qf&m!E`w%VsSj-R-*$-g>zSTk$e@!qL2$CiH z7IliWms8?4Od^(llzaG+2pd)+V|3jejV*o`B*G`$agkn1U}MK(cK~ZhzDb0=nxi!x z*JK}NZZaM!#y4aDX={p24d8Yh*F_PJ5x0>MV(t(Ym!U{QvB3(#og6cqifNz+)ex)2 zT}jYe*8)#a-4TwGBgP~a?Iqm72HNYe%Z1yWXp{OX09zzt4R}O;wSm0G5amB5H zNHlV`@o=zMP6x?iF`Y&Iv@wY&02UX-q8#(1A1+l zh!sKaZ4_P`jO>X070!J047a`}jkXmTh$ta4Q-$@iMf`4x)lY9+g3*q~znGcVh9Ei@ zg>OxAbB|CEFAxlBnDk2BX-jHB*#7%uBmMqL!;v^i!yC_vfsPi#J)jSJ6WGx};NlM=;P}ejk*!@! z%O;(C6s^aeUWgqJ?m^iK+WZhn?{e75(H3;r=#N@7R&<2MtV7(_GwcxPu3aa@IItgt zNE^qY6UZ@=4~c}RNW6!6iM=?Ui9HB7(at09A9!vnm7j_`-)Z!Bk7xmhi{AP19g7xW z|D&XyXl_42QY@Z7Obe`_HKv~O(u10ncp`(2QKG879i%#x_JQi|@cWiU5J96_;I3H2 z2T*z`zJ1yiQ<7XQcY^f+ouIRcAiyFsINEEhV}hNC^S&VN9ghf5A{R5ChcWCQa4+D; zttM;(7|90n5N>I@pN|%{uJo~Cv>uN`(Bmk^W3MN|SR0zw(b_saSVOU&)$1#aPEuQ+ zRYxb|_r%^H+KjSch0Zq{`Lj?%5j{yQt-^EpF!SMQw-47&JZEpl*?<6^%D3U^J)9Nu zBhQ21O7J0v<@e>E23`y!{GEThvWIUvBa}9A6my& zA+LKjc$)Bz+jN{7@S-e9A!7B4tRemoxP)20`6me-f7Pc6gi&|0{c zE~cZ#-V*oiCp$@$>RUIJ?8`fsYrF-gDM)idT9y~9|EO9>qLWh*T{E1xA}j#Suytom zMTJeMDuBZj0k#MkC1^B+%xSzU)u2*Cr8q$G`#4K*G=yp+h5OlJ)HfdGv6BOA7E;S_ zR0A91$RBq^_sZe~Js!tKTEG>CEF=XDj2Ax{N)q<2rv$Q*+FQWYOvlEM{yn84a{m4j zq;_iO_m`N-dmGfvHmK{w^1HS9pV7OR7`=6MES-}%{F=t=`6R-#V?H^A;rU=MK2URJUg-D^jhL57>-rzfyr=_YM&x5AasgE{bOk)YO5rU$2cNQS^(9H>)Bk z{xkpBz~3s3BUqy+pmh)2Ey*ODa8oZ^J05b<=y`C$j^Z=9XgVz^(Jvb+c#T*=+WUKI z38A;`_(yXPH(Ti zlkVJ?e&>TrY6dXXAxS31!6X9`HXETDhkyX`f zJo4I#eK5pcsX<=@7~8kTE9Awzi+yfnKcbZ|m926}xsI`iDyR z)r7oMmXaz#Y}uM@RMKrduS<$mTp$c#)J8HNcB_F&*8Wz-f&qZ|3keLt57ESpD3>3C zh%1zd)@YO^QsF`rff^Qa!HNw=397~UUasR8Z9Ol-5-em>79*I4fFMSIvJ6DA0@^CA z35?|Y1#+59pjd5{C}=`K{EROcT((N1(O@+}PRMIYF#%dqEUHlkJJez#R+C~dDkdw+ zLx}x&vkef2C8JBi(q2W^IQd18QCPA!6KJs-Wv&*3fI>$G{4x_4DV1?D44$I~aZw_g zP2jl+CQ&LO!9jKXf+04UFmx%nTJf`XqG(D&ib;_*vZ#cFloW{?cwG|B;_t*-qy)3x zsA9Dl7055j321>Dd4W`xWi;}XVls)V;4m4?4k>T#Y-$x4#uI*kvukE>{l2#)TWqT`W6v~Au!DbW_5XzpEY_!_VT_w3|T zZ8v5cx(w86hxt5=d5cTT1@QKIw&&8Me_HsFdR%z7h(fbQvU`Php=Ra{KsW6@w~6Ux zMfLU>_9^(z5T-~TCX&hh%62lvDVUKxSIeB6&nQ!(MT(Iq_i>S%?2s`*$ur@77T9yT z(SXW(c7t#ax^X}Mzum%p*Lg&Mvp|3J1ZN>_LLSYiLKS=lt%e%wY4~yFof6%JPsC3K zC14hZxr?!TN&2Tn*K#3Ly`CgvjCIRub||Qf{D=unK?6NKT*voYBlvcVIWqd=YhrRP zCE-cnWp|oUk?5HTEEw#b?L^wZJ8L2NL@sdDNveQ8On02*KEw99<#^KzU8#p(EPiKZ z&o;ah$J8G2H=H#YQ3Uv`x~eid7fy$)CvSY}`IYroRzC2j>=Uxs-%dDm&t0F5W??mb z#0~F1zyA!k`f~D_%Vytr(fKzI`^PV~mmj?Cgd41fZg}|GL9I*98)=#Hn(}?xq^16c z2F*Y7`cWqj@PE7Pg^RB9jA8fv+xtfDO9!9-@S7&rv)l5j*3Z5s=ZhgP49ncJKlS~c zRTangH|&38Z{eutC7jZRDEJQ`5g;M)%S_^9B8)yJ{L>S7m61Lsgh~EEH}FoIq$rww zs;pTJTAt573P>)#V`Pmk4i!Yq1N)>z(p|)`Wz8UKCRwv6nym=m25>CIcL)WX7r7ab z<3Wxy0p;5Can_JVs4?Rr0uXWXFo3euax0bJjD#28dH7DD;t|URK10@)wshhI&xujG~J6F{S0_VmCq;gXnrDiR|0=VG!W;3EjZMI$m%yubz8 z6H9+0z(SY86{W8R%_U07z^=5*^QVOO>FINNM zLEw?o-m?|X3o!r_Vu%3_lpq4bvoLrHRUCOyATK8AGhHYXeMWeqRS+(S=ZIbiL-+|g zB4A`uC0r_ii-40Vw>hCkTM>ejWGkX+Is_LW_MV#{6GT!VFGVoajDW?(0y~u~q5(j3 zA_R;o!b6Z;r3V;}&^2ot3N=Jlhv)xH`^%+1A;1``F1 z!uezMMGhA!74LvdRZI-c>k~t9GW;O|OeZIerjsme)jGrkel9Z@a!~~ugg+DRYXJG&dO2fm(9=#w(IRI*aMUWWA|!!NI6No*?5DmT z9QQ2y$kVbc2ftrfGOeaQdR#1WObxCv9e*24e+*4$4AuHzhgVSXUIw}s} z=#t72dYUSmToogbU$MwrF?wW$r(#6qC~u={WZCfM=0=ydqOq~b z>%sd!@nSu(%RyZw>Cg|-6<2D{PVu%76g#_T(^0fW&!zB0v4lU)z@|JMwF?zFj?G!* z(2qWzNI%zG4v~u-)i{CO5%iwu_jZJXp4KAAjE+V;Bt~`hI5F%$u@PMvzG&p4va;sk zE>DHW6lo|D%1BHa-2b6sMglE~30L>OK}>kC{|#aq{&$FpHv|7SXcIrm@jqS6wNr$< zm;Yxvq{vK%x4hukK2Uhe$WuW5pvix?(@gHu9?fvlCVs;NzVm;id;ediO>*z_vhM%z zD0HI4MjgdABj!=~t1kuO7bVyUzg=2Cxz_h>S-dsK%K0+Qs?x#Cq0xm;aokcYE-g-@ zF}4cU`qFb>JVF6~3%;$o2so6ZzyB0T(aQziV3DIO)D#G|`Wkz$H-6u8W8_HB@TTD- z%0^dIdR?PNM^=lGCUE3coL7tx@bI5ZHS(hNjH(Ir|L1wfUAA+<$ek}YTOYb?^}iqa zcw^gl6Y@;u&Zid)U$m-j#2uA;$864ib2|OBW+FPa5Lf!#f^-YMmm&QpeBZ~n6!>1W zQPOww`Zpfvqv(*nMZ|M=da@jQrtbpdh`x+5mcEbJ4+vn+HjiaRop+dI^ts;S+W0rP2oBSRuU@;P8q1 zX4h8_l7S-jUruV7qM z?k4{7phFz?qYL%HqaT@x^*Y){qz@I*8gQD+5fvv8S9k?p7;bU2KxggzG~gg9V-P>Q z)3@t*K7`R4)9Ujt^#;c#Ssacr9{trd$0GEc-t0SZ&{4c%%&7@SHi#ESaeCYCKUS3A zVCl6uO8-mhDUF_gqW92CBL|6kA^eiuDylm?H~qm6Qr|j!!?dE0|DkTJ>-^iRZ`yBp@rv=^9-6W9%aMtn=Du<9 zPv1^odD|5=cLaa`nLX^12v`Vcgqv^6-rCaY}o%$#-Piezw@HozPRc3!R?!V zY0H1@+b^%by6CPy2ea1Bd42AldqxesXWNK*@G0zsy@iLEG<62K{B!ZW?{<7CDCr-V z3ZC^bJgH@D!X5Ztq-W?CeUCLtoK-iW?wWQZ%xGsZpOp2*UR61;$;r! zqmsU=>0R6Z#eSCt#H~Aib(FCl2fn0KoT2E!g?~goV>f~}qYs^7@k+MWauhlh?jfLm zs2<{{&xQCt^%!G!;Hv)`3kyGvHoz3Y6&y$!kMlE$I1w_7O~*N*TKoo44SrE*0)lEi zzE~;XJK(EVcGE6N-)Hjt2W&v67R4?KLrs{E_|i?xIr!2KO5!X9PVJz!PMi;+vqEh+8*;Rh z8gyplX!Q7#R19OE5v{)+vinhQMun(T!^DksX*Xo@pe zbjqhSuJ`{na+Y9q+lqfQZ%feL6v(-lw?w1b4t`Kzi4I3v(UPYB919L6ZEQOk+O6x|-lDci0YlcUD`d%4z>CAjc+k7uh| zsyw@{EY)Qr#FT28i(e$dqsDN+UzXys6497yoaJq93;3JM2DoyGVo5#vlh!h)YbfO_ zsd>>YM?C9n_B!f(i~Xq8F{8T5QSK@$a}CH$DjV$@?kX=Ys~A~1VnJq7xhoEJh5uXR z)8$u=A-`*#G$>wC7&~R1l#H>KEb=<6OaHK7&qm+L{VNB2HT%g$9p5$9XU$7neB77U z7VJ?bJ@nC>$}?&`@;^7MTy)$ea|RaOv;DJsUp!&=jeq(e*SM(d!!eb0&i7yY;)^=R zz|u)MUlre?ob}I77hLnnq+70?7P7iexc1hcPTTTo(nA$xH~h5v!A#%T)>Xsid|qV# z`0MwtKKSPoS5@qJ?8yr*JpCU({rIo$Q!8ut71aNuHD%bQGspe;z>_;YAO3W~_Rf}( zoyY%Z4t+5yclt)#mAPO2vm*Vv!~c9}*R9^imQ{CbGk$yBv&#-Xef{u%^;DGHcHyQU zF57?h*P91S*xj?_-3zCGKDE<2r)_89h{rajUNr9UJ*m$+${ViL{2#P#@Bij4cfRw| z`4hItFjVQ*1J3R#uKvVeRWsDIx$ClbopS%@ z|HxkV&ogIaeD}q~#`9iw&7f?XTI)Lbx*At?*)Z2}WIPF}aS!UFdto6wt;UZB1RS$` zO@XouR~oSzQj^LnT&}Y6!ph;5WfjAPM1x79p0r8+<_~8WUR!r_=E#wQ?rFR6xeoac zu6k-RPo3(T?5f>%^0u0d)h*$0`|+ivD^{#1X^XyK-4tjmZC~mOw1-NYf~}=6W>_(7 z80JgX>n2d_8d>ZbRf2q%C(>t0QfIsBTr(rMOWs)Xn+>2_q2FjC>`ElTQzhxJD&y39 z@5!vJlO?twx#zYL_Qze%?b=jy$%f;$J-+v}>VN!_ef}W(+@HG7_kT3fb?Q5Ru;sTE z+K-E&$W zUL9Oh^wxln-dJ#E-tfTFL+5ylSDPV&TdK>k|*}_^aifq&3wStZ(@! zbHUu3hu&F#=d#bfopes{o|?UL&-o>3_J3+{*>BxHvvk%RZOFB1>w-f~b2p!Qlk3pke#1+tcPvYD zbv)AZ&GE}etXOl`J*QbdGThN(djHg`lAkM^{XHu$>-Maf`sPbRFWp~o^~v`h%9*`u z^(ju5t9EnalFycx-e-C8qbJ{}>Ua2xisF9H9vJoHMVl|a_50!-6Hgj;eaFoo{cCvb zN29hMdN(Y2qJ4FBTu7ngqjk3lOx*2Zr! zU30*5!sB`W7`^V}yLSF7p80xTZug?o8yR{9u=Ywf207S{^*O;b`y9Ts!_^oxv+ zYS_1L5q>l>>~&Oi;J5hjUT$YB2$Z=-x<-||hL3iQrXVnaqh&5a|6dPM>*OQDflT2* zMmWHnyXDJ&2UBuOZrkU-d0ooX$_Kvw)4YM#jL#`p`pJSBH{Yj?%2sP1IOEC00q=}l zy2rjR;mc7^Y}M{~X7uY)TG{y5HYas9pS9+ah9RxD|FQO}Pg+jj`|g!>cUp>`ynX*o zg}YXnZ~yD1^Pg+THhi*Z`QOWD4Yikke2Zzu%Xdw<_q2Ual_(vzw0!e?+c(EA+@A5T zi4Pnc)qJbJdHBlfw>2dfzc%jTAKpJ;OnQA`=g!(;A16JsEp^2smz?;;Pwy8lNXeTz z$GKxw@Sy$pduvbM_xb15Th{OIy0dFz&i=8x&pqw$o2PHc{(5`q{0}ZXp?Futyr=IS zd#L=iyOa}m-+B8*qt@)bx~J&dX>+y=9G?H=Xn*q=bq`#Xd|SW48=n8y1IotpzIT85 z%B)Avz2vNi9vc|WcV{{O^ulq@QTdmTK4rwqt9M_tD|he>H!b?ilegqOXYJMQO@GTj z?X`iE$Ig1{p1CItQNDb2)v2Yg4}QP>wB(r+SKRdjd+(uJ<#q129!tOL;hewBp8WCX z?a7}Eu6-!$z6q;qK6w1e;HrbckB7Yb=)|p0fAK`_+_%=B_u151*A2Iv|L$j}UUU1; z@7%HIZ;xNLw(IjZKA-$??XVkCo!8&cy}0M2vl~~s?=0Q$*SS|Md~}7=`PJubPdYCs zx?tSM>5sp6=7h~pnWsGcmz~w6;Xi!u|6!$LUQz044S%>|?DUEaZ{D#f^S~dc{p->@ z9-6qV_42(3-`I3+LL?l1j&S&iD@8NwtGskc#X^k5#lNElqkho>X|kF)z=A!W4%};2 zQM;M>c}w1V;tUVrk|kWkqGk^vlf#z8tmMz3U_%q4|bMYqo{q9j-%$Dl(jQ8zKTJ%Bm7#>rNGr{==r({1jdUn{jn znVzXt?aj@YaqV@e5=CbvVVurK2VXKUKith68`KUr=ATj5y>zhk_KMpZO?r75(uf9M z)^DW(e(@?p?;RWTH2ed_X1IcHM*D#3v3iEl$^tD|NNg z4o%kWYPPw4XP*jFJ=3H5TLr_#J-yr)4(MAcqr9ZxAw{!N3$J&o3cDs3TVHfJ<&k~Y z=dm^|-A!s)X-$F_mx(j1y2NB|Fe-%KgF9G1`^>PmtW(Bg%t8C`#{v#YN#Xr3XBMWn zlT)Myo3fHxKVckn-q_HmMrhLc(Y4VP`3h~T#9~V)`|A0imHj$TSfxL`c0!CL&6AHM zc2jkd4Jxc>lCl_$4cUn}p;juHx*}4RmcE}Ly1qR<{YGG*=#pWA(63+iis9z2FI2hR zHBK7(=<5$3`>>lBz-zqPSt91*J5so`eCZ<$_rX=Ia2Xhf?!VgK@9XXmqtSNlh^bi> z&Qg@@&w&yNoX}w^()yCqn2D(&Um#g}9Wgc3uhwlKov~rU8M>_m+^DH=cR$f^(3^`T z(7Xvr;I;t>+?JsI1Mmrd_rUd22e`$Qrr`?!FaUk?gp3d*^QMRgO)BW~zFSrpk`>gS z-_zUx;`@nEq$pIlj;G~l?JS&bzfQH932ELVGtvJXkQfew=(l|_oaK-Lbhn(&j8p_r zY1?p|f8?NKIF9#ceR^xR1C1G!Kuu-nZSs`Hf$z9t*`#z-=AhnT0eZqGY?irjSp1o2 zPJ|nsJY6gh?Ze_sPCBb?vstDm_|iy)fwH} zwVfT`%O#nc1f*)c3UY^+dfPPwk*-W-e9RW?oBud^J*;Tp^U$@VM_9oa*@}0Hy7yqa z+!stz?TCFOW>D59T+i_H}#! z+9Hu}czGb~I(O`Qu}>vg33m_zdDdcL53x}KeDm8m zF!>{!AW$EmgKe||b`VbxsI|emRR@POWw14WEBd@O6NLIt-~^MQ)5%t`fo)c-c7Ab6 zbMpzcR_)biQaIoziIA~4=1v+q4CeIL00&+!a3}#a9Z~^M1kef!^2&?a|w%uYd%0De4#?k>84gY%Pv5k6{-$qru%%_}g6dGy*GFf6yrq$@F|jGE|E% zV8uJA;WfL~g!$su22DXSLI0Hs_;zOyE`jeAu;m|r12VuGkWoegC`A+!sfb$B;-Iqz zGuD&;SI-A*+kX`HTRG3IcWwUrWr)%f*&*%3rT~mt;w_()?#NM0qv-+I{Q`1wA)+!Y zw&T)iMf7p^Q8cH+u;)LQ~V-z0K2KowDcL_Fd?5;cT9) z9eb#|^hh_&Rj;qGmz%HV!)x0)ix}CC}N3ZLcwSLizTav7S{7#K_IH(?r zL`Ki-IU8iaSEt}|G|c@laAaMLngJkoNdvLVCKLHF3XURjGV@rHb6}D5)9a zWSTra?_+e(lY5~rCOG*xuj;}B|LJ%=S-aN-j;*mRs7Dcy%R{KC!TA>hg{T_c3&Fcv zj%scHDyfPdA1TevONez?*qwQgVVkcW&QgbTUac~>)w8AZhWMz%emGMmb01UJ|qQ23hD5{69k$W zxvmCb0qY__k8R5C!g-55%v~n;lo?8NU&ZBjdIOe{gbaO_)(>-g@l93Yb|@=5gK4Y1 z;i&V1;5L>qws?!8mbm?~HMKV}ZCI{T()IAgaNNUw?6N_Plz{jzoTuR;k%h*N7tQU9 zFe`pS8k3g3`4y46CfWzu*iz{Kb9jIRB>Q^6CaX%<=81)U;-zCL57z1dLQe|I~v2 zX=wV7Sn!VdBhRBo(~sG^v}wdg+jKRj@YepjL2uI{e+zm_yHE=Msi60hvO(*eMu~Ia zTEtZ-XkzfO06yw>?i&wiY{Wm%eItJwV$F^Bty}Ls=7$j9Hk|wm-rM|l-g|vw?_coV z^dlDzung4?Bx~WlAR5;)$RZvkA8$6!AuC&GhjPCzS-S54N*>iYH=O97dpGG{@g(QE z#GA$PaW@M~2Dt+SJMi4tti&j5news~ z=%D8fl#$fR;X=gMvf--=5AAJJdM&lzPc;*rqc5+Xun&1vX9SCp98wwEVdUj-?W~CV z$8{=!!s+c!waCgq4!F0BvEDIQi);5vCp$r z=Nzmh*aGEMEYGBS<*nE?i+`TYn6L71tp0g7;m+wMf!TXu z)PlG#d>3UcRElk0K4m#f42OAGq+)RWA;y2$Nyhu^rqwybG; z4OFi*j+lI5slu4Ozb3dt8ByM1MJqqSl4g#6Il(B!-%)Z7Ey(cTrBd$;+o;z*7xrLgpriXftoQ>biD~ zG?0zqahd1-=J9IFo2j)$+*E_&(;|Qjy~gAyW=e+HyJ#_)Q(2wpE&de;Iv~Rtg7s$PQx>^5Jf>d;O-_4vd%5c%m17yJ!~No(P21 z#JuTyBl(u#KJaEBn9eXQoh(wY^whjoA9m=5omHn%9x9sn*>CSut@lg@eF_;#fUtnx zk#Vg>$Njxebd4qbnRVUDk_gmB0DO};fG~;WcTC|AyomM^4i+jqZ)!6UDbqVt@tePr zJcrIhg`Ux~LFebCk<9>pX-fe#2qgXkfPV+z-vamwsBnFT^_lA}awggqWkzPS9?Hpc zqR)2ULb5)R>vjBeY^5K-C;tz0g+H%25SB4X2DDZa60F|bQBBd)!e*XUCVCnB>b0Fs z#W0>+W&TksQ$UwgQ+MczGE(rH5RKdu^epx;;&TW~k&+Du|I?QZ&xNF1jJ!+CUlB7k z1k+&g+@!E(q6rTzQedFpQGmKHbvdNQhq7{RfCXwNI)%J+DlW?S3FIW|=! zfEd9s=Ahg6z`LXjk{v~L>PY#`~L^qed@7JY4umYMhr(F}P77 z+xUxejyYoviWpie;Opt%?mvF~C?uGKYJo(>E~rSc0V-kz z5xXMT_1f$8TEUK21jT{{{N|h_z_r|W-~a#K?|r}b`wpJjo!Qyl+1c4LbE02ZE}|lY zXz+ghiqL*YiN}?Me+{yrSi|U`2HLHB!FWIBd%-v;o-1S~3HWgWb|N#H&ExS!%qR|1 zkj!Ipc}!3LKxQI8hGVI&uF_A|bbuE^z8Dob2m4Q!_g0T6#;TYqLOp?^B&ANahLj1f zE4&0?LPC+s4LMSNB1Kv70zEJn!MI%KBBVwB>q=!P!3&QTwCh7;T%kz?A|rbY5eguL zj6_IHPWxw4W~b<6EhWH5b*pbF;-rZHkI@DIW#m{v?(Pp0dbbn^1<^nxWpjlL9bO%H zyFIQTy`_MYzz0TB)<`HM+R}%&+vAFmdpDHKx)OSYhmehe6wuwi2-#{Nq)bw~Kmb#! z+AhkEbE{^RNlsj+Z$D^95`}GN4{5Z#<^Yb zx+dbGAD6wGG4O6%O~0eN7ap3xP!zPiuD$Wb#bd0_&^p~a)2E&@*mmB=&HWs*-|nuh z&#&M7;>%;Tp0D@x|5}{8E8_X%omP8|E?ZRJtO}bFx;R?Gz%isK6OA$rL#U5AB4{dd zT8B0!BmV`RA~!okp^C{y7&rxiMUoGN3XMp~(8kZ{>Ye;#kFpwwtn>3Sj9iaIRZ6{7 zcKLWZ^yTBBl4d~iP-z{#&51UDOq0(e1^Bcvl9lBB8J#dMdAqtlXje}AranRbQM)oa zMw%npE-+GIK8XDWM$?0$LN_PoM{fEQvd`~vxeh4lT{@7jOPCK*GuOfe)|Roq9Dk_PKx@D4EFYfGzRd?Fll|=6Zlbp6Az%+$X*mBWn$m{ zWNJg~Q$+7XJwnH(@Or>Y*ggwhqOAK%Y*$igYcXj`N9M3{=_r7NS%?SuwIn=F!rLVL zK*AmvQ96i(UL@pTlQBA)PC^L@7n3lbgcSgxLs^f6p2V0I`iQB3Y^2rzLlj+#6JY&- zO$%95R1krgqRUL8Vm=x{2?YGH3=0B`g1&TO6JaIyG?sEkQKCTyW-=@TFgkMW#1cTy z6J*!|N-~UA)QM%n+~vx!rIZCo1C_|ILdtTaiFV7dVoCvEXF9PGq>b*%uxcplh2C~z zB}f;knMfr&McIP-AZ904g$$9c47&$q#>lr5s{&2L$gmd50W<)KWY{}O9Wq06I?6X##H4Z>Q$HeWq$R_gp`I-= z>%>}+J#y{DJ|agnL56uiJ!cdz!^Tr-*ie)v!}wH9%mpo$VG_VxQHcyI0L&fjCNPw( zI~wN86P@`JM%a!Yq>c~`R=s{3KebX*3LgmA=al<5_voSZSR8lZ37$ zj3i+e2}?*=N5Xm%A_~b*LRS(-k}!*eB_ymPVLb^EmEm_@=864sHho`i@- z@{`b&gpnldr(h0p{z}n9v@GckPuw0bc=fO?Fh|6mFMs-?7eoR1P>~N<6mbGcQ$<;- zEK5~osk$uHl%+jnDMOa_B2yadLeh2y%2EqiIv9PX5S zPfX$_a0G!IK?*mTBScaHTg2t_#&HtZX=G05CW3P~Dp|xqmeC@<0LiKo%)k)EP2h^s zyLjY%aAFfU(L_tgO(^6fMkS<=fWF3a1VW&7vC9j+d9i#!BH1B3;ip_dTu}n&`^ugi zVYGmoMD+H3p&v)Yj$w<~-Xe^JEHTM|Ibpe5Pd9Amf1>7xEU4X zH;%`NK_LPzSVs&;DB|+SDMTs6h^6!{HbUQE4FP;EPs9m#5fK!3=vsymQpmD_$x$K!8zxYm>BiPA%LgOk@(_px6NcOb zoIrLW2PJS~MTj&n(5Fn?kpd1Ih8`5p=5-N$VH_mon+f@LdCF!Qj$$Uct~VK(U$qtY z_dR6)G~?o{;Qffk#4sf&#E6WB0+WJiXb@Qn#Ske#+QUt0=kSQk9ye5+`(xyln}UKU z>TU@M{8Yc>1Q9nWfdd3(Z(clyn9&%dsD)vMNE4H$S_(>97zNV=5}DCbFht5yik2(~ zsU`-6zyw*E7KW6R5EU>@Oqs}NDQGDuE0Ppxs->WyOecHMC#sS4p-mzK|CF^TkRuR6 z0!Z{#pg(Du5+MW8uu>OIm&oc$%ZaRvHLHZUHq){Y$^*^Oi5(yCae;0u;$R?d*os#^ zg`BAPy=8;toUNJ_?dpxs+o!zDnfIBRk}%u1Xu098AE+ltJ>qXuo|3^Mq1bC@Wc zKlsV(S(7U@Pvj5lufI^+gQLq#tXpC07j|`p5-19!LdcMiCWxXFB48)M!u3jv=8*eZ zP`rSjD#X-4RKj(FKZGnW)c^0=OdkyOvK-?D3j%C2l`oho-_W4XUKmo9odLuSK?@SV z+C{b)vO2bf>Bo&0@P+(X5z~V&Na72~^=-*yg4Hld>lQL$A;Jm5iLoS3Th!}^H4rkw zkX~oeu?i+34YN}mID*MTnMOdGBBrH;9A)t!LM>y6Jd?wn z!f3vLBi$E?I$uo@)Ajqx|3~>>ssW7j)pZfd`m=zfKTP;y-_Z#^B6c{z6`?b*uI0}e znk{6l>=?^P%Iol#M6)1VBpvk00$2Vp`49Gz{dwn`s}2c0Sg8)!D#^{ zJQVkXmS`jo4&#>o*`g>y2hh&|sOtgkCBh#EYKx#3h&hAzAcQ;zsFpC|WU_=y@(^AD z!Jj0P7fxc}6QC5pqai1R8o|IX1X*JNCmvr2pve14BFB;rnq!mg5#@elT>-R99KNy8 zGn4E^0KM?Z(RYnHg_K#YEl;w?XmadHP_Iij|LQTgfUkvh>UKOiW?{GfY+>9Eq<$^I zyT<`zktt3_h#+PKu>y>oT|%z{&=4Euvr7yAN_j0&475!|#Rx;UgnoUY&p5J2V)l|? zehF)dL-C+9gtmab|Nb0U0=FC4KC@dZLZAxB*^pWT+~}ZZgl3WB_Lp%I7D|j;K7Ry8 zSl++Z=DLrc@P#pmyAjqE1C|^OBkt1rk8H03Mq&v(Ua<1yb||%D33y)Lw)L$g*pM?% zc+(aTyJ15bORj?$@Tcs65(9s+5Ph?Sl4!6E4q$AcI{@7t=r&+A)_^&XDM2IF5l+?s zH36p*$lwMmMF@2hVI?QPY%*aNA@ts5k%T=GR%lPAM9u&52R1Y!HXPaQ-2X2h@&664 zn+C{loD>SeCH-9J%I4XlvOlO}ij)#bKPwOJf=xHa^{|>St3>t8jJbhMmV3mrZL} zopE1t<@Hz#@$$;_ZGPZDXSQG(THgxYfMW_-XKx z6*JFB3Ap%EvOA+b0qsjm*N0 zV6F{JX}Y*hr#1U3VRR+1bp-`QDit>%7&K@)w4V3AqT>^FnmKC*#6EAQ751^4>NO7! zB8q#^{BWO*-uOt?VBCT*9#uxaF5~fruk>tQ4AVb}BlYQoOkZvy;q|k0@SX&_0z=)} z2FF>}7PfY_EE{{NRDB7lvU-l<#XJd6xF*@!+rhzPPvYiZlPN2u-5L?y;@%}AOT4l@ z;zgn)XDh4J)Ktqvxg%*A%}=ySn#$!T39X_9305EzSTfi#m@r|%5d;{FI}FAhEukD| z%g2pjv|v0CA1lXkO19TO?0_Q>3I9PCB3zBo7X!n-(kO7h{_}#SN+5EZ*W&qf-jVse zC4TP9g=?^;PON!*uF!nC*h9P)1M*vN_1Bj&57JH9(Dx^VkQzvcZG_3qv1 zv7&s~qL|m?<|RJ4)@t@(4gKZH>!+x@17C&j*loOTO}uq@T=Uz@4^7q-(zVf-z->id z>*l6>Y%$EYbA9>Bq1y4~%iW^4!|%9S))_&0A&_Y5*n!LIkZFjv*%onzYAzUwR;`dc76)G38`RP%%CKp_cP5j`L^9_NP=m^HXcf z#}ujWscVVX4anbEkuhBV$^32BkFUjIskGC(`@DbGH#)d1>h`_5C)dguX}cz!$-ZBs zu!%Eh{<+`;bK}oTDti2CYctH^kIzR`&Lnm`dDe08sXB8Bnyqv{_vv}w-s^Q*+q~1Q z8kaA3QQw=1OB6G3i9(e07*JtrTeer&!ignGWen_E!Q=SwlO_+a zZ*D9%8p4W9w`5T~#3DuMT?YXRcfcL3aXTm6i8u)CNtA^X=zsj6l2E=s5-7xxK!GCx z*4(z1PXaA{%N@6PTP0e4wg=zronTz--p71uV_3k}{d7k?n)kuX<7$TY9HySqzNOmY zc&v!N^NiCCtS8I;+5+|Tn0d4EBKsv&uJc~g7(e;ygVlk%R0bWd{C$f>MTTC9@k&n>e)7>fJ@b$`@(OXu%sq$i*G%b*y=o~ROju8gY}Lv+j%i|X`4!- zH3wgFUD5XFzM}e#N$F+Y1D~lMDPg1@$s5-E`H@AKmXY6hv-KH*dTr-@-ji=NHF+$X z{rmJ?)3f{h?ozcl{P_a^IeKqOtwJB?4jEiwGvVYumk#S|)zo2CyDFDE&bqobYtXwf zeapARzGNFsX)yC%8!`W(Y4|l`AD3|__Jj=YM{T*1G12Nq-$zN|nqx<# zR=1&s!`ms6h&y$?s%!dO5B7QHRI1t7*ZZ*Ue$N?RkB=S~WYi0u^?Oh|qUdDvG5wG` zvzNT|^Tx}!Eq(BEVsYh{dplzv9xV`0Z@Ss!^UQl-Im2vI`OLVirwgOfB6eBL`7LD4 zq}o(7v)4_D$IWsE<+wWdA8nZHx!{Dd@5$?B9#*22A9!tP%n5@S;gKs>x%k`6xxI6K z@B8b|VK)vBz{kjOIPBd2>aeqlmY;Ng(Y^>57ZbuWY2pH0oQI2-bt=h{ii>CC!{yyk zFddt}>W(k zDk2<4IKk4;l_k^Qn+=sbedFF_mlf6rrR!N!Fe zgIwB<3$7&2?l?01xyr9YYDaF_(8|3NU29@jRuImalRIw64R^PCyWmX^`Cl`(Tuu4wj>x99p(MwlO4sC8)L z76rA{P4S=NEmxM94>zAW!8_VWnac|+%zr%lZCy_52#fn)hFq?(Yv!3&JgFSebopMZ zMrDy%L7|_uCe@ zGOOMWXuChinaM5O6}ljv$1mR}I_|1K--MZ)xk!dH{9;w>s{P(IXaVXxrzJeY4)JYpb2Q&!^zwAIWKYFJCwmrR(~9y;;%U`)3#43%Ba3NMo7MnEGW#x>jHcO~v%&ffGjFXufXn+nuZJ&C4#O%>GU1 zY|8W0(q)A`g)c1@ho??{-_-k+%K5WJrnpOO!IX1st@DM$E+tgN4-q82aw;tMdXg5Q zUsA9+t<)tyr&Pk&i%S^0I+aVMVk`+`J z;OuysLZ9rb{4S_nSKAtg8zOl8xUDS<$1NS;dZ!5OXHl@XCF1KF#aD3g#ed7ibRa$e z4is=LyL~9^=28YE!>Pn)j^jr2S^e>TQdR@_+MU1=GJ^sGnO=cooNZVhc7ttjcelX~ z9!@NlDc+ahqcZfn?z%zndzHa~B6eaDQ}(5@M51YgOK9&PICHNnIDO^#$}h6Q;U`d>FkVCCOm@w-QT zZd2dIT)$v7{czEjg7c59RU2oAiSH{qb2*Iz_nm3ieb|rdajs+Aw)J}>G>TTu_4y>o za5^4x9PJPd)G_!teDe&GM>VIk(mX27DJvx#0+)KcRGm?>@O^Fz_p;dz!43T6qrs_$ zHj#1BjD!_)4~NAw-7G4o+wSO9K0O(`V(Y2VH5vyu=m;*|O6apQ*yI}91tzvdiE$@cDs9qA!uIXYPee)CuF>$soZuD_{?_EoFbJ(E!0p3_)*6F1j! z@r4^MYAq+$o^Ks{@RDxv$VdDO&Q`H{Ywx5bM(lIydG5@Ey(_4jY#!IOo$;KelINAZ zRB@ruhhHVX;`RYe_3n0|{qRWDntA?7%!%NWkK&X}R@UTcKmOCb^hUJvq=l^9R*&g3 zM)Wyp6CXA=F&H0DT%J$Kg)u^0Nbli12jXNq^Gzw~-eHF#=PX8m=Pmf~xe*5{9rLhCEd^zS1pQ`1O2? zRvcU1wPVGa_3ui?Z8>4Fw^&Uh(Jk$!P0vjgwf!a^ZI3FM*t7QTbbJ79vhBK=MKe+x zTvqr^*fieqz_|_4X#sifZ)r}mdl0w7G+CG=I`C;v@f0Qm^){F*dO{m+|aO zaEkJ_TAwxhtQLjpWLq3~Qn$>-VMyrvb?eM`9SpFd%!z1q`Gb0^(W!0YEc|h=_Yjqy z2Af}~JRG4cCVq^M5akSSyq;;cA1xe<9ZkiGAGbrNZ@h9wKDf?VvEhe_~3LHRV8M*b* zTWN4nnXz;R8xO6*JvCoP&Yu(Hq4t~Ken+Kh_j@b0-xT5@{UsZ`)GxnyH&T3|wqK<6 zgvb$ZCXCFso?|Ft$1RHx2UT5K;k*3kiA~{G*bJW8DZP)`S%)65zl=CKz@T58wm{E# zVWm&Zf`F*1@b*-rVJ#ua+iMoO`?-$2qPd3d5|{ZdwvL+bIji}yPdo3)s$Z)%zsWFH zVYS>ILtnOczLMSZH2s~8MHhxXv+_Jx{`PK6%|`4fQ+Y+&g)fKe&U%JV)>(ro_?!62 zcdDnbQ$74kXZ(j-)4#+Szwv(jxt!0y8J3qj@wbbsbWi;MZhD>0vTW0{A8c*& zuiEr}(l$8ZCB!}lzsUPa19wKe92e*O$qyIf!{qxP_~ERdZm|JA-cl#rBOuT!h7-$% zAMyPSFFXJ~q<4AY#1BvYmKU!0bpBZNho|Zbhl{6ChppXEYRs?xW7GL}tRt5c9&YLQ z6q5K0UVZFj?Aa*~-aTtct2w=So#~^GhnuDbg(z8!m3V4@J`lM0{M$(Fg(>Gqz(+ZFa3?;~n<*E&;Kn|Uhpjl;~a;refi(nl{FhbkR4d%v?v7ju5!vS;e! z(-+_Wnt}K}xMx3;p_iJdW%)Uw0}tVRn?q3%tL}ujHom@C z6q~#F>y)U>dnZS$F6;l$>E$n@r$w)wZk%|0&4%?uKV{C$pOTxlDe-EiD!Cof+pzuY`?c1y#MY03}6MTI6x?Atp74EZ&$8_Xn^sDGuy}9HrrpdaXlBYYR^wFRvo&fZ;`_Mx&PMSqTzuo- z;!^w*e$@cnl<=2S8HPL$ZW8=-mpLX#>R8!&dN~coJ?y*&+j!wlEDL-f!AND8{Mk)m z29iJOX8N(=zXu4I9>kBayI&*}6c9xLHMBja<0iVAGFKC4If3h9AJ$1=$q2Xzckc3Q zX&7q|ZjP(S8X)4f;Fux`{0B!_M$cYa`pGGqD7EiamqL8@?hKBQUUG>Fu0+(Q>O6`p zmFE>pncv7u-V%+~Y=V}K|HA3R8>^tHv98J5E4So*mFcoURkS<#WnWwlpUqXixBC7l z?xhdQQ=2oXm6^2nbG^Jb+zRNiet_C8JgnC*#i^T3Y)+-`JyNEaHgVd;#K@(_t2YnL zPuLtEYUrc$s<*wOC43g{XsomgZq6&-Uo)us%ACtlc}cU#zjIhFMeO_nSc?wo0hqELUaE~dk$pyROKYPI*BM%YsG0ho zf+ybv#zqgH>fJD-UlCn&&$F>$<4`;`@x(7T%f9}$r%mgZ>tDif@xyKnP}ErBtGM_Q zEOZI;>Q1D}A!N>mT7gsFG%HPqm`1UJpFSQcAQIpl0x?4Vk zIEctyZMfUZnX7#3Hyv0kT)CIpmLHd9u=k2x)SGOv-J)tzgSLvp&IizE%Q5 TwK_jK&{`4JZ~g?*7efC7!TgPv diff --git a/Modules/AzBobbyTables/3.1.3/AzBobbyTables.PS.dll b/Modules/AzBobbyTables/3.1.3/AzBobbyTables.PS.dll new file mode 100644 index 0000000000000000000000000000000000000000..72910599b85e73fd7f798b003080016cf29f7d93 GIT binary patch literal 21504 zcmeHv4SXEcb?=#(-PzTywAx*N+p@i~v03ZemThb>#K$$m9|mc628O?S8ANsw#Ar ztGcU$Xsc#W_1gTmz1Ci!1&OfMf&y?%#r@<#Tod>f@g<51t}DBl!S>7N6d?HgF=*c( zuqgj4U0sq{_?!>DI~XYvonl9f|C}JI1aJ8zL_Oon-iuBU16xCJ5i z8g{Sff>fw-uMziJ&DSX{I&E;x(vwrslx`&96I1scWre!`DC^TB=26zCM|?+FpC0ia zWqo=ic$D?%k-$;WJEg^-m!J<;#*6~soFqVf$Q+&qW;oDTZ4OTdRvBzuwdy1U0}jfE zZ16&jVP_8T{0!ii1)Ohr{Bv)Gob&zBqM$t!633RJ-9?Qv79T@o``$KFFgiaA1&fMY zlEi@3L*qfs)96-PHnv({sT!B4YV}T3_o_K}12t_}7P4yqoV5lGCFcTDhGHy|^FZ+s z&BqlZg8AXABVu1P!E{&>(=TVHVJBF_de%@2EV%$6WF{Bl(h$_mXl;-EW+&XtF4B zFf3%(10)*&9EWXTGm?z}MYQ8P#vqSjHH)l^gAH0#un7VNMpH2a0Rsc57=nO-QB({; z=Ct_fJMaZk0(^n-^EJ-Xoll_gJX{oVz6WgnoT+(CmrxP|8mc2biJE44_%tGnICvV9 z^;?w^R|Z<^^&|%049B%3#xZ2WOQHHLW26w)Bg^6HO5tgw=sTZ-7@`hnBucnLbmQgJ%0|aN13B1S22ryaTjXBo|v9o z4VIof7tltYKr}di;KPJi1H8f1IW$bu`4qFx2dm&mJcUi?j!~J}F2SXDA^^3jxFIfR ztZ~(@MTva@fb$e;NubngGb(jG5OghFhe8el^C*wZ^RX#DJ?5LFuO{8_X^L@Qxepp< zF3gD;HlP^}bl}1a!gL^bmb&oG;=Ag40K>-8V;VNb%Jlh@ZD=yI>INwYlozb$g8Iu0 z8+pwYH*BOLuGB7N7mqDNUgEM1Qnr3q1OWpbQw%}CsP!0v{F%;c9#R@&Tje_En{b=TbO_MXAjHo+pXRif^h;b3 zUuW!#B;wr+#YwVX!*(zCW34l1UWfHSTQprZ8@Df-A)AZaGFC^FUVhH+s% zkPIObK7pjEC3k^SzpGrE&TAz)g2f7OsX*vArLw&n@>TWG3VRO_iGNX1VSf;GhiHAYd%^7=nOtw#N_z3aD{0dXjaA{KMdJ+lJgnuyzfNcV?008e0h+GDI6JQ=&Qd69) zCqIm4c;Ax%i)R@|Us)x{?=Z(c0>%HPIfm_(YFQANf}l|hLDYP|2mZkzpLvWU8YkZq z&8~0pVpL=dINH7#+Uw6B!^dh@Z}&3a+xM{ed+mEL9mYhcx9=JL+=RT+9ID%B*nPN4u94l= zDCb+ahf$oSd_ULYC402qbYtq_|a)Z3y%@KjOz_C;N1l$lRJ=S zi6h8G-@#;AxT~AiVUr&PZ{en0of~lN0{tE2@`dZO?0os?NTqw`-(FFHI`n_ER+
N_hFqwY>fR{B zf07=3Q+oGd*cqZOv37QZt$HpTh`=Y(ZbKF0kNa8wLCBaiSowIEN97(F9EmujtfPUK zs#ai}!36an#)~Ok?qZ%WAFFBuZh#Y|UsXR=)q$M{vI(e5Dy|D}!?jAvzF&PywFRnL zsIOPvQr$r@{Bgb4qnjcPG?k_awad3Davja2`9ckVO44kq6>6EEC1=wjp;pD1nnO#3 zYL~JFh)&k|%WAH-5HZM9LdxoK!X}i|YoKnSf4s_kM4N8xF1Cbb0Y0HIygbTqcbK6Sn`LM;sLwTO=^lL+ z;Ol~aPfq~9M(}?$xO9!+(**x|bgr?Kt}_|l8e;gh>a(EdF(V16`x*du>n(sEGFl9s z{?@k~Fz8=BDx)OVLz_nD`PKsdrLi8cLExk=pKXlX>jJy0l>V##Tv`(7I=kb8z%jPju>4D zxS6h=xe;?*qYsW!9FGSS6@1lyH7MJqe(R5dI^t4aGd~J{6otAf_*TW$h}LUdYF6Ml z%5HF}b4)I~#iiP!Or3D4sX9}4xzt-BroN~sSavnEAVBeXlnQ~Hj1avpl(M>#{_iLi z#kpuDr$$Jgqkk83W1~<%(=MnsDMEun-AEsce%6T4^+G8vQTntho4K{>PmL)34^7P4hm2kpp1 z#uTb{sXvN50&1pEkJ5cU6EpQKRVJe{m3(KZ9t|OzO{JJn%Ic|fmRq(@%3c=gIQgQd zjj0sGrkUttv14XrMQ1HXpK;h(oX1{NuN_?V#`eW)3SOq z>7KHBGwA`Bdb#pynni!@Qm~5bm_z^QQiIh$ z1@*E^{bA*gjT(B*rEaMFDX2GHs4;k|)?otb@9|1K- zs7Hx?HlH@T6nlO??W+?l(%bnopeXUud>V2o_R@SBDU(dlakq@;N`kI+DV{3{`lL(o z?5L&NTq+idg1W<{cy=tHFSyipGYaZUF2!?YA$`N8_C%wgzU@*x$IhZBT&gwj3sBFv z6wjkY^t?-%;V7t=TxwhFA!9MU>QbrLBcT4prFb@COM@E|j*wbC3aU~l6%$FiT9t{H zl61W*$+48APrDR*DM=^F>cP z>gm_2Ol+yAw_HiKr5;CBst>HQo~m4mbvDp6mtvg_ln_ekY^0Y}ndoe!*Mz!JGD9Q1 zHKxpm8w#SUun&9PXr$>b)d#AHl0vC^&9q!7HE)|~jVpN;ZJ}mb?@}KH)k6DSs#$v- z>(Qky)eCAF{fSFmqrGXg(vO5vI+xRnZrQKt9YgIM@2TJ&B(@&Nr!N5-)E44>q6OSf zgV?B=v@O6VJ54&DX?!@$@>Yc9`>PnoW*P80$ZJ#q8J+&S=v0~~!s*bd)18rM)SzXe zZKBNod(LMn*?tA*!9tA`EaxlybSOxdVu!u4O2h7nSH)R?A?$%RRz+#4z|{iV1a=Di zfWW;1Q-CIo08XP{0nVWcjX5!a9{{YSO97YA2w;>lB7d#GbTIzZRbZ_FZfYSWN0Zq-gj{)ldsx~B#Hh<=6)#QdA-r1k~#X1ZJZ zV&t=Qn!XS^0r-04&!|SUou(^7UxwsU(MQ2QVt$vNqMM>m0oviKQTI0U8Nlm8&(Qs1 z$yWjYC!N-6t6qa8o2%cTHz`~l(rUGn{)oW&nx_3XU%j?OdmNc{3FLW)&hWIxxptQJ z(Qv!=BW*#XQ#%WNya@26Pzs!n`3AHXHMV?-_EsndZHq%!06wC9954~R1uz=EMSDft z5WX2U|4rmh?W@`=;V+=Yjj-o#dba9etwHrmd$l48&V!MMwd2}fnQ!1eN_p?6ksoQd zYJK5<(bfp3R{N6Qq+0Eee~o@zJG*+1ep>rMB&~0yRaHZJ54{t)QrGmu=wpSR4zT?T z;Pc~jFz^XT^6FTt?Gz0c`%mh%+Qt5R06#AH$AQOm?oq9_t@=TImf*K)Z)0sduDxCL z4V2zq@m-xq>Pf)9@H6_|@Wyj`5PO*40!B$Uf*AP#;7qCntidCVICgoz)z79loidv! zOwC9@Q)m_79NGi8koE!A(_MhA^bp{A^f+KU{Sa`A@Vf!q=_2TFN8ZwneS)W5$ec9x z;FbQOa83w3CGZ7-q;XwMU_xN6z=hgDYV|MC@^so=8J;ABDm%g3w=DA6+X7A!pCD;EBqzkpElbB?-ZF%k?9nfl<vg6 z+$XRo@Pxoq0@npta-YBx0#6BiK_CT1kHB>T_X#WtJR$Iuz!wBkg~$tBCvcy@qQDmf zQb<}9SQL0d;3^sNbgJ`6t$|3S^Ng{6+9L z4W|Orkx%AfMVpVzQHvdmX8L?YKQx1YEg{Cw2~+{@6#hj~<}A_~?hZ4IMB{)PV>1AM z?yCX3KEhD(6?~(TC9jUv0$y6Z81SY_hUZo@=j`f|ylP#wTi&9wLA7YbSYFvs-iorJ zWDlQ?@cD=jkl$?a1De>;==fFu29YIoU{!!2ctQsq1Dr-vP-{A%j=Lj18<`2HW4)gN zd^Vs?b3kdxyR(2V0;SPnKpndQ+;31FppIP2Cn*hpIyJ(#8s4p_1>THYtYJ5|5cpC# zQCSA4Q!94U8rGz{$7ri%CDtq zHoi=6qR-Nk+Mm$t_=d5f&ek5JoAoEagNik4SNHa|^tRBN-KlJ*KUJ{S_PGo$Syo=s zkt<{h87tqG>)(@dax5t2Yty~G8#4K!Y-*%Eo66@EQ}iw!uNMrZx2$ARy-R8Pa5kIj z%Ub)EQfEhQc+hfOs;hgOHP~l4ow@yXyPeHi=|aZNm5CK>hpAklbs4SMpKU-9^}Vb1wyMeyQ(avCKJqA6f-Bxf5anxE)0%B| z|8Uk?3t|U#kK_y1U{mJ~YIiJ*+MY~dpu4S`+Adpf_w|kRu&eS-UEOpjl^wQvdr>Lv zRVw)`-?YifSxzQR{nq}}aJJBvP16CZ(A%EPSh+%HKjq7bw8!0Qr}}A)C$#opZ}0k4 z`XCPfH)gCXN;cX~+M37~tG1^GCn@U2n57O_ZRxZs0mNSvB#znf^xqrJ|=s1$e z7xI(Hafc_eyKQF@?nVygiNfd-zf?J~V60oWSR)ff+^I2P47a6n7?A$Xegs0MFiFKO z#~!krNlMx-+mI@xr04DS;9x4(kFXqN?LegzPgt*v<89lBN9C+SzJMwzr(Ytm!*Oh9 zru|T0^d67Cf1>1S{0Bug?2MU5AIxX=dPbop9rcgY$OO(iuN^L~)9VNO_c&XV! zly_S)HATB@Z8GFLqCQcyS^|pK-sXRL()v572#=&&A9aV||>C5CS+OeN! zznD;($-*idhH)k7F`0v)TPk#AhOEu@;ij=kv)y)-`tHf{i3HQTluRnGhQ*>DX9RxC zTjVXY)PY5;zaJT^fCs02!v%}b#~}=uBUu^IP*yZ5v@6efa{z~VC>Hv z7*?~sq{Q<>SE_)}D$_n1ZY9~aY$la2kvpyZ-KqUnVPq#3#4^6}pV+h0%BGG8R#xsc z+2$O;ej-;WEAsk_9MeCXE|l78AMDRsWwa;AZKZM}CBdD@N`6sD{J(rJa2dg{{S*M*5I1)Du?tyFajyuQ$db|y#e5J;0-?X-lY5ZgvNbB8>} zQ6ReqDdSM&-IYqNjJW&Tt(n}V9`406 z2ZH60+6|XxqwIh-qjBU<>OPz)qz6V5iF99W)T9X)?XkDohaufLR##^Zw>fadWhjyv zBYTk1n-Hu>Jm&5#2~$nHN&(8HBZrW;aPxteVe*-Do~-cbK=m*^zuEkI~8% zQn1o%z7#Kc+H7SpKB}qp*rN82Ix|nBSxv1T?_xlc%A7cA^s=p(H2J<*B_6qzku6Et zmYLGRF6VInv6+<~U^WppcbEl;svUioV9TIJ&BePdo)0Kf=7V56{U>q$aM}5G18vOD-GSlL(H)Hd4sVPJATnC+jckduz^SH z9e)hl0DShap^E7Z$a6nmRm8%MX{qU+bFtBwfUaNpRoUTlJYWIWKD^k+^(~Yu6GkS~O+&MTKio7) z{j}6)jR*J`wQ48I504ssYdQJY_Hf31kHw`z+W ztRfI^zFc{V+5o5anik|7yauO@dRD_t6f_B^^Ygg*{x zjtH*p#S(XP2(lKs&ZDFj7OtTpnpUiP z_qKpP&V%RT*-Z!z{QddeSwOBSn5BHj{-qPDRPD3MXRCA^gw%DL}gchQ0wzU*q ztV7M;Jf7%<@Kovu>J36dE$Aw&-#vwn5A+bM`rZCQq~Wbp>gYg^y{$x#YvaTWwj0)F z;WgD;6~JZlvwbox;}?nd(UC6c@ZxEFuQ~2{{QkY!mMXe2Dm)LU_^DkON;S}>@b-#% zTJScHhX|+E(rEdl%StH+RAMv$5)vAmRCybfk_o87k=H1mMBExnWnsi&V3#8JxI3!5 z$OkJrA;DoicKNO&!R{2xKP_*^t}+h>i(!<+tM=WXdL z|M`tClP{rZK_fw$A4n|5WJJ)_{)DbYA^|Yw#*23{Z*C+IFlyqv;(PVEHI-3Kn@7{) z#rttFLRt-~>NOP!W}VjJslc@ONA!3~XEil5<55l5U12VmhxgS(kn$%8%F#Z4e_%xL zF#>3xbYMQxbT%cP0ZMTzG%Y@C#I5*XJW~Z@N)*H)Z?a^3kVP}78i@p9YwT#ecs!i& zY4PI8NUZo`4WxiSR|Vr;YvRRM*pgkaK@Y=LVaIogd3#HYz32!`eJ&R8L*iCFQWKx5 zi+bVzLUo+^=(v=_bR7?Z6WSDQ3W?CK0At0^hXO{tcw;OI5GEgBB%*^|DR{ioCHzt# zg!rRIRGh311mYiz@2!b&kMI@ln{D=>d3z-NYJw2|Om%M5!T8k#$j32+SVHgSM$mFiP4Ih{PkHBw#^*i|T>8ybyYF4OeMRt#7xZ2c zdpdM3wBVV(#z1FaFkq%`1`RV7)y;@u#yjz?!FQ@*&c!u$)MsL77~Bj_B;a}j5?h1f zd<1D^@LAwm*&E9xql#>*!ZiTQ+MS-i8P7nISx<>(MJZa|3uDkMkqEra=bIDq<7Q z8ECpjet8NQE-NHzM-3cIOsv5UnBkszjUMB<&+;O2+%|gXTfBiij`izm_egTm!)Cl# zpib8s67MC}kno0~RXMC7(T=|2sr>mlYq;Q~vJHu@;l6ApjpHFXG(W#}Y2W_VRV!Ae z`de2nw^~;aO+~M8a5c88a}+aP)_?Etie_kJs&kvMb>@!pCwho~_fMue1)8iBfhKR} z;FV(!%P}Ra z;8A`*jWC}ljL~Bc`Fc_Z5zZ^lq>U(?>%MxS9`hv6q?UmfQqD{e!+&Odl^|JuCXH8* zJ9Wbx=D22?@KZqy=Rlz_l)vEI=H@2+#^daFao>0?&_G*%SodAhwso;1ugCYAOYq&w zCF;Y?Ou-kw7oq6~@!h8Q9>mM`V?H~(H+1)O-PU*iiLY1D_-m{mEcxXa4h_`}AoG9rHd{FrM(Ju~+Xu*-~7bbvqlf*==~}K!bU_(_vZi ze9o=&&LXH8@1C*x{=+E#l_viGFJ!*4O{lOzs-M7Txy|@~5GDP*rn{ehgMVqV8%J2Z zfF1a+$hz^?;SQXR^y0c5Co(%k@~?fbzOCNt{C0K#u0^34OE z?C{+kZ|e7BQ_r8Xh->x8tp(qk^NoaeARq$tMc<`FxYcZF)8{#W#WP@4NE0)i`uPC!Yxn!+(XcUcA39 z_RWamrp!*@g zk&~j8Qg4+=?nfPLgz#A<H9A=|EWCi EuN+RTO#lD@ literal 0 HcmV?d00001 diff --git a/Modules/AzBobbyTables/3.1.3/AzBobbyTables.PS.pdb b/Modules/AzBobbyTables/3.1.3/AzBobbyTables.PS.pdb new file mode 100644 index 0000000000000000000000000000000000000000..38ccee09c6c25c0eb05efdc33051073053e33cc3 GIT binary patch literal 14656 zcma)j2V4}#`}f{)9KA`ipqxmPax`g*(k8WqKgT_h+PL{YH| zc99r0M*V5*nurp`B(`WUw%AbLXZChrDdzv)hliPG=J`JJ%rkv=HZ&zBltr)z^fLxZ z3Jc{G`0%}{1cFO^0}&a}fFwyKN_zwpX9)ZZf*52(5UWsLibf?>WUEpBSxDocv{5O< z&k)Z;@yJopVGxEu0US@@LuE>&EH$Yjv##oBSp5avo=q=WtKx3Dor7c|&3>bS0hEEP z5(3!(4F<{u8U%#WCjxPSb^?JYVF2U+G?eC%46*|esu%jPwNQxdp?HFrLzqJh=|yA< zA4TN_fd;+06i$w&n*n}LysSxgi@Hm7oAtcyrVlbOUL_# z4v-S4fRfcA-ni-zg9dVlAwY|PP7Xvmbcx|^x@)y74T!fCZwPi8f}Ms?Z$qfJA>rG zWCpzmX+S?yAae%K2i^iwbm@F&;CnE59`IHS9*sw9AS{pSipDeMQC-ov!#v9G$>33b zF9whDdoy^H--p4Yd^-k@^812CSpQiDe;DFsK=x1~m#&X7@H__J1Ni=+5$A7Z@TeV^ z(!2rSzlFF3kORmY()!S}Fo40gbmIS}c_WZN0N79$eyNoQ{blo zA5ZgUz@Gyi`3|+KIq>L*{DImC^T;1A1h0)p{R8u8Zbkk;1KxsxM}rmf2#*F9=8=9h z5HOGOVTy0#QNFg%XzfAyUY+vMV#CDyFnEObW$*}(`Ye`5`N(d}qkMk`kMaW;JjxG* zSsu%yx&|@$76u;(@i?0A0sc4$akO3_c}w7%AdcD_txZ-8e+^;qs5~?VnEAsPJjx%= z;E}x}7(B`sFnE-Y`UuvC^3fWJd6bXZ6!R!QoWY~~2nLVxBN;r(k7DpBKbpa#{1^t0 z@?#l1%11t9mLCuO4f6`fO9ZlJ_$!IQBYh)59_ORFU>^6+6iBmS;8Phq!jEF`$ez&* z9_6QjH5k8>!LNfj>i=VbY#I8~89c&gFnFYY9D_&s<3T^hBmJ1i`b97w_oVfs{*&2> zCt>{Ke6)6CG57(%XES)T7UVE^H1?znJ{b6129NqG`V|4Oz|Uw`B!mA1fh1wyLd8)F zv50&s1=XHIr?VigL-l!W3X9UCOQmpW8Ki+l^)c8#KwOtjN3#e)#aWF1NY>2-?RT`R zXpIZ1F`8MCXIaDx7qt4JT54ChUa+gtu1ct-VE5ySJcwp#ONw_JXbqta5L#7OMBzZR zdh`ZDs|48V))&HlK=u^>+^s)^4nWAWE@16Dt_zgESd9D-D6q#7xyCh|lok(|_!Dm5Wiks=Klot2=}gin#GHIS)RW=;eZ zNR@`1q9MpBM3z*g)`TN?p;k*F*aSbb%L5l2wy+GHzi6`Q-140^Z!<>@KdpDoVtER2 zJh7U+p-)9*Tb!j?ps`PS6$yEa$lX>8Asi7Z=BTdn+Py&e7PL`jPQ76b9qscHcU0UO!P|LU3}Fa+0gchf1nAla;Dm z6T#F_WoBk!DyqGjt5)W##H4wLM1E3=wP0$PNF$K5%{n7=CjhTZIXja@11GV6UrqrQlqvNNF)qpTAzR}<2GGW zi)Qmq4VuCJ>B&UF&+|;r94pLB^|x_Oy?$a<>VO_SU%dInP|(pHxm=`>bkcE_SG+wd z&Q>Les$TdeZR{jNtFZe|9+)mZHg3G>8D3-2is*g}GZOPil?XMuP}z;LS;oBE{CPg# zT_BzYJiYdv{Xdy6+!x(6@V>NjJLli|IoEf8inbKWNRf)6v7egACE@qC( zpKFy&%9RD=7cH5c!`phlDf)B5+BtijcYQuvS8n(zl7Kj7TP(N~${RSi`$|`9RFj)r%*d&9lQF}ed!2=<;kk+WY1 z<}kfv5<0b-G*!U3)xZ!FsU*I9Z!dmAcxnpGdyIxj5DFYx06Bc@3V{Y5FJ$IxNHx^L zqRkU?2F~%E<3A^iH!L{po%1c5$ij@Wc#q7WyZry1zI8%>TgKxbt@v``uIWXUmtb-n zwYbjkq_HFvzZ{^_!R zoDME=nw9<+tf#w5@8+KLHa~OsLz>+%x$*7v$Jc|oZbAQgo0t79dV25HSGPt~EOz`( zGxK9|VEBq9!v+m7A_4|9d&-!Y!Mo5!-!d_w5~Y ztN%9E2{)&29v0?(W#y{&P0+jDBpzqJYK*X?tbeobsPvSH{Wq|OAGuoOTin<7mQ5yyhHs7UXR8 z&wkwR;oSYfHO8&Ajk^XWt{gbNMJ;%)*TOy1|0kcdVOLyZ$6A@_iEU2*nCE*oB6`80 zNg+!ezBSE=94{>!we9bX-(@It^I7i?m0!3#ta3(WR{i?GmnDmgzw$q{Kd<`O_0{E$ zo|{gFzZ&|i4~tc_eVT(rDbAOZ3XR%f@H7W6v=Dk}7eX(z5PEfJ(@vb5!(fLTjV4b$ z*vm^Ln#|9ZYI5>3^VOt^TI3ZPzE~;uN)pNB;jk9vld?{DQII$3@1GUy>l-K$XZia2 z`2=No`}=tZ`$z&ay+r~3{z1OJSzMyfn<(ja~i-`g{g z@9XCu=*#zU56leo4-WDXXZdAH{C&MMg91qLAX4J(O^SW|1H?g@;z2>=ATpDXi4@uS zXs;t2KxkKa&n(dFDOTnyG=xt8q0HChsc<_!8`j{g^P z0=|#~m0;u$>t1x|pnRcHMe-#wI0>*0%2zERst980Kc_sJ?#Lr6@1<4u*xuVnFf|`! z7=qpl14{`Wmx%Zyn|Nnw5xMz6$&Rz9X2Et338EbyU%L;a74Nw_y$s3g`P&A>KD`oN zI6qQBQ1d~ISqePl)RH@<`TCSJ#jL5@0s|maGE&D z>zlJ*fVVGwG@iAz^a9aL5M{4*{3?63#Fq_|l+-+(_OuH~^ynZVqSEK5_sIojDxoR9!_4}hn zhw9}ma%rix!T_M5;f{ZG$jEU~oYx27OD!iwNu-6bz) zT?{SS{_NSBxf#tVg=!5c=L_=k@a9bG@9$~59ffzuh3>-8BjZp8cVU(eiq-C#Rf=DPplfNdX(5|?J4QQJ4OW_JTfP%0uxIGRYsoeB%Ki}&M> zGmTglyWshe=EbYJ!KUPqV(s2Z(h2N#&8FYiwXTBA4ZrY4FX>;@2A1b36;LtQdyz7z zD6nei3rYoz$6ev({%y~aWOL%Sp0GJJrS6`7_xO&L^%`(9`2i6Ww_|5;eM4G7NcWiV z0w_Kd_E-{X5YgqHpqsMl>72&3&c{ZSI)_}hT_au6y^bzD7{fQae%+_mY_@RS&)nf- zeXYOg9*&N=(8jR7zyR)KK1m%Qo_`XtBiqzLJoyLvf{-obGop*dHioDy8*&RU!0o?{=&_Tu^)HL z-Q27wj@~fQ;%(20)hoNfroz*YG?f(k6{R2!=1VlV>FQ%eR_BK_Ef0}JR9#6-Fspy_ zygNlorL42nm*M(4a_oyNgbp)V7W<6v^OdD{5OTFnCFC&W%V5 zW!#>e9M?~Qv4gt>YdwJ>cD^S^iGpTEZFuo%cx!r}$K680r$Dzrhe+JS7#-T6;BFc# z5^gF9Gdy>rM=_0#PNe2)74+x!x%wR4vf00Hne@E$X!O#*n>?OzgC}*5LF0+e={SGX z)GcZ3^L|`-?Uap4H-?HXbq`OM<{=HVb8*o-!UpG#^c)hl<0NbM!y&Ubv}3hpU^$n^ zCYDCI4T&3PT63Q5am7x7YIQN|JYB0=w!&3>CoFu~n8$<5l}GU;(-9J;f^7_AdcfdQ zgR5u%a?Le#L$5s?<7r#gx7)=iuS-9}=;Q3g8s)jS@mnlIW_lcQ5AGJ7Ceny=+D0~p zRxNkBuy4OO{>Zr{Yfqm$y}BJ54eJLylaZuolqxur(2l%7*EYyk*NJ1@7(eIym9Nh~ znUB{!sBJtvR#Fwli}LbF2{In{7>qQjA97JNq_6O>*^la310KI>FEL4)*Cu_DE@#!a zMXa4StHSn3JR*PjUc_pb9;JX|92h3i76`W`NRgbj5~CLt#cb7Y8Xi-=$+!3Y=87XU z8qQ0Tv|D0YzFZx6ktpI2&-|o)KKCt8*f!YPx%Z5*lbQ0`4uUoRTWL4FF8O+7v4i#e ziv^Lxn3CaB^5~9_>yAFKba(ic z(GzEUU2r&>2^pDBstVCVVH$IpcADL?m#-e)xe&d5#&|2Qy%N0bi>LgBj@NuazD6n6 zP9^lgW&)1B5SsN!7!X?eRkkm{wW$4sE6@NS)#b*^ZHO z?x~jlJwk7EM}Sr~Tnby+ui3=*2k`+x0mg~@r#yS}%UiJlEt^2%ed`mt0uE_=b!Lt^ z9n-LOjbUw3&9@A}C^+KN)xAPXKj3^`$K7>TFrO9LT)HLc217al-T@?&(3A5Sdq#}Y z4SUt&e0Wu2<-Xrm9~v?*oQWef=z#+osj3cs!q|*0&GOGx9wSQATqjKUyefr(O=@32 zuyp+kSqpd1%b1b|y^8w8*t<;W&WD?;bgfpb_p)0vpNu(lev(hBlc}14NhT-dlkgsc z_5()PK3sI1eXu;Co^yA>fP}a!3`7bE2LyPtK_jlwWu#wz8(GKAi`n?Ebizgl&Kf2{ zDb9swiZtLl4G~XG7_nMI%G zXrJLqm?Ynu`SwiEVO?+^LA zt-yAaHm043@Fo+(YYas~pGCK4yibbt)tZ-T}0)xfrx)eB=kyo^L}}sCf;?hBhqj z1fm`cDf8NVr0ud8ES6c(qIhu0iU(k*BU)Qp6rv zW6xWn=k~OdG3Xsl+cqWf{kSyLK$p`W-I->!F`=|k@nrI&Yw4XZ2_45YE~(jh;GO56 zZKHM%_*8TH?q$3$!j?mQsfQ8Fb+Cmt^8E0hxzF=9#I0ZOM}&jh^uC=6>yg8TG{ z|I{K><4wg~+KAsrH(Xt~xHW!lNTPKXCmcV|Xsfl5X+*d}tYkbG#X3^dBd1@xnif%f z?T=%to-T0vPZPQ{Uo&k2>C1YZG5@J$jK6oV5S|lBv*6VLdby_^ z%lBwqBKzq#H|iXTTYl`$zyDMhcz4zXMkvJ6JP~fkKWN;(Dsr20l}qTt>pN!K3>n;| z547Xpk*!2I8JFwu_T*EvPL}l z#uLGs2@5a%Z?f^HHj}9dUAxA@-h)Qr@oRohz1&1MF8+u4W5T|fv&fl7p~oHkPOXIt z`k3|7aSNKSx>nnn z;_$dTUnWv@J$_&t^Vj@RnmhMN#De6E&6ZPsUW&n;p6maKJDz0kX5BNH31uZe&9ogl z3-49hUjrn<6G<6$(4)PNkv-fRKMEIrjw{`C>D50OPq%g{C{?7+#eL)vUEJtDkM>&V zel&LO*nRTbE@$zkqrEsSs7ni^qSFPes9Q6ai@eJ3#~f|>W8zPOD~Vqyw9`53Azk{3 zYFE*U^Y2G&O+Tnw@Yo5Tz!{}eUZN|CZ5~&mm$N_pSY%!7y^yQ{H~V)jlR_oI!?8|C zzSr`;<+ta@Ry~sM8NEXi+Z73~=kOK@7Z*EU_j!$bPW;@rXAK?>|K=zLsYI}=p>9NB zr{ZyNpy_1XI=*B4`l!F7evNABLnGi_Og@>KpVxMD#3h_d&%L^6#nR}C(iV%&f|>XM zQhUF}itp{sITYw26ztEwvt;h(q5EmY9fv>lDg~Brp|R!)*wKCt?HnHFwe zYbZfz!!^Z5-x~MIh&(hTu0`@pgL^0vqz>)c+3Y#pX6n^ai;BI0!qo)}iI2Ok;$sz( z)^1Qc>=e%dgDaYH=c>H%OiJHUcR&z zA1P=Mwy>>hVA$@_`MI-7a>Hh?KW%pQz}Z1e^U%#W+B7U4{o?(MfFJ7<_x!NiUnNbho!Im$2dJ>k&LQ+z)g_|M+aUzX=~u=o8N9pDFrhh5oVFgL;B z@sY6o#Hu!;9f5kA9UbrXxrs3p&Z@~})y!bkl%QLbKE_Z9J7OY!su7)NLF3yGcX)Qk z8#wJ=*ML=XoKPhC04nxN1on6O>ymwNAF=Q(T{Z+F$?`^w+jgf31j%Kb7b*I1w(k^x_-9MK z^3cP)DCJ~+$2a2b?|{u%TTe4xi0t55`1I}`hhC85KH4@V8?d&1LJry13xQ)yb%%1` zf~u(jm*DGzDNbDYMx!@ZpG!pQ7h33O;KLeXoFViR%0@7mjZB750BDnYQ0m$n74-V+ z!e>N2CeB1r5l7OCn8MDsA&Sb`(9A{i*c|wOnr-Dmq_chC8Z3unW2p2XSjLmSLFPD9 ze=Ndlq_sH#!^4G`#)iH(Nx#rpcN9l|2+`LVdO3?TNf&i%Hlg6?Qx4RmH)$o-N zfQT{BVP|m$QmAl*f+4_}#MYwZ9DTS0jw&#c3wL>;F;LkYb8YLI^L^pIZ!fDZ&Dz@# z2_sn7mg7>bQbOtJWv31LQ-Qs9(AtAzp$uor>l|lo@ABwLC3^Iw0$(l8SBneMcDW$x z60vOvw2warE)u7su?SUx?hj5!!$<`8yn97=vDV5EJ`l)5KI_Lum!jFkXnpvcLZ6NL zHyf@olQ1=KChHUI={&g83|E`syBx!4s&bv$n6l1H>m4)g@UYg-UDjG7?VKqQJ9jE@ z(oSJco)qWdq76K#AV8ZJpv@cFhe{l(b&*i3TIfe5Mr&OZJ-`l3OBrckMiiB@^&N?d8zLUwF_C=bGDShw3m6T;Be_2krl%Z)lsokpDk@ nsP;X1loNV5Qh`A#<@=1WRA8p0oR>X`3WiRm){Ws4LW%zeW&Pzr literal 0 HcmV?d00001 diff --git a/Modules/AzBobbyTables/3.1.0/AzBobbyTables.psd1 b/Modules/AzBobbyTables/3.1.3/AzBobbyTables.psd1 similarity index 93% rename from Modules/AzBobbyTables/3.1.0/AzBobbyTables.psd1 rename to Modules/AzBobbyTables/3.1.3/AzBobbyTables.psd1 index bd0cb30ca5a8..5bd7c13ba243 100644 --- a/Modules/AzBobbyTables/3.1.0/AzBobbyTables.psd1 +++ b/Modules/AzBobbyTables/3.1.3/AzBobbyTables.psd1 @@ -4,7 +4,7 @@ RootModule = 'AzBobbyTables.PS.dll' # Version number of this module. -ModuleVersion = '3.1.0' +ModuleVersion = '3.1.3' # Supported PSEditions CompatiblePSEditions = @('Core') @@ -108,7 +108,14 @@ PrivateData = @{ # IconUri = '' # ReleaseNotes of this module - # ReleaseNotes = '' + ReleaseNotes = '## [3.1.3] - 2024-01-20 + +### Added + +- Added Sampler ([#48](https://github.com/PalmEmanuel/AzBobbyTables/issues/48)). +- Added support for user-assigned managed identities ([#54](https://github.com/PalmEmanuel/AzBobbyTables/issues/54)). + +' # Prerelease string of this module # Prerelease = '' @@ -130,4 +137,3 @@ PrivateData = @{ # DefaultCommandPrefix = '' } - diff --git a/Modules/AzBobbyTables/3.1.3/CHANGELOG.md b/Modules/AzBobbyTables/3.1.3/CHANGELOG.md new file mode 100644 index 000000000000..c7880a5f68cf --- /dev/null +++ b/Modules/AzBobbyTables/3.1.3/CHANGELOG.md @@ -0,0 +1,28 @@ +# Changelog for the module + +The format is based on and uses the types of changes according to [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +### Added + +- Added Sampler ([#48](https://github.com/PalmEmanuel/AzBobbyTables/issues/48)). +- Added support for user-assigned managed identities ([#54](https://github.com/PalmEmanuel/AzBobbyTables/issues/54)). + +## [3.1.2] - 2024-01-05 + +### Added + +- Help documentation for a DateTime problem caused by the SDK (#43). + +### Fixed + +### Changed + +### Removed + +## 3.1.1 - 2023-05-03 + +[Unreleased]: https://github.com/PalmEmanuel/AzBobbyTables/compare/v3.1.2...HEAD + +[3.1.2]: https://github.com/PalmEmanuel/AzBobbyTables/compare/d854153aca6c5cce35a123deb86653a0d3289b07...v3.1.2 diff --git a/Modules/AzBobbyTables/3.1.3/LICENSE b/Modules/AzBobbyTables/3.1.3/LICENSE new file mode 100644 index 000000000000..d4e4667fe6da --- /dev/null +++ b/Modules/AzBobbyTables/3.1.3/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2024 Emanuel Palm + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/Modules/AzBobbyTables/3.1.0/PSGetModuleInfo.xml b/Modules/AzBobbyTables/3.1.3/PSGetModuleInfo.xml similarity index 67% rename from Modules/AzBobbyTables/3.1.0/PSGetModuleInfo.xml rename to Modules/AzBobbyTables/3.1.3/PSGetModuleInfo.xml index a2c736a1e170..775321568df1 100644 --- a/Modules/AzBobbyTables/3.1.0/PSGetModuleInfo.xml +++ b/Modules/AzBobbyTables/3.1.3/PSGetModuleInfo.xml @@ -7,13 +7,13 @@ AzBobbyTables - 3.1.0 + 3.1.3 Module A module for handling Azure Table Storage operations by wrapping the Azure Data Tables SDK. Emanuel Palm PalmEmanuel (c) Emanuel Palm. All rights reserved. -
2023-03-24T21:51:21-04:00
+
2024-01-20T16:49:22-05:00
https://github.com/PalmEmanuel/AzBobbyTables/blob/main/LICENSE @@ -43,8 +43,23 @@ - Command + RoleCapability + + + + + + Function + + + + DscResource + + + + Command + Add-AzDataTableEntity @@ -58,13 +73,6 @@ - - Function - - - - - Cmdlet @@ -83,20 +91,12 @@ Workflow - - - - DscResource - - - - RoleCapability - + - + ## [3.1.3] - 2024-01-20_x000A__x000A_### Added_x000A__x000A_- Added Sampler ([#48](https://github.com/PalmEmanuel/AzBobbyTables/issues/48))._x000A_- Added support for user-assigned managed identities ([#54](https://github.com/PalmEmanuel/AzBobbyTables/issues/54)). @@ -113,28 +113,29 @@ (c) Emanuel Palm. All rights reserved. A module for handling Azure Table Storage operations by wrapping the Azure Data Tables SDK. False + ## [3.1.3] - 2024-01-20_x000A__x000A_### Added_x000A__x000A_- Added Sampler ([#48](https://github.com/PalmEmanuel/AzBobbyTables/issues/48))._x000A_- Added support for user-assigned managed identities ([#54](https://github.com/PalmEmanuel/AzBobbyTables/issues/54)). True True - 2 - 2005 - 1261744 - 3/24/2023 9:51:21 PM -04:00 - 3/24/2023 9:51:21 PM -04:00 - 3/25/2023 4:22:25 PM -04:00 + 3242 + 12058 + 1356423 + 1/20/2024 4:49:22 PM -05:00 + 1/20/2024 4:49:22 PM -05:00 + 3/18/2024 2:41:34 PM -04:00 azure storage table cosmos cosmosdb data PSModule PSEdition_Core PSCmdlet_Add-AzDataTableEntity PSCommand_Add-AzDataTableEntity PSCmdlet_Clear-AzDataTable PSCommand_Clear-AzDataTable PSCmdlet_Get-AzDataTableEntity PSCommand_Get-AzDataTableEntity PSCmdlet_Remove-AzDataTableEntity PSCommand_Remove-AzDataTableEntity PSCmdlet_Update-AzDataTableEntity PSCommand_Update-AzDataTableEntity PSCmdlet_New-AzDataTableContext PSCommand_New-AzDataTableContext PSCmdlet_Remove-AzDataTable PSCommand_Remove-AzDataTable PSCmdlet_New-AzDataTable PSCommand_New-AzDataTable PSIncludes_Cmdlet False - 2023-03-25T16:22:25Z - 3.1.0 + 2024-03-18T14:41:34Z + 3.1.3 Emanuel Palm false Module - AzBobbyTables.nuspec|dependencies\System.Numerics.Vectors.dll|dependencies\System.Security.Principal.Windows.dll|dependencies\System.Threading.Tasks.Extensions.dll|dependencies\AzBobbyTables.Core.dll|dependencies\Microsoft.Bcl.AsyncInterfaces.dll|dependencies\Microsoft.Win32.Registry.dll|dependencies\System.Linq.Async.dll|dependencies\System.Runtime.CompilerServices.Unsafe.dll|dependencies\System.Text.Encodings.Web.dll|en-US\AzBobbyTables.PS.dll-Help.xml|AzBobbyTables.PS.dll|dependencies\Azure.Core.dll|dependencies\Microsoft.VisualStudio.Threading.dll|dependencies\System.Buffers.dll|dependencies\System.Memory.Data.dll|dependencies\System.Security.AccessControl.dll|dependencies\System.Text.Json.dll|AzBobbyTables.psd1|dependencies\Azure.Data.Tables.dll|dependencies\Microsoft.VisualStudio.Validation.dll|dependencies\System.Diagnostics.DiagnosticSource.dll|dependencies\System.Memory.dll + AzBobbyTables.nuspec|CHANGELOG.md|dependencies\AzBobbyTables.Core.pdb|dependencies\Microsoft.VisualStudio.Validation.dll|dependencies\System.Memory.Data.dll|dependencies\System.Runtime.CompilerServices.Unsafe.dll|dependencies\System.Numerics.Vectors.dll|dependencies\System.Text.Json.dll|LICENSE|dependencies\AzBobbyTables.Core.dll|dependencies\System.Threading.Tasks.Extensions.dll|dependencies\Microsoft.VisualStudio.Threading.dll|AzBobbyTables.PS.pdb|dependencies\System.Security.AccessControl.dll|dependencies\Microsoft.Win32.Registry.dll|dependencies\System.Text.Encodings.Web.dll|AzBobbyTables.psd1|dependencies\System.Buffers.dll|dependencies\Azure.Data.Tables.dll|dependencies\System.Memory.dll|AzBobbyTables.PS.dll|dependencies\System.Diagnostics.DiagnosticSource.dll|dependencies\Microsoft.Bcl.AsyncInterfaces.dll|dependencies\System.Security.Principal.Windows.dll|en-US\AzBobbyTables.PS.dll-Help.xml|dependencies\System.Linq.Async.dll|dependencies\Azure.Core.dll eead4f42-5080-4f83-8901-340c529a5a11 7.0 pipe.how - C:\Users\jduprey.CNS\Documents\GitHub\CIPP-API\Modules\AzBobbyTables\3.1.0 + C:\GitHub\CIPP Workspace\CIPP-API\Modules\AzBobbyTables\3.1.3 diff --git a/Modules/AzBobbyTables/3.1.3/dependencies/AzBobbyTables.Core.dll b/Modules/AzBobbyTables/3.1.3/dependencies/AzBobbyTables.Core.dll new file mode 100644 index 0000000000000000000000000000000000000000..1a9a170b6f32489943d7e5f1d1d0784cfb133293 GIT binary patch literal 17920 zcmeHudw3kxmFKBvzoeGB<+o+K{iLzvwjP#k5o0XNG8R~tWyv*<=C(**qs3e}N^Oa3}a zUkE+7^hsssb4&XUX57S>V;^wRqluw(E@$TxgI2;B&m}Us#J29<#Hc-Nr7A1KD}2+t zJBW5F8vWJi-FFsxdxe%IB1!|%W^hc8>)eEU0-phVh^hrwJ-?a3{>$|MAozS~G;o?# z`CsYolgz@k2zI*}86f%r2V&+mNmKz|^^HV*Gi8^e6GXu>c@XrDGCGyFZq0+fbrS$& zGFIPjP;w>URmyRlAyDGm01zJN7JSOCE#RaaD{DiMeWgi!*w!|D%C0R$Tgym6dpNGR z*f*67>RU_nOdXLT-1iO^tI0~D@ap$_cXjTam`7#h9PPdnFsZM;!slx64 z7puoHTwzCHRMk!h3AVxPWnc&b2GT@dz2IcPSFiHag-Z(?bXw#OMb&I%LwMD>xC4L2 z7R_>FAYHUGkFAD|BDn%qnBqVcZo7f`L@~ofbWK%r<1E+f1E#@)HCLK;2)D?&8fQ6d zE?HP^G_bm8bJ;Sg@oXBj*S8tf#i(PUq3Rq3)RHyq(JTN>)!o@l%;64=`k)!rXZHBW z#d<7_W6PF8pC*l=PlP#k=|1)3T=W)+D;Nu3zql$n4~*n|b_8KGXSoY5?oI^)@RJMN z39c^0^u`+tz8G{bEMt!Sn1)q*A)BuSh^RJt2|E!5v2dyYlZ!#yO90lic*41NZp08* z&RKHR{dNNU%1{y$ROhLOk{D!NDT>vk24=Y!O}GMc7WC%K49c9DH9DNGK_}B^Ev6$G z3Vz>qTfuLg8sImQFs3H4y3Lhqv{iLgaXLR6)1{d93UtD$^*$J!o>~Q4ix!pg%7rcD zZ_HhZW?}7Q1g2N6nY-#_7|3}O9-Hneh*nOrB#Cg+9NWOaJNtu0RNfK1G+l%R{;(to*To;Cbh#Q_Dfq*Zi}~~C@7^D* z;F#M4lVOQcL_3M~THYN-T8I)$BuW*gzDAo37K6{5rviBicQOo-=C%ccC$)S2n?uI3AMqudiz@j_%+Qp_KuYPni{ z!IPDfEGdgmF@IYAFn>_G$~#(9iVRDN`GewCu9hnK!;*{nW4{}J3|feqfK?iE*TZDk zj2b6UUvzKfYH{`aY-I4lAQ)J0rj1NPIv;11`lH@GiP^5Jza@bD!5(0`7(tlVeO;v| zpPNM8ud`7T!Zmu`I-JDHuZvV^MYiU#vC``z0p1JhPNH0w#}6C0>0W`hD<@f! z#Lih)!&TrjGouzWu{UA7Dvi+k`@EwAPIUCYO~v2)0`y0yQ5d9O?`9RFHt$Zjj0)_W zh1E~5oa?;C_qgU&!jO#$QRgq&fO!%dNV$s$SfNC)q-=_dOY+T`&SG5^YN%}&YL-Ti z!#~6{rk%w8RNeG7F5@Czv*fG z@wu>BZ&Xn92J9o-`NyzzxhlHIo9ujdr$H=6do%X589T*i(R>*T*)lXpZ z_0`v?$Avu3l-mgf9ON|Jz6O|kEt3lyGGN78(>ltyBC<- z2Vn07n3Y65t8>1{n)^Xlp4(8PJKqC|1$P}7xLuFint<~fm~~i-LW?YUgDAK-_J@y! z3TL=cT5~ULKq@IIcNr3F5_8AL)Fje9y!u{ER)c*L2uTo4Rz-<+Z)UY+^ELPVjPN|? zWR`Ijvire0i3MGr#Mu2!cL0KwlPpQ1Zr0g@pgr?m8!YhhHkXy!uw+IX&xP$8KP!aA z-Q+N^)ddbOV~DI?=5`LM$0lpKlU=*LPyFOX%e3Y#oSSZIBZIWN=j%>9df}&zK2~Kz#aq8?8A&U07UBQ1F~x( zg;-OPaLqi=0;kUOmVW*`J7dcHIcuVgw|H|_%;F}^cDOGWptxe!tH=3-=!dkhj=|+~ z+6?YBnkt6_dD0MXN@gJ9z24)}*4}HjD*h8R)(jn4mug5gH#9fm7{DifWGek%1Znw6 zqJyX$WB4rZ%{!Ug0eDCBBA$1)8Q|^hrCJ>Ck%qMV>b;%VeW)Jv$55%4Z_RT4%B5nt z>|gZhPzcqCeycPS&P_P_5XvFXg*^Lm*IV%64$xelKUs#h@=5{S5z3{sLy_m_5<<1X z^_L;Gg`z^cf^#cOdP?BQz&}Q+Xak04($j&3A(I{mJ|8w|uD~Az7=Ke>PB;$Tki1(yZtJH0#4*NPi}pw}j4z;`E`=|1wQ_Oik$~ z?K2aVCUt8mJxZSq4^%{{uWFzoOy93$I}fSnLv!fM&|E;@S3evvsR5dCx<_RTn}M73 zp!VTNoT>xNxldysZi#T)uSD4LH70xVggHcj?%9}--8c{Dz-BOpQCh7h{sYDX1ueK@jt_OO}fhD-tR`M1+)gZN!!K4 z{|U}ATB5Vg0DLg%vM9qFq%SSPJ^nmA1^<-*_?PwnsyEW_^e+KF5q=tcBmCd=_4H5L*Y!D6t$YhG ztUeF8PkR~g8G-Lp{t0-C@JB>PA?933tp90+^+$yB9l<|JzXazwV*bz2n@P`_0iy_` zUjpY|^J#r|0>hvW&3g%RrOMr_3<&}m`iKT?= zlhhLGz?kwr^@C`)5vJFDYF@b8sG|HbPxHKXgE5QhmoxPtx*x6P(XBr9h+!G?D7eCt zJ!06#eEO76{j)J)ETH5{PxjBoZAL9U=~I7)c8h5Tj!bOx@6c`uz35Y4Gd^l0s5a@z z-bQ~b=^3G>=qusR7%S;+972fhn)j2)UmB~ZnvWnd4_mcWv`VON(M{n_ElI6Db))`Q z#%kIj)F;Ubf6J(+jddj}DcUBKH=8NiDby)ipge1&$n~jN>I=qN`hZV$D1UD>&~JQd zKzr3_q+mVUJVoCE)kF(?>MFErrWHOl2Ak{XvpyA}zc*T_evQ}eYI@dKPmlZ5=am z9SUs@GfYHz7xVDl*t%3YZ1TIs&s6fx=JEOUaDo3@=<6aiE+Rbvo71Id-@)eX72NwV z^rF!171h-$t;NR5oDyEHv!IIkd!eb(sYrFTPA35kdKUgDR3mn{cf5s{as5TvxXSTA zHQ7#H=T<+BFx22-0iG6)2g~{I9{-&9b20r8y%bS!9OvpZA23Xp16EU`z*d260y_ov z2)tfk8qlN(z}b`$d`jS50`Ea3Sx9#PPtrYrSI`;d>y=yR3EH8jQ(NetWr_+kg`rVFDc)QJ_*i557WywL_n=n&TFr``yhuMF(#w^rqV?Ka%4f_b?W}Tbbc1$1B4$z= za4T@GTerdT&6=Wy&75{dx!G{Fkh(N*E8tC)AJpcnKMP$!A$7G;4OkgCtu0l*ANq*a zs=gGtOKVdT#vRn7z7_nG_9yfYp)Y7tbPAj)YK=S%YiBFJs->a%-?g)leph=HeO*B> z0luKULE9^StljO8>v;5++JyRYutJ|u51Kqjsj6z7^-VfUPgO3{?@+%JN$PD%bF@M~ zqg)}<6M9O&PsaO@jQ0)Ee-(WV>UW`EmY&dWM!!#09?)N+9aUp`MtviC2iDRk-K(oK z4j8A?bRXay0`C-fm%uLqUPi0wbRdQI7gc78YG@wdLfQbhoVEbg(d~fE^Z?-d=uyCS z`fI>zh2IOc zY2geBJ|*}m!OsZ(px|E<{2PM5D!8JuouvZX1f~T}2|Oe4YXV;tsA!@ua7tT1M&JRB z$8ttEq%%GM__jGI@Bx8e75IukGFX}rxJBTAz)67*2zmNwHK`T#vm-=-^+Yn7Xned=j-NSmXt)A!+Irr?Q*pOZR_|AXCUR+PV!t`Fl7 zL78aSR6%Nx2j#3A0#q^M+#-TEr$3@|6jd%)rj*B&H*AwYu_M~``@&=wZFfqp}&DPwG9t<C%cK7R6>(yxPha%x!n<(UL)t zUf_?%<*}^e*6mpPBvKDOFK;r)fmncL)Wwxf8je-RT1sr{F*%?HbQ!eYCS9H$G}P1xhrhv$~yO%dv(p zloYJ&v0S`DbJ_5|bave8OS^}FcedNvtR=|+YIkp!H9BZHow*TvnxNo7-gdar&WxMq z`yMMj+?~r#__Pw{$OugZ-I}I+s;I4TRNYnt(hG95_Hq% zp@K#!B5vwxD`z>GqG)F(cQ_@%Ck(95K4j%Qs%PACCOmW~o3V2F&S63VT+C$em^GA1 zXEVpFVcOK;IJUFL8nT_?&4>E?x2A^muPfB74#~AbsgW7I}+HlzseyipWvE zka^K+%*G3ne+@D$vAdy6tlB0?PPeBQ6b?Om+31lH{!q)mLqlY_F%ixXh+&T zm=~-aOU*`89^|g{s71mS%*7hQnA?Vi?D1S)Sm`nxKY<&wocx3c_B)6ma*G24Ps%EH zn=A;PKgu&`J2viEsdgJ*pzY3#Sv%~bskUQV?ZLqbY3X_*(V`vs{MdeLuuu^=1V!8% zjpZ*9+Gb^~yhYd$oTKaub)Y;952MiJ@zQy49GrH0bS#s#99a=qR%N21(q5kBA_c31 z;|C7#h)TRdohotKTo=VCJJFZPmn-(A9Yl3IekN!gwVgv3>TicP`z*)B;_I_sOMEW`qP)k-rf(IjOkNntZU?1kC|_z= z7&Q9hAN7?4g%)f%otr2L_8@06qn7aVnZZmplP{BQoxp@}&PjWKo!fHk-^V(oJ6_KuV4w*mP zDI?BLc>FwX599~75N}VDYf!3fJa2m``VPyUE;z^)tRO@E-MoBfCoU$E1*I*FPyu#e z$}ML)ujAGsYm7IR@|s;@a&mQI@|_aP-&gyPz^Q9oG%Py62?dCH> zE_G#w9NV==@~N#uS#QVg#M*O4uuHiGe+s!@C~f|h<@$vSYXN5psBRXchJgh zogg_E<1R;j+;K#-9NfL|$*I;mVjxc9!|t@hkGFP?8Pks+%xTMcYI0O1IO0r@9PQc> zxdS*8lRehoad;e?MqcpF9Q^YrcCCXSo+qeN;^z~)dohVtVddj_ducm4cur4K9=4+4xXfJMKCBS$K1mr~P=>o2P?#{x9cdgzAOFfjo!bb(C3%9Rxp*-#@u@ z1+B#&HKsrp`bxnr_heCuj!Nrc&_|)2l3w%NqGfu21uwWqZktAr7T(-hcpqKXbKS*T z^`Xrn=;q3GHT0t4M`V{>yiG5);oJ8z+e^2>0>|ndBiFhI(oytv1osZ~mY3LNKw$;K zXBTlS#i7jhhD){F4L`auPq)Ah&q!Ij<~AC}-+St-@#1YR(M#)I%;hlr=aIjszBXK{ zTsW2Y_b~LyGWf$>S|_ z6JF(cc!9Sb--A;qi*~%8s1jQNy!KWXt$lARh?aNazm9a!E{wVppX;e#sBN?xxzs6q zYQG9&8$%CkBx4=;?nUxSc-KIU)Cx%hzJX`hi0|Qf&AKu!2bpN$yK-gjDqvZ(vt(TT zz=px6<=3IrOdr-@6?9--v1fZoSu#`JKTS@7tD)CNG(U|#xIY(v{fJ6oHB-%Tcy@vk zcv~B$JuLBNe-mZ;3CvF#9`Y*2T!h#VAF(#vewpJvR+40H0QR0(l zV?E)7uEg7-vB~FZ&43#3iq{$mRf$Feq(}J*B{U^|eKbD#!(c#*cg6O`Yw?COwij=& zW0Nmc1`2nVaykS`jCZHREI#yIQC`(#E#Ib%g25MMVt zeggi?j!h^*^ftwKeDbssjc*iB#|;t9ZBTUZ-+)h1UpK8pV?BBp4Z?_l=Qgno4Crv} zd>IMs@gPo=55-{5YpbgZO}vo?4ZdTVc+96U9z=-U&=dHwX+gO$-zK`@z+hTb&z9E- z!(bI0^2~aD7sEF0g>8IJfJbwO3|1zEhacuFxotr>7k=X!mvUygIkH&gf_18siK-gaA z;)Ri*_~ctUVTJINz$xzA!=35H8rBh_%BD} zZD@=1CQffs;!_4z8pWqV0%HQ_Bkv)ZAHw`07vfWELSc9`wNk}e^Y2ipfn7{pyiJx& zZLK%~`w6ACHUx)alaIuwTEaZrQ>_@{{r(h9-mlh(WzTnvm#0}Z5S7XMG1s;D_6R*i z0y?sP@(kR5Slnu3IC)0ad~FpH-OFM$!aoGU>!dJW_eY>H4&z8LUd^@9pm@^7r3C|S z2|jzg=I!U!{J1CB_?38Bpw{(-NRQV>qbkZIp`@XN2?{1^9neA*iCaZ% z9QlHIMc!Fz5gk|OCS;w)$D@n0Mu5y~E~xXC+_ruadeQiTNeb4)T0vxZKQ7nn7R zZ=)zvLXG35Vvd-?;4u!YFTmRPVLgd4GUx)pxbPFWXi$+~#SvCMzF6y1=j?aVW4r8J z@j)FAjrLJjfu725OgDRkQ*{-Uu@t!&F? z?W0}e*?eXUZ(;k?P-pHSULWA?B&+Sj&sE=r8i(oksUe#3)g}9aYs+h?dr9fq%}qa! z&oKTIz%Y&_g^PWz!RIo3egoNW%4Dp=zt=6l_VjM+UH7p~XP$IFzw^(Jw0?X1_E)>v z#@d7SsI?aVIT~+b*79r6wbN!`2Ib<(d&rv3lo!Hl@hra9pQE*9ulF&l7tv0Q4G&W9 zj<%*292q^Qo-H_qfiKuQYsGip+!qf|e)4lKbl`t76s~^869sDez3`uiJ#If1$qUrYjgZej$0RK9d@LNopobG_ERh*VDV|PVD^j={=o@0zIz32%`#oDm^7# zXz2^0(|~b%f9vo>h8UpF8nopne?IGT9}^fCpZrlHakbGg{6~8m+WdT2dUE7<6x@oR zEcn_bb_)IS8v?v6gERxH<^H}~dkxq-lww5o!CvX9jQeXu{|&_t_dgf<965f5b#PB3 zR;7`=n|@Px&dK7BuOwy)bs4q}h$SBD7$U$UIv{T^NGixa>9^bG^D`>ViWutlb^YTY{hos|96BvbV7LiOK>!;6Z$q$~} XKj7Le|F4VkoBn{d|Iy_C`w09$$=8tC literal 0 HcmV?d00001 diff --git a/Modules/AzBobbyTables/3.1.3/dependencies/AzBobbyTables.Core.pdb b/Modules/AzBobbyTables/3.1.3/dependencies/AzBobbyTables.Core.pdb new file mode 100644 index 0000000000000000000000000000000000000000..252b9c04eaa603c20fcb6c6837c886bf4ac7f881 GIT binary patch literal 12876 zcma)C2V7Iv_rD1tAhNgMK(-2DPZtovjv%0-R52tEh=e3&fJhY(CoU8%t}2Rx3L-94 zq*hzkPpw<4);elk)oLAWwRQZ@P2Ph?z<&OGIJxhf6_9R#^e0FkL2AWdpaBdfS_tXakd`wUsG5nrcmHD`xeEgoxiC>P&_1Ac zpzncB1Esk#kr=2N=sTcSK)!BF6bn=UR1I_#=mn6CI};5BS_O0%$kIa(^#Pg$M0l`} z#DntAM1OiP(FY)XPbM+}vH|J`HKVxHvl>A7(qamppPTQfB2mhjmPbi z&QAi~8stW#K9$QO7on!X>6$MZx0jW+>4 zNQV!h@wk4%Xgt=(e_wU`9SCn2Xe9hHHBvoPrqRJYhM{S9+R>kS#{G|>nGcwxwELU? z#^ScDhce(-ANoB0!*8@U888#zNN{~1 zv0K5;Va7H1-HVMP#7%P@HX<}DOCl2rBuZZ$-VcccDnYs+TSBA}ibAoFKng-BQ!C&> ztq>!nK*?1QB0{PX3nWOckjYW5LZ+4@nLtfP5QDFjlbK&TSSq)IR% zNf9Viq_{XadkP^`A)!PJ>fmasnoz0`F%9Jt#aau+ny8W4g+cQVSXf2PTUcZ|r>4pF zZT9GqCk!rIRHdOK$#u+)j^ip#-Nn+Fy*nyfVl4jrI9A`{?6TTW{)T66jcbA&rszNW zxbMQEiiEFj#$?Yvlz81RmOoS4>x-o3n`g}1rl?F1D^FHHuoY^llu)pWWQu%~$mvnC z?CfGqVJO+!La^-elEalL2)oGX(Nvl7rU?l-&L~HyH1a_Vwuz;slSjDIWy=qzhIrjm zm6lb=mPxjK(~xw(*}rDUQ`hO+mK@3)JKBb3gDm$h7G^q?j*bzoy4U)1_3U07TTP6= zTCgWDp0jXDOVfcW^Q-gcTy@}0QxOWOK$0%YC#0Qq1ZH}71X6ayNfB={Gl%dteKSaU zAldKOBB}e(9Vc3UZw(DnzWmGfn_8ndLLw&=$}YHaLnrj(zDB1FI}YYWC|CYI{&c{; zuQHSKN0{s}iZy6#ugT2SlVwjaNF^kMKuMTN36)YMkctEfkw3@Rhck+oo<{OsW5GBS z(C|W#a3YmTq99vR9I1lUVzydEV80d}@s>xFN0%p+XF81ti+<;R(>As^b0yy^JM<3c zexvh z)QfGhKU2!CwDKle*V!63u0OVH-BRf=bCdA+_M+>TFSq?P_r|thUw+!?-`A|UsCwM? zEOW)uIjb7_ynnyrRncOujYY!SK;M`@3UeR*s_)#r*>vPRUYaB8A=k4eIlY)OF9RJ6 zbPefu|2{fivD#R$^t|4m*NlhHEM*?Oz2{N+gg;=A*in5a@q1tMlXw0d*S929RPf{I z{b3fZ-yJiEymi6g<-MDeZbqz$TOR&fmMr||>-Gr))(m@4Qgi;pDL2Ep-*9{k@7m@! z&ee~k!&op)pTOyONOv-KDFjsoO=8D;GcV@QMm6X1p zbF)wB7e4tM#k8xpQh#C3+_GzH+=NrJ7d|ez9a6Tv#91U0staITQaXp1IQ!u7!ACnj z_~7xur%RpcaD$!0o%2*GxiZ|xMTI==PzYsG71-nmWd%Md0!aa{Kp<5U z5*@rC)Rzbf$_exL4-pA-{QU#`LUVkB0(`^#L?PL}g5aQ_P=Eg%VSvwI=NU6*xfE(U z70gFqRxXwh3UBIFASaaL>m9=J4+skJ=lBf?$qoq$3-uG`1Z0bX{C%@Sg9%|EA@cPl zgnmK6!q9ACU?>qtWFv_{nyVJ%5{T=9w1b~_4p{aU%G5Aa2P2tUC0DDw^TkpTiY}H4 z3dAs>NQ#rh(tJXcB+ga{6vapeqhWz~x&V)fFuZGq2PBsWR5>z50g99sbLDCTg$i0k zN5~K`1e%=_MEHkP;srKd)6d0wf!Bwl11&kGMs>5-$NBU7X4&;D7ybk;A+H!C?c zD>juEna)e?D)IZQ#Q(FBfX_+-KPw6PtR(m|637Hig4QjLoUT?7nkkDTl1N}N;kzKD z8ac61%>7*S&dMTo%frgXQ^(59wTgIB<7g*8Qh(>287r~AL6BW=;e7|!u`jP% z^Tk4iOexDzaiWA07}tuW!gy%piX4Fu26U~jLrw4ZqgsR(&*Chs{-%uAF8q74YsQ+w zPV88*QZ10AsnjB|jFXfKp^3Nm!&qLyKHoG;Zrx0f4q~w;+6HashN)`=e{mInB9QWVf!RpP>qxZBKb zOu!3H{ds0DHmq)mUHhs3y{EGS?&<DsyEL39QnfG?mbNq(Zeqfk!YcmU6Vu zHh9xQm(j`V?C10eu+QJq1GX!`bMHBqZ6C^#mt>z*4!Fyh)dOIZOd3nTdQ2?TaTeB> zAHe>?G-hey{FevsE?Ut8Hcd_lVT~%DPKb2CgD>0mpWNaZxuyM@)7ZrW%R0aXa+wq| z#+Qi*31k#lCA5W(Hbgar>wCAoNRiA=+IrOX*tA{u4130R&8&~h_0)$bG^w#EtgU@q z;jo@Dyh3mv1uH0#rW28IA0?}@_Sx(kYuyh=RJ#wmVz*knxMv&PS}+CQ;yKx|#cURL z-C6d?@%}bn_6$!imJ?9NFnd4;)(PPKk>5^++Ev7r_kZY4xQ=M;upm{+B!rIgW8=6h z6LJpmTW=~Kd?dzObST3Zq%E6+WWG+#ol=#3QWCkNe(B&+2vKBAP3$x6q!qfn|nhpz`_&Tn7YxKT5NB?Q?Oy*Li#e!U^OsNtJH4Pdz zC_)w07bqtN*0sK7s*tEX>G21ei^JCT0F5TH)zkoWjLZzL%)c!t$U3IQ?%d|>3F-ko z!8*LBX*O15aST>8*P~h{3cfvmkG+*Qx4F{cmc_VgRSy+vd(VEqxHq%rH^UPLS zhH+|=mcQyZ`DjS$q#g{UC}c1+Q(2~ffy4Im9$PylEOq;#`R>G@zv}@A%XndaI+Pbx zi4^uj&|6i*Br&xY zlSi4g{r$2hLo%5}H}<}pwk>%3k1(+&V|B^&x9_Aq!Eo4Jiu@#5X%6S-@O&#TCGCE% z@L{j7Z~6?lb2_4cxmO1i?$~O{Esvj2*U}hqodjy@<2kktbIw!WltkgfC(&Cs4SRk3 z@!=_ybyyd6TBHV-;Wt-upKY(@&ig)!@i5aiS4X*9@1`O-Yv%a$z-hDiy&j7!90Lx# zqHx-U87Eb{#3IX@0>!O5v?R=}X;jV2))^bt*v%$Ev2YZRM^5bo$`wcmyp^L$oB}U) zU|o&1kR|QR%k%sgk{I42SX&Ylq_6*XV+5h4aT{NK9Ql5N7SXM|%&AZv2kX{AlQ`jh$Gn4=O~D zCni?C^V^d*mD;dg?DV7x1+vvGtTSY;T9{H#;q7SN(u^nJHL^q0Ak!5Rt$<|=ZFr!- z$HMDoUAycVwXx4mmT^h_hR(QX{<^g@3VnpRNF_V{mS1l*tki4&kgy)n;{+;UUPsTS zptV(QKkV5nD-cX{%r(_@NQ-l2Vt^t0lN zg^Z@_wb468Ua{A{5imNn$4Ft527!sR4&l=lAt)fDq|gh?61E!N8ktbD+27&8-8BbE zG;D{aYL~>MevLBZ94cd>7Xf0&PyK2}Z438xcbGZ8h_0_~Ae805*7u#UEA>ijg|p4P zbA_=Z=$gD~aM%wra4*>FQ_&H$oIp-OQ^W zJ7wnN!UOSi$Y?d8D8?Hp5_5qpw7yGUzj<`~hxqL?CtCaL7E#MSzNWnJ=9v?zR>=zJ zYw?5cB7ZXBt@=nxo(mES`tdS)0Q!ZHk+5M-}MeJrq>X96%TV=V`tw} zRQ(=dFt#f|n-`uKma>zXX!}EcaA>e`^4@7L{=W8B*o)L1MNsS3r(_14$L-cD%{Y7Jq5)^?SQ^@qrd7xsK;joWPeZ0R?< zoh>O093R2vg~}P#JzByEXE4ET~_vpNTs|<9t$HHby)-m7itdxyMN8rpqsO-bP zdgaOU!khM4Y={pcQQ8x9?VhD;P<>CXTz|FjR(xY?RNC6pKjxEwR3eAm&5;?WGGUT> zuk`m{#_;y1JXlvz{Bulq{ccn9H8THp72Hf_`@-10^$!-^I6l9iJG9$`@*@d-^?uR5 zRQ-RGcKbZayKlaYnxSz|!e1SfoK#Isld)2$y%WyYEcxa+cjtCA;L?Mkzjrw7L}{P2 z0}-{zq~Hxk02)&Hq!av;iQK@LHrbtzi`H(W#z$&x zg?EfF2`R_}d?jZLeD=tp2Fy>1N&((u8`_0!6}(;?wRtP=-x2xd)GYH^BidsTu1+W( z*Vq?S14Cn58~5~S53v(a8R)XiyMg0|adT&Kq~CdgQ}nW@(R$+dnba8o<+59?-X!yz znPAXA_0+@IX4&n~4>{4}bezP&34iCDOMw6E+p8E|`4Zedzp&%t89S(Z?>HmnI%uJ-}(P!Qf{) z!HnwKKPl8*_d&N`ezJ>ecKO(F;?4zXjYCBNv1<+%=yTe0(&3qrXW1|18P9IOL?|Kd(LD{kDrSQ>{E-}pB z#Uw1AaeQ}W!*OZ{*fYLc&-|H;;^4d;_xQJ7#w`&C$!A|!``=bF3aHft1?Ls1Km2Ml zGUo8i8-^{fWjSO~bW9JCLc9gVr&bCXh5fgtwjFPo9B+glNpd~HJ+!Ja=d|}5Q(Y`q zA`ll)rFNT)*Y&sOja&Q%M(t|Zxix*vVTW!YMX_8Z%T);EdBvPaNv;fLsl0Ah(&lb& z7IHng4Guw%9;qUn|I-RrNi7iWkU{)1w*AtAMeq4*hb7zOuz1wjL`SZ<^dNXrp^SFO zN!dtKj-GM((zuw4%l8kjcs76Ve}>Sl`tFjE=vc zsu>wF<@(f{IUgroeHytsYr*;d6&Zi*2wC%0TRUIEI)X$|{nz}SvdTn1iT~}qjOZ_C zFLWnS_~?S8Q(Kgy4>_-`R+&~r&#F2zr+#BKb@I>^(rt{T(C?ex46Cb^B-Y#sxRsmH zM3rn8w35>q=#${)`N)ZZ{C@f^YrXZZxLHJ2o#TOVHuOMgBf{LwwiW0I3uV2_Dxbn1 z8BdOKYmj;_@bfuj3Xf{IbS`dW4VoToAKQ!}?%O*^}U0_&X7|4KDH(e5q! zC$mSbtUO+7H@uu$cXS@Xf`wVR`Kfij5f@Np^iP$=!RWbjG8?~FJdDoN@nNcd{FDec4_D(n)yDRbDupF1` z1H1dwpiHis5N?iQ)k?{>P8Eu>$Kk0S(CZx+hp4h{H1~` z4KBOh9HqfBqR9`;Wa0lt#<$_0gv=o~Kg4ZjE$i)B@|^m{gX06z0a2TZ^s7hXzVuE` ztcu;S{=)gS)b@Y`Q4w}D4GPvgR-Ip7nIAoC!wIuf`%VSY!%GpU^2pFA_4rr+%nbg% zEqUj+&ApbfHkx-+*Ub|JoO@(kVroTWM43Lj|K11LCiq4Z%g`NPVhS|UXT#k>Ia_P2 zFKM&KBLp_1u7XilsX?21Y7=iwVillC?0xY~w2>ZQ(hZf()z^H>wCMIlliHzmZXlJ^ zo*3?088!a*n@*m8C>u|z6C&jfacA>0%NO%B#fHZj1*8MbH| z3vPK)>TnORL%oPp_ksIekvWul*<2Rf_3KGrLFx~OyCab^KtGHH_ayzWJ%P#KKf$j`WAIV8HSVp#GUz<2~&7GS*LcwLtCTu-63+^gPjo<>I6ASLHY06+a zSq56IQzmS-R?EDLRxzoisaGhcvWF(@-WtVe4#)(JX2QkQPMbxPHohMR+T}+7rCmsm zpxm2MRXTKupi7+P$)C}p;`{>NwKPT3%atbm&>%y&wi{(+Xobv};a2z-AY|SgjWGi4Er?bP9~1_VYn5?m_T>3!mZSisjW++&dUV0WasGU5O8S# zW@%$agAeW#n+Gu(!g1HMu`0xguWheX2qwz3mjzPeh7DKE4WT{_O;7}@*ceS@!ku9| zCX^ABVs8||hRcotaC;p(5afR#++j!7Ea*>Vi&%!<2=2Z^|6)z0&iCSzsogD{^mTMq zyn4fnA~Q`uOh&`EjE4U)8m{0b!!O%yfzybxeW8%*vC7VBc>A&+yzzU>vU8d=qU=&A z2gVl1vfnHq5+;6TLTrRF@?;e`AbVVi%wl^eL33QJrl#XLa5dAh+!WM}nS(XzhDdCH z0$D|_$e9Jh0khbeDsWTNi5lzWe*a(VI5=MUuu!d+wEwRcEo@R~0NfevU%nh*@l50d z8S>ObXn^uz7-AKfpy9ZmF-sh%2(68>FgBum2QDXMQ+_xMr!HlGX?T}%2Tf{O{^dyg L-mJVd7Lxx1C>C%; literal 0 HcmV?d00001 diff --git a/Modules/AzBobbyTables/3.1.3/dependencies/Azure.Core.dll b/Modules/AzBobbyTables/3.1.3/dependencies/Azure.Core.dll new file mode 100644 index 0000000000000000000000000000000000000000..f7369932f113367cdfcf8d20d250ddb3cea19ea0 GIT binary patch literal 384432 zcmdSC378#4)i>VL-M8;HGs&Ih-pOQ{2{1!(m&q~$Ne~jkCSeN@aV8@BmasJRB?y`6 zA&7`#KtM&=F$f4Ki-2sdxT7Gh2touG6nRzLSHk!Eozva-P7;vkeZT+veE)fpd#X;I zI(6z))v3MufR&e8j%8Uc{=fRFWjz4Mza{ef`akOs+}`(4yLE5&vDpu_?El#86(_B# z_n#j4Ck98K+JEfPr=8}X*?-LO{lS{k`d6LSzvn@R_Mhq>cl=OWTW-6E_42(eYyTF< zn)|+;KNzR>oV87VzGbdueKKWP8O3&d3+{fnp98e4sp7U(ZXzhZ{Pla51^frQJml-B z3rNa;4H$Wq+WOq1DeEA*!S}NX6Zk)qvhLcR0iM;0-(P<-Wv!t1jsEo~qDzbn{BLQB zJ9OspXP*gw&+SpZm{-W%{MT<;M-2t_;8-9J9litx_nUdZnzTpCoUs}1z#iNyW}IZBk|V*(p!yEnu7_EpgAN$97;If91K^% zdEl};aeLe2RmMhrt@wwL-)?av*X&J-o1Fj^L}R&43?!c88dTYeK?SXpJLlTgOtd&8 zQfOkEb3EaEur}*t4hu?E^Cng@Ehj+HoNnF@cWsKJal|vHvQxwlI`^s>^;Eip zIiOdMIL+aRnyYjvDp$z|!yu@?1K71lnX;!W(8!;C?#{@pipf-}-UJb4+c1&Z)Zl2u z4Q91~!4YI&2W7Z>{Ub@6w(F>xUKy6}C9!;c+g$4(g%Cym)fRb_xYj-?Dtr{X*9ZSx zt+2TmkhLWfc|Zil78 zoNNc3DdbBk-8>vmZc!rd6a49?+21-i3{mReb25I)!8M@kd7Vg2 zw9*)%ey=$JP1PsrM#Dt$&jP=yfBI-(11wS>mspZIW zQTS=QMTdrV+aI-CLbh8Gph&~p(1U>*o6KT(3bTfmP3WTuH$11&gD%GhM46mU;D%=q zi}H^l(OUlK!Z;Qw*sP;4*wa0OKo2(2vCx}s7Umdm@L;W-`q3WhmH0j%8QyvTt|1iV zBH<-c83t;tgTWoFBz1(X4Pm<7@(K1BiOdYw@|-TWUIg^dq(l>wLTuMS;wZO#Kh&hy^|(AMFY^8q{E4%fUJj@C+{!!{QXmFh@2 z<~?u$aUnqMg^fMPdGRe^66G?AVV zvW|ZV;KtTMwwf+vRdUDw0K+`L3b1JTtFOL_aC8K~RDgNL@h=6C@_7@>WQjHF2n*v+ zx{bBxDREh)TDp5%S`~l3b^juDPe)(63`hhNw943HY-yge9zDzSC-`G7Ljsh07R$u< z*?L*To_{%hrD$85D@z8#w7@uE)L<>xP1A<~*@M-RqZe@ifqJP3aiII!j~UrwuqQTj zU&z=78H0_`uPt_q27;F7t+YIqod0vwxB3UcVm&do{~7d=VPOs!`pVn{-S8fP-Qk@A z$Cb?Fl_z}(PuD6z&I0~*)g9DOvEn1trQ@gIFCP-&o%)r?nybjpxs78DnUk@PZu?UN;GJ!kY!U;VlBY z!%qktS2BZ|MxOK~JYP?*l7*yhbv31XtMIkM+XOn{?E>BKlLEWLPYE1XGJ{&lbm>dd z)wRPJvE%m%#4uZh_+(Y)~7?i@u~z*%s@5v5D8GC5|25BhU%&73hZd z3G5C(BXC^F3~D2J(x*I8{-`TndC+#;`u#w&CP#2Uz%ufnTH*QtLIIR8t`1Ls*j;!Hyvr|-D_x7n5zoPg$R z(26Sd*uF>(1Nrer1DBjsbDE<|R#jSx=-!z-uQX!NTo8%AqJolVzKnDt910j>IBm1rCvn1TEw(w zJ7s6hG3drH4m!y555&AYkI@xb_{%s+*W6+#%{;Xh+bXj&*&8W-r<*RgW6)|2;A;T> zL7>l;M%uEOOIFQ)DqYq%%FLosQe3PRujh zu9SI_=wocR-8Cp`j@!uvt3kr#Js=wU2Jr6KH}N}Aa|gRBDf0>XHPcSe zM+B6X)9gR(1jE3XZd3@RwhaXId?*v+JW|^R!g@Z`2!^itF(8XTk`mpx78jN<^hLXQ z9;8k!WBV_|F}201wmIlFJ6in9FxIK$#BF|tu$tSI>&n+5cdj+#)ts)1=b23i7^r!J z!LF3@X@mu*(uM5jY{@XkxX?h(Jc}Q}58D1O5Y21^qPA@&IJXgjc%ca{i1`gx(i#7! zARUa;WJyzrx!N|F;C*rA=1^gwk5X;x*rj%|J_C+*?*bw{>WBG%f<+UsW(4SQf z-slW&w4CK#o1AjGtmAm3W$m?}W04inP(VZPCn4Lw|HG$=HD!kzeYojb~k(*89Ctyfg6qzw5P(AgsJfD z;uTw9(D78l!-1gHAvq!G2}w`L2!uihIUJE=HslZ!gBnpX4yv=Z4HO$}x@XxfmbDG* zhS-$g0%}G~zb&T7{1%yKo5&5?1`F6;bw)&atxyuBG{0AxSCL0ltE!{c!U-M*oi>q5 z7Z$uzY*5nZJ>P>H#s8vhT8M?cgi%?V#C$S|84>&e1o=u^+W#XQPSIy>(%S4^YF@2y zt5`^zL;=yA_5eDWJ9BRY+JWl(;m@&2YV>!$a5%+cYqm6>IeciL_a8+ zrk5HQKlI7^-UZmKbCZFPk;?xWsqRmrI%;B)>Zp$DG$%-;h+z6!94stf%>fz@U6MbUlF_hH~g%PVso(iclg21{3C+@Bs|Np{eQvHn9;lb z8EE}Cp^3?OOULfpqP}2$gzB6N(Raw4W|KfCMES$-hNu{T-62XAa9qjEbX4TX$GRBJ zlcqvv{cJB?{tOU+-gG0|Vn5muwjJy6p^$^imt73eu_}lgVJPLpKr-O^Bh8e@Ag`l9 zmu9fzGcbd^RO2GK*d(wWYn%WH!Rpq&V;Hi>@xDMY5sRDjxdH@0`AHWiNt@2KY~*9!<}lNm$~ z-B(T)#5%K;B6_k5P)wcqY)4)>b&yk5m&Kk3r)=}GSk~`Ea5=#4HEaW$RA*~P>!#vy zOpE<2%OqDvk>%D#>wlM8!(Wcqmwsby+t$Kjw9r(Jiki&Pgjhx{A`%)F(P&tLW!a{z zi$RaR1m#j9^B(+!CzGl^jn32Ql-8MAgXY(QDFzM<#A^tS*%q|~tD^%1rWY|#sWuf) zN+j-MK*`J|NOiTl1GTonlnlXAW;zp`fgdxI!NId&Y_^A!b%t#ma=bCwQ1_Yz!SK6A zj;|?Ddn%G>iN)nHcF(r{1d;vHp@R@4y3V4us|P&sQdVbAdK4Fq(S z(^y5!)e?s1v;MQ4zMGCzr57zwT2tC9xC5mTn2>bD9w8TksP?S3P1ucip_wCm(+By> zx(2%5+WsDGFC4EuiF}&L`P^DAF?sM3u{56@iqQ1)3)X?rWRjj?zky&5OY?ez-&33H z=!2dNT!+II?W88`CD&L%*Ic`msaRiUuA`JTPJ>_a`YYtsZMGiiPV6K!HVF!7MLPDq z%9?q9Y$N)u+a8VAfOUm;I@%e=CDsnmgJaNK<0by06kWcVXFLYAv4b|HsC=el4f1=A zWufjA>S)nkZi*!~wiV0&G_m;wb=$(UOpGk%RKdHM_kM&_=V68=mX^B+RP4-M_5rQe zjHc!HX+;*`z>S6I7rkEe%vPh*HZ1rpIv_;$~8~O8CO-5mrcel@k6tA?(?bBMouo zOr$#_8yEXlsE|Lea-dV&&hzKNiOfky+*Cal0_|^y996bgnlsPBSn0J0p)@Xou*Y6> z-YeLpX~&jHQ>X1LLIngvl#^HM4XTt)8s-MNnj0pPB*mS%*Q7w}CdKUhYf=n?LVGv3 zatm*Q+B~1g+TPPI#*_=kyn+uPI<~<@3T%J}6lBA|w8-B(1-&Y(sf+_Qu$RmQpKnD+ zjInWU?aY|V<3NFnawi+RZ4#S^?evK4jMrz&j(B$r{?Mqnj%>XLj%)B=1{v_vc03F{ zR%ko?i)f~#b;|~t6jW7PRYQP~cVTu8%_EBnJ(0XrOYe z6R;)5n`ZdZJ@e9tvucFkQHRCAyoVVx;;#m$)wbi+aFu&jd!Ev%r9AWE%`vu2( z-j-eTY4LDqj`g~m2s_;cY!S{HjDZA6*qK^zr64i*Y3cL|-l7kR7sFtoA?!>qSTD%c z5t6VovtXSd&w)Ih*+RA!I%`6@bA{ZZFCu6GW?tAqK9*U>JZG31Vx4A@>*Q2c1LTYxaesV zSH4kPc@$SZUZ#`cvi)^PuaNUmvboN-N}s6SHEd_@`twlZ&2GR)G_JpxMA#o;6n{yx zXZL2$(q_*d^!z8rdy)u;8bub@7w_kBkZLdB8zKR*HxZi)=A$w-qlodu^f?c z0tLU->A~00m~i~CJsLJh4DFPQxyo{^4j%%#e7bM${8YMc;k=G?-_i4P>Atmc0>Gdz6=**#@4?aeIob5O9!)98}v;7so&cDTxa;_~v;?dBu5^zD&bI`qgbeOu&~ZZL97rxv+6qK$cSXdb(zrx%)aR5z!rs5!38 zcEy1eI%vWp!iRXWb^ETELL7*K3~;uqGo9TqC&yfp>mL^=evDqS7Qe1JaPet~echT} z&`VV3IyVt=sca=uvE|pi4I))Lfg2SZf8~rVP6f(=KSeWwna#;(?*!&-F2H*gyiWl} zOhmq40s1ofE>>`f0$6+^VYmq{Q*gNg^oT@$NWq5{T%q723O=d;T`4IsUMIL(!8Ho5 zRdAhx>lNIf;A09lD7aC<#}%N@CbOFr+@jzU3T{;xi!DSNkhW}J|8UAF9a3rYvaEwS z|Lyo0%#=o2GikL6KXCS`**11>I2>WEW)=uV9=7Ka(wK)daL&dtAAzWn9oVSD!HX?O zGQ<6TN6to*)~*(ms>9Mu+c=_KzXFkQxLxRB*{K6<0E;-Icr(XWB89f8{wQ6iW*4!I z&){m-xrs1W0ScqA>&S4vGV~8+2ILU0qIsg8E}r6*bwL*l@mEJ_BJd`Fxv+jCHZH`p)1T}Irg#9ff!*wTaRiMubseUP}vhTI1QSlpa5@BOK>+3 zcK~rGCO8_a;C$k)OmMVZ!QI3?mf&c{f|rPMig6mWX~9f*gT)Ds1}-?3xC;{;tzB>@ zabHbvG=0Id#Qi?O(GCVq3Ah3LsIF)fgZ+p*Il<9F1|J~q_5??B8GMttml7OpXE3D) zxHI6r-9^6OV zcM=?peDD%+sp)YVwD`fc@CG|4xQB^5h`3b=?z6;QNZhpvjvYgAKXKnraO@?5KM|Ln z5vL(t25h2h?FO4OpEl79VcXrUwqobw2$&#q3v7;4omIN{CopNavseEacD^=X7cHNz z9~l#1d-Ka+U)C|^Lhu?UudzpftZt_;SIk#Bz4TQMx|r>eM%B)g)1{Go+QU($U)f`1 z;P^Fe`XfGN+8gjq4L%s}lV5xYi*8F#3y*;{-SQDm4U zj^2r{(Lc*xCvd3#D6(p9#}7u@<~G1Cb7zy!QJ>}!mRbIE0OnLjF;=?=#P!{ff$$q( z48*-anEUW!V{@o=(D6S_iYM_CeqAZfxZENs?9_Zf)CHr1`<1u`Z~ND&FYNysA*;*kDvFXXHTdUvb6 zZfU6K_6&6deW)|;`nRACbk&c8Y-?>pftwEZQCLMzI^2gO9*vWT9p(`2#*Orb=$oZO z)dJAM=$-gBBlS)^rr>b`Y(mXr)t!lPCj|Z$aX2UPMdl2*(dc*Nw{aUyaPe(4_Wh_& z){e-Vvt}{7>Z#66gs9Hu5oV`XCm%Q~(~cu}jNR)W&)QSOO{-;!;gODFxv3{-OuZXN z7kl!hF(nRR?F*614+Z-Hh^XtBv*6Uk%Nz#RCtk^^)-hN?YbVx!ocmx!v<>S|a35&R z39KLAf;W$~;1l7g<+*?LUd)s-l_|iT1RO-EuL9%{Uuc|CB@H*j{AU{+fAxQd<4?d* z+pc3RhwM8;_KDR<%bqUR18eO8ZlIkW`KsxX2v?psc@oLAW|E?k@B|FArgwf02k!#) zQvWd<#&@8==#<5_2*KaWi`~)i38EW_k?^}jIMl@{NU%0F2{Wg{FN!%0j_`Y+ld;$e zu#$9|;#_ql|6W{d{N^}va{WKE7P9(FR1@#$nK#b=w;D&!sxE+77iC6~bj+D>@C2(ZzBP#t7N!0Ro{>NU#ZD_P!-`226KH4xITm-V!|kY! zm%<++0UVe85kWr>K8H`yDKlKBdNM5I3zYR&_<{S!bU&r;XXuvt?D#)}yM7krFhAG8 zUnGcMD&jc+^SrvBrknK^95>SaQ~Y2O@J=uo2xg)x`e%!C*M{@thVzz&^9v2bLzDIY$vZ4BZ9!e(UtU zX>xo}?h4hz*b?zU?BzPZ?Z8);86q+2(N z;WNxV;$0OqxoD3#rJ014?OfqI(1tErYEjSQvk3R?8rtXW-88DBez#-JJ=K--c zGls~~#VA2Z9cEa$tTa4>yN%ry3J&pq&M*!M#R0@GVuUz=_+^X`2M{mB2yp=Ms~8~; zAbuSq#DQL6h?o7PZX63;_E49#ma@ZR{~VgJd--w#nO~>go9}AvqS~g_H^@5b70psY_^u*6!fvR6VCOl&^Hy zWA6n;uF_+Vy-yr?HQ*vRoSxAevGj$_UX*BujnfwI2iDD;cNmbV?0M(0F{$m^4m{D` zaTeRGCkwAQCyVArielMClfM{PiBJ-qR=1#^KPA;nhGjuq0l5URQp$$$T%JSSBAu8J z3yHY6^Z`UMm*NNXo`v})@BE`YsDylaF9!@#_@BmqDs}-xw3wK=3 zHCAafWaJVoR!n9PL{)_(w#Vt*dK5&s9D(Hf+C< zZdFmZo>95Kg%PXzK0x_Zq!OhTA(q3o``8DOE>3hgn~JOt{)d>)g_{Y8 z6>1N!i>OeU*Ar6KvSZ5mSL1;N_94?zI(xAEq*x?LG}GoJH>abPUW?APT2UYNOzJ~) zxTI9s4|PatjuvQ13Op(89=j>|COQyAJ}H`>DAw4AAwq3u+hCbIH_QJBenX;c35XPw z$GVQtr+Y>tE+1!^p}CUwl2xjTxo;LOF|u@wuxnL+rs#h(;oD|sBo(30mV7MAzrhr* z<25Q*a$a^y!*nx0QKf_ta8)we!d*}vdqIC{JEm5m_A+)ABIGLDXf2O?=&>U!qV+{+ zq(8H*4d4Si6t&Bm-5r~$d9#{y4SU{P)KzX4NL?zCEGg+N$WZ0A%FQL?sBJ}+FptZD z175aKg*T7wW_w1;azQXX|H(5p z9Fk!JwZXyQmmHH-X5(jP{HV}6*!?R8LOLQTd*xm((dGcIQE;t->j-8!=6ZoT5aOW3 zzk!IoZT7k5V{qI424b-N|3~ynzQo1_iV&~rkxc*I`36UEYHzUUg?Xkbh??3QcznOBKV2?49e+xXk z^2rbkX0V(Du_WXZB#S+_HhXSs_N?XT@sKFa?Fdm`t4F2JxejH>K8kPT6lIR#tp6>x z#e;(>{&65*i;EeIHjF`56PLNmn>^0wD(u6HjB{tAF*7sXNGN$yv^N?u2e>M#*rIrq zg(J7dUN7iJZY_%<#E=2)$t?{}wN)l(L~-r#GoO)P16i6>l;eMr`q&7I|0&7-KY^@m zk0k>->@g`6DTShc2MC;MKFZoJsJd9gSV@y}7|QZ4`gV&Fa8v%>^zWVc+g&bL$aqfg zu8NM`l-UopBr42#i`9`b=#bGYnks_hdIpQY?AcyZl^iCCEJ*#nC@tF>L3v`l#XB;e z0W$ojyt813n*=)HzXZDBzXhhkR|Mih*sJ2`4*wx=T;rJmnZJmStIE0ZA7kNd*psL% zRSuOOT`%kNC96cHsF35j3)$FzVJv9vt1>=F8GkQH+TqIro$wElD8ExtG}sKPDD;_! zqx_~UEVc5oOaWC>)7|Y(V1f%#dmS+v!Ife}G?1fNOd$3Cs-EnSDz0iS&Krtzhk;^q zv!ok2V?MN8qMSYoGMS{pYcWyt#$#Lr}pLKkV4!dd$od}d#`I^E{O z@dY=!V^FXTJW|h5vizC112k`+XZhQXzGdPFbV6648>R%}9+$vzB{N3zMxXg&R1b76 zb|CZCRBo5?mAfy2Bx*(&Tr^oEj9^&~USDpwt=%mhl5+QHclSB+kTOthn_3QGIk?id z9|XP*cDBUC^sFAuSBl)|5-%R_%2(3r&Zl$ww2*%}>R8cR#{I3D;%1Y#d4@u~D*fc8*qjpQop6HCUSG)=*q}>hv*Fj%7 z)vK-Ra!Su<0R{fiBVk542m86mON|8g;jHF2WkCH9gk0e@(5{;6x%|WO) ztu}_bW;tA#n+b+}-7<}$8zKZ_Z2ep#`5l|gc2(M2T{-xwmg=1{5v zoOmDYBY=k>Z*Fy_Efp;ICU`hvzx?k*6f*+q%JeAk`&$XLZG+b_Q20F~W+fc4mz%3? z_828hd)LXfs`{|E`fJQ1gNUMF)CZ~jI+1R*rehd8~a@a0Qj zjp-PghG7yNTge+}TS&{1lsJH}V}v+3w379FgT;O-gYEGaRj+0DO%1c;+|OlzFh^%8 z#7t(Zn&xuWQ;FVFx~e*BWX_D>SHPyUqj)9JTeMT@rs{K$a_Et(Q>-6CPnsTkOmJiL z)K3I@0594BtginMs_{=DVFqE;2&I%N3UMIc+Gk?dll{Su zkVM!iHqj2d1Ug~2!0xa^;J5~x9n@CRXMT)m+PAR(U7@_5BCl47V~1@5ov>YCcbFGA zuE7QcfTc|Fap!~QPUE5PNyx91k8Q1t%O@EJH}uX@XsZ3Ga0>E?;%_Ig#|V55YVj1n zYP^W02o62NsieTOwg6OV7a=Q-IDqJm5#qqA1O{yhyK=6`NF7n+0wHwjSZ|AD-D2!} z>9&oruf#)#IID#t3K<$do&-Y#vcoI6^2;RVq%kb&WE%gyL2GaQ8RU5FRsrOt+)H8| zH}Z&E=M8n?72iatks&N#iGrJvI^ZU+Gr{Yvw40g-XZ1*wBj!bMbKV*ShJrIEqqJ!& zPlOG_+J-2|POv8dJ8#=y#&%r3j!B6W-8Bs+99fI%hm|~x>5oxoGMP1JBY{|G7P&tP zguf?#P=QVd<2v^2U_Ld+^C*su2trCbB}0^PI2PWB++`r@M$pe2&_2DkJY` zSe7>DAPUA}37<<=bwUNKq`2b1DO+bsSrk%5U^wVTEtT+;P8~G3?>K*Nu;LXBANzv1 zh7!;w7d$;sfM;DxW;F<4u$XC%|5!p0401h(2wM@0Hh^P$)Y)WgKP_svy-~ZJA7{!-H^KSaGR%|d(g#Z+9 z1OcOMsR+5EvIMT@fln<HsncAshwe^krntwB6HG!h1C4V z0g7|;NDx7(W#0U|iNL^OL#5YtE^||t4P_LLVv%QLYD)?~4sK+ZMyI;PxzC8*C_+*( zHsXLGDa8nJ0MQd8#1WsZ*8Zv(w=Y>F;EoYSzIejUT!@^*gbEsVRJ@>NIb*zOjcPgn z3~CLxkz%vM0fA1qoj^An6qpLP71$ll7C5ftrmDqDpZNvYlurw04`4g!B`l=}JHlm~ zUji-bDdoL`n*;-cnqXeq41>esMb}&mxlIkc8}k&{eAdYqDC<0t!4C0G4&EnpLOgE- z=!S0+*d4;;z(1~J28+$Cg7leRQ^q9!Z*Ss>vkCInAzsW8o(l!K;Ua;la2J8y;Z6d_ zmE6ox-t;x`=G^0O9RMF3yF~Dy5Tt8%tw;wx`<@Y*caDd zaR33MtW{nddt>G0IC2do#&!^7$xKRdWX^P%m7oANeaGe>kd!E9?xk<&B$J7-V~X zoy513n6$$Yt-Rea`F##~lcRpjYet7s@wg@BRd#@Q5mWq_kz+xqSpN;wzmB;O!>}zK zd)s4#{`DaB7m;pD%xa~9340lvRsetC-j%2nmv|UG)^Njn6_ajwucj9ZTSDw#Gdb|u zNr5ag7VmZxuXkcV!JvZe6&M9OC@3qaD5w$~;{+$7CPruH{FjjNP#8kL96x*=kbia) znVeaeHe9iTHHaE*ReR~<9$LSZ>+W3INnDcwpiy-f%p@3i5%-#SfUB_vd~0v z>Sf^t%)feBhyk;%UKVCRjj5M~8c+%9W#I8|9_PUBQd2@2P?W18eT#?MHK=c~UJ_BCBM-w3mamIM#}<+ZiiLz624!?()q*KB z$?G)U_E$-LSj)#i$InX6ZVnHIVTdF)^m`!Gs5^J8`Yk?yC}{U^FN zs{7A$KO^pN9+SSx9wY4HF%~?ahV^(RQ~xV`LZHD|+;QBJ`4u9TuS->@y83Ql#^o-4 z4y*cj910Fsev9VUq+=bi8+Jx(sOEF_76qmplM;Egm;_-3BGJMpOO^tlt6VZ znmIOkyl_uS)7Xq(Lq2=>}5eYSX-6`^`{Zuo#$fhlN=Q4!Y$^qj7^6!oo#K zngbr^w@Ohs4vN?yQ~usAQ>s_IFTW{3+92T z$lfkyK>AkL7|W=N^$$X15*ymNS}}MWN>W_VYoJuji*h(#g?iIs^&_q$x@U>t12P6X zOni7G?bWdZj$L7SL|w+(mx1;e(gw50hDL0<@jz6a?)I#3{C^_m#J*r-`cb#42TUx3 z8zaFtZ%!SNvVtpV)-A1&m^dyKj7%o4Ik+f3En<(N<1NdE6~>wfyAI^Vv$jL!Jr?re z(9|`s?Cu#P!}C#6){(Xsejdc$<|5UwbhCM$W(KD~5I*Uaq}HT9TXV}CY8JfUQIMD2 z^m!!5mut3`i#CnM??g;uY?zHsH)R)GgU5iqdI>+;_OtcfSIFOP zFsT$4{vKI_sgf?MGqZVcbtIBGDWMu}T1lBT3StNc+$ev_p4bmrVb1gcuyFQSHJkvvp;3rc-#uuqlB_9akNTSa<@hDY#TfZy`V;E05B80{fZC2|!v<@2B!_8*PZul5E7}~d1Xj#xA>HURCDo1{k1Yt z`s5zBp*)zI%I3Lv91(H4Ub+3EVr6kgCpoS|Qf8mt`Sb3-+;wj#+=n~O9Uougls7zZi>_gfUfk^6x* z4wm5C6-cPK$t{E4A+9~a@dH#CJ}hmfvoWGr*-V5(KsboQv?MP*as3i;2mH;fbomOb z9oc%?9kT*FL(E*^MP(tRmSk;-dP(s;BkKg}1?N<-W#qZiK2@h`Z8^q}2AC>o2Pf^N zFNtTc9fj$mbOC&tlnu`gC z^vJj8&>$D0TI2IJPH+pcT_~Dpg$IfcZC%#j!h^^hPrfVO6+c=ymf}4b*WmF) zIHhY1$q0oxnKq^9%cD5IM9LbcZ;m{E;^-T?w0fNTky{+@V+|n}3BrXQibg0hVYQ8& z1^tq)EJy?>_m9$*ym^fhX=u`B!JzM27HP!zLf;9uhjr{ zd_kcavtmz$%;*|r@5FL?nWr}+b=r5w$52IHF~`8B|5F%k&h7B}KMFWBL;XWtl`gLz zlU-{F6qw9fqdhyK(G-PGKlos03wGo#SdCiIS%Y{bwHfZ3ixCNx*vI5d_S2@IG~+1Jw%K=VCTHJqZ_jzXLn&{%n2I=aLv`N1=Cd%m zB8hq&?Qx=|SgV+>c@YbqXp&eo_iEE@^P46wjzVneUW48&UH0^R)KthK58vt-%CS1Z zNBS|@KZyCj0!C}In1EQTC7u78#29x=-wMW=vNuyWqk|}bcWrub0Lsbh$BCzNn{G07 zAZ%?~zLG@y=I{+op6!7Allem61DXZyq`*H!^A#KK@GUN$cS5}1PLc=lu8rbBF0bB& zcw6T2cTI8PJUZ5S;CU)}21nI60#se%Lx&R$Z?%MxhUo^^YFk?GJIaM540m~RE{as0 zk4?&mDszh52~{dS^H^l$Le`W3O%HxF2v3{JwM`tV!pbsBm~V48)|xlNV9A&mEGXlg zs;nSK-apZcH6`)-f2MEm=#J$*sELLb(Y0^66#3e!!Oo0l zuuUT-jq=FayEtIuD2yP)0R$xxggAhpOo9*x5EMud;sD~v7$FWFzb!)kPLq1X7H0S5 zF3z;zNY4=(d}&&u;t6*|!t)6HHVbTm zW9<&!zVOCwlZW>X3?bjR!Nc2l@4$-QJMhYK)+UWJIlqD;{vI1GvmE5K7~n&G+X9{r zevyz^Yh{W!;AW;n6m%P8U*8`;EMM2!1N3Kr-YNEczJV{=a5;v@5=)oFlZ zur4Z`u4r>>UN&=7TP2mvoNy!#4hcGYy|&eU@C(TAwW4Q^EUw0&2dX}Xss=okkOxWX z+jF!vlE{V*M*iZpk(<%P3<{&-Rx7ToEy<8K62m=YD!|47jAaS0& z55VuoPd*)-0g~t|t_AfqHtzCXU&R=t)SAJl!z*TFWRY`gY0<(|J9z>1TyWvZJbxQd z^X<~}1u@O_w-rRMd|E}{J~f9UV{J}t?u_{5)AwoYG$V421#hQM1^wp?rD_Nna~y1Bw^KNQyKD=4m{Oi<8vD@ zG`SvK=EI|JMpxlVZ42IqXm~`DD_cA?(6_@7Ua{^o!yr0bi7JN!arp3IxOkv!N~3d@ z*zjqjR3X)O_z<4&>@$d(>f2$shu?2O`_2vWK~Hh;(n4isgJm{xCbV*|Ax>cNDs)Nd zz8xYq@%kX&%7(aBzAgUFhz=_*$7!FFq-ur7X+=AppesB^g=J*jr>2RqeaBK%r+LGpGQqCx`FL*w&KQPZtk$*kdG?>v^Tt zjor_oi zV3f(T4fOGD2u2w^gZ&xEdv>BH*m}I2CVF!B#}*05hIR|S1bz3$pY>ffM@)bQ${8v) zXT?r)_g9RWkC@S2T~$u3s^aR9Tv4}%3C7-p-K32W|M%pPy)IScb#tNBlZ6Xh-^6RU6G*Q*45x?pNq05p()&Uom5x@nUnqE)$oZ3w zbkowJ+)s9Szd`42o4T)p3hihuvES^8yvhn;f{9lbWql@EO;n1>ONzJ|qU$v6$kYV# z2=hhWm=_QPAA&L@16Yfcl}pd;wbjJ(8k~}K&DL~gj+gGn(VcRpI7em3$cm=fJBcl) z^D$4IB>6THzs+Wc+*tU`7U$1!aSlk=PL)R3NtP;eW6^d)$+Fuo&M$x*>)UpmTBX%h zq9!%zn!R}oXz=I(2GO#u)0Awf{HSft!LvS2a254{GtLz}&4&STyrXtH`ag^VeS%bY z27ALupIjF@mvzQ5AvyTijQ0Eu7-7-ek4cO%M!<6D7}@wsFl)kjdqL{A=o@$$7@993 zHtz5>i-br#brnd;9Irowbl0&QHNg)eivJU)YLAh~e+yEJC2#ZyFEC_kkSs7WyY|Fv|WreJo_p)h!86xB=+eF{$!^hX|1>>}c zTggi*X<16c>&c=3%H#Rmw~zCaT}@jxc({>;jjxoLSch_>F$Qc#iszp>x5wCpA)I%e584`zjEFya zBEegO0qb=68lGNnDM#V@tc@p1*H?cuJbGC{=VoZ+TS=ojE8&`R)8*j*55)Y(NZ}eV<49KEAyIU!K%k-K)-k2>Q2j8Z58Rp1B^-+{jA9cwE;y|MlWI>py{N!R7Hb9vz`ao_Na( z!&wo-bQ4?XNWbIs?*A5Fcm1tNg6L)Gkpx>M!M@f>DP|_8>sogrKNtMpO*ggvwnQM@ zOs7W#YU^;Zor&(#TnlX$aHaJ+K-m0LT3sphq3ZGq>8!diDJuYvFEHK!;=ZXPS`^Z^ zV@=h1&;OF_?e6;9lU(7WLi9+k@F5Jz6t)#5Td62p5IV{hgpaa?PjN=s%4ntv8O>JL z2s*q*MMJ(gcKH(^jzqq89evHZ_L_C#HOuC8^4FeP|H&ll_^um0n)N8-_*$D}9rHOU zQDivEIx-w(JyXa=S6U>U^B}?KlJ}_9eEuc zwWrtLk*E)YW_nb8k@E0OKv7>NQXiBSsSiqv)R!ydBlYD`t6Z&uAVhtV+6YQ0PMjcx zArU8O8Io63_eXZ+NA|>7=rH>4K4<6aM*83R=t~!jtZ)>i9#=doQVp`v6&Ou8Lc4OL zug!c6c1q%}6#TAteEJdK3yPof(hs&@S-uDten{rb6folUwW=f4*P#w9!8?55%_WcQl4cnlK!8Uz;K%ML|pz1m=29Q!j^3De2|R&5(lI zl{$->?$&TxuqnKf!=bYg^qLr)DJ|ROy{LN^q0Tv&Sd3w4#hvEh#U7E3X1g_A+G!RLB9$U~c4`AcnD-L6W)!7WUx^>SPvfHO#~6=; zSNa|OCWnpVR(#J&^?{W^>;1GLW8_%ncjR$mHrfUsrdL)Fp?~j8l|Yc{ z9?oPWolfAphjWp~tspW#Wtc&W&W@UQkbAn=sShT(o%v!Xz5#%S-Fj7L8|-IW^LaCH z&Q#h9t%%=RXf5QiWAej-n;peRkH8C`JIY{J4ve#!qsqPoJQ3E6SU?XxB*6S)+8-?f ztM2p+3QSIERF7j04r4JnIy?-XBW+pD!{T3V!V$kJ`FJe(( z^LAg1JUNoRSp8#{MDS8VUT_r$$JCvuB@W9h;ESS|qHtG_Cs4STCpgDE4Av4$*fF~B z!*i?kBak8eDEBhGCGP0t=mAFATR(|CP_qZi^2KSKD0Orqp)(otS&|)Sk9`1g;j-GE z$dZ2)Sn57f1+uM|`Xu2H?r4P7IwN}Jl#>WvG_44LpJ2ah&_8DjRPArgVH0U;9ex_cxr=P_7k;rDX6Mt%h=!A8F z-Qnp1$2HjO1GZQjr_bPoJLjWC$Nvrr&cGnDkYnChElqgiz>e^Kr$8q>TVQvHr9t4w zHJELRyy;Wk!V4){A86t=CUNX=T%Z$%0^M*zV0XAy;JA{RWy+Jjgl9_5Ll;=@u?ehu z^PW6og)@$iCs|pIoXIp-gWRSd=5YjaVV^z8<9U*<9llGT6P_>74c{X$6=F35c|~Dh zwF8dsaGk($jmM1>W}ZG3lfiT4J!v7oLTyw-diJcAzUKfn*Hlw*FH z_)sS4##jjQ0nb}{9i#{!`wJ_ROB0(%vUPX`!uO>iwUjxXl zf}w;ACS*9Fgdb)H%V-7;0AIUQ>Z(6QQ72NPId${S5qu0e-Ng2X)us(z2+Z$q=E9@EXIZuSue)ZgH>E`jFIH@obKiY95)gR2b~PlO8D(oSE7(UX_>r&nAuRS+eYgw@NoHqLT>cFai*30oMjIaA!|< z*(4p>z7K2JUyC*pj)91_Z(Ja3ioou0Lg2Utn*$?T0;IVS(Nt#EBN$NH0pW!M8NzFw zKqov;pc}qRV0U=Fz;Pur2Pseb5}vMn+h{ZUXrl zNHRjw5t5Ej=x%OmS^8B$yhSk!WA*4MpHj)`s(+Xn=uq7_T)oNa-gIc<6H+8VNFYshI4($ceD8of6{PHjd`kC6S%$QcoGZZmRbgj~{uT*pjF zhNA41MkQnGs2P-%4yc#ea<;OTfqj|6BEd;i*)N>91!VYA7jf8K>@u&yJg()=F3GBC zJkDuhBv)Qq{|Nm4NAa_cQJ`RsIs2g_X-{%KfnQ9Sf|sSDp1*z>c!i%J^^jfSL8De- zg+>;+b!Za>wlxLP-8}AL`@2%x$dwQwyb3?GD_0A2!fOP&;k5!&;dKJL!|Mf(D>=WB z!uCg>`51n5d^r=mm#|(=77Kem*zd}D21^Ce7+dWCb{5%IMUESVza4&DpcCFC&<$@E zmgJUFYy(c!~Ug<;a@Iir2c%MKw{EWa< zh)Io(k?t2qcX*G$agArt04WfCYDD63*fmXQd|sm1;g$O5{?;iHVLbDD=WDh-o~m3^F=SA_~qQiPa(&3ki+&r1wPSx+`Qh1b8dK8 zVI>?Wfi7^h{X0QX?Ukdu>ha87K(#&#Wm$t8ExF*B#{+nG1FJJ+r8Cb#nwm-bNDXu8 z;24ZcBs>UWmlDR2KFySt;u*rZaU9zxF6-YDvu;H7vRCo+Yi=+)yG26(Ui{2|B${~R zkddC*DqE%9EeHK{3)g~rAvSF!zC=0&j|O>HnQr8BgMLU9%LOkqH4D0TQ zN{68=B?c2RoKV6!mA{jS-if;u+^yi#3hq&GuY&ss5LIIEE+6Nv{0rU-QR~x@-*sdY zT$*^vF1Rl7l5KED;wAgwfyB#Xf=3dsBq#O}4a>TLI+I=R6fXnG_TSXVl5e*}4hiFn zIW6WijP%hrONHA570#R*{XeK~SZxl(X`8o4 z+8<-u4I&H}Wk0;&$%kKYb5XvnjozSGevkb`Ys}1UY4l0w#UHU{x4_|PX4@~-lK4DNW0(P=#0XsS%%3LL17%C<|(HuCMJeYUBQ z>Swk&8!$SUfy#)38Q(_r;mLyvRxsZI5I!IUk6B**Jfs;u$PzDueaXCuJn;6ATNJ11 z$8?i@nPbgHUT#EQcu0fsBMsgFY0XjSjcsIoN5%%-8>QbVp+^NpJgmon|EBIQbJWI{ z@jX39(*z#YBt+vBo3v|L41iImi0#o6y1a^nN5IC;n<_KgRHl04T>5x;$$Tv6f z#KR@F5n=T6>JJidPlB0Lbqwx5(zRYmlW={|s!Ve0%O`nv^<>`r1&U<24HbZCdK3UtCv0=vV1 z3mn&AbF}J~KGp3dw%G$b2h5)G`)~Yeh9(}O1P?Ri9|hhpYWrv5mRHHEUj1{#%kMzZ z|2#Yc<{(7%zW}Fg_J=dBXEn%q8|2)aM@t#GybOeRYhw-iVqRKIr#=6R_ik~R>y$JTd27kVSbDUp?1J40}10dtWbYr;VS5c2^ zzi3`5v!gS{BUXQO#uPKU&!L?R;RTL`WcVne+U8sM#ag@nZ9vDBjXM7^;+6(yqa1@@ zurlF94xZbpFG93+_C)^WfH|UH=iU1X(b-UG-~`*ap{&zONt;ALYU?GI6BKaylN6e^L7F zNUC)(SlSSP3BHC{y1W;hlo0b>C1sDX>?0z1_+^4p_$8)^Wgq6pe;1@e-((I2#H+UW z<)bt5{#chejDaHCbjXG6X6R-GaQMJa8e0*sf{>rU$-?rXe)s;}bC{#1{IMrdk1Ib~8islJ8mOF|qu|LoGXHp_q!cmco zdeb%ZyO35qFUY!T?{fm3FfXt>%m^IUU~{b6BKjgbKOOD)Gm!i4{}1F|BXVp0zK4u7 z<$EM=z7I^={{en+3rd5`k%)n#w3}L5>^SBr3ky@k7LY1{H~8b{j8Z&H04Y zhOCHwIB)v2>gNhn>~M~9m{Ul57NZv#}Ns3`8w8ij2v;zcv8*b>q~gFB#%0TFVnJ0Jp}|#9${zU zX}HW!@S`EESkKRxqp0glb_5r-q>V_V(KZf@7(LsFj{`|3Ky2Z_2(D9VijK8a#@Cp1 zy>85&rkD7jSWOFdyZLGsSStgDXPtMiy_&{*n@W4-(+4;A4pdNj;ry%|BGr zAF96q(sis2v_>?kj-iz`$Fa(w&ZXpSWVBCwfAkdK22%bR1paCGJ@auecl=+0$AIt0 z2v-nY<|H7{_52#4-q?%s`y2UvNq+wezjY4KAQ#^|IR$!PI;r5DJEEGN2w9>e@mY#D zmS*aWr0I?QmMQPdl$k&Dd6F)MeQ#J|%DZb6&uNm^c_S>E1pp87!hW80Kl0A;GG_MZ z>iH`=4z8p&PJ%WfB=sCT7$ZBZSrPtJ;N@$|@l#e~s2C$noc!M*-!Xz*6v4+fb78TO zsxZQ28mGAZUjWEdCoP{E6=&l_Kx=c-jNw0xpEhrd+|12P;$<*zlEJJ(Mo>dfMi|zL z&1yg;_x}LOPUKwTu8-rU{b#@u-v4Q;K8wUT$t`w$`@@a@dw zMA(UJpq+4>L`SYv{|SOS@ew=ov^WZQU|HqFd&^B)V!yJ(*%5F6+(}F=(rvAm4 zwkMHRDzH=~tlD^;nPO+wsV;10f>md)I>VgJiJR7UA(wny0VH+GZ-IAaN}WiZlH#Cd zL>eGK#&%7*>ufKy`==wIHl@%mW^AByikOZl62o}xCd`=`+$kzW1fW;L*Q6bjw zsD~HuQ-2%F|GS6@JH@+ur=iV0fVS#1$&3{auln}QG16z`DxCAM&&a2x&#;H5rKP{9 zf(0|BKFJ3trT2JDZFi&hNNl&Uc0N*VH^*SxK$Zs~3)TfoSQW%s%z#l{GZy|MEwy_P% zGI$A@?d$5AcoYF${$G*N96odZH$Z&G591{`_yP|Wr})dqfO5iw@16K^tHw3&M1t^5 zFx_|IOXpx!o6-nAi+C(Jm~lEFOS~5HFl0h`-bS81C}!IBX#$Yw1%|-!w*a$ z^kA2+&fNf%tjcUgax%_?$rW8)vKgwsAFS62<3Vmc{fsX>AjQiOU*|SIMOvRjT0vna z)Zi0Pyyk|$|V8h5PDMsV^(!?T|M3ZmggB-+Ij2nnBMAwv$%&xTtp>kA^!MvVKb zd_pRC7UECW3tm}!rW~@IYIWth@_ox&aUhth*txcB_t1WJF)L36@XG>b6R@40T(p-f z@h>8&sa63`W6IkCh=3EA9*(yZyeJyZMPs`}FOb=N?+`M4;Q()G#wp}@S~Hg|xN}l= zXR5L+NicNAoIDuTCxCt&7fd0oy+-kox@RDG07|jN*hO2GBe_WI3n^ z$fYHZXckhLdJ8a}8BCoEIOUCX=bUc?gD1CmR9^fJ{Dll3(#riG*3JY@j;h-KHB~*m zP0vhvdZuTxk+38d(=&l2ER(RvE(8z(SptF!3KG^SS$)ieqE36r={DbG(L8Dk;ZB}SQNk=%+k>rZg| zG>10_cG;~lzkZ)QQ}7QEfSqUphFuzV!-d_GWyt)}=*h~r%J3-TTm_4-w`NAl?)~72 zoprCMj$Y@k)ZLyXcF2^sZCg>9V;`;V-vsV=yGv{uIb#&XwhIPZ`Vl;-92)t*BS^fssc@zOO3u!4fn z?m8A;wgwYDKvSC_#7gx0HiG+Bv222992+S5t(s&qR?8x=`)h)dp}!Ph#Xx{;{ta;S zrtQA~L`9?>&(mC~3soOk4d05(t%Yox6(;FNhb@fdv0JbBTuKjXOkTf5_S2sRt%D3^ zTI&pUx7HdQYK1B->ojb&&`k1&^`>j4zwgQ`z{5@h0Yw zsc)M@quMj+!Y&0ao^XDCRFdCB`z$LnZ3`zCV!PL*pe zqa50Y#wX8A!3XeX9!4?gY3)In-YFi9X@|*1J>(n*oSPyW-bMK7CEW6v(1`tcRwnJw z-B58Fu|F$+DSwK8_+cpBN0aDv9ik#R;Fb6HRx*c3n~3{(ZzXep&V7lu@ z3JNW|N_#54;K~Dwi^bNFmd}3cD1$-k(FQZEV+?k;SUI7bP%Mu&$50D<2*jj|7h=k* z!ssh`OUBpRb>0`Hv*sU=J}RM#u~@5^u)X?J`(&QdQ`pB(k*D}-C{@^Erh1lhIR!-h z1aR%lG0+|s?ZzT-Erm`|!gSis+&Ih2oL=34V>)}E=JCsfUA03#e#lE%#nqZdR`x|d zrO%kIaK|vUhVqHgo~;; zXDdSd3~F2MSaBw2r%9!AQ+@cOKzHj;0Np=$Ck1bewFMSt@4z`K$LHmEP3(t3PwON< z*E;D-0ov=ft}XhKD|=?spG1Dhrf2oZ+M<&UW?GvJcDGJ3$XhH1CtdI`az##Gt}S{_ z{lde&E4R~1WZe0t?SI2LQf&mbV(i+Zuc4POlXf_aGK$#^Z{s@~jqss$5!=1rlZ_Vh zJ+hulht%ZQO#s}UUVjIccKB(UrSYrg@yUg(>d}fVAuea{S;3hR`K9nyupqVdv%Gq^ z7|zjMJdcl~n;Dad5I61C4d_0&HDosT!EN`O%B`^>6FyoB2W*oKzo2~49X;p9{ynCV zXc_)sUr~PxJT;c{wL?m)f0R$_r5pPQC++D8MrA$ch$znyJCf|tBI~$V=TiuEN5kRQ zl$Kkimov_7*VdeYj=z%1?+Yv+{nir<2CWMXW?B~;>~39TaHzG};G_#4Ug`2%U+q5G zl_duE>ff<*imfv(j^AQA$jTC{J-|%s9E07hvkVTk9%pdU1rM)swDslQO0qWpiSSK% zDcc)OE4^d7JbMMKSlhqb+I7l=uB$E5d`lD7IMv&VpgY!zG3`h-FzWu zMv#TH_rfuY9&Rpsk$2ch-Uvy0U-rW;bQtem9NRAw)W1j8bno0mcH0YT^~ni}%plR- z7DmFIx?iLI!pG&teDv+hrieKk?m=*VmdmHHxFS#*?GG; zoEr4M0e#-v#3yx!k3-lI{Mna3Ie80Sb%i@8pmo~u-P2(iu8y>`DY>@Jr&}A@H=*Uu z`tOFPAX-VL%_5cXG`zAyN3z|u8`<`qOD4|Cv~0fJVfoF4=>*Y!5K7-m6}RD%E71}6 zW1Y*0swFM^p`7ihn$JE8L&YooNg2Jp=*J9z)woR={b~?@6Hf45z>gKoLEty}r z%<6^TVp`ei4|Bs-f0#H0a=Vzpq1L4aCtdKc?&^=e+I2JIeGl5-hIU|g@#wObm17ts zn-?F}i&G=v&BN>wp`iVWMp&1h*Lya!@5r>nZ5UZUr7GA}%Mly0vk@yY9KVeAM`h#r ze6Dc-j-Gt93ea0{&xx$e*{8epxRPtE#&1}Wt1;2{sLIfTk%!WTBP70$tesY>0kzIQm@xP<88QxFBp$q$}8ZhtgyK(-?hw)#l zYy8~zifh(phKsdc_fo7I_1~QxyVy+t-1u`Uq&7&di0}1lN6!~x%(vda6hUtxo-p{n zS6_v&nqe-6qxz}wldrOS(%w$yIcW|5{ZTqOSJ!oW+J3iq0qcD1=L~G#_AQeCu68L; z+P7rCAJ5aOBJgb24^YGot1Q+w9*k^dlRfUwJl@OJp2U&Pw(j=+ZapBJZDB_zJ>G9R znIh*b`{ujQP3qK@R#!L^XOJ^-1~V=80$828%HU9o1q;3>UGR{dP%^3Y)vi-+JWIW5 z_jlVZPSCo>V5Y^G6dFUVmcdEq9X{L9(wFPsj^+uQF;r~>Qp{j>M`gl4NTQ92OIHdP zM?cQ}<&BXBVHNbPjYR8Ob)ii=@`pOMp5JNc4Xj0%*iZUZQd1JxK7Yo)r zDf7P0aeDW_$J{+tp4&^saqO~}uva4eQ+s#8&yyXXb0qd;PeBA53 z;G?*=SuekXeVLj4Nygi8#=x;*1KD@5$s{xSc6w-yR3qL;MET~_N|UYr1h!U^2_KdM zpF%!#+bUo`=GA(F4~IiCWLaHdZo#c3`tz+N+PFcs%e~0xM~4tKI+UMcZ9_IX3fns^6T$0Do9owKgqBEEGwE%*4Knz|CssN7a>2>`C8`JPhFPGuW~HDeovc9in!f^ zuQ|jQ!TWvUy{~&@O|GwdjEjA=@3EiU>&xhxAKn(#_3qleY?gNRNv%aHVNC_$l^s9K zkWJf}|IFAR!|ksx)|YQY(MJ-|X6CrI_lYi^3$Iy>5-+3%ecj!SKQdNrF(+$XGvxK6JaPMX`H)9+dQm&Ta7F%hhv*5;@EPxnQUyRI};sc0vMiS{TAh{ z8ML~?KP!P-6J%!fAXg&%1)MQp(l{B9hLna09p=KnDe6qrKZN20c_$Qi@dp-g?o`(^#%=Ml5jIOUd=4dbG>sp0sB}7mjG7c|&Gs#-h02!ECE=iI z(vt0EeeL7#FnDhLaI&cWBIVQNG-qKY9yiK9eIESmk}h52l4(_lN~P6k^oZR%8Wk=W`KG88~j;q)M8-lfj!mDXstfXTRb}r?N_YNN6 zt$U`cXS8}sn)WlN_mlN*FZryv<93_-ThUsM_0pIicjh_5$3ZvC*Wk}jvWQX9g3j-q){S}IZl$VFprT# ze0A~akLTSlzM_*sGVh~HuI;Ro^ZSwc{TEG%{A?$%#iQBsSQ#sG_G?od@l-_=P5J%A z`JEQ~oi0C~RCui5K(N|(KhN^Vhjr(7ajaXHaTn` zlRa&IZ(;mmoNV**W$2GzIq^~`WrMd;IG0ws?Xu@wRHxVk(OFQAo`rKKR-Avk3sKvW zk1jOtv*mrByvc;6iTA06XwtkNFYm|C_8#Nn=j+V>9QkjTKRRkhFL6nyUG`hfao8e{AHt0=Qe8yA3O{xG}{xDzgy&itVMFHr>nE{)-`7%q?DJ~3P&sCI&B zYwwqm*EaRbvgK{Z`w4QUcgdqEAaF@@nZsUiVCkyn03>Po46;=R=>7 zoO>(8567WKrNhL;q1(xeW0!Fkeu9<5VbAo#gA%M94ts@(Qo3#H*Smx2i66o1Do`|F9BDC>Oi19taiCJR${P*xLjx@!yFaI30+Bf9J~7TtKEv5}E4z9^qZNEWV)HCA#x(*uLB!?^2GxMzXPk=SGyT@z)Z^ zO#HPp=Nxv0^=SQxkWTKt-W}-~6rnHi(u5es3~paX5e<*P2Rmk2YhM*u*7+|15!7Eo zLg6H8W1xbCS!=DtTh+B8V<=L7E~zdeU9*BWLVI zfgpOSd`=3&6*Bm*!%z)R6q)_7-cFT6jt@An+h#}K$-Y6J6mB`r*^@7$JTCRg8;@HBo#uKug`$Cf6D}0~W{$AJRc@y8_hfCcykzl^icqV|ce|U=fJXfEM z%cKAn)eIXwU0;3dHSCKp+KQEaE_v&BS#Qy!EnxAq@yoqarE=d`j?WrOxQ{#K3XQ9b z=oO0F!v)c^6}c=?!U2-estI9^g(`nNw2@plxT z!J=P(BS|p@b`|_>U>wY2o8dmBS;{Y2Q^+q{bNa-`4OtDjsHmu83VD17*hV+=dt}!4 z;u+tK^$1t2wFbB?Z)UvNbY{jI=vp!>{LFM34XL$j>5M>zY^aMaa$WN~kgxGkBrD6&R@Br6)780og0lDYt6g4;=f_aj zSE=m_|D=`*zD~>|25pkJiT}6p-_5_u!$$s(uD+eYF)33e#dtDupzRyE%)Dew&R2OcP z_0422pJG$xLtK_>ODQ`qupG&9U7xkZZ&O%J`r>8%$9-_h?Zch^gMp&U;}skubm?nv z(PgChKqt*&c4S>9yLfH70QYlJDqVZ}d7(G`O`5TRI7J z@4&2o73Ymlro0Ajh{K+@jd$4RJE2m^m-8DhqbHyEHb2%gQZ63{LoR9SI3tD|oDbBv z2hTGB6Q5CNb)5@@F4!;#&$ASod|Drz zPVfV0)C`2ZNRUe@CE?Xdu!jVDqHRi02B-k@IL6&qqvq1JD!JLgRqoxup z)y^rGqDh=7rT>3WIYdoIw~;9&ST4?JHjauTq z&xK)UzsyjumgbL0vzIh`=cHL%R)3HVBCwrSf!k?yHVugD#e?W+Q0d8S_%xh3%GRIE z=EiyDY%~~cZ>ugBX{=(1oDJ$K{R91OaJ3|fq9K=|uOZruxEfZ>KxiBg6Vq^T9%60u zEMk$$d=NcF1X#^0Ru-diTl@GD~o;!Jrbtrul%>feWCx9PbTiZVE?s29OjtJ z#%&pMt9{=}X{L)P2OF+~La_D!NRBz~+XaiY=LK6eNE1S^rxpcU_vbA;Ap}dcOM|Tp zMGPU>Tf4};>}eA^n*(=?MlrBkH0UKC7i?uNX{nmV@zaB?45F55FYre6=uLb@GDMe1 zXtqHgf{wI=sB9ng^U)52h3Hy?v{v+IcyLDOPzz~oHA^s-4|%S8&AWUk`1F)(31V5G zkB;`^M|18*`+2kygPc7+S3+Cv#m&>tiJxkod@B~C z^*8lW0c^b{zAtA^?~BIRla3_f%R~Fyg*|9 z8f$?Qlz$<Akd~4H65W4L8RGJf;3*@pxzWSI_m|mbL!00Kd9trC3JS_5MxB|Xjwpg!f&XC zkZm_Nh>pwm)5sIDu-srtgM~bqWhYST^Nr{6%^gtIo#djI62lhlve7H>uqRo1rv`cd zEf=?lyaeZ5g;7^$s@}@O+`0y9&ECdioLgm$q`kkY9O#MKlSnNW?zGf96DsWF$+jtW z-j-YB_3h*69A|cZV<&v=u;B>1Ei;Xs$QNg-O*5RUX;HHx)7VbVTcG1QS>8G-R#*a$ zc8W_%ip?wB%2}#oz$ejy`rXnz_O=T0^Oez$j>#A#qwC63*-^^q1|Q03Luy)C8LbaD zi>{1TMF2LH42$2xH@=&eXBAgFYL?=*SQeX#=*VK9xB4Tk<7V*oWATRNFWz1#-j0oV zGf2uZDyxxZ;L}A+L{cT(M*O$(XzU3yi2qK+89Rvhi$$E}XDe_9kx|q4W?o6~>-mu2 zhSUtX1lLCpX@XzL-xv$7WTb!-V|Y>wA0wzS$N*(X?I#)Bnd`RU!UYt61!tC9p_%12 zB7|4FdpuC{*}gTYY{yd*>gJrseQShibwH~*cC*t}KU7QX&~h1?>1Lz178ZX+-zrEelAp`PNXIwCIB@Fl2fbalTMxIpU?SNq-9jK{#!$v30vAK$mmSs6x+ zV$a6Ej;=Xvr~GJr^@0Ih>S|ThU${8beKiF(AI{j*`@3Z6$+23ezOFOF%?4Me9bWr# z`lvn1(QD6-$2!%w=ogd8Z7nw%{XwAR*$kP+{KcaqdOxmpvdgtoT&`^rU~S?wgWauD zfhrOTC8%J63MZKOE4<5_M`1ht!}9tKsH?ZIfh7a4;7p!U!Azdw#On=5k?69?%)-_! za=zTKD5PuS4d#5hoK$h*vy|2~eobL3o0Gc6n}w~b1)p2kx>&GLFcWP&Dr_bBuJJ1h zW`B)eR@lmHRM+?=1vAjbpI9)b;oscl+bs$G#C50=%s zmX>NyUR+`-9cK5~##6Vpnb&UbH{r2(&C>d<7EE6|vEsT?!IDr*2=%)?h8iK%(Z{I3&Pxk* zs!l!{_@L#}ZKUXjVy`FX^wFO)eW=iCeq(eu;j|YwBfKjY{)jfTihnbZk7~zg@e0+#M!K1H(k!NeZ!lfeQt{LAjF2NRi`uaV)b~U zscSr2zX?4vGiG^9!7YwX*Ix&!v+$xcZ8=9lcyKh8DZC8qhqr>>`3b81ZEoF$I`w$f zr7eDwy{X)7;x~?G*}kO@hoW)wn`iTB9k*??A8LFGGOqq5x(@31>_4ng+)R50YwLX$Y3UXzu*P+hX@wb4>*>{Hrd=wo^3<-vL}uO{?p3O zdk7q@g-I^h3&Ia7Y9J#+CQZ&v8tldQf~JwmhKt$snYJ_3PC2`EmB%sKBA;#Bcv|!) z&q7wc=*A_ObLg5Pve8YberjpQcwu9R#dM9=Oh?j-*0qiX zvNO)@ou{(A0+HPA`TnkK_(}=*Dt`QIHSuKfr^tOkZv}L=#>et=H^;%reL#WTYuyEH zd#6-3VK&5MX2)OS6Q(nbwW=gvuzc3)o4S2QQMz~81))B=`vZ+mxI7M%A{N!awS!yu zbp+J1*4diGyEJ8^!m7k4C(OV2a9dXskOWrBdR&vtoKyf0>)J5tKFc@D^Y$`Zs=8 zallo`0v9KVabrWvsP?#9F-5e}oge59!eh{!Q>nd1RrH-oc{5omy^s|*wTvU{`#GHR zNlFWMb?mx@te_E8X5p^}HO|g=;|%){%+adyf|Zm+pnn5c<9MxzaB0WX`7VP379!pR z$K$0=0#irE)Z=&OiU}dVsr;TvXAxV`O##%gH$&(?4pzIi;OXA4&Xh~#$JH?wR#+=w zwc02D)T_RQ2#wqLQJbCdj%b%Lmq$aEQwxgruEWPdk~~?e zP)2!{bgwhd#tMaaVyzn6XCP#sm1@Pp*rM9fAa~yI=m34qTcyEZe^Rr*^Vp9clQIH? ziZk1VL`S~eZ;RonHZS}FX^->ztV--%n#;5O2H}@LH>|H?`*r;<)IZXCH7!jdAA>Ki zuov=eo+F=|Ni5h*Voz;;`6@x~@lHN1$c+Zo$EV~H0elm=EJRzb#j#vpPRpejbLFz~ z!syXsjk8@|7Rsj!=E&iuHw(85E+ofbkUPi8L79{sTh2)dqL_Fmf>@9we^@=V{P}8H z4nrm2>*RQwmACy=*v?IfA|ixHM6poqJYmt( zWchkp7R6XV77ce;A>E@a=OW9Sp$Sk+NZrwJiamvM3RSK!R;rb9)EKwaJ2+Z@!f}*o zEB5v0;B?j<&8zOuv+m2*gsqIItg}MBM}AaB#EANdc!Il}vEiN;l`?K%F#^if9HjsI-?cQi`KD%;cyLE7pR#_EJ2tT)s!1=GH$ABh|hLE|lNYzq4F^zuoe?dR8j0 z6%pSguPsD7uOA!Nzi*}US}_*LYX+en>)U&hV}m-rIoZ7>7Dce9wz{xY1LyHaxpFYR zVs_JcaAEAQ+EGF7T7^eEms_(tPw@#8 zri<^Ubs;(n=;D>+H#-sbq>Hhqkr^}lPfC<2LU5k)-N#er>OZfQzboVaVP$-JNSIVP z*Jm6m$zKcEmZ=)c^!>CJ zbC9o!L%wd`ZN6IIwhmUu_5I$o4n$`G9jM(J*|QGD=C)g_=`f@K!Flr4>>}E&vt6FP z%ks2(b}By=5#J;)Eks)mCef^X-j|j`F?J)zl1C(mrtc(&;BMrI+uwIPInwQ~BBt73 z3(=N?Q(z{?R9X(j*o_>^9+4cHc9a}~yOAT#4^I2b{z>PDBBt`gLbT;z6m4>_S*c^6 zD#mW)U=*;&_F`_iV)STo2<}FX*dBealOt`9Dq_kWwGeGNu8Zr(kJEA}#sYG@nEJsi z!ye_BYmaK0SNS2hkQ^O*^nFf_8TP1RrtDD*lGvjwx?y2Qq6;Q)|=vrexPRJ+7^cz~VLTyJ(z(`W0(tnr!h1@6o9d-r&e! zbQs^ObuW)gw`1G~whB>ALb&vgC;k1DzJ^erMbNQ+j=qGy!sWPS?5A;35GoyJQ$;VA zF;d+3Wr@WB=S@<>kW`W;^8#u9W>0B~*50J4A;Vs#`P)6EDO!7zrcC?2O!N19N>j9E zrCFaRJKM>r9BICAo_u^@4{7Z=nZb54mUlD-L3+S>bq9L$l29q;jw>l?q~Wz0rCsfU$V>CM?5=ZB2>? z7t>WGZM*t(Zow^)Y7vB4;ab>FXuDTIYe4jG*m@tp8k@P~!{x`Aj&}6ogLp2mFKNgt zuTIw7+}@47kxSQs&$o22pqw0Qkcf_Rzp3dl*=$-rR9|}lGR(h^%g@D&ov965wvnqh zz5Z!;4=%$@WTmYT-{YjcTVv~zwa~z$%zCu(3#8NU<+RDjU3`@642xI`D2D7cWFuj~ z8S-~A1$%k;VYC_kr}WLL$5+WF7IQwrXQeyM5~q6cig_xobbN@X^Dc7kWEt(_Dj%P6 zR;sOd4X;^QA2@-z#m*wwoV^U`@FRqO>K?+g$~UI~u2TW*sehQL@geaW>aRReTOR%g zmUgnQVJT-SWPH2br8as0^Yl9SJd5C3nbsn>7J1`^j!a}L;aga7m+kA8I$RkD!X*l4 zZLZck=npB&;xy=IZNV+A926I}Qr^vfmhx_+Np4Y4W672aFqVr5p|r%Z$d3tRTn#(4 zKQOKK7KYbk3nSc$G@`9_#9HcDHTN>P>vtf%Q$>G30F?)=|8;w;GkWx4WnQef0VE`K zs!2OGbw;OHJAuS?M5h!m8>>4&he0x)Bp`T zzVsotJ+*Uyr!COokcp@-oKC83W}hgnXWD(A48|B9mK0jTi4^z?kctzat3T)^rjO%y+L*rH`&{&8aF?eGnqo7 z3bw)$VEntNf|Fb)t1V2JpgP(bl3OQS?5$~^@A16@ea}0Pv{{)ou@{vWxoPy?@}hXx z)P-avSXr1{^1R4RVo#jzu(AOSD@SSK(GDvs&9HLxPO#%!6l6z@^+7?7N@jxbg3uaP z8Cnjm8erN|XjwppmZOrL$U3wJM2425lAB=tOrd4F7+Q`>e&W{-t)Yye<){=U?sI4@ zx*1xIN^#=r4lQHE&~j9ICO+-ZTH&a0pkw35+&Ar_3noXUcj8?Rt?t%h%Tei@c%wth z+Ay>nmHr9U+VY|eF9%F$#x=v@GevqdlXKhbGx-=6Vn}ha{r4HR*T)W?H=+3)<@pA; z1)pLW{g=ZO+~)iY8{}=beui^1A9G$Mw@p985s||!Mb6Q#agP4zFmptgsI1u5vA9Ic z-a7`zm4gf3cgc;>cH86j;dIfNsUfW7M=Avl+I^g4%Z2GKoS(q?M7sjhHFwso*=l{V zI6UA-8>oprdAIUEl&|!Zd)&%@kFET(>%TXD<8M%+t@(3;xY%2*WC{bBY`8C#(3!TZ z^ZyG3D%mPW9DMMr2^YO%7_G8ckEIlNUrE5TKI19Ie3d_u-0OW(=Cy>>7*7OWy5 zWWwXnkw42je3YnkyGCzz646F!6}taJ0vlI7{P4r1qRAF*>PRON9srfVwOGpIz-~IQ zwO#J7qDR-&Pel&m8>acI_GLD8#ODDWO4Zo+vt!Hqy8YR{CcW*m7`3vQ(Vd?j zyMGYw$XNEj1B(;yR=#@SgM6rIl>#=r4xApy%-hzG{%o}`=Th#^RQtM9OoXfu)W)BY zLZIWHQak=G%RNV{>Jz$-YbrR$UwCWlUuJhi(m1ea*Pqd$$L$n6=%%Ww3ev zsni}pRtmK2tfJ&x6pmfU+ph{^TaC{#&_BlNa7ZX40p&frjw7&mS?jUQY z@6V2%NB{W?wL`jC;T$x`eG2=tE9dcY=7Vy+`B|iJy?uW24wX%llpq%pWc+SOa<{@! zT)XM|(70Cg2c11~u1{a$o%E!nPru$f_(RUE`CH8$ar%jScx>mF_92pr%A<;&%3}}b zbh|9iqz>Dcy0$Rj6+&&;(#dS){rG+H{z^J@kE3j9dNwB5TcV#s$}~}?z)q#9XA|1f zWMO7nml_B+lT9s-!fLRgvBrUEvjuWe@piYbvU7ez?Zmy%!3k?nS-rN zGmC^PTO;$8t$l)e?j!VkhB?ZijL4bh%A9;c+MiuEj?j}}*5v1Ld?HV#x- zb?)dK++)W((%9f*d_u3gRjCuiEoC#7Zdd5b8U!<4QK1jX8#@bfBf z(VfbV+R8d-V%QSV4!iRX1`lqLo0V8y4gfvr@3X-5(x2_O-~jZXJ0G~=4S2XCg1xnK zogf-Rn+ONTDyd|abM8Omnw@THZzit2v$ayc4R-RWnf@=pCYv*qQHAhMX_ta&ef(}n zvb(RN==vWZ8KlDS1scpEjwZCG#qMYO8Mb6`{hU09~o!;&q+TfeHnFQ zC&s2a8@FOctv=DV`~^v7sm*e+@|N^|UdQNmgM3cQQqM|&evjLx>CU|9Lk58(}%et z!PYfDmn81k%v&}V87pSOLtrw|nbnH9nWecKp2hMo50ecxrFehM#N+5LGI4p_c%FUO zAb|jay%P@Sh6ov3e8uWN*8;i`LdI5>vH2a+1_-?wH$KS5NRtPojSg}#(gp`0ZETQ_ zkv22{X(NL|jI@CPNE;UvW26lWK-#FFCq~+!0HloxN-PGk}WXf z=nb_(fuk?f6h4mrQ1j|I7KK_!7-cTZ#VLoH{2q<_fntz#-|#D2_jDkG>ZCtgL{N?p z3;^gcpfgRm7gk>H}<@=bSwE`0X2ese3Ih@4*~Uzna4W@SFv}@A+_p(qMm&wfen*pRLsxH}XoLlgHK($xcZ(?Vr@De;LA@rK2vHFY2%h!9YlRNyqZsJ(o=gyy0IVkPo#P3Ibf@kPu+M{@!y?4DWLU3gu!# zV9CEipcHBw6CCuEO9_E{C|P^0gT7Gv*&)zd?n?-~?q4CWDEzS_&|hAZ5RgT**BlIl z+KCPa~RIj`&rl3M7!CNN@$9Uw4V z9*GGgqZAuP6z465OC0@yC84%?j`frmmzRWJq2)3T^orq9Yl$k$Y6UFpvuHCb%gW2t zUM6GB4UeGx3p#C~X7kikGFBI8H<)~Dh{EOHI{leagGTi>c)1{s(vw@fnOhst75^*w z7k6v;U&nv#kT|NEfH+w>tug4W?SoJoX=!_FgTuYGMf{ie*D*(l+N-rYwezPzX=A(3 zfnyyk8LK*auwkFwSt=k+cC6AaSEiCcf&1*vF-=RLDz|={65{^lY?5pDFT-m4_Y3^S zc7|7yM)L#Xz$4l`glcn&Q_FkqQkP&on%}ez=5a*Mxqi*!x|2%Gz4dv^uOn&Ol* zDa2^~>JiY|1YbnNXjn>AVyVM&kz*lLG=b12_?=Y=7AN?gfo4e*Mr_VP2mFCf% zG=G?+sZMXfG-rE0f;2HP6FGM!X{t|MFwNPXk08xsI%)nWNmE_+f@#k7d<1D8+ez~) zNt&_*7EE)t=Oak-xK5fsNz#m!b{2UX~3c|=AX`RE#Y^v9Arx(nth^%hygOYmkFxmijL21hs5ACO0| z^OM*Tsq>(L-Dxg8-=#5#F<;2JKaBC9v z-#|G$AI0!8V!TXYGwI>E;831QwDafQiY(RniI#r%$7%Oqn)|E<6D)6K45z10opUVzMQh_}t z)_MkVvT*ZEiHq3!6tr({M7iqIl!~4DX}lU@yq3~Xh;_cHAbbjRMsM@O=O~R})p%)j z{RfA#nWsUS+t#X!cH{e`+`3A!&|$_~f?OVQWq2@A0m6ImXClNNO4Riaqs}fppI~ec zX}_QKWdzh+u3tA8w7z06)B38x?iLSD;?D&L-!R8e>q`bFUA&NEh&3M3(3g8iOY<%3 zN#n87vE60H8#q6KZ+Br?$bOb0o2HD#dttFBy~`|@+{uyk_I;GwS9Wv|hwcu4Kyde% z*5%RK{aHRh_(5#N1-PItr}mxx?bMIx=i$U7Qut)>HNCKmr*v4 zFFWN~$s0R7_2EL=;?*8$xUjqi^JJvmVPy|~G;X;R$l3vG6?Y>gY+aCzehOPR>G^YB z2s92etE)U%^mE)iffxN^77j_mHzE_Yr6(6&K?=j`6*;^Wq{wjP%QL`^4vrp29#*@< zt$c-V!dGS4y*qlQE2F=HcI#VK`Nco>K$58A01}9y-@GUM8eYr%q zUhPyBu62IBNhXGGmY_?v-$;p|OIcB&%>J*K(R)~Dzzb_dWq(O^OZZ!`tab+WCSnl1 zn$49(-RroSM#6S1b_ec}M*3CvSZom8MxdQYO6m;muXbv`TeQ=GDOVoL{4UB#btN6LzF-6FP*`qtsBo|)eaKviQnrJey?-MwT6cJ(TnJyBzha0Tw&CwpYxtf5 zUQR<6+a52MU#9g6fu;gRe1{h`)-&NWNz^|f86L*9m2Jd& z1FYI0Ua{Em%|_g_RLt&p6>)gpF9_cPJJsz*f;X&HrULJyq{ni0dAmZTo`?>8LPP;S zy|pEUD1)Ptu|RBD?Uo<0imT&`>ZhhSE}o6Askcz{Irxt|y1onSb0*-_;ZpriuXY4H$WsA!>iapsC4{bg%D>W*;)StfZ(3F0&kKkk7ySP%!^M_UyjiR3$ z)Fr*=ka_v2p8(bHHjDxGi}_7D_F`BDr`=-%z!s&h=nu9A1*)wffJeG(Mzb5}DZL2> zU(DMpP*~;1wvR`{xS}H=)f!2{udW@++l0ce1<$t9a(8PnpZ9QJxhxmI+P|m1z;$Y(i}X*o}Xme)!?3Ql;RR3#KYw zCw59%skm&|4fmBpZ+`5DgVcxHsTW)OgX*MSB=xr`_3ucQraUV}e^PLI=y2+0C-q`@ zfTA{)JG|*s7#rq%!D?0C@t|DT7Onyxt+pV_xz(|n{HYU@EHy5thqx4H>D0lMlD}fw zm61thj(Z!=DJ6WA$V`U(ve11XU}|EoLRZ640<%(}sKf5#SQZ&5lHN!7$LRF9Z_hn) zk6V8){X367h-rAB?Khf>%@@OS~4EfJl+MC#@o~o`^~olda`4i2OBiP*_=*SVW}@I({H{5FSW?_EPFLv z4;8CXhu~0)aVT*7NUK>Q<`-K3E--mJzcer5+tK*c*?v>lUVlY%0LXelEUVvqH;4w)CiuMvrxP|akcoxWJ4f>fD{2V)UV+JX@+)EA5eq9U!V08> zRg{#lSxIGNEIvC>I>L6)iLi;R*T1|it5TgID&1Ta1Gwg9?uWqc zW#)<^^0L(ddEd{kzVijor6%CV8L_>|+0 zupM+F>^$XIsm_p9<=Exxd+h_Fg_zZsDlLrJ+q>5ltW^nxe#_MbE^o!fW|yv?fJlM!VEO&#tG> zeL=gPDpsnV2HwZo^3nTCJ_MG0XCU8)ar({w{2(8ak|a$^VUbcG zC8eUwE2Ytz6p8GoxY~^(zcw67t2}q!%bp{8|MXr)@cHn*69G*4*C>Kz7I5}HuhOA2+iKDEC=cFjRiF5DR5#=qi(!>Tn}E-CYQv6B}cC0{L0@gm6u zxO4=@Y=#VSeDj-5?q?+e837G3jOQ9j@Q6k%isMh7#;19bo8oeGi8IhRQ?AdQ=b{ni z^u2Uewwh#)WTsX2SC_Xh=|2fQyBA^O+XBLS7%|UYVQ~EVu-Z4|#+kYk`R~MkGV!@! z{!j3^Tr<|(iR{&bQ`rydZd)457B=?G}w#J@_BrE2RTRO)oW?5T(}Dc zE1AJcH(tl4ye=Xo@iDUgY+TplvccE$<;e1eqI-bWH25ytg~;*9rbdHxkSb&o=sgR6~)n4l#aEgyaFZQlCtx%rqSjf)z(al{dTk(4GB|_Gb1ly$=K9w)^58=~rXb0J)z}T7*IX~aJ zOkncq{0?xAk`Bh&OJPg?q`>shio}{x6o_mA*sJS3^a|awR*jYsVdL}_csrA(gU*G| z0Gs3ww>f(^zqZ|8D)AtErUKBYg*v$vw0@*|g6tamJR0~k(}A!|5Y-OM=H7ZKQkU{g z6vP74-!!ZE6UxB)VkY0b6CAhc={?FE&m^q-W=5Bt@)W`o9q}JShF16|O5?hjSXR$| ziTWDPf*luNqu*3Oo;r#gi%mu6^Gba_)=z&nt`crZ{rG)&KVeDzOlkw*K=;+-!08Sw zUv7R^tT6Bu_w_Uv;aUf7bl@@<;f)Sl?ZC$zc&iKY0S7+gz*ii&R-~oBGtr;^!rvfS z{nTa5g#I3V?f3<9gnyWc`=xLe?wRdyziQ*|*^tEjH8{0rzY!$c-bRx`w%O;J`k&yy zu5B1yqJAX1?f(x*n#-d}>6J<_)4ByPdMWc&`o2~*fx)Se*ItX;tt+2^>?hJM*1vcf zlYSP`+G7`xdEQl5DezAHjAvF4)_SI^a@%aXUG~!FGe!GqN)`QVx8D5mF17ObJEW&7 z{sDm9QqMJMf-}{%x#7|-8E?62>u(@(%|F}kU*wr<3fy$L-+X{rQJn%)jT-#g%el{% zLp63Qj`5>y{H#Q{ilOyK!O7qAJHXsF24HRKX?{~!deKS2=^=LBxe>G?LFT!T>CF{d z;w$EE+HYHPM%gH0=RA*~uHJUg`S5D6oqF5nz2_6{dMi$XaGMJty}Y=~^DZ;J{0T4g z@)tl)b_3hwn7!hZ7c4m8kLFrOul}Nal^w#{JZ$~-d?z6^_PP&+hr9GMNQO3O28-Kr zO=+~cc1@z|eOwHOcW!hndBYDAVV*2Vf-21UNqR2IX6LurZ~hgo(wU>#LdzT(*{RHt zq?*C}o8aXC@jJjldF^yxuCn9ENPZtlUv7HtB5Cv-0BAp|xo{IY z^;doo=^Ouz5?fh(yzGY0DhH~q9AALE0|h|sbib)E(Kf1y-^}3LvUX|xL91E%aw{Cn zUKbmm)L(jEn9dtf?0oYOR*hA1LJcayoD}c_r z&X{*ronhaz_8Fz?jAY_r8zW)%8K>{PEtZ!(c##FY0P^xV+2JF|LFHOM7=LmRztcmQ zj()D0?V>3RnYu>d@}<4$14NH86~74Trs5aNA;r7|N33F{A{CbfCrkWF#f+9~yY5nQ zO?gPgg407|iHa2uN-u>{?*yASxm+uie!*T!IcRBpiXPJW%q}<_NfxUvgU9YxUrAed2WQ%7SaFt*jNQ+lRP2s zt+BeI&+xH0bKyn&Ql6g*W%n_gtw*d(t-9<+nG9FBOyl9ZFq*VHo*TXc#GR`6#!oTQ%DRJ#tYP9?+PoA z19(v$2LV0q77mv5yea-^4QO2R6hgl_BwfD%j;qnjpki~MH_M?q{&E~~xf3<@b5+5~ z3cu>-n4hWb`o5Jrd8n%soF3Z2NX!Wq_RnS` zHe6;~$|V;f`gb%mUK%J&51me4mkYH;vB$gcF#T0BjpvI%A-cxsSRO~$%FT-T^+5G# z%*0GP1zJ9GeD!s3<{C=VtD*DZ>%q<_eY+U|S5Q6X)g;e>=dgQM63@d*l zc#)$^0C9WxMk{v}BpS^=Pv>wH$U)|CQ zfgFH)3SIk=R<>5jqbcvI0~*$eP|7&fKt{HyreAE_@MtrYlrqyV2MSE?$FHVeKBkOd z29J!82l*h7vP~5WIvP0i*j;mJz9(1X8(yZoV8zouo^Dp5_}-k`a?r~9f76eqymtPU zX4>6VVjVW3D{OAd`6jF1e1rn3s4Xnu4l8MU7BE*mYB{Fh)G#LBfXkFv*;e}Rn_7vT zLrJle23;}z_WOn#Ih`5)&u*WvP;>-in_ zn}-0x8%_M%VM9{CUF=Yd-vNxJS7fTgp#qa@`BimbnZcIdgrzPBOb;EFNUtam`45Ol zGAjy3#^O^3-ieRv)jH^0_%5*IT_W4nJKC}-*&uwk^VfXFtFl}rWwITH7gw3_ZJX7w zRlM~7le$%9CkPb%j5$bl`k9+~BCZBw;sAy4k`?Cn&FEn~R|sDW+~zmlLt3pPiRL%n zE9X&imNWSVN7=Kh{N@Hxd@AnN(ei1!-;L%zg5U6E_{GJlFi;3ptjv0`a^=QkV%;z2 zTaOl;Je=QwydSb;Q`_}XV_P0F!Ua=>OY!J)Rk*kXlM>_&b0uOf+D?)-K{(J8eV#^q z?2vNLO_vX^A20V*Z=tu5h+`}La*41za64IsJ7P?5Fu{un)k}|MWun&+8Z7sUP;a>x zLVe*71BY?$PwcB=u{7>Lg{@=YiHFSX*EIYGG#ov^&kXGEg#A4~<>DBRl1jnlJ{KZ- zAM(_gO*d5=sp$QnFd>XvYxNrk!FTIeqOt9N^NCs(I*0$|^Pd@)u zIb;a$MvhC!+`W@y;;ZPi+@FjgE9FY{VDW#0_%HWY%M~|v94z;jE5qlP`)!O`uFM=g zlD{VDV0kF|yb3?7;l+jj5Hn57-E;SA<&D*>UMuTc| z^dT}S9)=AM42L!hs}59?Vc3#3qt(_4BJ4^~)ek?V67(yIrr(rDrOMt6U}_j0%>d(F7}9&gzzG#As1_16>s}|DRKj*llUEE{djE7vtP!U06)Du!B}z_;RBC zs}0rCwrKMPcD?``Fg;qxma3DzR7yC+4dvbc5tu@*aug6%{$M;|o`i=nWX+a$VKbh^9T-7~eO zVn&Enm_gUn54vW4(6#B7hul74oz;OdSoRP$?!glKJM~O+DRj3X2gVkZRi$1tOZ5Dye9;6OB%yA#hfUEixKyBg!IU zXKJs5&c#!E?Y{lhZ)o@J;w7H9`!d5rC%^3W>-O)0pxq>79a6FDxu;0on(1SR zgI%jLl0TL>e`A-w&Pe{y&0u<$dEPklK)S&3BU!rGaR8J%aadZB!q6f)e73^PuZ9>=@t z=5sTx-z?s?rg+O34}L2f^VV%J)5^uXQ3v69(gh1Y>v+@GY~IeAk2fL1JBT!cx1;su zyL>)I1wn0z&YqLvt7z%^t&+i@)nhQz>NPmjDj1w}!NSiuzVtPlud~G$SuGeH&cZNT zlkFpjM)kGCm9R}|WcYCy<0xLxx`0>|h6@F{TTc++%;7}_yIU6nwP37Jf(j<6aDoaa zXyHcLV+2_)6>{aI%gzQLkG+8DiU(6RXHjk4%K(1!lVagwdLKoC6MbvI{wd*~1;X$d z`}Qa0>-Mw5wxz?3Sq9OyqD23rc=dWag^Qi{s&Rkys0$K)T0tng8UucpHu$+JU(Gex ztn@fF0PAM91l&A;kN6_-a24)cb2YzXf;C#|8D9 zaz~%zXNr5K4`LGyXJ_2G7VP(PU1W6v7LFMe#Ioc*Pw}xq&F6`0qsu#S#IwYbU$ewt z0Oe1P@}*hgJBhN3B?|g*d1#hcaC+#7WGtt6j8ne^wlr0rlW6p1(d)1hegTT5sZ+32 z#Gd0U`U=i5e|kwOVDwd^xYF$)H|_>a3ywLKPrpWhsio?7=lJHsuj5H3CubD)L4;fQ zXTHqq=Rf(=avhsD)sNbJ#y2v&lwTkJJ8|8@|4Q7e!80=>wFKceL_68gu%>Y)yCim8 z?&^R$ee2rCwW1+Axhq^tLkwW}U)=flTgjEu!+I%7ilX$J#3 z=w!EMvNqeewrv+E)zqHUZaWunwaK;>FJyZz0NF0c4R?+|i=0x4M)B_*rvFE%n3pR(JLwS%55YwBEpQk@~|r`!3s z4KHM!1R(2$%EuON+cusEyB&lRc8?h=atM2kz+{tO3H#+(SYZ)XASJA#q=dD3DkEd@ zXJl*#9SfV}>+@gH&Q~Rxk~QPe%zE1_Uw7bztk(gM^+`d?al~z&=xIgvC4!UJ@~aiuuORKN&r$LHraZJFD>yyGqOzO4 zQ#>f$4W(X`^&&o*Zdh}$KPhMU9q_tp(LTP*M`@R>Y_VST0{P!Xv1`59MOwXDF|WvJ zYm+<9L4((nC}Z2pIh-%V8B3KV6&*v1i>nq04uQHINIMh$L z=io_o@{X19&)@g?$4K-3jjSyL)uvOlyl?Y=5C885Uj^z<_*?lu0NiI&c=@Ss_%b*x zo~n(H`vw)CxZHL&c)t{+vxA(yjIkiQ{`)Adwa9Eczg0FEv<3`jS`~vst$u@(E?D?A z@(&ADU*Ww(*M3+xhdpU^V<#z5H(myyZg4!{CR}6B%{5uLnHaGIHK)d|5==}{!=gqru>+Q5utzeKXVh4vmOBX4A9G=v@W zthV8GojGjr(rz1cUwRMvZy|sEBeM90=oz(N_*Cohq#qV#z3rwS=38ao?F7tdJL(|( zCbQi9-o$V810-;5$9;0C?bs!Uq?^JKw;iGLB)bF%Z&9<+r<_X1d)d- zz2NlF$uk7Whrf}pR(Agv$N0+JIe;nK7SQ2~3 zpm8sgR^hYo(aNv1Kq2{^1EvWY8_sx2cl;sSmI%CQ1|Bo5679R-Y+ zbwr2q`Fk)J0({62_?FrLj(!SDlP{1ul%psRIRJ(j!?fW; zg3>3Lpu!@kKuSZ?X=>fbg}}xU+6hT*#Q6-MEXM+N}pnUbYWeyTw{)ZR*KvYzC`FOEA^A zD^k+9=fXeYSqQ&Fly){7)k#sCkdwHJv8^sYqH_< zeYnQ1;_Mudqp$pie}W4)<*o(EoB7fMBrgY!yLEcS_H(Td3QWG2Uv66uzYEv9ZXyMa z(t@HX5lBt9D;9LL>#25>KWRzzGPyLiD*hPLMgwCc8W(;f#;@R`#tgey4F62@so`E( zD#nJTUkLvqbY&(sWd6>^XHGXc?-QT(hGUyTTnFLbTmY?WvTWyFZ@T#qUhwfT0OjIx zY~ge9W6$Ep!EpSJ-?66O{D^(AUX+QD+TJ~i%|~?uWBBD2W=q3fhR2fk`D9He*bk~@cNhSRmt8(5mZxVA!fJtJ#TNX#F>FVzCQ;NPAtIVoF6=b_GrfrtWVr znG1G*!^Df(Mu;6ujvFb{9QLsFA~ve+pp)K$`H9p%@0Xxm>T`OJmb9O0=hOMmikb5N z4#3R({~Q><`9J(B|37VCpW)Y8fArLQ$bS)5{(oL@@>BdO|1pr0{FjIFUoe&biZ>(w zQ%TDLjPqaE=nH%+|Lx;WK9c-rT4Qeh8**;`OGL|mNu1=r-0l3A*n6A*PV7PpZW6J{ ze@dn0zp%=G!Bqa6%yaVJNSWqlUE& zd;4Wxy%?5M^ykiR%bc^exZY2xL*(-seZxriB5JOFC=BszAZa*^bbZ**oZkWfvc@?8$JZ1DoHWR4~^+`CVYh3ITUX zwoeqxkMpnc@`tvxz9*PzeIH==KGG0-FHrdjTTB`vu>yoFD4@up_4@?TUv(Pqm8`== z-_uH47^21{b~*6)0X*_}&g>9=I0>QbEiTO1q3jheF?$w2PRa|#TZbv;EyO3hZCP_js2Eu`+)Enu`B?wOb<14>Lphg# zi#)U?8&kg3Z)h~wx`#MzCEcr!OzQ^%+_4Bq#^`6DpBKRcV|0e!#nyf{2KQV08w^^Z z!A$D_gWauF28UYv8k}^&b?`}Jb$x}5?rp5j9jVyxFSfe7ixjbIHf5tP>MmCX{@k=g z|28(k+U8e4jUN;a(+T!)+v`{Lxe~|Mjh1X-dFSwKtDls-+6Q zsYH02%%G#neVqa834=r!YZl!zI)2z=|z*)?Wvt7>63O=?U zix&3v1-?=w_n43qfP@}G^(M9Yc9CM=vxJ|Qw9=eIng~+T*wJZTVu4e<&MW$0BCz)C z#i>itV<)GHr38!V&PyznSexw1RNOe%^u{^&p5@)zjlFR$dq8tf7xDjoG~dfd5x4%d zet13*JE47l?qOE${MO+HgVsianbr{oyIT_mS9aUd_RW%%efI6~pF%At>mjL5|st7TD`-#Bh z5Bb&j?S3`jj2DDu{3b9xbY?Pjp(qep3K2H^DM{Dv=|WQ*4?nENe$p@UxnIOmZ;H`nq1Xa2uN-XBjm zzxnevch)L@2cEVsgYl5P>_uLjpKdR8`psVucEeAI&M4919Zc(ux~id>zM8?>mu_2a zr&+#koFp#T!1-%|$)EA74V*thfxB4Cgadidj0>bpAH{;s0nl@a`ORN}3ZJv5BxP(b zoaCpix!GfqwdIM3Ye{bg1J7+EI!DV_z8td09A>mlF@IAx$I6?TN8v+ccX%Xb=!S{~ zF+Jkj*5f*8YLcrOE=Tn?gSHgGt*k7=!Bmk(9jxs()VsPsuKup?2HjFl0N zL3L_D2b~ON)8m>qQHtKf|6)`Sk84%R;ySU71L%}#Kl~iO(QD+K{H>|yEUK&Pmjmxn z#J$n#%>Ux23#R>W2^GNZC}yjCmpky?(~@^?^szymW6D>C%TYah2!!OgztIgE-=|s6 zg!_<@vOBuH&CtF{wA20=04oSF)-{^72hG_3)04HeTOL@|Rs!+pXf>V-Bdc-|>#D_7 z83T@b-hCu8tRkJaXdgr>F3GG^GCdg{je8C4-I>FqnZYxwE>6b!ftStVEs1k{o3m1z zv;JCnIKKKbcUy05X}-5MTz}UYT<4v2ueHCL{>1IQ$P{Lz6?lUS^QX6eIs%7SJH^qX zx!mT*sFKTVPN0!@=k-sc{@g5n?FQ-a^+@D9bMj~8Y%$xwCgK{Jh>f_}@nEo4a?YUf zLnxJU`3OU+SnZwoJ-oOi-2>^^Tg7s>!x}!A;l2Q z7fAC4vq{1eYznIbmK>DjqhsL=F@|=&yqR%ef0Y3`J>T4)2UZv^A`L84Ri zhhmM74|@`GbBiBu#fzGQkV;~1T`4n${WW{r8}Ru0Ajb)fpv0BYvT5dmZ=IVM+Ez2t zgKLn-p5VhUHGT&0GgzL%@9y(ZlsQ^1&$LqcwXh86c{-IYIDf^yHg{OFn z&Cf&|0lX57e|$OT3%a<=1()M8r@Vg&)=@P6K&N6oT>LpRsRR{nZV=7C$3VM0>a ztS|g4oGdSVH|u=Z=vUBV5kcO~>fwbS_XW`uDVDj&k1+jnR0Zb0J5cmKP<%-0KDt2A zA!G06%4msqPw;1`4$3%3ySbNWf&g~ut+W!nJy1|3^itR#;fMFMa37TKX$iM@iGpHb zNbU>&MfUOZ6a#X*VA+Nt7^GwTi9yu4aKJhbmU$tBmt#QTUl=D-qGbAx+=~Pv6s-6G zXff|WEecN1NgAO)5GybX#fc7S$?P2btvNW)#z8d$Lt)_n`#-1QpoYakMIPVm63I0C zlKjJ3e^&DPWv+XuP>Cm^RRe6 z01Q2Exdh{vRYLb~1fu%<11ka74^yG(O1Mo7-#uZR1A kLSvb1+rSgV zSqqHYOon53jOQ6)@jPP?%ZYgJP8x%ED*PV2v99%HIAesc*yaYk$hQEpRN!L0tbzK> zgmM;Q)fP5}+hzM@9f0Uug5;Zl3_<(MeeMpBX|>eDIC!ES`e0%Gpt-jcGe?*CI%9+q z7}GZ1U$WNei$xXizLA`XQufY zz~FRXvG7~7YMy<_;$)E1YnfK-Q#53dE6Z4jMtz7U1@vGT2;^4GHuwa*oT8y^n^iLs z$Z%E-UE&axaIQJ^2Qm5g@$PIKOPA137jZOs9LSQgC)ZX^3ANTIq>t;OwtOBrevqV& zolp&|GD0q^lo5;|)f&+^w$Z5XR9MjW1T=doaC*(5&_>Cxs5yLO-UX%7GD2xE&0*9O zX);WM5spg z;)P#fU*8U%ccTGvDRNAX_p~w%+%$|jZhR) zxN;MlsmHvlu2(HxA6>6v@>R-!8+8unpwXw+MG$1J4+}E)_lD5)Ag>z$4$ep7|GLyf z0+17h0CLuYNjbk|7qJ-y%?L37qSCU7%2?5*CQ0mfls9kabEIxvA+`B_MqkVykquE_ z%UOwNmNO4MMGz+qq6!n%gr_PBi+M+y>*zU^7vG8MjG|aNdmZC3mH}rNMVz|~jcB>U zD64X*qKVkBR1Z}6&q{I7l|VyjKKge(dc;QcgR)?GWUQU2mcf# zxYZ6|k3SYNm&3mZ8n1Hk5{n2Q#PBH=6d%;j6?h)sfBbby9>PNg>bmH^6R1S}yZ{C>K6Az5wbm z-+&VZDhZ{B8WH^^B)Pq9;*#*fojVc7JC|Z~=}5$6Ee%6ZlZQNe+x+OCx`DTtL0UtWf@Mw?{qSJU#tXQngplk#{G^nmpa>H$U17ak-M zS$Y^OfHOQ)Y*%=Q*m%iU>{5+uq8Xru37IIa{O+0lHufeP-4PPSqB~LmXLz*OxC142 zMtHc`r5e}#LDMA^q3c$d>8sm8S4-q`Su;emp7QyN*06ItPUtLHigABVvfD((!P1n+ z3FpOdGH3yVG}inxV=akcEuyoYk!NJ))Zkpjt5D_>ni(FnsYk6p>N^#hQ48AIu}W#W21xt`uzZBa2-Zhf%ted%LWd7 zXB!gN8~RFOeJyl^IA<^=uc9b~an=ZpzL-KuzBH$a%5oq^_*l!w;Z`7XgQQ5&St93~$U`Vo0_q#orAF@VQOY1{f0#>3!EMiH{P z9L6yywB4D_N9be&bF_-^E(QXmE01w@T6Va(aTa!Pkn}&X!`rk}pOx?|cI*wR`)nB` z+QUH?uA~H4AcHDvi3r#{wX&6cWH?`l&-_(hx6=m#;6)0wEl(A0VY zxfUV;JqwGI3#@oq5TEOlY(zi#I`S&l;m0u72vK*1lgs*|AWt3zpZc9zp{hH47Fam`I}UX7TZcbomlN$RBQYdrF=JD?zkMo(>yO#v=ty za2Pc;BDq8WB`Ir%{!e9%TRdmUTs%(spE6f#pb@a~7uO}fwoME2{X$Dc%b|pdHu`fu zl5D!vQY~6#2D>0kK`Egw^fWF@{!0XFM8o^&{Of>rVGV4Yol^~9b4~zD z&LHnWJ$e?uHkLo`!m*xNW1i+E??aL0Sij&sP<{NqwR8Gv=p*+S=yzJ zKt#KA9xRL_YZw^7c7hv^XTUUfAx8LoxKIYhdqdw#W73)7p)O)}6_Xgj1oR`e7n@`b zHr<+H%z$kzkT5|^F}l+#Jr^dY7(cOr_!t7==>>RUmO;z*WD{dymVw%b1Na+($m%1E zhN6k5y1k)e;Ltn_b}MUP{&5NhMyhs^2JH{@tWPAt zTMh8ml3>lHT~!x*B+X|uRVSZ;AR;@S)t0SyyJycIED2LG;=)=gtBk}ER=;bmW5t$ z^ZEH)etH3-7u*MGhSz)!ZhnRVk~2Uf>Ye*l=#FGTin|6p&xCa*jYIrAZ}FvAiOY2t z&yfW=CUClV?o;F4uH!v;QatX(dn-M-_3A05~nVj0$4iN@O4+L)KW`r?Xh_?W2onm-d9ow~u~dm3@q*f#2Pb zw~uJs`gFzvCHCpLSVfJc?3a|e+v=%Eg0MxDu!N zOF}1mG7Wa*fi4zD=~jAm2S(H5k!j(f4g87+!?5KJcuIx}a_d^jR>8eAf?Ls1U)3WS z`<-ibRN$-J#hadzBpMw+jCy=TUx&$8H(4VL#Rf%dX_M#5~%JC{mH(hkClf@~k4PZ+@1b9lQeh3f@Mc&de z;l^sTypxV{5&dI-gf~ifpF}l)+bT2EvF$BDx55Ugx=YGKA%dW_k+4`ET3|Rm0&dxg z31fj6TXIXedEEqgP4G?v<^ZUg-_l@7>4lPltNMH`nuR2MDI;kj1{zMTe)5JxAQ_IS zaB%ZQoJ`A!Xyj0ji5Qyo+Qu5Cn6P%{o8Wp0w=Gwil%cRK72Vz z>0H2d0~{X6J#wXp!2sSkplz#Yk_++rdQy$krF{r#TWVr!XN1U?f08VqY1PYGx%QU{ z6DASFIdUWFhxOf2?z-jix!4&T2KYYIH8En*F{`me~`N$+)`*;H67MO~W!6y)SpurNmEBews50V6b# zYC$7#C2S)!3Fd!o1W1vMz*O4&SdcUVf3o=D?JkgJ02=|?wnl*QY>j{|VKxHTUY`sE z)L{nbg{3L<&@l748p5lcWLMC#T;k~n2pJOBkGPOprtLZl8IfFB>kHUmnTV99uv15PEO~SXiqHRR9@+9j zb8gEWUU2s`NlZ7r(DON0up@7vPkstB>0!xDDKC)&pt9R|N@%oh)d8pYV?SJkf`yB& zssY?q*=NDC%Dyi1^W2K>`J&7R5ri^d3=3fXacRPNMBRipfH39V~5o?{O`Izdv zV9lhZSMpFCQS6Ff2BxFPmB11F8N%sp-9OkOpQ(dn%B&l6XqQfd$qo{q>&iXyDU%B^ zfOUhmt!^-0q;4ce(makdtrbOK2DO#E7$K}u{HNN=l5iG|Fp~Li96_bFgr&<4u*;_E z@)C>^tdaY)9>oji92%{(biA3?Pt>45Z ziLZL~wCW~yO?=h)!tF3PAQ0at)dHo4LotDHGz3$g+#}x!FAU%dx3nuW#zxNXh(M`k zAxWm-!v>l+r28Y&#p|}!@houJGz@f2jKqBfD`T3UwE1FB-(rn*1XpE)e(W>>)8$%VI-n)9S09iAzJW8c1Hu{l~b0rz;Ipv zg4kWc$I4T5>5YBxy?6>HsJ*ku%_%UB=HW|5pUo<;<|DGvY^F*9fx*CuirxizE!-Ot!!vwJ1 ziH$>F&I8dahS$*76<$Eg9ln+pHfI-#?G9fDJLg3_;s84j!{EiV(FkL=5$`q;NxX0# z0Q-=*-G_s^ConbPI=WNshEBIhAGw6l@TJg_F~CCZ6Aq4rJ0W*ARDj)PU!u^g78k@W zvoH7xiVH61*G+W?k+bLm<1tA*3>Pd6aea~;0+H3ey!R>+u|DMmC?oE;AojO0uBwHh z0lGPCa%1l@&5Ik@=H+mE&|_emo5#YiAMQJ+l<)s1r8z47m!YMw-hax`XKV{p&SkPE zit%zCb^V=EoJ6)V$hIA_6+eVBT|%Aua3vD^=(svsBY36QuHYot?m&TC}69V)ey;N{_SDfhu2s_MYX z9V2uD@X`$2wu2Vq%xRD#fQ495Rw=_w996)c4UBAE$^+fC9V~%gwcNT`7MTtgMp!6j za?;QxCk>?vAaDi(Q8<(EwPHUWD0W2hbSa2q13@PhBBTor-gROK20%K;2uTsr9>JNy ziuoJl!TVWNPzeQRAzY(I&M%I3RyL~~ZnxmpRxk`Ade~70S0K@2VshaNmXmgsTx&9=8Jt?6u~XtQgmG^mMu-R{ONcexNOt(mrErFqF~}9Z zk=~Ix9GY$EhP?@xh>EEKcLhk;vqf zz06&9d~jiA@>|kEB~4#m5LmxVi~kMfA$nU6&2w zl4q`6<~g1HbDTJfOwW?WWT^>tOu=tPx=_$6Ngh0ExgQWY7)Bbmz^2?pI=$Qv+VLs( zYM`2HV8rA;JhRP25xDrsqj=uZI`p-k^z4ZY;)Y z-IX%T+z5k06N3b;%)Z2sV9Iza(Qbo*OH@@oH_?+cxmG9nVWSCwA~Z!H9dtXRK>vpH z&^iwzXjSr%o;F!@d)5-^>}DRw0SbK0Ive?0atBa(r)v|k-AKmiyv^_k-%iLAz5^C^ zxmA<`%%e!6L(b-<__?JHw2-|s|pPjCxNmN$-Tj$;Ud1D~kJn}MUhsTJA+ zr#!81F2NYXD7_0XpD6a_xsPBF#6_38;f3|Dxmb>DE29|VAO$DVELa5MhERde$7pw8 zRcPxYSVm|okb@{H)*D{j72!HL@1{!?)pyg$5w=IR(JH-@^fCH!A%P=ZBuNI~z%VV_ z6o9cnhm}gMhUz^%n-KcrU=%=m8X>yPt z)(+W)aXQcXOC16ze_ohq>(n0n8o-S@%JUq|i7NYN!?EP?h?Jr22(rr1y>Qyg&SVoAc zz(>lMq01QFe~>bEAA)RUOm@Op$XM8Hg^Vm?`*jzs(tAh_+plgGvV}}K!~kp~(XtgX z#sVEFWM2p;6o#WZ+RLs)foFYb(NcRv^Nyi9?{u-W@N|)6Af~uN;*7= z2T{3_cxF-cg4n-`YGuT|$Ou^<)^KIUG>kkVMOEv;DylJYSybh2f-s@;Uh5l&9AZWF zl+eg#uf43kh>YPL2;2L}AIoYD6f15EHh|kItISZVtPaPtm4_3}% z%yj6$&I2tCpcuk!?u1dvS-*wb8lP{6mmVk%a1%VZt9G< zkDe6QmQH420#A03t~dA~5=L|CWRvd+;C!$b!CqI(4`t9`VlC9?a+~cqh>$)D$0YdO zya-?M?#c`t69aoy67c0V*RV$tV3&eU+#}?irU$hq5byTRXUxnTe1ps9arJ5WN|cu9 zz@ys3)^{632bhUJ1a89wY^fnD=;PGaf-%a#b#kELmNDKQ_#2Gl?Ey?=Tuq!|jP_kk zTwx6HT@vbwmrxA38HxcfLopP!&h>9W`j0_YR|X!J6c*4yRc2J8aCmb#Y^Te{NoHYU zZn1{rL~b@AHo4IhK2R^s3FqT*N|O`CW8dNlV9FM6J_0!`5|YENKCP12 zoDf$$2E`%GIDd=9$Q?aCVk1eO|1-lA|Bc~pX;@f7ALj`a{5RIq7y)AkPhM0Ai_M#L z`Md}`+RD(Wg(skSs#bBxR-*zR*U%{@?aq~47KZz!Ls&OUh!lMR2eVdA)v&%~JwjtvcS zBk~KCPkaaEBr9hh^HD_49C#`+12c!2dl9UoIr~@t2Q@GL8<|C9&9Wmb$IEa?nlarl{=By^9q}cnSd26V~;H?35=rGf@5*{OE zfGGgMtLdX29*3u_MX>$B88D2K>18G&kVw^F8>JHU)By7duu!sJQl&nazxzcW=V^Ud z#1bMYiDm{d2^HRU-I2=4kNAP6BtfCr;fYm!E-(()1u+|)cE;fgs^T;<4)>_)lWH8^UnLe+0g6$)kbSv%sc@iB zCmRn;LqvB$g& z`qp)EJZLg+G)-RQF@jHnm?rxST!)dfmYV)VOG4^K5LMIXUx&FIb0aU!bDCs4n&kA0 z8C?>j4A&sNC(oYVWoJmw=kc$zr4wPsletcFkq(zFoJB$kQsz2~6P&qs1fPSqB|qQr z;JD){@)K-^a^%Zx=LxoeBf%TU^-6IzOi2hE47E|NrKINZBh}5kW)ky=?z+|$^n(?t zo*Dg-N;SN!7q6FwGjs4_4ZLJc->bUzlBP`BG_Il_MB0XVIr2km{CTkF^C#ri_INF} zgLop&r_*A_W)4g6@^#A(Gf`QC6OkjuGlpSB{{=*hw$xmg*~d0WzFpOSgH$p5s+KMlCWb9$+1HRZL>00yKlF`r(B!9gBZ?Q@(aI#E18QzyH4JtTIT zufTUnCkKj`G&$3ur@8Xk()wM@R}scW^$=qs9rlU$!+z$p>0N*h^e`|p+hF3#)oG5f zUW1*O+pySKsHVA=um!QOmULm7tH6wI=He2Z-r#(so)aZgA1)@%6CZ|2@$~mpU#Fkz zzYtAzp$iV8dNNl-PgqKP1M#6m0Y#=l$b?0Il%eTo(IGYQCZhh|bodrySh~X+t$Oyf z>C}Lzq|L<>s?4s8h(GfWD%DKJG!d2X?f;aw#VvK(#tVeiS_O85`B{4EPD?Qm-#+S!!@1lb@(af1Jk_% z={`q&gyjR)zdBy?IBupDh zK0sUfejmfQBf(QP z7GinLPXHOFEy}0xNQ^7_3>IW@%e$Uur|a^s3zEQL3>U4wfax-g%l=Cm9{E1j3#aA% z6xI@)!OxkNbR5y%9amM$#&Jyf1;V_Vc?*#(Zmj{whYxQ`{D%D|0CZ!=gx1xWmM#C)fNshJ}1^EB2YE*H?{bK74~XIv<*3y3VA# zOaF`R+-lmtrgx_NX_DzaQ`+PIJ#F?P2T{7wi#*M8kKTfy3?z*Zy-KcSBmb=BKL|hw z@1@fjQO!KeyvPJfGx0)?AM;aNL{9On$Q z^9BwXqxZ761v$0Ko+qNTzZ~0QJqYcut%9*`SXJ>mIID!Q^5H2$seHvXtmhJoXM?Fb znq(GVO}ku^m-TV9I_f29XI?;>(B!MIa1IxjgkOTo2)!)kD=@twd`<{Hhu}7kA{o7V z#;%O(j?u+!eYl0>u(*AgR_Ti{xwxH*;$AVp2+t!SRfdI% zL`TPoQ+d`0CSu-^vzYpPOOmpESB{C=&g;0D9u|MeV>D=I?Z1s zSn@Q4wZm6L&UX+5Igh}CoLGpOg_6pzI&ockHPm5*-UE=AjcMuoaB$x`9Z%bFDB2`1 zAv@L{hlyu|K7d)kF*a02GCG>3VuWzO))kx<)!QG)FVR~T9MoGw*w&?0at6J9M62{& znABT!=Km z75p#)Rt?~`)^n)|D=(XuY+{@7F?^z}&f?-_sKCzPugL768(P4N^>8lv7@Z1UA!HGF zKn5_y_X?gZ@DBvqBAR~^d8M@-XC{DF_%C>&N&cIbevR-1k>u=BckqdOKNycN7-cFR zF%mrW|8CyVQ~yMEHXa~@f53eNOH+6x5XD@`;4L|L<9oSboD}xq(vTO?f-Rwwumc{7 z1OmB3@mv|8AU2k9VJJk@Kr=KR2IJKK+ah-4kt(Ehf^~A6>NMhlPGIY`HZR`QlJqoL zIq^N=93}8x^gwX+!UdX7Z^MkpK^%k&99)$7~Aj@x~iG;>~7o zSF~Xxbv8V|nFG8W9Vt@-`kYulHRbV0kw{YSeyN(V3~)h;^Vp$~^-xsbcr z5$j)q;xvg8gBYJ{LyV4xeUflAiazJqv9tdboqFRu;Jy0%)m)i%~4O^-d&I1z}mpS6Y2}H^ioJ?Ou?Yoq z872imJt1}dB4#37co7piO~JY=czx(0EgRpu6sCm$>zuH}I>!P*Rw8d*MnEb1n31SA zqWaM9TvExgcP@phFSokCq(8)G*`~_EG~m93ZmLOE5UMd5v|%pwBIv#;bbmvmiZ%=# z6#K<1yz&uwZ|GvYBIuV_sCe_<+=H`8 zGVY--#yzxb;~qviY1|`JBzk10TaNX{yd(RDk#WzB8>8ca-$Aa*{x!?jTO#)f1VL_v z*`FTc{R0ngs4wL9hH$M5W`CGy9D!lmTt34XkL1`)1KB981i&$#-;$NSkd>BARz^8V zR-q!%tH>JjK3P`V7>|kCWOXXOQ}VXR>O{hj)dLH%_LJ}DK)wMYpBKKiE5m1yk0c;p z9Ia9pOv;BBh9ocP3;Af-?~~=5b!{{+ndm9<{ZHhJM-b#ogr((6 zfXf@YMC7Xmx0#KFfU}lWl7M_kv`T$2DPIjsKKepFS~mF@U(EX~@-fjW z@?kle-=0Mqnv5XGmkJB=;Txbgh-7Ji@hl?DAU>62-O@=y9hWOl$#n3d5_U#-_k-Vj zBOzXSN~f*AIEyP!c#Jgn$Q>vxc!m)Hyz)f5GGlgRoX&Wllm<#HAMYczJYH+Y2X;JW zb@(P$3;_56z(7sQKh2AQK4{{GH@0ek(IOJyG>k2%5nc|A4bbY3ixxHHHd)bGXoH9zh!6A9**H012Ds;KMw1QH_&QWXf-Xn z7VY9__r_pEVkja>pdObj056;MUetIBo{L>5I{3kYT*KrCa<~{6_2Pz>kMoJ#KwqHZ zS{p7ET82=Bu}ZazdslJ;H?GBkL61}t+lPcI#dS) zYqzOy_o@po^7l0Obei=5ffDJojna7@K~>^oViNPS6EN#DzTP`Q?0KR0Hb=w$S|zn9Y|~U zBtL;NBSd?T1W6lSdoOYpGQE4ss3|b6`|wIJd&&`v{tyq8pQ}U2U10SNG4inL5OeB2$-4> zY)KEK6xC5R9ENB<#Z$8*t~}uiGrtjb&f3#u?lgP`GbV8ZFkPLm%(Nm?{NiP6I3Oo) zWNJAR!+9||@j!AG<=ifXi2=ArSW3Gx&7KrS9GapsVQb#mV$<7Ly9xo0f%i` zwndbo7lK`k#+#Tpjjc*!Wks0G|=I0S`y{)cI&9 z3jo*TWCed*iJT*6kWyxrH&-&%B^`C21b(sG^*8#pTMdR1|)^JIV@Ls;2sXQWqCsw zlyQo%CM;o`avp;9I3?yCXLf?GeVl@IpqiE*TYy2Q*;ym-Og6@^ z3bS(bQ|%B0J+_AhJ*HxP2%{-iNf+RT&xI$(0sJU*2RMxoRz6_TTb>@$O`j~#O4CPm zvgzYkOZj*8py- zT;)S+*7`ng4|M{FcauZ3onq<_>gaPQSeM~<>G6%A5tz#dlAT*<`*7vpU1SRefw(!u zm_ab=!%-~d)B&v{E)F^|ZkAMr80PsSSqVcN2G!85ECNC#ugPmtB&r3k_K zJ6`jVccyO?J0rYA>{1PTkB~d^{|>GADPl- zynL}sf2`$vU}4dS6mWjWA|-KUJcpxhq@$^6%JQM7)@ymbF~r!BbslJ$VCyD4kZt@BBYio6q-}e{ zjFB*boCPvXs(GPgK5UMv9AhJ1o;Z*00!b=D9h(fL9CpaJwPW6q7cWs^q=F==Ee}T9 z*$a@I^$sPD!^}cCMghG9p1f}6G><_~ZhxzI+_!d{-B5gUhP(YOJtj^m$|Y>Bx^}0x z>^o*bmt4!_JL9Bbe`lO9-x(L$z~jB`Y}8E@c(myQ5sF(me%y5!45z%ZUGg0g4-W%~ z7JUpJNrQ{uU>OP<&#uwb$N{Y91Rq41Kf}6(Zqu0r)-4Jp-XNG0KDqcZ=&C3pioY;m&WDTqjglj!x3cZcO;xP{f+?${a#^& zM!_Y+5xkxTCmyeY*+4ZwhgT|*w4RakXVo*4f}Y3H(yxO<&)CVzJ#rVa9WPcP0D7in z(=%g5^o;TlV}MT#p;pqvKgn8W)vQ(3HJPQZY3oC7s9YFU3OngxdTVy7==zk`gM8t zk!PqL%b!?y<%*$iq5fld;x~IEV=X@u>Xa3$KJeon`h~Eq&1EJJ{ZFE$-_?iy(QD>b zU_*nxP(H27jO!z#K}G?Qi$DasGn%t27(Yb*(D+Ow0&Xk}M!m(=6uxL5*@TwlBpozA zvCa0Fx7EMvwnxfqWQ;csRBe0h9>sM$t;4Gj1RY*WmH5NOfbcRCOloebK=iAsIqgp@ zyp_bzH>+w+{LZF1CJN1!(9)j?faY>6&CwT{qh-?^qr^0)Ihe-yA@T>!;gH#xG$+YP zI#o0m^Nt)-u-a{}diSGfyFD3nE!{1KhGsI&(pfMoGu9!K;5CC@&hT_t=umkP+Td85 z{r+{Z`G?n0Bpz|(kbf(lqcuti>oD_g3@kFuHrW2wX@rZOx|!{KoS&h+zSvMao`0n7a`O(Vwp{3y_-CjA?T}lzU?;fjFAr72O^*{gkV|Y zmCIzjLVs`c77?ZfyvZULjxZxFM_}$H+7HjI017^c5e({&5h?}5>t&um7V`5}I5OL0 zqA<*XKSnX6E29|UOyX8E;w_q*mJuogQp-&;d|@=(@P*(KUI5bLy?&76^Qatp{6aZn z;}=Or#xK0o!|@A6m8(5)hv_EAaL=QgDa*LVz-c|39_Pc~(&II7o~lP8K#vPxRna5; z>m2#o2GP)v{40;;OV8luOm;SW8MuIN!X3o)+NBVC5TM(8@YEj==tO^*am(&HDR zN0QTeq?|E5N;0BHUVowTyEn-ja}e-w(*HR`$Q5baLZ}wAwF84T(&*~j1Ya% z`p~j zB8YOU$uK{|#imAOO7-WW%0bM<22L-&a_SW&#OPmUsKdD1(+JNkH^2+q9C|joU~up5 zuv-G|Mf~$82geZ^f0)ZThJJWQLVP^{e>&Rmp<||g0gNm0gXk(H9%q#BI}CqxRw@Ah zFB3E#agi4?r#S|D1PJom9_ZwR4o>i>O@#4-R`nw`sxg;#@aIw2jOf1Hqw+@4>@k|= zpu&HaRafaa?CDXxM$%`)@T22BDlmG)b71kJ^xXr_;(d5icwC}xrP-&aWg#9=h+ z7Cr+Cqh_yJ>rwBHp!v+Oy-#@5kYS`eeYC&WqxRlL^TS~@n+&8`ZxqcX#Werg>@W7I z#qI;x-q}^s2%KEzrq7>+-Ix1R&p7&*N@$CrAK*08szRC#`jP&qu)jD-J>l8BI!QHj zk6(^Gp-toAKh#VA{L81R4r1q#WCFFLa zm+ra3;ecN6Lbv@E)BHzpHb5ee>b`}hQ}TBWcteg0epc_-XL;1*B>E&KQin$pXsUVi zZ}AAtHS=$H*rVo;r}=~M_Do^i>{_Zkld&!n&MzDN&oYn7mfSoCbkfwboyqOq#Y&~A zx=&SvQF2xj|MNyPUztSnuZwApm+~{#%XACDm0$hg@fZ7X-h`p~lKYnnhsDD4WxeVD z>-6WbG5FAMru+B6CeXly;wH=MsiU47HhR=D zLFC#$mVY+#8u+E8Tq~~oa=%J;lg?D+nn!&%gyz><#T3q4?PsY@xOCkHkJ{`Z=k44~ zYhH*rx6Y>iSBRe95V=MVr++JGCP|$qX*F0Khcf)Pq_{!MqHZkJ^|zJcYbUo|Lv!y! za<%uV2k-PK{{s3v+>>U~My5MrC*6G$m)z`8cXgrr$FcO^@Cflc3Fh?a4E^lZ7g5)` zgo*RAr_uOzvfcUUqY^is>6bRmNiuMyVLCV zBsE_XH4CGE;r}0zy-6nNY~Q|Qc0+Z%Gcl98(d;yb<^_{!e)h;e%Z?j57iuMryDv%o zhI~m3e528eiSQp9+2Y)h;P@hewfzrBhh5_M*OcRE?qZnTxi| zqa5?^N4{LLndTca%Gai;4@-$NWiM&=n@2u>5u8^MidDmP#B6jm%?vT!Vz!2f@_ZfZ zavEZ#sSd;GE*i!hynB@7W02++agSd>_siXA?w2xfr?hXIdozD`OX*!SfjnGPM)Q?< zG|v|u{wU?V@&Gk3^K$y{guh>nTuXPs0hX&*%l6Ge3lmSDAImBG!Rskk|Lyd-Sm-}3 zwdUyu{KYpqCeGnEM4z6`@}G4raaJy)Su~Ti=7B5dF20(kH^jU?S895j5e!|}>wc7( zbvH4^!IIaX35P$dq4u7-h-UB+#w}S!>FR`73xd*)jeVFtZKSO3OCiqo*({CohtQlW zCH(Vr`j_28I_F$X^I}AOH&8-QdfDUth2cyQ9CIK?FTVue;mr3edk8z-Fwp+>-JmX z#{1O%HI(a{G8c4m_j=|?pS5fsZd^zI-u21JlXYocdIkCEDN;A-!5Z}52G+_i=9bR$ zt2L9Gplw+&my~Z1t==QjJtie^m6+SbyjP?ceLkuEyossAp)F!>{cbu<8J%ES*?rj9 z)rC>02KsJ798aXE&gcOMIR%<%LD;fE*dyo*3W0~V9?+uUgq%Et2IyP#_k=KN0QB4N zE=a+pF!TWA8=)beKrdQh9EPN*FDwWnCO|_i%xVHn709iU1v(;_9_~Q_v(-q_^l}FZ z&@>72Du@Ya;V_29$$%(DZ5GJKJ4OimO`t@+`T*#}C}O6mW&&L-Pz~O6#USU>o4c%@ zg4Mb9YCgtd1Krt!itx>v_6SN*Bc~9`Rb2$?E>J*q7br!bJk?9K!)C0{9yA5t(7i~- zBfS?c%N}%8wURqPDe9W*vIn7s#LXSjyl^&YcEFot#5~@UnCHmKeTrHf$FTF%MC4+M zy4sVC3*w#BRhpOW4C|t%3RG(yp>ArPa2*6@k?Nrq2=voTLOsQ<7H5QW32j&NBh&fgzV?QxPRa>1sXrp7S z@;kV_m^6+09EV*(hK;)artwAUa@jLXQNP|ss7UcCp%fLk{-*ImRH;lhi20LhXp|$&w^l=@L7GDzA?8miM=%de>ojnNGtN~Qo6)|2l#}yJ5n$0l3qfFAvk@RXht~Dt8hl3eb%W=Iyz3jf0P(8;A zfsX9f&`km@+DRzOu|@dovyr?say%+fTvtMk9S03+@UHp9%yYbDP%nLuM@7i>9|ZGI ze`5A>WICDNlM>e7(bUO!9t&#bq$Vmh5OaW|rIY1sTo3AVu;Ve9YTvU`=DJV}M}ht|8`F$6!fMO(8ViF-lU{A-W##80%y{+#tDfrQ=E`HF%GQ zm{&R`N!b4Fgo2J@fqICRf{rj6(c3dr(tB`+1_)6LW2`hxo z2wgAGJSj`l9V?tHA=9C=qiUw(W(mtjP8X>Kj(Y@peq^VCh3W>!PJyz9bQ-t^(EZMG zq<;P&VybV3=q}-GtK)=7dxvOns{@~AheW18cRQTu zte~aglwq4A*+pI7Iblpz5nf)c?xO6^&Fp@~Q9yoyKIlwnr=zySGal>Tuch&@qp^!6 zBp*<~*yG4`v1EG@GKO<5+7&0A01B!bWmvi;lQCCg#8VurSX^JHGu-f{rf%X_}hVN zUkKZbctz@j<6Y6<8i{wp@t(-{jX=uyN}w-qA*NycE;;t|MnY}_hqytd;f?+K-Hd(Y zN(mdVl3_l>a5Fbwg65BM7tURddOKw;!%}g?gYmvRKq$?~Kv;^ZEnzi{S^{-lJ9}f1 zs%bQFv-aN_S5S5oP*XQ^I{VRrGPF`go?{-%=0X0u%y@7 zm?mMhXE3a*F-JoZ*3Bpvt{jZ(dgTLjuO-wrkNYG}2D-8ET5 zYea*SFL*VKHquxN`IK7R`PJ|gb+K`;NL#-B)o_s-0EoICvyGTTjeWw)asRPdMQXIs z3#uyK4)$7+Eo0a06YK-+z6W*JT z&6=X78$l1X^ftnZ@I5aK#6jhOZeJ~{Gk|h57>e zK;rF29XSf z5WP5@et}+#TwP8W#%!cp~{bEZIF3-qdUw(wFQCF?EcT!C^d zC?wF6SCP-RoTUQ2bOE7vo%4lCfuvsHTqw{{N$)e~^#X-IJp`L}bo=A}O|-L8iv>>bf{oa<46aFYxYCAl6G2=~YU zWw`bUv_&v8E$Cv=XI<9;p;q8r6U)RSHhJ*H?+28e^{WrM4RKwo+pcB`vi9Bb7H zXs}3aay5=)o$e^5V6&^KKpUi-ZFe=3cw8$ysvdCVO4uDzT6eoz#j$N2bq%RJ1c)?~ z(YF4i9&vS-cw8+%s`j`pkg(&By;42q>Mvnjn?4F?pirs#5UK2Qjf|@XUUa;Dt}7(0 z5b@F+2VBzxdJ~WzW2fl?tpHTZ@uX|Eq_7=OJwPFWR&2(JT<24+GNGx{JLtMLF4l%T z<635eo^`FX#e3ehN~FD2^zwphtw1BBOuXh=FVHTj;qSOM+NgZ&x=q4Lu_%N7!L`{2 z9dq3;&~Fm&H`k*Ay(Q)4gzGVZ=1B@p_dXjG?>->V<)C>KYvWJGu_t-2j8KOApm1F> zlUP6XTg)OX>fXxRc|v)wElt7G|qYE-QvvHlu|nOVw`PvwFmwlY88mr3Q;n z8r(Q%+?qaix34pO)?_oZcYtQ?b7+ReXKEXU4$Pxjkw2p_ORWvefjLGfKO{8o5gdkk zJRSTkJVVNF>o=otNco^;G;7{Q(=XEk)@}k1Pc+{Sb2H2V<+qI`1&`{}JwcZ8$pgY{9>^;{!r_=*C4 z_Ox?%x^tjshZ=w!cc`QQ`QZDCe0_3Xl@I~^0f5<1!@rTB#E^7vcdu z&1dVpB>3Mi65S^y{HE5K!v~bV&~Qx8gIr1?fx|(;+-uD>x5`Pebu}Q`}F9{}*D`m$XJp=tyyI z5c3wnbcwr;q%u;>J0;dDlHz^BbMtJbTe}_2y~6W2_@HD;Nn0Z=fG)|`PYqcaO>LIyDg=do=2Md&nv9qP=U6j**K61e{vqFFLkC(L7ANN z1Wo^gQxH1opIixWf7 zKQotR=|q};)nkg4qUTi-cWDQ5Sl($C%nRW&p!{{DJD~iNbed0!`%P(e5B4U{uT9zs z%!bW&!@R8Hqr(T5--R}zmFhiyKT`aB_e7Wto6+Z^g54+&H=Rdwo0#u5r~B1Bnt`S? z+jpQj71Rcl=PzbEZ^Fz{iw_(G{Rj3?ldnyB9_|X!>d1$r?~G}q0eS$+O1(7=(dY%NI{{VZf>4@(W)Vg?}B)1WY* z{5>(>g{k|3NC}+X=p&T9(3Fpm*0FY!w{@q!Fnf#HGl%~B&tu)W<4T6Uz5H|d+|}V3 z=!&%|OF6cY<}IDRhURynB}ade|2^CZP3iuyJzSl0JXyeK5`XlzQ5w zG+)`n5_0)C_Keg_mI_Y!33Muv`*i;bcW~pM$gg?P`q)YxtmhmtpnPu}%?lD~&Pk$q zMKaB&Q=B6ls(L)l_Ymq(n-J8>O&0%h@!xhOV>zVf{bvKYJ+Xr3{kKx0 zkB~1}>ctI(iPhEHTaQ2kHF~g=z9uDe>Fw0dc75bi@A$x=f_W6!p^zDAb%d*-IhEcMM* z599Jtx{M-D#nj^p;$G^cq^GnzBR{c|U}_nphQ*Iv~X<}8>F)%Ir6{NRF~aCh6^v--gD z-zJe-n~oQb$X7G6`Xg4O{)0y}lomcqt>`xfaUBiG&rH;{EVW-uwx3yQY6rIb_qMwd zIIqA&nUr>wBbHQk;jJa`|7;LT&g_=6;r=WC8sMCO#!xrQSwnka%)nZ(6nWY(gSFtR zbec|apC@LTm=}rptAw@`_meQQ)Na)MEcKL_LvN#W-Zd+cR-dfZFb9eG^i#w+Bqn>V zEH!q~5ws!WuKffhq*~uWD6#K!+W`CqJ1J>D)T0Q_p^G?5>5X=SeBKV6--_50KJpOj z;G%AK!RHX_NR~=GpZt*Wfbt)uF7Fg`J$aZNnbt#~oV$`fx>W4S+Y6tBHV0sS+2Lu>se`@%x)Ss0hgx`2)%hiTVb+2< zpnQ9f8h&#q&DJx>!{{;Rg3mVBy#NXmR+8sWkQb@yg=RFr-uNo~wG^GZ-xI}ov={k# zX!*PFDUmW?ynuAxIG26*Pc3M!=}5DixZlb744A)&nUMc2+-n2BfZIxp1ker-p!tWm z$B4Uzn8U?fFXk&x5~ur9G>3}05N4LD-~LZf(Wo>bI|BQOikY$Guj+)sCs zxEG5#PkiFVy;0nci1~n+h2lR*%(unoH8G3DXQH^j@iRdZ%p#pTjXKz}RC@VPY%wlC&r7R{VzRt{aB7z|%-?%&&th zuNQajo99r2@8cfbfF3>ZL`nYY33wIl=@QOZKa6__hivapWFNXJi9Jpz`91jTaJdj` zaY7qhc8yS54x0I^?;RP5yTesdaJtZS!M?!M^iRb(hF;@rbZSUwwvEEQSc;4A5DTrE z%E>s9RL(?4%kuA`C#RxEJ6Wo{{lOMl>MQBvsB?#KsP#2+U|nh zB2uiua^hE*r{m-=X3#NR-3)xr#4$IS{xEWRXU%7j%gxGI8mAS}Tvm_cx92Z;cVxaA z@&L_U;+_XHOFh_f*6?gKY+t!6Ta6jF9FKBEQmjDg`KveK{ozQyd|~5_pwq(9%1(3 zQNN=n#p&0roT04uagMX68b_ErTy{;8p98g7%Z`-C_}}5`XXB?3?p7FadDJ+}m?ARn zaE(6+=kQ?SY|0>xrm3}Y+!ut51FFr1nVVcobkYxIgOmj@!>OBw!%U-|DUm~sPRh4Y zX1-`@zhiC{OTF=^0p*`tb2N@K9W%Jr^ua2b4-qnSRFX7%|ifO%oZ*Fke<;1!r%rI+~;{WwNq0fsJE5Q6)18LM;L z9xDk`;Lcwivb3Z*cc^{7q;}MNpLY4mpMJ|IKXyykkD~itxaT@{iTgS6e;H<(>t&k; zblra+K9Ra`YCHDtp;cRk(^H7$8cuOyOpbG=LC)XPd>XCS(!by&>@L#GU%eL^3rP#W-h{H8+$%-mMsn@H z#?^Y*i&Rd`WM80DjOfHJg&mWcIT;h9@q+JB?_QBP{`}RfJ2#YZ%*^>I=bLe(v6``k zKKq~t%p8YSgJvS_GqsezIt}KFSee0j*hex)vuxBk2}g%&c{Tn@%zB8~M*3^^+9NSf zabRxScyudOcts1Odr8l>Fq3x{faYGA5qyIgv`5X^&N8&%Feyq6{D;*zsADR)G(KX4l!3+uo0YGv5Ku<9q0}7%LUwn&q#SZ(r{`hKLo+hI?gJ>z1` zC7BloLFbn4>>2N$$sE@`BU5C)+v_;fjp%`~?0T5&<5;vt5_#^B%-Yc+MVB9z>WQhk zFFTo?k_=lLiH}|dDvN_bw_FtgPx4;YmlZwv;Tp6QQu7PykWI#4Az&nvlef~jM$-eAujVGX^daJud0v9QpLTtcFj`T7QYOW zKg1;T}{=_`UMSRT7_g>gdx0blYwXhxhhpsqh%)s(5 z7B0q)&%yE3m7ei!lXXJ2tJwM4G79DD;L`5EKe)6v_|)^kelqW)Ii!3u;&R<@wqW+P zaHze3V`vT&9gZ4>o?mo_{B1 z{_1L&alGu~xcdG?&OstAJY(q=zAFBkE$sNQ6q)b&tLKA%tr?x0XUg&X)eC|7Z#Xyn z2b|?+z*z0eM`LBO-Gc~i50i0wqLp}J8Qtt* zBXma2+XtVY;+}#T>6M;~;>R#CM|M4hvNt;65JGitb+_+9`21Ck{pJqWn{Y2qs31<# zS2k)t!5ztW@}Ox(`2X96$u>&!8A~_9Gx@}7Z35fL9j*$<#rUX(dtL{}N0lfQan zRG({hK8kkiB40gVRxK?jV?MW&?fmI5sfSO{+eXTso&HMn&K?!ky|9n`>~J*#4-tMC z_c`!Tm8;Xo!n*6k04S`L9hv&l+7#YLpGd7~3pZ;Gsr5yxG8k)FxQhnUp$f60g`31M zwTA!SVzJg2jP&oLJZqi1$w3m^hy=ztthl70V6sM#a%P@N8HEy&K72< zzieSng~E(K%7>dRDosOi^)Fh8WAe44VOTX#4WrN=e5at5h1vDeA8~gbQ>iEwx9Vku zweGo)`DQ`4O(QhSg0|vVj7ME+i|19-Z1LjMY+JlIRc?zHrxr!yW#A6kZT}x>_Z^?p z`9F^TI`h5`p=qtyv5K0lJ!+L2wRg?zEgM-fByM{|B0{MZtEDzUN@xT{t3|7&ecQBD zt(Fe;yZ6v)>1GKFqHVCwjba0S6 zE6WN=5AvLv8#_VzD^EPl&b}g*7p0VA-;rw65bqnYYos41J2mmvHtE4+ck$l#V=3&< zSD0G2q+hmqxib%2U2DF^+SuCbRf)Z4>yTF!79_>D4RdPMSR`pkcClAACSHPtzUCo= z`;`%IOp|u>gOsyKhs6A=#ukyD#)EQ6MuNL|*KLiIXy+-f>TEm3poSVOA5~;6jY+6k zgB7AOa1E%z&e;lYQv(_z{uLX|GJTrXWY;iOtmMoY!D_QVP&uq#=2u>xOsR({*|-3w zSmZ2{NA4V<*GS*?T&UG$)lg2}ufQqP5S7M<7Ko?(SsNL{-mS-aO0i2L-C2D$n(`g! z>(m;s5Ibch)_^70DJzL@OXiVg=H2pY%+650EYa6Z*!QS3zGj%acz^GXjA4CEnOYyF z!HM-XW0j>a)|}NwXD| zOCv!~v}FrO&}VJg3d%Pwz>SM1mKs1?vRJ^#zrEVAR8%JGvNoKzXNRObYAkruvjaPe zDrN;WRqqb$8R?5r?%thQi`Q|AaNc%h?WFj?0Zy$e>q>e&1Jv72S&4OJF{omko88%5 zO4(}tNxeJEB8>^E;oY6Bu=CXydR8jmJ8Vlss2%#Ox%WG4FDXT+7b`+RpSAby%_=s6 zl(Lulunr{XrM|2`3btTfz5BAUQd}81N$RADfFR<`C=8vZRFE(U0Vk9u0Q)7^U1mC&t8yVZU!*k3`@Z! zD}aqh$!$*nmJc-?tL_vj<-cMq(^k2=bssWY#_(#X-Y(rNTs1<4wei5{um!ECp! zCElToH^whQLN z^(AMUy7WzqQ?rG0WiAsB>4|?i?EaF@m_O zhZT|5_wW)rL)tH5OW6g|mm;>5{V0X&ST4JTO6NBgh5F>O`=tDpQ+$@O-$`DX(|ne* ze^6i(t>ZrH*w|K3dpbMdqp&>YN6I|(g-;&4k8<+j z)eE)t?03@jo=%~Eq(trFeKE#c<1`3mJ2tQiwnjDC#A@04*5@PkhOH|;TiH9Pbdm38 zpB*g7)-#`7?1r7PyzgFi-&Q5xee4fgwSD)q%HpMexduFU6tEtsVm748bH^bTk87g&mpv(-Z-BJvT$>&2`#Ezby*fKWs46L9#uVREtPW|xj3goX@0gL9n(lkr zR+*ey)xNMbJ@rJHv$pQ9nB)5udjm_!VGX^O2(?1V_4XVajLKqj>#X-Z$3jtZtvb(= zQJHw8bDk|i!I3~EcAo7(!F=E9`wjb5#`sFHWL;)YNpOa8nZ1xH`O4WxeJ?XdM`&C+ zhqHpq>=jb&+!G?^fs!q|%sR^$3+;MN#Kv{Pe4@TfzCW^floRW_%F;?CYPibgp=2pn z*%p~klyXbN?#dX4?ff-%p9K4WYwULvtbf1wUSqA{1uHrxy3XDv!B*-9>xGiNbb}2* z<*@VX{_wrQ!bs889Da9LA*o_=HNSi8GD#J>&z{+;1#?V% zUqmU>4P*RjWnW)Sd5!dQ<*|O6Qk?`x0=iOxAfH>ph$}G}&amL4$OiFoTz(^lU zSw{M5fS1r((yGc%t&H*!>66Oh9VTTLsrOKEW~v+{jU6h^OqC*3Iu9MvuZ){=nqn55 zrz+=3mEb&8`GHh#$?R(7lshOfrw>K=l~c}kXX0OuI7dkEdqp|h10=6xyrx`4!C66u z-)oA;I}poaL&f(pDk&9vgNoS~qgMJ=QQ$2t*n)lN{gGcag})~S^Sy==*B>Oytf{2F zq%71e>qXSVvNe@8Bp%(~QA;T%ZCkU`&r>-^y1t}9=nCn?j)j`1@(XFYSh75oKc&Pi zhxQInrS<@k`j7dmY;)zo zKXVKIL#zquGU_do2ezyO=}*kpjl{6N-lV3Oav-S^#zv58MnDbY zNUc%6q`BBHA*6v=N)+i6jKz`8qf$r@v7JuRG>pwBCF0a(lTM*NAh}`fYe|c6iZ+va zVJX{5pW=MjM_RT3rr{7N9An2wnN=Wm8U<^d_$G+bWhl%eP$kw*8HdVbbNjdO@1Sg# zF%DO$Iw|?2P;tGklTt`2LwdCJ@1$Hu$)kj~m3t`I_jmDsTd6P%YJjUFz5Kf<4N(y5 z@84BvkCJO~H^q+xYjJlaic-cD4)gD>B$85u-ce?uUf)r~HG;gYWTj)>HHwO<0sbg^Z_^pG5LT*xcE;B?Kk4oooCN)g)N69m(;Yv74_U;H} zDhYabq>@5{>vbcQnJC$xBb6*v4sVcr+<&C9oD>!XT0=S=3)+N|%hE`tfMUUk)e{w8 zlx+1xB^xF8Bomdv7u<8N+$|j6C*}VPL0|FJt1c;@vzOxzx1S{=P*=%@z^MDZLT~cIh^MEjAI4XzT z9N94-Tp4d`VnC$gkD4LcqOd3>4h750BL67miWk)2mN1cPWjGvfXQa6A?yUi{l?$ZLhfmUHD-THD4lnOJTls@jIO3uBdo{Wr)R)e}M~HjEN;#A` zClO~MbCgOl#^Jig9Hkb;?oQtoFjskHL+{h1vq;eNydIL;TeoA5#B;7s@PDLP&lCJCt3h#GstK+rA3{i)dNUwf8IBiOoh;#KO`fBiCWRio7m%wwvtv&J zmMit~f~b={`y|djU zzpIq~q~|q@I;~MMNcZyEJMxs>r0wDudV>-hEV3zS%x6zMw~fjQlG&}E+a{%mR6V@C zW3zHOM5a8nrg`~~6+Kice@&zETb2H#%>26LKT-Y$iTMuGuuXX{43x(1>{7~aQ<6wW z>WF7Elw?$~wP>1C+pf$YC8Oq%ejN5!z;-2z^boaNO7V+U0=Fw`QF5!eL-`1m!#oliR$-tFQnkIHOw#dD zpbtr7f==oM%EzRT1W+MqYQkz>poD~DnXF^jwwj+Rt4Ys-R`bKkC#WJZAM(oGsM=WfAH7DzCkHT6uzU zvZOi>#otVC9SNm4*^Me40?#U`q@+4M1HV#6N0r3-27awDc!0^CJO2ZgPnZ{u0`BCYN%4EZ)PYwK08HaL;>o%3d-#Z!^ zi)HefIS<)&Mcfh)|D62QoeQ<=N-XJXu~uDIl2B><>JCGsoF!xI?y8i)8;bj6%qQmb zPs&Zj50%Ec`u?QcRvh9RJutN!z2*e|q`WG{<9#2ppOvblg}(V^e^%ZmKMA}*!_^VQHD%Q?BZd|B6Qkswk zZ#38=r8OyD?C~Beok@$t9`CWzi*#f|4euw)0MdmGs{@}XBS`_391v6ZV$y*<&sfp zym`0$vd@*76nkH^k3mxkYHU=)o~AovU(lmWRu> zhpJjZwbdTBDhAb2huf+jRA1eO%3{lgb_{Byo+8~H*fFTF`UB~6p*PfDDPO?I?mL2s(tNkcqhg4(Eh3Z%?pKUSR{)LtEh%4B5@X9aaqAtL6H z;X879(A(;CjLEZ*Zt6T#u{AYhYfv|J2Pq|Fm(VfN;BE(kx~peMW4jd!eM3t9bxQY*1{Y{B*NUbf(Rd2d^Ay}Yk_8%sH+d?@nuvtwgL48Fb!|Be}O zEqwr~xE$Oaa0%`X3{d~TQeeKH4;omK67L5LRFzaHMNa!b)k4A1_V*&?tG2EO4N_~` zx*IfDZD{MapkZnYTT1WZ8T`IF!Pe`+W7IHP&4S0OxwhH` zk5|8y5@);Rg1yxL*s2)pt=_g(GuX$TKC4=fU|(AslLrL*+nN{j+=8#t!asRuBuM== z6(oBiNPUWuXGB4&o(3^Ew-^~5q?SY75_b{D2M4RQQSusKu=*y-DL&p5Bx3z-RTAGo z9822fo$ec^hLD2qma*Qc5^uNK$*E z0siM?-{x((&z@uI#owLpqBTi>fzn(8JN9N6103#n3by4s4Ad$nCNd>Sb$v@O)LD1u5nArG@HgR2rW*;2~S6dd!Ac z8v8gzJiDmYLCNFYg=%M8?jklzrW8xT_TWY8YRWfbbN=ZMnK)uGCL! zK^I9oy$=U3SM_-i%VZ}9p9uay%_AkRz7+hSdVYb7jqUy{c%ACG5KH0fCpxt}^<9*c zZy3x&^3>rZxVDz3`jC!)R9?g)QRzIo=R@%|&t!_N6X(-;>O9hoRM2vgI;En>w~6%D zdl1VyDzLvHFp3O1;BNpNjuqxu{LSMQpJ zY*fo+LYc5Wv9mOLP=iP#L~NIuDkav< zw?p=*c_iPFJwx`Yr%_Hew&#G5d{tizwL4kwo+CpJsx45NtkH)PLOxZ8lK6)=dKIc6 zq)H#%=yg=hlEOP2Md}um+%goYRu+^ATg*!AnA!%FCe*d&akamUu})q6Lq1odP)=4+ zJc)NooiD||><(H&g1d94)Ridcv#^j;>Uvu-A*a=?q?p2lkTdE&Qi{-*Y7q+NQAWsD z>P3{Ce_yLtNHCASR_kO#tL0YeoZ1>Cw>{_Vy@mIub3@Ll>oF$x78lg5s4N~;Cp+YV zx?7f_{53q%|AP8AX=>8)kZ;sRORxr|bDuRK->TzCaE0|dbvjC}ao?+RP_p*#)f^P` zXL;Z6)zva34;wks=aPDd)KJ`0yrl9RsKLpb2Y(!LN%bOq8BoLflA238<~vE~G)WQ1 z442eb z6?R3vY-?A@6*VqbwzJ&gh1yj$l~iM~!LF*aN!|Bnb-$)&lHS|@wCXi=Icb@QU02tV zHi+1D^V8u#B0b&nwCYXu3@V+&Gc~u=3#4N!kB8h= zugH{Q8omsN72G(DjgeY5^*p!Lu>qi@D1&AN#9k z&%pb*ENOUd|7N9MNyUoZ=ckZ|wqEpp81l&0Z@r&~{HC_YQk=Zjp`JCKs@+I%eekK; zM@qEJ41KDOM&a@j`iEL5V=VJfg}}eni>NFX7f?0yx%$@!&@#C`Fil?p%4AEYv?wPY z4aa}Q#+s`2Lls-qV_S!6+TWN`t^tOouY{zq>~;+`w8pmH4RvS(Z4C@9qs7`962*F4riDOqe^@57;;wOCR`=U1U!v;}z(gZXziw1-xNDrWn4R|xE-)mdK>dmQ?% z))^&Zy)}IU#Bx|zFRM}?Z8#~W*UqwiwV9|aHqO6AxqjL*Qn1i_+Q%rlt?RE9NijG- z>aR80i1jfzKN_e7k>LDju(p*1=SM@egCsaV8m4_tg7c#h+C>taAC1)XO;BbgyXy5v z=t!+13Tpp6V3aluC9jE()@I0*xK|saEvJ0jYiVI)v`wfS<}t`2bj4Qru(4YE%}@ix zs)UW#w%e*3=B0&wR1#|u=BM@lxI|sTg0=ozN;D`eLW|s5BA>7++Gn2#DVgG0(A2PG z?GIAFZs}puwO6;vSTCUrtublFsM%potv@P<9bTUqHbE9mnhjUA8B_`uoW)v`;j(y57Y-b76yN{1O644dpKf} z4u7>n3Z9h~+6!_rcvgCw_8tkImENI^Bf&GlJGD)=mU!>h{wBfG(fhOp`(!CSM(pv< z*SeuH#IwYg!wyh=MdE4fM`4GxJc|83h)p`GdFDgD92Qv1G3hg{8L43%_en)sXB13d zjY-AYA{6XzJ4`yQT}Ksjn4&Y<0}@Qp8BP2lBJrhGP;&ZiYEBZg?538D za^ha?rdB|LX9RC*e@iiV`unEV=OC2n6k68ewzh%u8#l_pZw_xMF? zSpfND4?fh=QJHMesQT@nlgU=G67=qK?H&qxH(bc$Q)o*Ln>%b#6{hzjwf1W&b~)iFxds^eJe1se8+txUZbKaU zqC-%MOzF^bQCVzQV#Fke{xRvT#JEY8{wXSxB_w7{DyJW(SnGQ8C%vM7Cu6uraM$ml zpvw5b_S;LC>-r;ZPekhn@KH<&u6Sfk<-_n~Nfs~o-%l(VP+vzDNIqeK&hl@-9a-+85mnY`tcCNmXIFo0P9!f4DJ$1LDl4&?2Qih{)*vi7o z;l1@)s7yA$@J4uF{UE95p1a}w^edz`dme?qr}JY_iaaLjuWv_XvL?0u2p^!|M?o)X z5rcH4xTL7k^+Rh=W=*OO31%BR)dix{hKA#D=J zXXEtCq?R7TBgX5GNFVf$^q-(VL#2r_y&@*+!;eGl8SIm4(GfoSCepIq$q|0~H59aE zRz!gQ2TI-{4%0nOK)!Tdar3f>Fx?X+m#i?oxr~W?t3<4`9lKC_D>6;@BTW~| z&@)kT?>kdpP5MuI#mHHDw^LAx?4>#SSX3rkx7;&wjvhgJl-bO4zMd+D+mQMCJQVa` zlgRnH+i55TdcH&CB7GXliM_N$pF{F}w{PSUeWk5ILYr)jj?B@&l;ZGo!!rFM#hz91 zi(IDnJOeePv1e7@i}*lagmSWgt`U(dbiXek=430Y#YKLo=aV9K&x%~5UqR)tOM|i^ z*Xhql>fq&(d3w_?WtoYCHb$=3>z@UQ=Y=ziBRA>uNJ`e-@GZLAR~W--->Q3{a#-)K z*CMy-O>O-exlPZurA6)1-M)r=kg{4-zTVSTy{P^AB2*S@7~Uf4pziSvq|9Q!AM6)( zNbgL#tqhAgte+rt(c69)=R=~7=x=@t`JDXA52B)u>K#Z4nNx+jlMbW$lAw2w z>O)BI?8s4l3<=(i_)Pa9!MhQk=}^AdG8nK<7ukY!x>ygxl-Vqz`t+z1dM+ttZ&uXj zdJ#&VU7yxZzoZ5iu}rb%bdET!cP2p%U+7+_G}c4ttiDUe6gZFjTHiyuGrU6JIei~W zZU@hoYFULqmtbwYV8>v+{YF2J`Le`4qP0=q=uc3xo!{zzqvV$1Tm6;qpq)-$J@n(K zZ}lpqzM=b~F6y471KCAU-|3A=^~IA_-{~z$-Nchs-{~DtvWD;V?x-AbrR~e8@AWYh`OauAbq>kh`y!! zqo8)T=-c`n%GY*Mjp)025enM!dh{>4`;SmVCVMB~t>|C%G!*3P5dA=3jgtF^$ND`I zECs*mUH$|4AmzK!Pjz1uY+E}={H4z%!4mRZ--METgcrJY1@g&0Q;k?I#{>sMNq#1h_YE_K)NK5t@ ztcu}{Ln`Df26i+O97<*9ixfu`RJPM{gI=ZUykW#`Nt6`M8fi1(iS<7gR zlJn2gSV%fHC^5R8u^p8uwkR3V^^Ms#v6px`@g!G6V>2m6Trq2C97f6c*U-2jW9%l& ziEd~-ML}DhR&8vUw`A?mmN$%7Nw8!!HR_{eTbdiGq{`J+M!#uXCKV)aiEeF-z73^h zu{L}6N4GQPqM(N3(VdLdD7j>HHrO3mpL6d*?QNrvt?}jFHnMHG)#_?oCiU&BmFZ^G z|4HUsE1r1iW`v=j21Wd3mz0+@69rf6zliQ`EI`5DH@|FmV?8Q|b;-LN-oq%AF+6(e zY1H@`YRF{%dFP{h8!t#7u*r2h!x6O^1|BaH$SOy9%kk;XHWtYNgF{Q~*q z+CRpqh?4VYoDqroOiQiyNAyJFAnD3_J;vKOg*v88C|ncbYg{0GQoUS^zi|VV#)87v zgajHD?n4df;%VL*F~LR+Qfl?4F`>pAsAIU#nPfC2ofCVKaH9w5<|c8>XY?e^fnz>n z3@VKc3-2BiWhA4-o3kVP#Y7uUQg-ZMp#`KXAC45tkrF*IPG~nOhh1GIjt7m3zd}1@ zpG`4Zp`g!#W2PA6ZB34eGp3-jSnb*AF-b-)>DTV_Vx}1tA3!NNEZ8qACdD|5g5_mJ zOq${Q5MoYVS?sxH8lh6G-RMd}(@BZrs_@yy3OlwXX0GuCscTq4%mU*&DQlYz&##WT&I*e%90J2oPAtMS}cQ0z8C{S8~j8r3}+v%~O2 ziR-2w(Xl&?SX=3_dyL~KnD2e-oqC+5TA2ez2C01rXdY?UE>Je<>tN6d(!*Zau?LJiQn`0Q zTclw56#B+iUhE;m?HRUH+zH(qTV$+2$tN_983iP`KV59xK{@%0s83^yjew!VlxVVpyy^LC4G#GW!Pq2Mm!uR?cFvL{X%4`dAc?3D4G^djm{ zk+SSxSfBXXjWYSPQ9+9B+S#hkX`=zDpr&K;8KWKPi&2#)pEbInvc&t1^(LP)=KTYu zWU|Wpn@&D&%z7c!G^_383r1(AV63T6Tfd9O7Dei6cCX3b8J?=tKO=`t{@%z&Wr_D9 z$4$Ou%yYelVI^Qu~htO#Y8C4h8+9u&ah2Dogy$!N|#1jY3itJ#q3i;~eRb z6*>93@r2Z%T*l-Z#^^FoCX|vr`KEDAihq^8dh#vf=Tfm-#vismo_yP=UKaCV%AbvT zsABBFpN%FmCdxcA`Dde}tuvGF8a}9WUN!sr`GKO>PzA=yV zBI*y3ayiN=YG+e^HP)hJ?Y|lyq0)J;EO!yxDJ9xcZOQ`!=80Ic%E6p|WSpZ?%>9j~ zJTfjxvEPr}40vSRL&;_EiQ(l2QwvWXHJ|dt*o2bXm*0&2DCog9Q+_kPu+?eGQ{#rM zcc=VmJhnAp%3p?FuA~PiO!>!fL&<6Q$EYY{qD(&#t7j{6$_wK?R5~BN+BrovhoPVc zGljfRvIkW&NXD=SRdX`wMbrwBG93jyxO%c?&PB=EH8V@bMD5ukw%yjcDY|*s*0w2z zd0UES<{X>C&0k4>`kobfPJ($P4#msE)XEyTSq=q#_Kk?uuyt*UW%fj+^T^z1Q{2q{ zD40HNs+;*fN=~1f=`CY8eQstr=|xm|kunJd(^qL~IWq$#YcFTcqu33xJu7EsllJz~ z%9Jx#kiJ0WN#VRLXCAfHY04|+WfVN;@y68G%%`8$4wku%R5(FZ>YDpVcg356bfKV^H zkIUCjZERK`bsiy5@usGGB`7nE zeK%dKYtHt#&e~@C~N9zmSv(+T-9kY)I)F<9KINC0*r#aeIx43uBi&ftp_n zax$2={mq`$AePRqZ5|WX-#m?Svd(?WHW*+ARhMOU73WR^%@0tS?5n-raRbdQ6kBRN zwFaBrYRHt!t%ceUGnRC>{BvuF$!p5k{qiUEp=M`NPT#f-hMMO|%lZbziNF3`OQsAL z%fv7Mj5N29=1hu=8)aT0eOvF#2BXaF^<>KL>rIIp zZQdYteDzv`(PmtI8GHNHlxFXnTS&7eJZ`aoad6qQa$`GIR*Bi=|KbC*%^>Jn{>1z2|apTQXq&5fU3Ed#&uUjm{ z8p(X$9}$1I)*MH=m-ltu31%uO;b?B$MDt5KW-xE_i5*)V=VQLpSe9}xZ#DNbgGdQS zH^upz`|Oxoy+HG_9orrkWHx!DB%eDAG5e4bj^@XOnu|%TBE{dSG`EwyBkRXaGXJpi z<(CaNYc!FiBpfY_i!eh;_wrI-i82@2u@iC8=6~$i*|=C!Z(5S?Lfm9?80lW#DmK-O zvtvKR#hJ(L*v+^E^PV01IWE!c)U0G0w1(46FH*wMM{&vKHao@}rkdyN*q?D}X1(Sm z`N}m+H~Wwhj;iq)=2AQMX<4UPV8`6zXPRYOl;kTaJKJnYN;q0MevX-9$2ydqXXe>4 z&-nS~V>|Xn{6f>CWy!R^8NbL3Ldk9GV)Gg*i$!nl6u;PffXZakm-LFyHoLtE`O?|! z&E1S8=5ACP+alf-T4L6C3u0L;ck_VwCFXWiI%}{~VL9ffDDh12I?yj9*puX#HCsWx zGaD_ACMkS{4&149M@UKj*Pq(UucegTk6f7 zP2xT?H<4~n(i#<+f1_Z_{wV&K>DdKRri*D8-)%C3P-$Yz-k|mgb8uH#N`nDz{Bv^? zY2&PK-Z*8(b(695K7YrbF?n|>v1BEjF=J7gEP5tSIBR}HF+QwZ!dGTKY0s>R316G_ zd&qoA;WhaMvr#Xp-r>~}zBT*wmfDtFFX20LH%cx&-;@o=6Q<2(UVYr$d@jT zr5Y!EZx#%Yr6fl*PPk-N90-z60$ny6qSA0FxNNpYT~++n>Dpzp8w#G^ZJF?cInP$R zgdfd|wz?!-G5ZgKG9hKJgsWzut^Ntu%+`ZTV#5-yo11KnNw{Iw7*Z1RPPl0i z@Voh$6pvY3nDEp*MVhm=Sm-=yw|LV2nR%IXTpTYwGw-0XnCAy)68ZU}M8UHApM<~6Qz$3C=l$F~M=G3fJK?!`2_@&|bNdK)_Itl1{A1q77<}{LNdj~H zCi96hMNJNMbjcL`DPm1g#o{ZJN}}QzPI}={F41u0lUn&!PqZBTeaKhL%2$0ov7Ez$ z)Y!Le;;W9jq!%9D6Dv91M5VFklZGT#b@-yLDq}^KH@%GjvDdM8^zU1&O|n4Wx=;MTr59Wg!%vsI9o$Hwmq^Wrq6K6YoZQV?q=a@};t9I9#iyS$m zs9IfXW;xc8jM~jvj^mguced1V7M01Wt^6f1*D=luYM0B|az_vf*6_a*mph)IZm@fG z7BpGm=;jS6Z?N}c-I7*1d{H?pYkGyG4;^zzX+ot)ed(b$Op@kJ6r9jkIG~} z_iIsZP08|EZiRRTa&3u>vjsJhTv}ZHjimKsU9n0(v-aqg$g2}_B2+-g4jjUk8YsfP*<(0VoslTJeN|+uZNf(h0|xf z@rkOOcf5*n^3d7uCtYw=1x`j+D@6r|jqblcGrRm|W$qC1X-DA@ZJB>n7IZ|grv_Z-EP65hV}#c_cIZ(scC zxPeMzVM_hbhmL2c9PvI-6YH_#1!*$MoD6Nr;SGmEtQ@I%FsLHwm@lY0>6MzGx}?XO zK#fW7?F6+XHH-tbBYpiYs0-;isu!tBAjJBUo(6!1kurOL#*p@-yh(kgLoA5YVFoCI zRBsPx3hB!P&@|Fkoc0Wq+(tfjTtzwg=}B=S4`(1BIh)0 z6P`HAlHf^%Cyv)h@GXp|j;bVhy5SFpCkdW>_|wr)3ZE}{?r2VeuM0ePv?0M06VDx; zN$|A6bH_U*c-r8(qaO*LHhAtBf|5(!KaTfpwRimE2$o_q^E}Eko+0z$SEf~d9wnDg zm0zCfT0T{Nj|5u{jjxDz#WcQ!1TmfKiLRK=E0Q2)@Uuy-n8B}*AZBu}6j#jTktB#Y z_?0wQ%)uX!AjWw{hAYN-HVI-DKkIbGEPjOqu`>MZOjoQ7ze0joS-xeKD^`{lkRay9 z7cF$f-1uq|#LDqmi(IjCJO>5yVHq#aPos*(8Q*~5S9t$SNLkF_E%R4-90}e>e~q6a z!B=Z4@{1@a->Q)Z;x#P)Y+noCKx3&Nrf<6gI69 z-%BxQOJn{S2})_qzal{?P54C;l+u*nML{XsgPZf$vaw|x-sx?{tC8UC-&VXXiHpC4 z(Tcx8g7E^p#@|56Em3>k_N7=iR608;zOB)oPb-zO z1D{m~vOQr0{_mxW7ksqd%2i2z2I`R{wnR?S{o%nf_Y;|Y8I@i_e z&U`xwmif2&yk)M~+k6EHVqJLLa#ySipGAULSKe}^E7p~FK|xQno7RmFM%_|A@#r$G zJI|w(knbIy{h=%0J3J2sDciR1$q%ArfA;1@loImw<}22?^7ZChND%A8GuFCdeRwtr zVtskoI#;YOPa;9A9}miN#rp9$62#u)8RFQaWKO@wvq=!^&oef?rfFV$_;%T9m-+N2B#8O(al2hHKOTaT)926Up^7=Y z!R5~nli&?5e|`>ijKRBC0sIaL-XaX*gZDt0$M7w}5S~GTH>$$;0}{N670%s78z3dT zHyFX|k>I_oNZuOdWNY8uKP{5a+XpE#S>l2t)1vrkQeE#!ZqeK`A7XNg8OsNg;4We; zk40s&-@2Wc7R#&d$5QZm&t%>d1ylRgw8=ajCEs(4K!W$&;`k>dc+V}4 ze@22{isz?D&`a_BJWBRN0>4j!o=D>SfSh*diDX`f1k;|vJD}tgrSMTCn4%Q!hm!Ls zg@>WiS#9m|v=lzmjv3;efjpEvE6CvP2cbUL_B<5d&hRP#$+LnCo|qlOZg`#@nyZ~kIFCS4=4st$*$zX zi=j;Ub*nYpn*_(7Yj`*bjyTuwL=qfvuHmytaKyQW=SbmGt84i>lzeJ+Ezd`#u~&kt zC9mT*QP677%j34bshkKFK?H*Ap^jHP120`FsE>jaBoU zn7p5-k^-s)Bp=`xZN(;k%3GdAWj;lJ7;y8b0So zQL={5`RAx~_Nmgh-sk)><%3dA@yp-1N;$>vksx-O2VHW-PV*@!S>_p@N-;=zhWq{K zN_mFIk|6d4Z+*iR`-1l*LF`Me-*m;k^XLYzfRg=rgI7nTv%lE+Y!pZU9XY*p=_`8Ye)s?9w<-Hz?9eUC4*V?QU~=R54!6QLq0eo4H) z`G7w`-BP}+JF&+D?(qxMeoHwi^pJN(Ia%Z;Mf_FII8+*2HFbWENBkoh6YVVD<1sIg z!ZLs3_fWFT-?;mISDC-_)+i`*DtpQ!QL@aZe65U$GJE!T#&=6$nSb&hQL@ZG`C}5a z^DoYS#XiF_|K^=hvdq7Eq>PC&pC>=(Tcmj0R5RrT-%TmUPgU3peg`GDC@*-8M^L8R zqP*ZuNw6L<>% z5|#qh>V!(?eKN&gdbCDMvCnI{rKnam>3bpF`VT3&_iHJp^}trm6w4a-JJg=e%JgoQ z;%2QPeYdz>io5kG>7LMQ)@4$s-aS()T8o~_e8YQ>OsQB)wFh#eiGlUsAZkC6&vqqb^8O#%wp}2wkTK63bK`)Qr}vH zl56VgRxS#z^UXchLX>;HM2UB^5<<$X=e3C$vM`{8Z2YDrZ%(2Qw)x6npue?m}AYX*(hjdz9?lW z>5EavQ(9VUP;!b|SzA!Dovp0PC}`*Tl-8E#UnT8a9M{I`jgswbV+|*rnsX(kjpdD! z+q$+^I0=@swpOA{iLGvH&8HZ&x~;VwmBaLj4^!G&r%~d#b;7fhc9#3!P`mh!#NZbx z?X9Pz{$56E2dm<98GGSvq;|4`NY{nlwl0z?_!y~Ot)PEo$~qIvr*^k)kP<}7cdSM) zWbERQ7b(50jwsnL?^-=j&@WX|-?fIyn3!XAQu|mTDCniz34N^TDA_N4tc9fga~q13 zD`ZMseWej_wkF|qh&=Y;ELnN4geXLU`CqK2usr9kWNr|?&i`Wem%-gq8`&z@r z-(Hnhm%FF-x7-zw%s0sLkivX}tVSrvH!yXuwTSe^sPU=8tVeb%Bz2_KNG&NdKJ|TT zAWHVjIBO)u3Tir2$5|0}$|b22t!brF`dBki(1UAJeXP}#GCyles-IO+lQn#uvPUS4 zG(Z1Ps=sxXv~lOD)Ie*6E>m7fIiDJ2xfxQ+^RJ|aShG-2!-LdGRxS$Gsy|aBtnDb6 zM=UMEx`vYTD8l-c^y++5#Qv5kaUMljmI*b;tzv{#86~%$5mr4C%%cdaB}(qmBdpFS z*-H^tPgFWOSeHq#Uzuv?5AqsEY*sUvcBHZEiKJTq!`?tn{Le}!QHuZYbgot&ShAeNpN>=mX%L}yK}Rx zViMe)n`2!h!QHt9R>$(LRxhxIqvSc|LTerg*4u?v&?}Hqo>MNgGEi5oMWUS|r4*h; zF0`^J24|5AtrZk|d+w-r7g={na3q&$Jt4t-SZrN(clFX@>mCVWS=NbHU9l|dA_-#I z)~457v1}`!1hFO7tO~B!5-XPku^g+YqAQkTeT@>&QH!r9EVaHT!Qb*(YF#5`qJEYV zbGl#JQcI}>r8s%Qz7c85EsJ!1!C0YJNt;krr9{2}5o<5SI>k;)TWOsjO*oX1_Mzoo z8OvlF>SUy?vIdhD1!knJwq{9*QWUnvTJ(}~QR&Rk@#VO)u#~&AJnIrjfhWV~rmeRgU`#$4zQL;G3HjvnOB=1a zAO)TbU!1nlYD!8G+H7?oJzu{f?PIGu=7Sp6rERfBql#Eu)h%hCSnEh|ZF{@5!%k_i z9o8w7Ty}R_XGyT^?zF<{;56VhkDXSm6fUhhtwf5!(z?@{MKQSMvCBF|f~9r0b)E$M zvd21K7t6$Zk$bFbD7p6UwH~72PUxfZ`z&5h_5^&7`hew$lIQk^tidQbj}BX_>$}Q4 zY;7k&eTA0W>#kU#Rf7bvBi7)CuGkUFiv+Qw*1Sfp*imaa3feiL;b+#TQesb%pH^g@ zAVHrMSz{YRJ}2+{$srN*l@j?35u1jReSOSIB|*MpR+BfdK5Nd_<7vmNR#Mp4$E=PN zgT6jy^`ThBd1um!t#u^m>*LnPDA}JUtYZ{|JK!g+6C|kbq!lARUJd&(sPCkeD24T% zw5C%G>N{yIq8QZoxpkKW^_{XFqvTfqwDkf7wTmkRmZK@ukj@4w7t>B#?kG9O&RADS zuwOZ2iA9`cdAWYy><`1kz2W!sci}g{=f8&!9cD~rZELuqGEM2<&xS!1epS|_)bQ1Q zOngl6EY^~m?TX6b(otC&j8|AujJvzS9*SR;t=s{_MKLhGZ6^HwCj@?F`thH_u>9>i z0Lp)PSQXK}15|sw%yk}HD1UGJLJ1evL*DPj@5{s6r^6WeE9-5y4#t$8_8(Fq@1dPA zrSU5u`oalgAWg}bBiOb^PMDVb^)Ou@1^;(lrQ1-t#y3YoO8Av!imL&$V9b(_N`6%u zGa?AmOu_jphh;ner|}b`Aw5JDR(e>D`JZyZ)VA(mdbuefRbDHg5hhk zVYq9$>sPM7@T;<4l3@ITH83p4yN0!YMK$)YCu90c;|JurN`T>#T&0&rS&LjUVOV2d z&VXFwQlQ=^`(7R{>1~<*2TWN~8mysrXRD%wc~u}+>GkX1!*Y$57qPGmL?#Tp#7! zFPScAIjo89?wY+ELdyTw_>#QxZykWd@;MF4S+f?(`F^cT;Tj*mLJ?^mV@q}(axIxT zVh+k}ug2V~xV!6Y#t_I=dOWm5XAwhTdM#1%|JKj{?)lPV#wSDV4X3zT=o+K2e{U6` z%`*M}Z3|hl&2&wjYujG3-Gedzx8YaCc1&UNSLTX604X<$IVk^?>?2Cj!17kI{J6?2 zJ#}*Ul~{=G!}8_!zm}L@xumIVC+^qe61cSce~*_b<(6Cy%Mwa&=SvTBv3FD1xs|Y_ z%@*~R?2%#2%X6ytLKyS=2asM4mu|UhTTwFYGAe8TZYboHzyIF5m2OYz;Q$}lg6-Z9 zbNuOi7>>qa7$cs#+Ye>R^}0pse-F#(Sq`mT;|9^v!ws;9w^xPnFf8_KV!B?Q-qKU| zzYWXwKs$H;t5yGQr#xmT-9NHVZtaHFR>iIB|5l@`wXnrgahv>d&%eCAf;6(sCc|9I zAsjW8jQ=8E9mBJzpD(tqqScdKW0nWNusoJa5Jy(3I2MAX zz4lHR|KDTu|IaC9$$#yD(%@Gf4=C)X4KN0NOUB48{MVJB_Hp7@XZyvk+_tMYMtoKj z$NYDzUhZv}J0-o>_%JMW8?a9r<1w=wj@%0+|9dHtY2+TtHLOvu{yV)~2jw)%U&yO6 z$g42d@XK?dbUFW?BmbVd{~l8^7e1>AwfuMV-(yPBm$9I2Q8VcH2qlyr1IwPqV0=j%UHUb&AeJ?6Wiu%7;XNY(|z|L>!k(%YYx zw-S)I^ij>rDWQB<&xpP45*P!&DuZ=g!}E)h{)F+RhsE>i+aP`E-xhsg4E&ayO~_%_ zamdT*WnS4Qez;F88HRH%d3FO^QL%SOh2NLk4^t=G|L^0sms3LCKDcj{zopNNO7Edc z5C41l`S+Oru0^&-V?%L^>WY?(ag`v>-EfJ5F(t!V4QS^TaYiPN(g#ETH|YmU&Kz-6 zX0TpE{`aUX|B%R~igIABfm|hXO_qG!4@wT~4r|lg)lepkDLFrN^-M{w+w~w?x@Z3X z49o3U%n(LUH$^7;exSV?;5`O?E0tNtF0S%GO} zO8NUgO-t#cn$O>b*2;4wx#tR;2BpEU%3Q-G$MgU1bue@V$N$6J`@lz4U3=gA%sG>p z`~mqZqJR@Ks324kXhmY3F+q)@mV&4)%8UsriV8xtRMbQQN{mG$s94Y$6RIe+%AZy+ z>ckAarNvf-TD92DG(&4zt}TLXxx)4R{nlP{6QuO|+~;}T_s!>X*7vNn*Is*{efHUB zpM54XGV@;{y)M7c=Y@K?677+mraoQvihEeruVj{DN6zm1W1CoFos9Ec`>u&S#$2Db zcxH!`KDLQ>y}H3HCH5GfJ9Z4>^Tl;1GS`1de?Ck4!*$nkWUwvs+6l~M>u}w*IDRwh zCC>cwl4tFf#f(6I-(gR7wuk)B>Hm^v(6r!P3O;LJ$Ts;+3EMx3_eGw$PwM=@^*mBLrrG_@Ygm(hGH>|} zT7drSC)VHgH_o6OL;rkFw)Qg?by@6l){9Rt{?AwO{ATNz+WoA(JiE)^o;$A3IOdfp zl-=*k-E-OfuJhY<54G`mq(}Ay>)(GWea0+ht$ukCYt?rJd!zkMb@t`_%$!%H{j-+* ze)lyrd*yan@;;mk`LMpn)_WRPy`4K9o@(zK+bY()Co5^c=x`!?pmlUS1)Tt}Y9&zH#Y$CjA4uw2`E|2y^R-g;f_lW*HD z%i(QeTdaHD?#J?jqa5#%$H@Bo<+$?ktq<*8mi)1IS=f@@pWk_B>{?A_D%baD$&Y?r z7N*+u&qJ?tm1581vzYVeXUm_rLhq^8VlSwC&6~V9t!%{<9wY`P6)`<9b5= z=zjPx+vjn)o8LNsZPF8KP>#7??zv8csa#QaWu@KIReDBt%=Z#Z{Xv3ld*|J>*!js1 zQu+P-9l_q&yCminm?7lvCKJBawa@!?-p+m8oiTQKhQC*lkN@yx|7`#0WzpY06Xhe= zHC|g=yFY#dkL3<|26+wAGrO0uPjW4#z*JyP;^=!{}B&!#JP^_6dv zrb~G&cKqqSZ%glbj_&?Uefa(*@?>QFyY_7z{+UeTsPTqHT6q5xtgXFY%*Tuxk#ViR9bx>{sb&*X0^&xX+oVPx_~8{_PQ-yE7^|ra2Mbp=^XB zXWh2PcG+EHKMC-gXBq98D|pS0$2uG8Ig!#si#g^u&$719VE%@gz+IGl)0)4^E|U7& zp8syh)}M3TEf>JsK zEThGa0N=Tn$JKp(ue)V#Jw3VJ=$Mb>{x}CCA>K-04&a%SWmNp)d#c3JkV&A(4%8`^!g>Tvw;R{kyO zYipU(L(WlGgzoPst!I7}!hXJ`yDZ234rjLMaCvym%OsWZa64Pi{$Y&;N9r^7NV~5@ zT`hCMH0G9gl9d@|*S>3pNgLWbEal4_5(Zp^%6B+$EzK<>7Xl zx2q1A|NmFr^7ZL{PLH-yXXA`avGmLCpd6Xv*(sAX5c~NP`q&wlXAuXi#3=QVy6u3Wns&?P_r z6|VFXPd-0}H9G0lU)~7CTu&Hf$a_+%M5lf>YukSy^VeBpV#(i_I%#|_m0BOobzq_FrIw#^IB%Q8^T*z0|7Vu%^6YP=U3cR7a?GEuV-E?+dx7`msq$;!%8MR@u?5k@t#`dmS4n&k@3|0g(cVM4*x9fKd-Z`shy?d_m6yb z=ze#$V<1P%|5g8d{rOowKGkwwXWu>_`8l`l?_Rs_+fR|%7TYf~;UiaIj$BbW(#PJd z@}K_V%&_~X$i8?x|7%ZW!ZHY_B4B+%G>Q4ehO=k_!JzD$dy%VPge~^3FzD0=PfsXKr@Y%Z|E}@wAIij!CbxCFaZh zSMk4kETc^?VcxrCT(WCQ9Mg{c%eOq&)%j_hyhq;N{iyA}t=pUEC$6~xt3aL^j2il} zlFZq%y|;G1W{G3Rj%@2M?`ogNPzSrFWNr3cc7Bz~M*hp! zSs#uGtPj__x<|9^$vep5t$n2B$g^NuCVVmTa!n6yf|ha3Z_$@L<3xByxZ-E~TfTSY zSMccBeFd*UR`BebP`hf^<=H(#{z#Y0b!XSso^4<$|7u+>f6x6bX6gBT-aYYYE_~~R zV;W@te**EW({=-|&EMh4k^9WM^ZI{QhkQ-!x=`1%Vg5|nnE#Fl`FC*LeQ4(@4defJtAbzD zlTTjV|MKI%?P*YkcEcioTFe)7#q`^obo z<9F}FcK_A^Eb;F@X8i8^pP#APPhT8<9>2(p^o#iX>pRGib+(qVI3xD|N?h|K=I!{F zFdPN$HMsM-hWB6lz8If<#R|sZ^2nIBg}=y(>t#zBZO8L0tNT;`{vUVE#QyaW@txy8 zdvEyp`&a%RWbaT%*4bL@^?S4uk7j>f=2{h(9mh8aW{3%ylg%)5CbqH8NOQUKB@=bV znQxeJ<{E6*VjJs}o9oQE=0X)ivHcd?SZAa8z1d{`fL{&Va&I;o=j~gH8V)L;1 zu@ztoU<+a^#8!mu7;L?;^>e<1ZLHJJc?ui{MxFk!9}5lukHdC6wiB=o!4|?+imeP= z7~9F%PQi96w&BP#!a387K)jL8d1fTyjf8EK)59I*^mfk#&jd$P{_)O#faAcZbB^P~HWpg}wsF{^&bdwzwz1fHVjG7o>P&D>!ZsG$$=JqW zi#k<^e-XBev0dWy#MTGfCTz!IdlB0T{Ezlmv5j>ubg)B0oAba7ep^S>G5;;laRU+deXNsI7a=yqq z$o^)D?5~78!6YFaTpyHekfrFO+;^N`KKLb^-(NmB#tf5hNEs&IRWQgr(r~#6n>cczec{-d0|kiATy z%Q(Fu9di|AFSAzU5)a?O>{L3e?S9ES$xoje+21MlUHIk1zRsiq=Gr6s9_rKAnFGrq z-~58_;0iK=SkPfbT%6?|+nU}j++23ovciC0$6x7Xcrue@6=yljn z&%NB82Fva6;dgds<(Ck%hQEL~F3>u7Ipi;{NVqk=Uj^?l(ZKGht=Rv5$u74laNJ{A z$S2$OLC#J64KkfP=&r@F;7B3+o2tN;nXXqAIOVot$QQA{*WquwIldk-)Yi9YdM{Hc zb&I3Uz052hzjt|-Z{5>(K=NCc=b*$hy!nBjJTuOl=R0F+jn^W-IM8C4Iz{p>fc;Ky zf$t9^YrRGsi(~2}S|k4HY_(VKTiLePH2UP%7$wz#+~N)N-Fk1@>-6!vEtdp-``Q~` zlkd=)5527K_`U~_>#{AMVgHuv{C>w*y#?P)?YnO3DE~0u+xTs)alWxz&i6;r@|0E2 z)56~lj7kq_lrypl_B(Kldz*Qr|1qP#M3{zXeJ|;Sefm4TRg!uF;%_tGs=CcT5ap)5 zb*SNL94T9)DsV>g1O8Uu?x{)0J0(I+d~)KG^F4m+r3E?h%!%h7N!=rscUw*%K~P|-zCnW zz&79G_<5mi=mRB?JFgiaa&T~zGikt~zw{H+Yuj#t{n<J+KmWUL5T7wc=O5I%QPp^zj>1Ukr?{el|GJH|yT* zLH5R92M-{Ar^tQ5S!{>Gl?6|>6%}p{lw5XN;d{R8o;qD*dEq>Xyg-htUXE*=kH7ah z&e!k9i(S@jW+8jg>_T1_{Y{Hp<1KQHw@5o5@QuK?1vk3vV@>Xky2lEe+{OV($Pe%T zJ|z23lgs|o=&}bky6k}meEsg;gi?4#kMr?&AjkRmi;v@c{JqFktg}H)nvW?OhPqK! zJ>S1*l)I&Bu{#Q_9r3TiIXx>d%;mV+BK|FMmRnq2eH>3tDtb}IlW~%|#COh1Un*LM z{ng$^u|(b9msJ*J&EF-M?Z0_hq1+_a2xlYHl|IIl-q?h%uGOO~G3W0Eg^&!q*Ed@Gi^MRo4t zA6*U0b7J3qTQ&AOAtxf5ClcSjj(V>4SbBfc8MtFgZI7_DDr@C8VRzU0UXLjr?;6|8 zl&WNpl{lwQ_t+aK{Qh&W^Qc!zyG`--w44=KCFf|0#~H#jZ^-)73#NHDZu(n~Y2Gmr z$`3a2X}NmiO+9CMb4nLOW}bPd=gNZCyC22=?7N>tv5S%B`I%Nc#Covbu+3ECc8obwZ`uOe7 zoxbC7Rd)LL+asMme&=(ikH25SQR}7Rc~W|(kH3A=={t4cpL%xs`2A3wK7KEh6P!J- z;F!YT#~7tC*5Ny->%HAmOCdRW)O**@8g)#gSQ^FBD3*b!4`wex-qD&QwMkN&B(>Am zbWQCsydyUpvqZ*(RjBjR$E=bw(&F)|S>^G1X%RcmxZkvhWtGRPrp06bU+3ZbACK86 zSItJbY9@LdZPs}lg&5QH%KBEW=+nyyPI;-|m|3XRYOhu5(<=38mHMQ`k`_x^EF7sY z_mH|R@J6p$iW$)Q0FKZZ=K|Bqf(?xmM3cB|a7O_bZ$qg?kR z{AzTSJL5IVxhY@oD)jAMrpi5K#_2tl1a6pH()&Fhuk@YL&v&BrPVK$Zt2ysX*x7Ep zqR;8Q3$3vlv!g9DXCjrQ(`P~N9NG=DLAQG9L%r9+r!#k)XOBdq z{n0*4eAQE*fErd&+G3Td62fcT0Ebki+7TkAk--F)l`1#mh`g9fcXIxwB zd4ApvOZ+?PZth#+|MH`ELcVsw`H;LDmiT!$^!)74o}YKagWel2wIK2t%}*o3sVANf z`O_z!@7vG67Hu^My<)W&_J8M@vXXv&_Qr$Wm5cx0m-eE5VMG{p%r=+braVGY=SZI! zM)p>Sz6` z0@vdhs{%`-`})1-TN*t8dDFR0|F;5x8HN36Ii^4F(YS)-9r!`t|JRi#VLZ8#BPY($ZxQXLa|@5r3K?j0cQv;*zY%>#eYiac*yIA zTs&Z%fBKWR4A=JcER&1*k#r&o;mnDRFD&&ocQD-<-o zLdj>Db^f1>zW=y&sQ-h<&BS%l6qt$D#{V5SXP&><-6Q>Tzm&cok+&ST-+$=#lMD9y zpMCKv?6dU!5`T~M(ml49%29g-JYKJWxx9iyw|_FgD_}0KfVsQ^_U)1aw$Dn8OMM5f zlyPY##wC0cqxaLn!v+ouUbf}Tfk}@wVV{p+e-eIwKIuKZ{Gx&V3O<|j4M_HL&Qxa& zY(vd|g`Z+;#E7@e-LZK0z_&bpBl!Ga;oM6L+PwLj{yuOs=AZvLFe}HH^-gVhsW|I> zw2bnF*Lxnn*EJ!RQtG{A~ zgKvpGp+@R6LY_fJ$TLVyf!t+eCN>MHe>`TESfzWeCwFK zCoCve9~D^a8;krPN7XSSIS zA`c9T`|n9T33=sr)(+|{D8QU~o4F_T!$FPWQxzEe{XK&w%E(jYo`pNbRe}EB_XckZ zR!=P)JO}--7i1rN*Zv&;>?q|OHx3xgu{}Jv%5A&{>j3UOa<4h{9{j!t{LdX+8aO_* z*KGD~o%@}^n>~*9d(EH3Qc7doKXvkuY_RF38-{d3-ZCWX zySio`#*F)_Ru0)4TzTn}Lk6L?tG!hsv)--uFLkrt1NZyU&cBQYXL{j)&h>A%lsT0)6!Pk3-%Ab@5Jrc$8R7)K6&CU$c-oF3U(~sapIl= zemnkt>>oPupzP0ab}a56>WzK;#{p))W%#D~Jwrx9cHB5BR1&zYzP#@$hgWXB$Z&xB z8)bi;!)v)omyO1@UC97ET zBv*~Z+-5GlZFK2GM8KRJ&)uuNDY8Ee(fT?y0ba{f#6C;xvt)ms?9Y?^1+u?D_Q&~d zdi^h@<9wgZ`A2Cb?5n+HXpLT`UZOQhv=*sDlk7Lj{wmpTmHigkUni2!Zf~Dd8L-cK zsaQ!FEs5X)Su-3Y$GcHHHwJh`4?>AmWrL(;21&b(5KC)-=gyINavGM0%eIT1bE@9q zC4m)p|F~bh%xvf??QytUJmk=@SXrisyzXY zR5{7DQ=YK6|MM{0WEXrmg6))9ZWVIvgT1_}c<4CaBUN99Y`bkQp3|SW=34B3a>=(L zzq;lT$op=75%Sk%zl1!y_wOO^zvl0dBYT&eJkHlpSPJ>uo@bu?V&Lm5E;_j$&)sW} zALnbiEaK-#c;Cr812yNZfMiYfqUOny*@o^ZltGa_PT3_rWS8`o{nFYw$;DN&YfjlO z_9d7rZtKk!t2^ajfMejn07poyJiP9n8ZCTq%E^$^Czb@O(9?RENg}zTa{sB^Zwg#h zFgLaJRE~iwhix-&ENvd<;eN__&RLUxJgh|buYB$I!wxuaJ<)4;KioT3dk37(E#cvV zH1*Y|zdHPY^X8VThKFIn`YMik=5UsBA7sygj|?9H`)Y5D_=khMHn-vT++QD_EVw7N z9ddpAo#C9LW{2sQKr{Is+r;l@5d64tZ@*roJ8<4DdIDCkEL|D}!7a zsFb5C4eVZ15*!$~AhF`Kr1#07rS6oVci~xqDN_IWg}Hg_Pn%yjeZbHY=NDc-U~sS$ zkzYbts~&p)v}uTsD^%i_26!y}WF2FgZ|t(apEe5-{ALz@zplrKS;0MX_qp?(-BXVp zF$HUbgCIG(nBto>;rzb+}4r z!2&63n(4qV(N6K*dCdEemp_lYVK9C|$B6pij>Y>%G|I1hO!57|^G42h(kGRSYz%S? zTo8QZxKl>Hh|zE4$juJt*i(EB#iOy$k#JezkSP;JE-Sng-zhTRdG!i>!>#XwjXmn-C+Tl?dYGxxc(#NN;4`PwPxYbVav z&eM0w`6`jMz7m(eu~p*o*LY{)O#S`z68Cq(k~2!&7fRkAQR1@wOI&`7@h<6myQE)j z#+?-3V=nPmiOdCg#&bcgCFX)$SIh-D&)g$Ny3FPXtN1%IH=ZTY=1H^#5^aIRX_Yvw z5~o$-6iTi_u@}OQUp^Iky+mk~2u-&B5}_WJ9Vf1m{TA_ACq5g+XS+n(D5={e=5{G- zyToioJL5AFB3lbNCrKA_wB+pZ^f5_1xt~3z(|7Fg=Z$GClzD>4) zY>EGsqMl>>`Cq(dwYL*BA3b)L)V#$11Mi}-o}X>LOX|PP&8)d)Y}kJ=G;eIK@VA(a zcz)?ie(6hop8Y2O&yKtH%X`oc?~UA#X!}MSlxPPff>*>^c}1KFct!ku&ypfp87Sh& zTvEi5xm6(WdCv>j=TWbezOhoy;~eLsHHXGcEaJ5}v4~HC6N~u#II)ONf)k5)g-$GD z%!x(vbR1+0OcDPn;y(rcpA48H{!_$%iug|vf4)7eKb!KQvtKNH;DSfaZY#X?o+o7g zsk0~f?s#;YH%(e{nzZCJX~`PMQOC?G;#-m$$iUcn;xkWt=84Y&X{CB;rABF`Mrofa zw{F!wcTfS(LQ@gfW}Au*4Ni}5D&ichspti)cz5Di^R|0l(PK6Rpl*3yi>0$;!6HH z^o?C^oA-|az0cW*BRzFgD~|N+QE55Sv>fRHZ|T5G&e<-hJ0*3Or0$YbuIfBomXmhN zNxS8w-PXza`8rw8X)7Go+R}FqT6k3ddaTv_wPdqbQE~OTd?NFkNxpkh)jjqj6`w3B z;?=!MTJ@l`xmV1-?G>|E@0a#@5v_WDBq=SBmFqO?H$w&oONtqxUomGRgNk{KN&f|p z{1BeI1}%2?qUB$Wbi)6qk&|HT!9 zgM0ngP5oMQrT;5!S0cipH4BjXi|R#?qwiQAorE_Xcz58Q^U_LK-oNBDNS?cJ@og7A z9W9Yh9gIMIejE+s=w6SGC|=vJ9g@d5rkH1~y!hCvKS#@p+i@LL7V`{Fgn!TTrXcmb zk<*ZR+IiC?wFasCM$AHL<#~?B-%xWr{wCSP;-4(O4w4b(Nt;hB=I^G>E2hu9V*1RJ zvoH&ukDfP6JQs-PEb&|*o(sftfp`wXT*W?RKY!k+0v^#YJa6JzyYPxF@14gt;D0-> z-naQ~w}S6d@n*Sj`Gcoa)Z@6$f@DjU2j*_MxS~Ap#!FZulINXrc@8R(r=G@QUN4Qs z9Ost=F1WRKxKYkpqnzLUm_zbTkxo8Pk%RxkkTvJ6tl$j4r6MO!HwUeRC*KT84PDN@ zwwYPi@{P<~tXFI^C12;-#e%QVa_)DyUzB*OVp*VL#RnDJ%uUPxR#AoL1*{RFZ{t5x zoR50qEx)gNX+h;)=f>~!sGQ_pH?=Qh=+dFlN$zduj;vhbyJP7#Z<0Ihy3v&*B-avO z=+a+dwfVZK<0~imE@++%$<#5DS}t-k-pO85S%+4wu57}Qj_O}mu=rbRVEIq1t}H1? zuYay`t*mD*Dfsm>KdM|(aN_J&DmND_ng535dbe_0!HrlGp#7uDRmB{sxbL4pIbgzD zk~i*OFVPxa|I&mP1D_pt;e-)(hABN~ot*LVAn$tX)TM7v;HusG6NX_wH(?fLT!S!I=e=N7@S_tbIX|Bj+>6=!tl;({?!Qn{ za>lIS<YtYSmlU!7X{rDA;xRQNF4$ho_1^8pT0kJX*R_58oN z+uWZd&c9$+G4JwAeA{p1m~i>6^GjwG@tJW}5uX`n6>(KC>e2JyQC9 zIgi`iJMRAIf`d{|uY^}X?(AAClS9V9-3#Alk=r-|n@ zsq-M2V}vEz2=SaJ<&F@4zSnsC!g-Qwp5&S*xwt;|_kl}%@6Uhy!UM8aHc;NR4U~6n zIf;;yTsg^=lU!p;IL?$yS(Q>&rIZphH<-IF3SvfoFXU`VrlrujAGPV+wGhvtKeityRMF0b1S?+v-IE}EN zMCV@AYBl!zn54+HA~%U_gY0S2PWa+JW~=P~)ER$qPqW>L!19Jz-gGX3Wv4S0mS2hG zUFTb{>~b0)GtNrLobwb?cT4Jr&U3KrabCYTX!gU>$9w`AH2*+NTyvc77ZdxK!9LoD ziHwSzAaat(%OQhiqWcy+XS(#fS>$TSAU;z-%MWD#1()Y#qx;T8zuE5oW@1nChFg8P z-@NI5fV{iK^AqvJOdp;l-XoB`yx&a>;!^;xUgR_5yl1cUnF)|VQv(amxW}_I3;R9I zY%hnH^SptV^u%+|mo9P5M(^QEUGtK+0&*v0PxG$GUEX8Z&v?&4=DeRke(1dixySn( zo(2LW0~iF9+p}^kG&4|9%hk$9nS9( z?DsJbid+U+XmaQmb_=Dh%qE*E%U652fY4qE=W;6vCS z6kGwHQ-hB~jtFjmJR|rE$oqqXzuwa{22X{2D0mKJQ}FAMj|Jn9tAe$ViQr1emLPlP zGr?D}zb?1~@`d1^z8*C123g{+Alow|CFX*>az6|*)MFK($jpqu=?_z_;t7IAn%g>gm}Ird3Q>jcd?J_qHyNr zC|B$`#6-D;EOAdEOZ;o$-ALVExC|x!qi`Yi4;J!_o1*)%?-e}=87z7jvZUxy$X-RO zAo~@u-yT<##Qvb7??Z-)o`Vb*y#RS?(I&_dMOz@xD0&SwJgX=TSzfdoa$?a(kPj6P zor;z$J|FV2;yb4HG1+4Fs7{gpF7klLLn6;9VQN(51W0^GOUbk7hjFod0O=Zkj~~O* zy9e8FL=T?dDYAcM54PvD9`B$JUoDnc54L|zk4Ci5q@G)lYg13g-z;+IG29;}a-_(( z$VDQThSzJ=G{J9&;q;qyaMU< zeeH@q=BmE**#?Q8(4R8WpY^Zo&vSQG|ND@7HSB%N2O|GnWb{~CCPDhl&Bt!S7&7Nr zjv@2K{+7rOAbXmt2kgLim(MwF6OMZAam@9W$oE8MMRr04jep=zk$TDT^toh^#20zB z$hgS2ME*)-R^)C-lskld`!2{nX4w$tT`h90$W0<&5xG_58zSElIpIY5SBd=KB<}Yv zW6W`3?wO&TR6Tp+q>=?iN;3N}nsMd6n>HPWx+VPKz;PhCXrZ4P9`YnRa<4>x+xf_{I zz1e(a%Nmg7Z3J1LHuY=oM*354HrH&~3eta@Fx;?1nFVG#HlN&58IXkoY^3QD_z z^qT+Bz<};E(|x2^s5G&P3M*wVxJwGtLb$@v@=M*g&_SFiG6k~sp%xsn4MFs z{AEALeE7m+X}?lUFO&4owhYzu(V8C7^r*4|WceiHkj>`nFHcY%UoIqZKi&S4O3^yb|`X`mmAoG!|57}&%zPv{DHjw`9V*k<0 zTS2zx4oMF;WHddi>;RvG|89_eo#4ynng;x1`qv;E~3v7>*gUwb#wKchOycpa*fOy8}yY@ak(JV{h%DT+RM6;=|eSrG|2HhqUlkP?N^~X z$?G-p3UTN z^VsImpqvj-&I8E&6=KJD2y*@~0c5!`kbW~Xy;k)_n!a4@7{5U2f1+a?1IIfzw64|k z4ayYAcx|e;gDjuqac4BWL+vE%v0KxffX(j*>0c-eH$6++eZp{qg9jX@`;~o#;f69$ z+E496l@)3ynQww}vJmqOP}&RRaaL>k4CPEA<{2RU7O6d{_BE=vX?i=zdXOxSidKkzl!LG_5>N< z57NJ{5aX1lm#R+EuT1Q?Pl|nZY_z6Fl@*#!GTvmh$3ULLK39l#23g)h zO<$zx%QZcz>1#ztd#Syx8>QW#OS_4Ec5H{Hcc`6YJ@%>HDYoUhAoGz-CwV^mijHv$ zl=cAWS0?t^Li!C=eY6nsevtkZApJ?kouHg73^&9;`o)#iApJ@D&rr@4V%`PPzfN>q zr>ZXmnU7>XQu?Fn%Z1^FHL9-#d44viy$xjCc93yM#@VXeA;k3y(l4v*0O?QCpJciF zL`T0XvHp(I57Mu%5bdh=p&;)cqtzY(8MmSvnQwxmqo1kY4AtkVz7UjlQ2Qd~a!pTy ztp6IdZ%}&*_=Ag`ga#=r~SgGsyG1M)h`(ek99F3&Rat zRo|_2kFkCv{Yb{~t6rw*q|{qkA@*>?1l1=CF&>B=-yuZ*1$iDiK>Cv`cem2uca!8iflPNnIbN{Yw6ywF4}tV6 zRgMPP{t?yjfo@5!0C~NUj6?GHCX0^yGsrmAAj>1^N7Anbw?Ii7SwO6a1q`gk<3)N22PCo10v#4J5aKj?CCqb6m46>di z{nselG`(HZNv3ZFc^p|y@6dFT>ARIUNv6WNzQF-mjtBC3^b2RlLXw_rDAn|c=)Y-* zsvcKXgRCFP_;qSusCJU}q}rR+PSW0{_O0M@XK9QaZkl5mkmFER(>p{*zXzEQi?T?^ zc?Eg?9Z=4z*wOz%`gtJdoh0X-e$ki4NR|@jh-KMWUnqRBr~QKd5~T z$n)K%>Ft_MvYf5TtfqHJI_9Nn->t+~M4&(Pf4~7*Zb(7xu)=xq0g~-n2eSNx*gtxJq&=zjW>AhFWSlk1 zHcf8_Ie*=%_N>}FK;|QvkECBt^l-y&wVVF*!#o^hJzUYzpFrj#S#Ofh!+wzcs1&4s z8OZ!3{YiOl2I&_C=~n@=J|z7}`jO+EAGA(TdkkbelI;)&nZH`>xb8rne|)io#F;6a z9;=mf%p*W)SCIMYB^~38aCU5oaC$5ON;`w}YX(`5HIk0&RPF5`>rJxWB5U~)$2g|Ed*IENk5Y1lJu_!mpl90$l>Pr z*B62GOMsJ|(;AbYv@^*5)C@9zo7&q!#?J_G{|8ymtfqHpy21CE(e8kZ=YcYg3unhl z)m{cNURdnYV?#APs_7M)PO_d8lyOa;q54da*EuQA+nT-*l=c9nJ;1lkJFT?id#i-w zol9R?r0EHe^-U_9LFOl!pOkh1KXsa3q5iRXUU~7W)WhoCck@=&Ga&u5$_|kJB>i_Q@ugDY z=O|r}etwXCA+?u^j`mZ%45Z&sv15Dy*-uIKQrIKAmdf5eTM3FsxMS7QhQSM zW@U@m!wn?9@h!GSbc~al-mcuL_72r^AkQnwe7iN>J>J&O56W?>UZ#wI9Ir?@4rR4+ zA;|kc0+exF?agXWsl83@?aB{#Takf^27UxaqqkBs$K6rk80t z$@D15=SWiOt&FRkq`eyCe6I#%`_zgaZdeGi{3T+4b#t@oZ6NcttDXUQ99gw@sNET4 z+l9Zj&G@At$Hy{|*XJy!(X^&sOUK$e?Sd$Tg7_BPeqm04wn(!uxm zvs_o{fo!)@ko}ir|0U^HrmRp_D{GYtmGz+1PxWTyTD7NCZxG;Y-IZl%GaKPcFWwR@G%(Fq}4~ZUbAf>*VUIEJWrustFNuGy#kolX{PSV~EGEN7` z^OsY*Inma~1*IHig)#|*AvO(C{>n;9nT*i{Uf5|Is)lep^T}$TJ?p> zgtA$=7G#{1>g~!5$nrZ>H>Fm0L8*_jOgRi>oT%y*%DA!`pl{!sdsObr{ zH-qdK?aBxO!bKB z6{=S&Ye2Stt?CO!pB<|QdA%gm-mG?#_7uqYZDJ2Mw1cc?M(tVEJCr7D(;blIk@RM_-;Rj*aOPW6S#dXVcxOF)*B02wE#>CK|gjeRUZ-3L z%K1{gS@o3a?W$)~?@%3ITWik)$owIY?M3qZl!9!>GEE;QI_eL~`B8gJ^|+*m8>-b_ zr+PCe{aD!{cFb!}vGx$i<1Yhw{1qVQALQHSFRzj7!D^7#0r{zOM`|HRfAVd!B-O0x zB-7g@9sN^?=fiGfdZ(tlr`kBBLexX`VW7;LRgY_Wwb*CG$hS?;HgY{!r|AoYnD2tD zFUj&+K&~H=Tt8|9*}m-{+b1pdd7C>_cZb<}m4QqTgVHXlS1T7Po0Tb$?b)V!yE3cn zP$HPbb(F3$q%2cbD65q^iS1Gm1W9^rjv{xRaPitAloCZdNs)MNye>H`$DxRRBu+MlE>G16Uvmb4diiW zRL_C@e5m=7EkC3z1?d-2J*J!~cFY%4PbgE$jItACJpl(otwApH}nr<56` zIYZ+pBg&YvR+&()1zG=;>f2P$sBT7SJY_@~Q`RaI%9L^&*w;6#J)?T3>gWX0j~r!4 z8Bs<-K3`XYyk1FOuQ5%JgRF0jrjv5rYkET20@5!u+Ll+U41=@}Q$|2ukEC3$%DA!) zq(8~@C8Tp^dmA|1g0{Q4ng{rYI;;z2{K4dXU?`P z1?krb@_d=`Rxbqk9*JbVLuwxe(l4TVOj)Z;C{xOevJ;f}Lm4A z)k*60AfH1MYA0z=f^5&ib1dV^T9C(^1nHMj-F(&RA!QU~{uoIAjM{6@wSEa@N|{k+ zl_sL`lo4fA8B@lUwaPkWLYY!#l%c4tPXuKBW6Cy=^)=_&bO&U5sWJ+3T#JMBs}bV9 zsd`q@(Vr@8zNj*;tO5BPR;PNs>IqPuE7abm%qpEqZ3pmWr=hV_bu+={Bl-Ln5*^o< z>Pe9GZ&PNK&iNV-NJ5U#IEG3pAcG4YD1ws^>tqk8`2M2P>Qvjistb zl`*kzYmBR2r%Z@F@L*E)Hf0)QIV9I5Ghl@?;lZq?J5{zk59D=9(yvtQQIPpb9#33# zQjSlV0XcsoX*U;HMnT@MYlPEdEy^|_`ZXy27h8su5oJBd@)N43lo_R&sQHu;WlUMC zOn`WA`Cv-8`N7a7HeW;;RmPNYWv#MKnN+rbtQX1l%Br3N*^Z>Nr0#v)9#075^^^dauSM-C)iaWg^QO9)On+SWApJ{0p6{r#PFXL+I)& zA+9&2x!U%JN|144s>earBMI`ppB3W$$2GQIQDvnN^F)xxTdS5S)Sgit zKN5s|hzs&~Jz=;ZEW|pm+T+SvP})`5ruMWD*O}ULsyi_oHv}?YRQ0&BR_zI8sv9{! zY*W9q5b;6UbE2buaT~uCS!@>8OtUaFg$ zZ2h7j)8ooIWm4Iu%!0iB%q$z%0cAW9VqHM(r1S^1Csa=){o13k_1M)nCK)GKD zF|Ss8N_5;`!3t;J(l)hcm8G}X{842LWINP>GOnvVqxP)orMKGjILPwrlnGG!i>8;( z*7(Y#G7B<(=^PUG0pW~T9Atk^3UR+s<|KXI=F;12z6i*E5(lMxWmeMhd8N7Z8?q%T z#QjH^1nHj@9pm#nEgz&kDf;cPtlG`DxIQ)dA(GdT1JW-9vV5}LX?=*4>kQ;^wFqy2 zJq_}F=hPm#-JZ8fQ2L$fbs*!`tG!M2(mSlZ5~P1z*{1fK>dv>VUtF04>2K!qy!Tq> zfQ(kd6#C_}anApF!tVZnUPh!V$DN~aE$7NYb$9VJ|jjyZ&S$+~^ zzitsbu4}Nu8U3(#C;d@A$n==9R+#|Vz9iF=ApM;MT8=U-3^!DQtan^EBUYpKdevKO zdaOd^oP@bwbof?0X+hg7j+<;=PU7M=vkE+txD- zN*s{aLj>e;M3pgR9OQYaRlOc$zJ%&6qBqAkq{+VkLm5+9_0sp?T>r7+wO1Le9@dkskcI@Oax%y-59>1LAc zV(QrbvzLcKUjGr%f4Dpu*5n9?0~N>ZKsdkEkA1Jr2^ZR_zI8N|{k+LFUha zoIm2Lh@>0`q&=j18f1D_?3n*7Vmh9~K$epg9qq7K>jQFJkAh6ERK_*E7OZd{ZAu7p zO>Jt=fNY=8ecFy7>k(DPK%Vb9)sxB=kn3z&)xGr)ou1blf+T^&sz)Ey}Fg z@w0jOJYmBM2b6L_*1t{lY~J2r)8ooIWm1^}SG?)x(8B^s$QooebA;yK$aT?=@(NyuIUNYld7jw&nV4z?QxKd z6H=X|9#KX?);FelT=g0u&KJn?>s3#x-X=Q6k)_O!ekH``zEvmrJQ7!XEm+}v^^tl_ zPlNK@0@BZWNaKL4U#04GLfq$-Eox7J^vfvCGCfXZ7?k^l>b1%`P|8(iK=#`lDEEzr zN!G;Kj5se<$ECQB<&H9^{mtMq%sZu2A>zos%{=(J&t+Q0p&UXSU{MbDBXdNi?Fd>c;WO;3>XO%g% zhgR}9Fg}5d8wTkg2U*`5)$3GGfS3n7mQ=k((^F!viulW;r#irxazf{m#wT*y$xjC3@FbhPgq7l=C2guey)0* zvL2N4CA>YBR^2>lk2j<&1*IKSkE&iN#B)E${#g$)URs%zblhJOHopflJqEsQu3T9Q zvRzY2_NRW2N1n2JOqo=slx@lk__5jgy{zg^v&~nkjDTFHi-PROB+IE(J*Me#(J`-5 zy-xLn>MbDan^HZa%&Fb9*m4|@?GsWx3^HFt^{A%DRFA7(3v!)30aiF~ts+_P7EsC+ zd;irbwYPyRC#%c}vF@|R+DnxYko_R8dJV{Ub*d*owntL+7EMp7J)_KOdQQ{L_ietA zvJ{klp?aO_S!L*H+b^OZ{c1s$Tc>(b8G1(TApKfEIew7WM^^1QA=WY1TDt?%zf_r2 zWqjHYKb-8^T@b3pos zL6#R&dtB``YHv}tsXePS>umi(Ade@atOFUhUWoBW?Jc6?J_Yi6Olx{Z^{nW49{7Px zcR_o=`hU zJ4t&=?IiV#>N$|*nT@u*kTRl-DH9;uDWx=Icy+!q$ zGW@DduK}5_Sn$bgJz-mnZQQy}|k>=)Kv+l>{@tS1tx zlbBaMVSZ`-L*RH{@W}{R;X{7WfBhu+v00U8dM*M=`-pztx|pWd zieCDIgwXeV3Z!2~^glgsc4$3+h5y4d`+pb%%kX@WP_}^V=PA`QO7o8O3n?SYN|63B z)oYdYAg}L)>M5o9wT%-|R)Wl5t9rfaDb>xp*53o^7g4=dnNphfZ2$2shCC=|`yfi4+amF&O3}>z00`k3I24uX@?``}rDDAI$LfHaxK9W&A)S>>M_^Vzo zI>s5*GfFRK%MF2Sr-CLK%FGfDJ?N$lOc~ZSrnNX&bUZ?e|QKmp1m-(|jA0cHW zDDgnKE|eK%Xpgl=K-Rw!6o0V7x#7ixricDr+fA8JW|X0iG+kK(GEPGEj572W>sJFZ zy%uD@iTsu2z4~IU@TBz#ko}6Ra1!e?AnT7G3bg0%WA^(#8&dn|hw)!&_S<+NWev#t ze_9#(#KsMSv`0Yc56XJAXH++T({hy&WlUKE%5kcm0$HE5*f9?Td3-t5y}xU@Aj_>$ zy;k*l)l;gQe^|dT$of_)6Cl0^Vnd7SX=P679kBjkWu>x4S+7hB(SD$`BUs`5V1xM& ztCJPZp$%bB&X?$yY^)a@=STG9#CKOYb|r0oY%uT?#z%z$in^Pk$kK=$vLGNDX?*E*kUw5;Ehf&Q^cZ!({$ zKlrin{kT^3gfb=eO+U_oy#B++5mpMZE~KniwkSP^et5o8COpU1)9*-sh$s^UjK?wRSL&;b zfHF>~9#g$W^?GGO?JcUOl{saq$i_*791kPK8W&vd{r-!PMUDQkLA$NP7X z&%G_6tgowXdfN7^RpvnPKcDvPGFznm+#zY2N`KS8@Em`>sf`C0mkvmvP5fwk-D|TipkiWh}`u#hg#lNjm#< zC+<$RWs2!FgwP3?l3-dO5L)ORVob+`4uOCTm>LoYAq4n;XLet?B7XV*e$wa7&d%1i zZ+CWfc6N{Qf&N9iCusK+xK!WegH(SwLA#G=cLOd=WJrm*b_k_#yjCN1a z^sBZ15$(RGT`@+*FVgM?(?3?xtKhQzjrL!y-S@P+SBDpk)A6)>0$i%cDcXOv_P?jy zy>O}hM3IW;hRf}#{S)Exc-8(5+C4$LS8Mk@?e2w3^%Udv`)GH$cB|m>duabDaJe7C zrSTyS(Dj{6eBs;;r@*E1cWOVmwBN9^Sk?0h?e5j?&Y7AHm-w1{mhw-8OZl9l{X4Z= zRieV%w7XZk?%68+M7Y!*RoZRS?kS~2haK1)9j@Ir?e3kc!mH+~@HXw9qTQX^-8)}} zyB8>TqIRpayHmSQXm_u6CoWX+tF+su-BaLFyY1BeY~dBptP?^CA$r6f*C(zoT?Ou8 z?#b@u?mG7=?i<|wJ?)-tp7TAAdtUIo<@wID#Jk>mymzPfZ{F;zoe_Q^8`MdMq%>OWdOu@>6Ul&|e@KZrS z;qbzP3QG$Y7OpA`7H%#)z3`60Ckvl1{7d1!!mkQ*2OTh|c+jdrzZ~@OprM0D4PG|* zkin-7{_Eh+1`ivuaY$sy<{{gMoHJy{kei1*IOMecz(p&BR(DB z898L+tdSRt{Nu<6M(!K=)yTq8C8N4VT|erPQLfR4kKQ`^)X{g3eth(v(eIA_$LKL* zW{p`mre@5VF-MK*7_)uM*<_KB!j`fc{aqKx` zZykHr*vG~W95;U4!g0ZIk#UcX+c)mhaRZCy7L^w@75%E{>7v(*{#leae)#x>B@>rUteMy}F)*=X;)xT_op{m2 zPbPjhQA{eBGjB z;pCx{r%YZjdCBC;$xV|3lcSSwnSB4`Hzt2HdGM6ZDHl$;X38B?-ktK*lz~&nO+9F8 z`P4(F9yWE`)QhIRFm>UUFJ)AFVbn>K#h^l5XaEt}?>)-Y}Tw9vF;rkyh_ z>%i#;CJsE|z_$+k>cFAXr%zu$Ju>~q>5okxe^A?ub7$zw1~oHgg-Irq$Yea`7~ z@0)APdurbM^M=o#GXKg2UoWU!c<#cx7fxJs)}r4nx_!};i*gnZS$yE)O^a_|eDC5H z7QeT6#gc|4+n2ns`qR=;WmC#Z%a)a`C_A#Ov+U@y9c53IiDk2w zZC!TdvXjhKjo@{!}rba(!i6Ww+H1DgTv~Hm z&C@l@Yny88S6sK^-4***e6`|-6)xWt-wNMveZTkJ;k(zDhfzI17-FDs;o3Ym_^L+? z5?Nxf$Pq(89SS%caD*5pMgkiJY#gv6FpXifQ z;0(Z-fOAB#m=l#bF=CoLK@`iA#4LHT zm?KXYi{u%&HRvq-9@Q^Jxja`?$@4_Dyhzl@i$$%xM68gPiaL3PsFzoX)$$rh*gHj| zyjC>H8^l^{-K>+p6MlKKXvH=}8@3YK<*j0qyiG*p?V?-WA$sJU_?_Xq#PRYzak6|s zoGBl~uUx z*WzyZjd(!j$%kZtd_)$?N9ADoq#P=D$$$VkY3r48Q-? zLg2fvr~-WZyh8wcESE zYtQTje&?y%0T)$MeATLVo_Q)Lstv0zJ=+RZbmtpg{t)G(>oAORR`2-ZZ!QMDfa^1f zTQ9(0;oMd9Mz;^8vixfZMh~TLF@nF>l#6yCG&gn~;2ppDJz&YjcLNT;o!;&=F6%Td z<=Hilg0iuJprY3$D7W9oo&n{aU%v!+%FuTJ&to{0;Y5bl=Ma4+<99GVGLI;q4I%gw z!}`^P`x#c)=#&?GZe~;m4&f!O*{sYiw-LW5V(Yap&c0KY9 z;3xNg52$+SwBy0_MEB7IUrZ466j9nc#u2=g@nacQTt{E|n+viK=dvpap2p*M`{;b& zs&sz~edTxV91O}79(PYP**(yE@<`AxV9NJ*6#<`c0_EAcih9NRyAK3K)k^iKD;}k^ z7am7>p2YC|hFOU74a4o6O6A}hHV^cB$58zFVS;1-Nbs3vg1-$BH+Wzh!SNRpWeE4! zeYa8R7qk-P`HPkzhf_mD>AIfaE&RT3Tt__Q^dS^y_Hu&nFvVF`dMT|}R3W$J576lT z#kG{fa~tbHDKBpVyzkZ{0L@V!U^>0ytvfq_H{V6Dhhakp;deI^{KFW6-8%>#RY6d3 zyj6Em+Bf)(ZemV*NGDMyc2aF`c$nb(o%BXm@Y@~7aeh@t^r!t4^M%!2$W490XMPt4 zzPXA*ujlVO=tPP$cyll4^9~_=bp=7iH+sgO4EnKaiElj19AkFqOi*5Kr?=kSN}Tp| z=5H0J(HAc|pK9{Lz2^b{9m9_5OMriW7f}@dEP3b(;Hr1cxbPa_M{^E`T}tIX&9yp= z`={b{eR0%m?tzM*_k}l)r8m9um>W=vGmevsI_WCDnjKWCU!PAo9A8cK{C?RjfU5lu zk5O$y8wiTAcY=OL3&C^C30}bXw+|8i(;Woo-*_LO8Y3TH{s{2n&-)YL;|vvD%>{Lv zUIP803*P~(;<4E?{$t?ZU-AWD&-kwaRiAYBQs*eR=`Q*T1w6jCa7*@#|2I-yv{sxV z#H9%@;NB~90Y`HFo~lCNe_}j0HWauTq3iA(4Sdr^g7@4(u!!+*s*8XZ)DX;#O$A(h z{tQ5sDmS(O_@stqfcq}2wxFVnxp1{3<`Ep)0;ocL7sM=l+P%ke=t&l3-PLCRH%qyI zLn(ii_M(d~1O8*{wM@73Ok8>sC}yfZa_EDADpe7`#eLQEc6%7AH&XG{x88LRwWq&j z58`~u9QdMTuL6I1+1r4NFMl7f{=AO?U%l}Q3x9gq*TCPqmwJeTzx?fwpgi+iqL>`j zeJXMCet_-A=L25NW8t!!NS<*@CY?+P-Ar}Zd*)EYJa#Q{=3a)+t|5GOh~Vy4f`i5o z{PqTdhu==Hek(zDEkVg}N(bTn8Qxey_{$7eo<#W4QwgrRi|N}4-o|Bp(nWmF+4s^p zq~bG*^NeLlPw||EhmJ!$Roy_q(O3aWF$U1U8gCF_5mFdpJW`ORXc+JbNP*u( z2Q;wS8wGqapn+B27~oR@4XpFV0nS7^18cnrfF+1)KsPr9uoP=UiPhjV;PbFPG{k(Y z4h^v!DWoU|GQ?Ju^sD1 zDNX=1#EGIB_(^~USXnLLsmRX|XNyAs&%sL4z*@5&@CvLV4RO6_0K7po0p2Q_0q@0% z(hv`#e2LZP5x^f7>w!N4Xkabs2YeiBRzo}?T0wsj&=7wTLEyUp4gBtL2k_m12G*(} zz&$uPXNV7QY|X%GH43;-9E~_10vh5Y5eNP;pdt1{-)4wU#1_EML@(%{0~+EBaSZS; z0S)mtaUAfk01fd2-rf*D;=K*=lQfz|hefQMlnZHU9=qk!w> zf69t{$0SZ{3~FW`~WZ__W?%bM}XaOKj6{wQ^1(~9561w1Wd@U0DI&=05@ahZip@N zTfnXIJHTG~J>WL^1K=_8C%|K+l!iD?x&V)t9>DD~3-AP)19+nB4|oz*{|0mj0|8Hg z7683n4gx$)4gow}4g)+xjsQGUjsiSOjsZMdjsyIK91nPooB;SsISKGwIR)@n&>R@z zJUJckd}t61XohD3UI0{FVDL+BfThImuf1Ahz9 zz%O_o3j7^FL;OWH0Dl+Iz;Ajt0skwYA>NnGz&`-Qh?9o_-v?-j59JZSKLRww$Ixv^ zu^$j)O8No6k^#VPWh>ynp!JaAJ3vGH8=4P8{6~gB`2i3kPHqDJ6Cg&M(FI%r8p1H5 zz+Hfba2rPh_W)uH8gbxRfQHC6dI0+wTR`a#2wrXU0uC~c0X)Ds4se389dM#?BH$$B zWWWQBQxShUAjXt&I`A2Q7(vFFfU}LW0ZWZ@0OuIz0?swg1Dt1E065>c2=NyH8luj) z1aOt{YruNra?n=;8luU#0{B`$Lo^##0bd7*(PaDv_~C#UO~y6Aj{?MKGOh)_0T83f zxE^>5AV!mMBk(prj2h!6;2QxkYK-3l4+CP<7`FmOjN1UC#vOp&#$A9%8+Rj43=n0zUnFmeA874_?D|0 z@NHKu;5#lK;6B$OfFHW*06%io1Ago}6!7n^2Ec!~ngG9cH3NR*It=iit|I^o-0J}g z-G0Df?f~F$cProscMx!-y902vI|Mk!y$Nuvy9;ofI|^9jJ{oYmI}W(e-2>R{-U8U= z?gfmvj{%Ijj|1#>Z^wHb4Tu@ReIoEUAh@*qWZ@1iZw3 zHYk?@8sa+lIe<61&jtLW`#iwA-4_7fj4WrHzL&_Ku8Fln*gVJeh)a!b1UEs&uxIko;v_% zdhP<8<+&TM#B(p;Y|s6G3p@`3F7Z4JxXkk?;BwF7faRVi0UJHL0GmC#0oQq+0X)L< z9N^%$c?&S&c?U4+c^5F|`72v=H1#6=zt;ANgHz{@>3fIB?>0k81n0bc1D2zZsJ0PtqdAi&>yh5+8; z83y>EX9VEGo>73qykh{Dc*g-YdB?lJZvoLJ-U-0h0Yc*SP6Ax-odUSQI}LEFcRJv2 zy)yuB_09x*%3A`s+gl2_$2%AB&))ffuXqtw(yvQ7oOGV65EuL1+1CJ0%Dxt`IQx3Qnb|i2mSo=qxFY-afOXlo0ybvf26%Y( z9e|@N-eG_{^I8F~%Uch4L!Mu}DIP)0H^pO!`MxL` zPy%?sfKsf}CIbIJOa{JJOa;DI90+`$I0*PYQ4IV;F$?&IVm9!P#2nxsiFv?377KuX zEEWOZFO~q`FUo*_B9;UHL{tF(R8#@~RMY_fOsoL@nK&5u=VB%B&&4X>{}h)2|EJgi z{CjaH@bASRf&WL`1N=YYKHxuy2Y~+|9s>TOcm(*5;xXVtJ_TIJr-2*tMc{_q1KcJ5 z4BRDO1@4xw19!_efqUfJz&-LWz`gQ4;9mJY@GQ9(c$WMSc((i)c((imc#ixGc#ix6 zct80!;Qi#^fe)0q14{r03@pXIYd-LNSqOZvTsyECaNWSe0FN3N2i!1lJz&c~KVaLy z9>Dg24PuDwM5-ZjBT@~MG2p{w0{C#b8TfFy75GTG4fsfTEbvkCc;KVt3Bbq7KL8&q zZwFo^?*m>W9{@gHJ_LNcd<6Ie`4sR8@@e1`<+H#i%IASkmV1CtmVX95MZOArihLdT zRQV?Gsq$^$2g&UGUci3&4Oq<%&i9MCa#el_;OhKRF;A`mK2J6RpD&L@=wf*xVlI{! z=bs3887NET&7drmw?I|4RNe{7GWlmvmdRK1&jfrElxmq@&;VFia5mu30>ALd*##wl za|%ku!Ezq(gXIF?hsZ_150OiN*U1&Y>*T?VuPm4gd{x1Gz|{o{0oN2P25c-?3b?jl z8Q{8ta=^n2Dgloys0KW$pjNDsEd|YhZ3Tw`b`~4~xUpb8U>G%7B_jm^z;4vAUdB*j zy-c9Q)p9fN)p9HFL*+K$hstAtuaU@o1Ym&ISf6TZP18-rE%e7PJe-b3Z#vQ5V2N%CxYp}bt~lsC(}u&=)h z`}S|hzsfJ=zoam7j6!3iaey)1m}4w8YK(egoe?lL8gb)T<5c69#wEtp#*N19#{I?< z#&gE2#=FKBMxJY^Yn*GUtHia)Rq0ykI?5Gs-RUZFAL)*}&v9Sq{;Rve6ZM?rIm2_Q zXP@VDkIS3yt?_nv&+y*jeZ>2k_hauj-ceZxWrebKWId4eLe|?^UuN}Yf0w-?=g^$P zbI!>5RZdpFQT^uhThi~Xeue#)_pj@Jc>f#v-_-w^{(Jhr-Tz{Kvqt`K9^4$sbx!Rd7bZ355?8 z&Kb0BP;k(rgI*r=)}Wb#=MNq~BtGQWA!iNw^^hBf+&AReAukM>H+1FD_|RjA_8-@H zqwX2?%Ba7LT0DC9=*!1kH}>7JACEn7+!5pA!~DjHQ(R}?Pl zF6u2hsc2`>?~C>nT{HgX@pp}XX#B46FOGj>{Eh>zJ>ZrD?mpm=19l%UdO~QzSrhh5 zIDF#i6aP5ziHU2cyfWqY(_Wi4>cBY%`VYMEz?Exuv#(M$fY zE3n5`Urrc>ntywIAD&CNn`5ewJ-!{6 zDjLOAIqdQM<`>cwWM@2hYoR{tRvSE6{SkisvL*`A|k$nR{7r|0qG$DsUZPrApt2N0bTKC zG|Fb^iF+X(^g=4=g*4C$DWDgeX**{9?U?PiW0v2J*?l`~sZJ5Oc=GTJfQES>o_st7 z&@&g}8H8sro*{UK!hUKPp5b^#Km$Ee{sMFK1<*8K2tD(Kn4>Rb9di-%%;RB8bpUkC z6YxyLLwe=Oc&5lJG4EapeeyM|O`Z<@@j>!B%)Hk@i+mk)$k#!Gd>!=1*NNG9O7YCW zGZz}>d3ff-7Ha`?%L`#&wFu8*Xoi>IS&F9&wpPpVEXPxhrveX76~WHyA>h4_6f|hPl%QBPnaj4#tirhX1*^l<9&&l?r)gkzQWA*6Ex8SpnDu3 z*Wzi$vkuQ;cn-&N1hlh9;#rU9DA;HD!TmSj3E*kL(~74JPY`<4c03(;I%O4fjYo1v zo+ajSpRLetm39x-?kerB*6teZHfpzpUAKsd>IW#pn7H>S?0Jgwwf}tfV~Q z{_Ow?FV*3tI=obemu7uCfC?(jlKB*Gu8ucX$D6C;&DHVdBA$oiH5X9)`8xi59e=)# zKVQe6uj9|pYAzt&JU?q&A*EZW(=F8L7V2~hb-IN*-9nviA<|`Wx(S0Qy)R3(*CE<1 z$X5PA+8v_ZVcNYyyJzO8cmw+>cfNKPYIm`Amua_ByVcsA(O>od8U3mMqy4piruLU; ze~I>Q%2nljJ5agz<}3Gp?LMsCN45L7cAwPlZn!s!9j=@3+$etMx>Y;}{CBQ{vKrj~ z5!blC74Nub$~!zW_EgK+-fG!^C*hqbFT?Xk*!5RsohsMhIXY{vw;=mD zc_*IxvR{(#xZmLCzHEK$6?iS zmf4l*32u^^P5NujjInd%fQQpEY_tYjM#oS8dV# z-oF>k$@)*xUhe_p*L!A+-|Jm4VZEnv!d~wxxQD^@@8JFc?)`8dh5PJ;;;c_6 zjLCYfU>u&k-suzfdg~`n&w9rl$ZE>%fO{h7C*!#%zbW^EtZUpGb9<(3%sqYDRaq}h zyC&+Yfv)>(c{Y%IY`$rL6qvW&Ps)Udfs?{gtee>EpA{IB041 zuo+9U7tA;;yJtpM_CN7VEAGmkU!0FVw>|s5;_cZvGq-1to7t6pGM?Yhd^vmPtk1I# zDfv9RyX4#K3rjpX&y@_x$)7zbrxVZRv%k&$3!YDA&(G;sIw@yu>7h9{;2ARK(3}Z) zR?YF`gy-yXor33Acy`P=I_DktF4seI=Jgvr_q?2Sa~Hww%Dx%Thj_lmbLG6Q?EB{3 zk@Gg(e)GGszrb_cg12&>8oE9EFAKJ3&sexU`?!Ul$*(>8bFN?5mHj0i_oA-sJUpWo zZO>kZC$?yOzlRq!dj>9^(Qo47{W*R-7vR~kct>{Gk{#J!73|3FzjS}jGCXlS_b=_r zeiQCL@f4OtUE|A|Ju~nuEW4=RT0AXfNMH7C_5)>S`*Xf6o1Zgg+5DVo z%l7BAAM1nBvNfKu_o9R-5hLN9gB7cV~J2OZWh_p-4;j$8xny;Puxm08+9pb_4}(r z@$PV-w=x`v$7j#-Qw?LGM6j&G?`LFnG#;XAt__5Hg7ITjl(L0*nG%YO(prOYoo$Or zMQzGk6QRwaL~ld1C)OG)vw~`3(XNJIEEEWbwgqGL-IRCS4lZtOO+;hlpEsNGr;->! zmQ}rxKv$@>F4)x)jI9cE;SCXwLyOH+rBU(8O!^Dc7P`J$(Nd#k&K$x1XysfRWC!UC+;MLJ^s1;x0*o?{NQ4Pzt^~8e3l~Dk* zSpw81#XkEzE2ELk_@u!Y;xT3iam&p&Uz!nL1Rso>w=udY7_mQq6>R~>Oq_C;KurA_vgNS!n0g7z?yIa^ettHr4dpe^l?oN23?-?hg0r@81|* z5s0*fRSgivJg zW`W994=DDPEx_xiHZVo+VR~bOco2;9?06w1mk|O`%aAr3%DMpYF0Mnvc^Z zky2+DWLAJ6JwC(W9u z5b6(MOlqpL1!JK7{MXGG#rn1!dT=}%(QKXlK9k)>Df^_pi>3i-MIheU5KI8$R&NM) zbfK0McV#HfuGtpaZ+3yIU`tQO+E8!{;?@SEoEoSZ8;BKaw zpPdrX5lr}fiC`CTjQM{5mRO)0dl)_K?ZH@ysBDF*O*}~5hd8_rL&KPJk)|Y~i9omk@234B?FOiS(umalF8($RiC8eu zrAcw8CmL?!$zF%Wf{9q~sveS)G^K^46o-$#m=5Y>(MS!3*0?6}M{l&e@y=*ZxNS`^ z(G!c%7&fDIYXQe9SIM$waBypDP)m5Kby^c<5Lj<0hT&To?TIAJnj{k4`XgHz@+a56 z0C5?OQ%6JN+p?`ak%L?wSG7cMfR84(*=i!1t+--i52Wu6v(*Ty2()gpr3 z^9x{nA$By<+7pW*b`sfQVM$aTjI+hMxw95ll33r)!(z5*b$ZlLovntd>dTd#7-OrV zu|%ixmqR3tfq4ZgQ7#aUtb%AjQ!D8KJzEdx*?Isw@}t3mdu29LYv3&)wCou?q;VF;{>1wytw3Ig@%Qq`wRoqZbH-Ne32 zHTy1AeWFy*N2X-@BO`n>yu|x63B0rCh$=`v6@hqg-W*I8iHctIWLmpvlFd^Qt~}tW zgwL@)+sYbxWB6Nw?GRG5r!|VTQY2yXGDHAd)65B;NHDP_8r#%}x4=i%sZ!?&#G@9N zquzFoddoTdmK3Dlat_`S-Zc5uoDr=SE}5GlR#GUnlwL$y^w~&N9f^ZKRPYoSwAU!5 zb44RUxdW?qfDdz0cU<*L_{@GuZ|LxXJ0!Oc!l-boRQRo~;v`}X=k)T(YK%Hbsf~!7 ze31y2sm?__`rBO9ujZ=8ovRvmE;lY0jyc&tXF#On`h#E)~o^Y^C z98w`_D@Ao=b2&5;vFO&`mF!y;b$C`lq)YL}9ey)qlQX6ASSf9&ef4IkT&9+ynqYZ_LRij9 zCSh@oWxtZObSzq4BvYz+@xfWBwFj&xSn~G6W()apCca2pDBvvACQu^V*VIrO-Mlsw z>j*`30?NNUu05Pt&`BZw*3jA+>d%CTzqy*W|Dyo-t7=N-bHLY3S!E^+|rxWBrqJJD;iaN%z= z>&x%ti*5;EAhz-w_~NU3TA-yh-%!7U>9y4f@#5Mb=1Ro0W@B`bw8>u((<`Uxk;Ep) z#FIQ=(^#8GUFOzDDm$@A4n{iE%7%-z*opXg9%xoysSilUAB|I^7b{ffXtNk$GXWjO zjNW<=T8cWgs44HJ;(?1r!<%(_^HXbY6*N~`>8~Q2bFZig_ryD`g8FPQ6~oH4&nX)1 zugggiqxDB~2-frpyk=H8`_bhcUR&Pgl&LZ@B~GKIeG-+kbIQcp&k_YF4`$_R_k_!F zN|+)|HgkL>z04909kWPM-f{;~6{yD^6HmhEno7*zPU@VQx%bhe`*S)MQI7!(W)$g2 zN~#%ThLKX7s=d;?9ke!I(pXkjT!#%SYDWEW6{r2LGHOgsj7fzyqU_xC7h*+_`5^+` zShy=sQ-qXPmbbxFaKvD%Hvz`dGX~TVrPolRSc!l!g6%@LdvH zEMg1;f_A@jQoR7x`Pn|swlmne2_fLd>=KQ3Na%w=o1oJqQz%YVuszTdP9z5~L(UZ7 z$FkLtC1udi(-Loug;-02QvC5`KSgN_MgkG6wguKD3Lz?(2RaO>;J_A60jviBop9Yz zv~OKqJei=>DmINOo=U53?Tn_<{H?4lwiDVFvT5C1LEG<-sZpRSgHI1^6GKW)Lr;C- z0LBY&^%R`x30?kca9+;^BgLn^LZ7@+EBLwRij@P!CwikTutAdbe+k~1B zO=-^}E9Sc*ipkuJi8yFhtmLr_v4~vFK)j)+wN>TU>GbF~UE@@&k?w*^c61P88BMWp zb)+>)b;4#0yF9x=<60Yzwm>I|WFqd5lT(gYz7^ARSaHUVDViq}V1Fey|qUmVkT z0R0!8s2w9APT1;DcQA}CaBK}mFbBmFdc$v3RCQU39E#KI0xabPDo9-lGOxfit_rFQ z1htAsgyIg5t_D5M(lrLd!7kDeCnrfGtJtP$&5Ud-+e`|@gSx9C zsB~WVWa$14km7i24PJW{wH@J%8ZD1QK1k5|3>*y|2A@4{V*XAn zB4|}87>hIN+&AyUNLORGL7~ZVnb1Oyn*1@Eq6t$ng`SsY4W9T_P3mJ!c{UO(_X6V3ZaI6|Cs(hSdb3)<>A>LBa;NR~zfpv9(b^82d#L^t+zc1mdc?=}k`f z*Fs)t@1;ELDK?LlXjs$FWi ztTdU!ngf_w*!)G*gtj8GYGvCLf|wbtKztn$s3NTe2R=+2o3}V)n)5ieW#}uKnL$T4;S9@AQ-rUxZ2b<@LnmH9L2lNQ10$yHOP(^X5R)44ca0;h-RTJ#ZWt)0^oCM~4X zgQo+$zeU+MWmgi0rZ(O3dddZ^DK4`d4Ma}LiGIeG5R6hlvenS#tl zNt)F&Ma(!=XNs6QL1&7SGFzudQ8Q#Z-O0bxLk|f>GJFap{$&p1Eq<+&>#ZT(Tzam` z?joJOCJ2*67!9WNP&WGO&KN}ET!s|Bc4#ZHX^QQE5X9K@EPd@wk*=SQ($LdQqHD?~ zV}`6qKe;)Coh(T2%0eLR4JsjPr>Crr#mFQyQxK}3A%VFofdaL$XJgbCX$|*eio7x! z=?En<2Vr%YIix(?S4bT;BKr;uZ2g%)y#t%pD)e2`Tg7a}%%NmgkvRn12Km8UGIKDA zbTAId97u9#S4+6BP=`Lek0{LFGrSCKXQscR)>=SffK65`kvUQWo0OzC8g1@Z_fQW= z&zNSnzQWidB`rI%wKIn{K*dg~4Kij)OUm<_R=csfqVH&WL6SLwBap1x(hE{{uMMG& z2yB@%MMz#?r)RJxum$hQ_SWfv4*QDqKoC18{uhAna*`PT+vc^~QRBa}-|&$j81J^~IwClB-y zRs)SmYp{>NidbM8uasm}}=w$NsBpTUPhu0~U_MO1p; z`fEFuEPcl5GY@Fm(i1r(?RqE$Ok&9EP_V%S5*82{;#zY^dNvIK+QI-2Ob=oiHJ!|xRDFfT`v~BL zE539fo}QttEL3W7GD1yj5?`b}nlYd%6o7^YT_IB{^VmdseyhPS!4-ct0)L~vW7Gw< zns$C^)rGY+DO|~fA}!1o;nTyEwhA_-vB1woQw;v+V$d2hsO{HC@Xb&U+FH&)X5ljf zU5R2O$7KjqYhT9{lqpU$8pB>9b{sMUW-y~oZyj@W$+n5E`kG9*9`>FuC1ZRuZ{4Gq{<7&{)!FEhk4kHn=V=dsjhsA}>)gZ0L8dZqN~ zh71)^edf@fV64~T7#X59#MQ9r<@#lausRAwcm_J{cV!@}bBgH|RXg43bXt7$6{d#- zFV*^rgY-dKcl8yH4N^K0m0oadFar_#Crm`qE~q2ah8Olh(vvm@V$hkV)9d-fL^_>} zZj}(wR}A&BOnCtud}XLBl%WJAY4;JRJIT++seobS&qmOhuw8#2<>*c8^!HSqIGv9E z2N^A$uHQF3fXBW%T97`Dpr1`o!2&L6cGH8D1e-a`5>PV-TYCERT%Aja%!v;U-~?6X zAS^((1bQ=vSykfoK``ShITjF^BQ!#PkX~n!gwv@_hh(O6`D!uNM+AGll{o^pK;|IT z0-3|KFqB?X9OKDQ|JATEPwOSClC99w!nGX;_rR?g(qq>lxHUanp0h9kRYWrcszXa@ zMM1LYBg7U-dNUOT6X>+eOa)hZh!0z6>WpT_u%1YS)KoBR!zNuM+7l0F$eqla(ouy;ql4aThO6KOPh17xLRkPma5_TeBm?bWk& zjwb2BsC_YIgQI=O#+;%x1zDv~y7=g(z^RaU0*aYH3|1x4ZnE=gh5!k=M&hW*YHY{j z?1*YCy^ElGhv{SM-Uix3z_+0T#PzY}PFUv}wjJbkB861$@6l%rdUwwGt@5cF9 z8nM*k=n33`Qno{sVO#PRiH?`DE23kjQmHCn^RRm02pZKU2adHE>`u*fnHe1h6)B`t zvj+WQB$&g}&c4e47C{+qI1o?hn#IKSv&! z_lH!2WZXI;J28`2Sj`bgGFt+_P|fP#g=YWKJ=*L`7Mb1$=FBO3P-I}0Mx&_28Nff4 zwd~LG4_KCBd$5xepz0P*xv2%9@+ zoaah35^a_VQim}@vCZu+j^fxG6J7Q`nF_PF#sm%sTIm9MGfhQOTV#S71|ODpD)e5y zATE+bPy^o#jwf|=ld2dzpHPP39vh3AK|Hlu>{&%oqKw6h9*scjd_hQ zzw||vj}vnQib~d=W^6U@qTygUK_;k}mw5UWY#dE?ju_FKgPK?yOw@#8aZD;$ChXA+Du0$Bl{z)AfUTbh5n4Gy-rA_Ah9yPcN&RRl7*x2e|%G@yOHeg1$FjNt9cCqF#;Sj2|=KuGyH3De1&6?CO=y(5 z6{(z7@NF?-4UUdu|s+^T3R;-QENLDXOx8Mjq7S7|4W?OoH zI*RFQW8b>2xDssikkMqv+`!Qsvjh970w#-QLMzF&NfeB0X7(z5dVgTLpBfHI3T;dW zEjRLDcEBpSKH@mSdK}k4+2lBFE^}hDaoJ;5iCU8h#75CrQ1P3Tgo#uI+i*gWj}CCu zKzFxV7SVoMYp0cY4Wuphw3~>PsTId;ms%Y9>t?DYJJ}?s?WfsosA~V^ok^ylvCp9p z#khw^NTXBVB*A6#3{&0?Qv#*cVB$KPS{HZFIR~Ywa8Nt3rc#y&Jd-t{pIa|$snwVQ z7G;|)5NBX2at$erz7KacrlW=FPADrchgAa?)S*ijiQ-7&&Vo{Qo8AhSdmcKB)>mGLy=xynO5-IX%zfi zv1sil!GmpeVD1yd9ScECr__*I^!&FPh7%~*PQy`~gDnkYaGua~e;k}%mrVLWE|(Fs z8~8kRRv|wZ)h5UsF$>S6oy8j zIfo>Ai_UAF40P1cj^vM9@e@=Kal`sZ5Oq?=Q?)or`hQ3WBuFvJAB!=}VzhTmv%Bip zOjR8_H3E&Go;XuctcgK;az%E_^KA#SOuDU$)SRC6un zh(d5LW(a*$S?yT!;S^Kb`G+)ZVhrPs=RSzYE+S?b`=M_1Kjjf~D3}+ut zL5xvMljqt&NtDXYXf%$?chnrkku08UWo92)js9p4AH~6f~gptAF1ZbSy3s?`D! zmWF6VMl36QmJQT%6h%Er`OxV)D6?0FHaRj^eTORJ$Vy)VYE#mB zm>rbT%j^L23pIuk&dlkXn!TQwv@-#eFWj57^qLZc`?j!N#wx=h!`e}32DDW5jJ$kK~h86B)vo8qqCIBA?4w4bW1V`91P2}R4N8^$~7O*>)R!mA8|zp1HeJI zDg!yeLDuz1CR(G>&er_SH5f!|l`Uatcx8!8Kw&e6?Z~9N{&26T zS|p<#S#!pDq!&OZsP&n9J22@3+GO*nM|^E49zxH@NptgRL0h3qH$B>9ti>r6n5<3H zVjPKLPI8jSj9RN>s!>NmYqN#lC1Vuytp*$sP4uq8y+CvfT-|)A)M;AqWf8{?stE@= z95EGJ;}X_DY}?A1BV4mDbfaE%VmH{Pgf&MTv+Xfn+i=v@F3Sv{&1o1ocRGS#{?2UE zj%=!1@uCSR9_;|LLu!?Y9l*j1U#4o)bbYIWw2_V7w_ZEQ-e$LHb`7DZjyNJ~4JXUS ziBL<3E}ylNnN=bNg16r42nyIAfp0%;AR{?7r8B1Vpo~`024N5Bl$G1at2dtb6h<<( z!qBl40>KC8o)yliG;S?3b$s3)V3uIUUK->p-Q2Js!9NvEp!z$Hng|G(G}0ZR z_E8g|RJhtd4mm+by*^NS1M12hr*NwR)qqeq zmO~0Ld!n+sGb3VIqEM?Kx@cLEu(6jC#+)IAX5a9t0!UiM*y5Au0lG_#_AJ#6v#O?j z1^PGB<;*-*Y3EmOqe1%So0ynRCxWz!k5TS2d{*AFjG%+_w3txGghWj&7~Do8yjo4M zt_Bu`!jG4unyO_K-C7JWnXWT(5VVRlokB4k)E2%llk+gAAkscUJI=d6P!C#r{KAwX z**=C!Ma{@jH@H>CR<;Y$DzN2BeLKIjI_ka>mBsL^jD_2I{g+Plt2~?$$;^nG9~S|u zyc&Vv187GpdqAT(OhBUVfU-VHt%MaQisMA}xcOK4G8jY9P60(sy_!L+#%w_WbUPw% zW|JrGC-16gMYPMJVdz-6>bZ1o!Xo);>au)6y5WU#QYus>jFX=a6!@TcXr&EO%rD^} z?cOz_AA$9B2&nDi@t+Bg;pVsyS%sNzqNl53Ei+LF@i!;mg)Kpnx0;o&Rag`$Hj4#> z;`0ttW7J$I=r~GEtv&pnTAQfv!{QA_9h{>9$R6e2{pLK+zg~~Lmv)) z%uhN3O^sSFn7 zGfGm9ty(j!h2fSu)R1k;_Kp!jQap&|?KCnXKxYT+kPIR6;6~j}gL+8&c zF_p@XzKW6>64CB0jG=eHVgNs9LZ6cN9Q8(w_F!h{M8Ct2q0l`{ar=Y`1lJg@qfvLz z;X0axsy_ zLn$zMG2VtQkD(9!Aba)g;Ecy0fH1P8tQ01YW);;pK$W+$J%xEom?rz9E%^FS$!R}W z1c{KSnsQs{q zO4wHs!9(CqEg3rX|toIBKd!h;{3_ii6JRJW$F+r{TAV&>?On>rYUb8%B9^X}1ZK1e%?OOL zH5{6g)zG>>^F3xFQwYu3Dzqg`8Bz6M#fZDt(5h{8cQ9PN(as*`0i9UFHlx58U7y8i z$N)zr#vmuH5M&ilShi%WJkCyns7mdOv~g^nC;hxZ4L0>tetgB6ePD&dx3b&w5e*Y) zij@tN9naJND}zl(bmrv^xERWg8`H{32dNgzHah~RAZtF{>CzJfGb~4C$n16WI zGPG`;j;%(KyY>7Y+aQ(`N`kDn>w^V8T+ z(Q<62drIlsnpz!Y-){LVg|Wo>L(M90mQHqEx7uxRuS&Qsjn1mJD@J~aURcRf_1vYnJ(!NHb+Z3cg+;%QEMh>K1dtc&b&0)B$?*R)%4RlBHHb*#Q;a= zZ^Yb-BLF6KC7I(nNNVA#g3a|5FK>{EHjL($!TL#w#ilM{WuPS(Hsx7+xg9T7azB}y zI)b}YM^jX4;g!M72xnnRq5d#aXfLY?Jrbpb!;tg&xT#~8v$zdpd~4DXsGH}sMw3;F zu=7!RR?|nZ5Zin+PL;us5WNpq!U=y1lt1+AOt^`UG$7a)<}W}lIKQ7<^W-n#J$Tew zjW+cHZIB@GyEE2;Q1v*}sDgw{GnDjV*tgPg={y?5M(u-`q9$AIw+4##n^*O!jU=q{ zp~fb&DIJVsJG?aJv&Lo?A^PP4?V*-;$U%;sY={v`baBMgd|6Yd0g@@ED58u-!fC}qByD!BLxvP7F7v*0A1X`j9?<_(j7|#!Z;6urB)aCQwV^sktH1}EN0uH zU9?fiF6BZC0+>`oM;OArCs?B~p0LP?VBKWW%)>tim^+R1Km@@288OI=`Ky&mV#6l@s9IA+5CEt$fD3zWj zfLEgQm0ms``wj>{#5!(y1`43*BhbXt&>lir;cDfZe+?cKq0O3@P> zsxOt)I|wFZ3nIIVsLH< zr-X3hLRjI88AxqZ6{VFwH@ZFurzs@6sQFOnK`uy7s0OyS*}?lqO_Xxh+Ja2Gt7Z^I zb6o$RWJ3Eo2(Cz`T^qA=qi@qj4TK;19XJw1(c^6*ZJ#&@=y4F~=*OI_I8F3>APzrO zDCx=xu2M3E;y^0oy$r?bEg%0z8g+a@rs1~GOX3Qo1Jc5vH#q2QK}}?5FBPp0J8RP# z+R+RmrVON=q-xf;VB(-X5@!I`py<`Avi5KG@vb%&daa$7Xo4Fyu`OnMt$R)#q$o6K zDl2Dwxfid2VLW)G3WXr;@KJ+R_2{5RdMrEaHkGqh*O^K#Q^r$)4pl{RfT`re@F^xGMsad5RacKTT?|b~ z$rRF(CsWKlNLn4B6M+Ro0fRb9s1=06?}xI} z;niwS%zT*YljteOn`rTp6mE|HWTL}oE_HFC$XlYtNkJNGDaoBHSDx^7->V*K3;v5tz(iD-H4Ot#jc(w@ClT1r2i>Syl%%I>LmAqQrmmmBPkvg9Y|Q=;u|sX7&9#ZN8dZ!T*k)6)z=LFO zagp>0O7NtS>x=wMG`>anXTs@KtYESYbXFp2a<0?>tq@Hmt7U-}ejP7^USlyPXa1mD zHtP1PqZ1>5j{@7o@>mBB??e*yJ&F2uK1yYWsRe4L0Q=~W9b2`m?Jw`>0OLhtJ4m`P zT1wbd{q?NYvO|cK**+G=ZLiWJ+x`Y@SD3$|hu>UOuVqtoDX>j+M5CUi+uV*>4~#t&sbwrn*or(t|_X!SOn^dj)ed%wz~OWCJnSk|=EkT#RkBEd)>!LDaUM zmX=6J5ZZ2)amOAm`>l^bqku#OrY22uOi>majCQeQEu-`nv{%8N)#e!(_I2A*ip6L- zAVgI7eP$Ul7+$}cY z(Q_oGs-v+nhP^y0l1^NJLI)FL0>3EKhGNufun+xO`_v2Rb9qYnfMqvn^|XgxlQ&be zpJoQ9KSr~b4of*%pxT?XMjBK5wAy1X+_jh9P@}}IA*JgxN?H?UrZRt<2p8L{Q=vM5 z_N1uK(W*BXOI?tQPDKW%rcin*v=X0o7d|!WZNKjQWb~-Iy%j`ztSV7C>62+XP?EX+ zg;k|fhWOhP>>~^-YRHLEeNTaz%v9r9el&(T-I+8smQ0`KFz6sA#rcD;$r@4ILXq(M zThuS<(rMf_$Xht{M0XW;Vt}DRtnNX51%9i8Xulq1+K1T8$L+{YZ;Q%8wJ{y*Cvl9; z0F`crHs3UcA&b1U2Q{Q$_ti&Hcz2StF%|`NAlpGrGi`_jZ&Sh8ULQh(N{g?Wqi)Ch z#L7oXUv+ldL8K~TP${K1?HQ}Ms*9(QvFu8X$*WV6A??Jx_pI_U$E%NbLh1fHXvk>i zjoxh&eE!xXFAV{`4S|^jYi4{0tJ*90=xB@&SnEh83EYEhSxs;18>xky8A@EcS6{b9 z$KxYyu*wykH2O5ICS9$>Fo{$*HM~uVHMe3(Oj+26jmWBmesWArKCDy3rW5X3umY5x z(Tv7=D-3v~z?zI5@O(;d9>`3n4bc_BFr=KM3lmI|lJFd5>7Tk4&RY*mnqCPJOV;L+ zW=QHvl~|FfGBM*gCpFZjRZU5XsX$MKQy{20wzQznQ7a>SbhHrfxYEUjs1n^cfF4U8 z)dzXcT8U^$mmsoOoFu^|2kWo&Gcnr0#jHCO1tw1_ly~=0En0Z#I#>gUE|{^Zi!BU_ zpvEcb@a<^GN{1?emyet3*TIyaygWN7v?)TfNDmY) zsBi3u@pI+b#=A?V>UfH=)1W=bv6i9ERGdCSm>W$i!;fpiU=71UHN$^dqRQU-Il=!` z9{44}|5ZB2tC_=rHG#!8lL-9ZvrcU_Og5MR|L^(II8ze;|2?nNI%?kcf6utjcEv&h z0!*U!zbL{SHy8`4-&q+TIeHyi6*>IaIZW6Yct$=k#FfWZ&!+=e}bvt>QulI!SCCrB;k_7?X!&!jk=!Xeq2UcJ^+bS#-dt?1)CEn6N+4dI7&`79dPMUtOZ zwQO)^#b{0T>P%QgW5q!(DFkN)pv8j9Z4=dpY+~uU8=B6^Pq{$?qr_%)9bRQvuYxG1 z-o#J|&6~qXf+sFQB5o55NuYnHg5vs!1V_wTh!BpeU8oe0lupXQcUWI#3vP}K^g7!?A!QTt?&&GO7#k|}IZrCNmLS5;4qrksnyl*HOOC2i?A zR0x=w_NfTkvzfG>G`-S2tf~y!1huU>73X&R9w(orM6V8q**b_$R)d{zauGl|Mv z16o|rcCDVsRAyNAK|KQ+5Omh9^y{sP;Fy0^RP5fMtFs!4QJSm3TOHfSDR#Un7M2`p z-9dL}GKqCe+K7d5rY9hP_8dd_f%T`I;k)f7HDXklodl=l6TB|Gd}#p8CC3Bgu4&mVps?kN_LTj0bFlB!k9)1QHl$ zAwsAd(4c=v-GkZ#mG`H+#@^T!sD%VJI0d^>XDnpnku5&;57qx#ym9?z#7Oe+>P-bSxg^N&6m8 zP;ACh2(NJm8m{n_2F{S6`fYiaR*+kLn-IcP$)PBC?#6Jkp54QA9^#FNhY#Rfi72$W z>pKZjb6e&han~K$5nRkRyfK_xVMdVcO2mkGGP>L%Of)y23ur}{&vtqyQ)1__2$sr{ zaGxtc+^-k&XjY~2IL+s#cJv3uysED^FK0fZJWtC9)!mzr^D@O+g@Ji*B0w{<0LY1s zm}fSk)mat4ID0xmI|nscQXAt6H%xZe!0m_!=w{bUo+E}u%oyH_iJ_~* zVq86dM7D_&VR6+QZcjw|VgYYCcrd1`Obq)zVT@fJcOsA5o=mWEW2(1h^CN#ZNnT$%<4vw`4e*~8rPLm z;wX2QuzN?f(L zC0J>8dv7Mk&+3)m2Ioj|AhV3c7-K-&2jd2S!t)NNnXB)LmCQR2;0K& z^>3b%L^Yjq(QF?l2b|5aYY2AChO#t~ zhNJzG0(NL^aA4Lp7-Iq606?;)Ad z+y$aT`5g8=@%-VdP?>$UVh`8cgt$xV5DCgN#N@II!8>g$Il-5*{lvcg^E!|agXyw7 zo+pW{5fV1<=*bahvJ8xc;C~dKsdFNM%?E+7vg63gz%nl)gw-VEHt0b2P%7N*|Ph#dH|gKq$&1x_m7aLdJhRK-0s8Y;=pGE08WquV_rBalPCa zB&}gWi7bzMoGHG4PVg{iF$^s0O5d_FbXQEc3*L5tX?a4B{bRiZ9IMV5&6}fV9u2VB zEG}!*_f*50IWk@V+S)#Z_u9)4@qHHiZkCnTf&r6`1x3iHDcS=JXJlesw%HdVN4%~Z z@e=EG={x8B^(kI#A$U+fc85@+-F7*POdDj|>$X9z1KB$LiF0yZVb&iW-f?^zZwNvT znVW{MD`NzWe0#bN!*q&~@DxcRw7*T2%WAJMdtB+kGV0E@0ys>>6;f1B*Vn!bt!|i( zWbpR4jsfU>bY{T*dpyR)5)4G~MIXx+9OBV}PWP;PI*@%u%$g2Z=AcFNa|s8nA?-$U zqXa+OPXvO85>{UfGmPea*?BBN?E3>*)I~2xbYr@R1Jk1O!$rm+@(-Z)e!H3^;X+B= zN$8dkITn!Q^6PlV0B>n+W2b39ok>Bs)X*dx!VLG6vX62tHh&&4cNl9%jDB42#vnxa z*@oP&MmrjBH6o;2KV?P$rwHaW!Q(HElYKveIMiuu>H1<3WC~S@4$>< z-5fR-Ihbgdd}xIgLD7ojSZf{(VY;HexJB&6l73vu7LO5>^JYenjXBpb#5fh3;T_|9 z=K`Y2$Wddv-@y1RjhIqLuI#c+f6qWQ*J3B{_U%ZC6l1;^5BDUXq|)z1WH05!#bx%A zOA5&mD23_%(KIp}j-hb2S8v{DRxjS>*=Ug3kfDQZK(Qn3$!c`J4kjoP7(Or9gRz?z z@ZHA{!b@WxTY5{*{e+JAZK{Z?QcAPU|JyWrn#FPrTdiuD4J{VGzRW;5n8#{{NVkX zn(_mf&wBaiKfO1;(Y(^+(SpU_cXnCpW`)V1U}EHs&+UsK$wPaeS+bl3a)gI7S23Di zpdSGyFwrx9oHw+E3s$Eby20s{8L_Y&L^13JTZ~;T>t&mm!E{Gx4rLcwG;CrP z6krTy?p2vsEPk!(m}+M}V#NK*F_ym7t74&+Xjhx1q5XVz3Vgkv9&*GWEcoiM8gzt@ zZywnyzPl#703@bm2Qh+W8z`V%6L!y0sD2nPTWI#)h3%~r#>PRmlIg+$#~~X(D-;Pt zFzim9oZev4RjuDGbLw)1?4c=#8Irb&D&#qJRYIYVHB^^}JBM;sm2ajRDUTxGWNcr9 z69uO$a0_Ku*Q17cM^ULZ{rCc-hs;d0!M913i`wGEQ#d5#fw0W*h$_Ov5K{JAmEpZH z-7+b~A6Mz}nHg-au75HVI6pXdblx<72(q-+HQ2|{!MQh|91_>P9?LE?P;U7`cl4D=LMh-@nb_ zXNi)gUR97wI1CPRSBHtVR1(Fw8`v?11L1DOiCyx(BW1H3IH7 zf4?UN?Glr~!{PS{AJz=G!dYI}4%d#uSDCBUVD7cGpgB7%q|ueL(KyEf5L35U^75KR zk>dHN^7EQ1EG*|F?U<6l^VoyOLs~dk+`0s2fbRn5=v3V%T0?-EpVC380UY$@6a%o}1lyEatLV z9V7FhYxX^jL|1&u@f-c(7LJQj!J%;QAnGf%>4`K+%Ul|3Bjj06>Pp~(qRGkLsORz^ z8t0sawZ+gfmM@&JsDe;9WF21o*6M1sj9-;+#}?gqblJr(QT!=CGst77rfbkejHT zx}QDf-*SxM;C#+y^dQ&1TUqQ~dXq~wVc_w-`z(uS>~566y*p;@1mmI|4AzOoMbo=c zJBLKM8yS@l)7q7tfeawBMf;?XAQG;az}R9gGuF6^;@(n3MAvuA7&;bD+JuCwc=2}b zm|YZ-(^H7Ske;_Hc5|pGe2Y9^ZQ+i&-aOHQU!lTOEQGYkUh;Sbkf>n%5aQ~5KJKbE zJ^*8FNh;_p zlEU$-8;j%(R0Bl&G(=L3uaeUITkf>`E*2HfL_RWU-avcr0nSVa`}PnaUd@Oa!M%3Z zBA3*h2vS0?w_Sh459z1LK2BMtt^^$R@diPg_-V4gK(G6Fi*VkeMhK+Yjz=_dPKErT zOB+);l@Hxb16(+)dz*8!gZu|p2Ac-hdFPhHi@q6m9bYK0YII9L&}|m9wW5XYutS)VAXrRQOl1Z5?2@ z=B6<>&$FzY<;Wsi#XKA><7TB02)2`Z2C#5LU<=>0(HXSd>$-M^*I)dA{mg*M-9sG{ z;%j{_pd-{dAjXVo5M$|=$F9MwR%5C3K?WRIIEcZ|`dzmPdO$l(x)6~gzP1B(7{TH( zh9Ez!SS=LevZv#mi+-heLN3O2UMPiSXRD%6!-8X38Dp$)*i?)$L)=mJiI*lsXI2U* z)WTYo>l_ZwaRW-4K{T*WIbr|n%wjPkb&!j`)`@MGj2OuY1rc(Uur(X=)+ zC@&7{m4Ot*8wU1uH_kq%FmE)C(p(z83L`6x_%R%mDf`&SQd?f^ymJrfCwu~VXa}D{ z^^n~FoC~T+vO*ybNE_$&B^-Fv@+3*+o@6drOp>9)$-d+e;beki&BpjWcR525ZELiwB zup?A{&?>mYU~|d6KveAvRUF~>Q~X`PpQqnPwfmBz{6A-<)WnRH;eruh$1Sf=IsFnd z)TR#J3Bo5ry>~#4ndHmKg-J5v-4xDAMG(5*_o*Zq;~c&9$_aK9yo8%#!sHmaX2^Af zdikb-L6fnAJVlgwN+xUmEV(FoAh{y>v*co)n|OYjXK6&OdvB6@cb?Lu>Jo9C_+Rz5 z29D5+Wav&(j(|flBz&xu3wQJMVLYCEj$V0Qj+FB*-9mc(<-zIQNtqy)Zjj1PGqsk-J}RQPZ=SZAtt5~!Dr}@$R>oGW%d#Bp%N1c zzMopvX;2-@lPsCoPOBm-ujWUzhg6GrK7qW#>QAY6KcN}I&ctFy5#>(mJzyl6Ro(S` z-6DH3Fq51Ivz!k@^tNO2sKY`ONhYUbr0xCfO-g7F&qzGwC*y+(RD@8#HPD z_v)gLzos?UUsB{473?>ZMekYQ>R2WKiVe&pS6PJ`KNL8KNdRmn|4o!qM>Kc!JXH%y zS1IM(2YTL`=I%;0``i|uk|>&ubiQ&izZW48|AaQxkEFFRj^622646t&qK`WK$I0$w zXL3EEC~+lDL~%_~mw+nAJ=j1+=Q$|t6Y;o_AR}*43>CGa5I$(4(Dh#?#&Av1*4?Kh zg_AVmEWGa`uSh3hs+gqosc_UFCHL$Bduc}vpbuDYAM^c^PU+^=U1{m-2pzV*95GrP zGwMhjF-!w8BcxMBFRqvYw`6FR66!&+CWiJRcwBV+L2?N>qR3ZBbCFVOG}Gp&LG%{h zE*6u?SVyL}srjr3jr8&{O6y%EmcAqT6RUAPNfsjS04yc-E? zUe6JV+EI)p=2#h_Y)EGqE=hu4moMv%CQp&!T>!>jxlC}mli8P94>u>Jdm}C4ApOqC ze<-%N!=|###oy&%Z;H)Do^ei&R#ztBqg40d)U4JF*U)NiYn~`98KS|IC7Oxc{JiZR zcCpZ6Zg$Qj!l>KG%4Abf>}!aNn8!INW^-}8(d_j5tXAiJNtWV#@m~4DLh>`tk_>ar zjnb+)>#dkdW=`^%kEdQ<-#JA#CZ*AZhxUFOQtmjx?x`|pBC*1?S*r@pf}kleL} z?)$n+)|nK%G_x;Bq6~}OYYAfY@potkHD~ivwM$dWu9JP> z_Lwu|9E&QqK{Gb!tvkciTXFkrqp8YL^Y2$8`AR5e)wrOEJQWQL@vzSc%>_x@`wZDl zCL&$O`Rc_xp<2$P)B8*~x~STie3jVwq`2^tVSX2X>{*7~7Zq~7&?#F-qIJ5DUoL&JC~bIi?j^m_AOt;8wW#3+)^)mL|u zB4b?P`||tTVq5rBy|m#bXi;n zCG{xgB#)@m&ZzAX`UrYmbFyQil4r*~7QW{WglPss@xBIOxEmf zOqW>N@~q0RuvCPU*R9k~7qC?Nj9_D8MbXu3_;QGa`d8&sRYNh|YAEFS%nEscO-lmE z{J$GY_VjIoWR0gvtLM`L9@7~uS1O-T^AzRRWbMz<)2K<4b@`UJ=TjzQ&kOn2Wc@GX zp7;|eEd_SirncyrO#X2SlT*j3oaA!G(JAJPW0pDnR4&wirrV)1`K2fF+?7mk1tx8!v~J!>Ci5lJ-mNK? zNolxh0UJ5%c~ZYA`4V+zy-voIBjTN`^7M#va%M~^;%M{oteC4C$1p$E-D5LII2KDM zXMQP7=`Nd0W~Fj?ugRClVSlDniKwL(x>}k3VlJ(xoi+KAxt7)yOXb?y(94fqEuOs+ zFK#W4?%BVt79`q=JYB5Eq}-$A69b5pW~S=7_xy64WMPBIa5W)dgakkLZEMQJwY zxF`*ib2FOE&{CFX1~)*O>#UXQiTsqDed<~wUnOWO<(HSvM>x|z3EC=4>**`KaJPUv zh2=Zd+|Ko#_E*Z$-G`O(qn+=h{E>>OxAP-E)hjVtZZOc7Asa zvDF@GOc(3xs^_fkdWxKuY$%q_`jASWv%71^_#n+Q>E*O!TeOigeYD1NIy9$|3c1rd zx^i!)F019Nm9-W0PnSd-j>`7;>6gWh~16|ughU9>pHc%8DI5CSn78V zye*eoQcBPkaxiOGQ1UaDxDW@LBqQF}i%*q9mc446XCqAft)-0CuBAz*#yneZs@a{e z$;Dfe{|L+bMr8h8FxZ}4%ineU?E&@`VB4^4c0=Ql>fT=iB6iezm(3+bVBk_f>DxDo6anDaXe6!@) zO)1xXC3bjJN)l7J7Rqn*w3|rD_6=96<67DjPpNdVtcO-%i~vC zBdDmqNDb2c;>crAd$&E^J(rxl$7<3Bf$xiLf*aKfZ&6e%P2NPR%Bmh|7|oy3hA*=! z`Le;{N>uPThvvXQv*rLficam)&bajNb)RWp)3M8UfijTPQ6{V}Gs&Ng(a$il>t8ky5^o?1v8ArJ3RE4oQ{B=yU}e z^onVNEg9JhO~d+eY_E;&0 zV{^B-N!L5lqKo&lIMVLZDDKtz_K)mC`Pq^$Tx)Hrzv^|I>59oW<6D}Ma?(kXEpD6I zw#~U$fopyrSmUWR+-_(hN=bqzBbo!DPw9bz%-_^Yox4I=pJ#dQb<6gM(d&*-t5%Gf zo5|2vGRz#=l#~YSm+hn+7L)lsYe^W@l{6pPLAT|>RyTYf*QaGK;UsoN05Rjr#O)p& zsVm>SKGo1TVPY3-P_Br>{#&upb*EoiL$1RWc>?Fz0H)l19h8Z?n(B*Bb%`|Xa^-WM zHq$i!N)lV#N!9 z-==rTSbpCxsa$QgT2k4C6}N}EyNeC=-4?orlr7kA$;d9Ad$3$MbvCvQsBAphddaGt z^mq@}n>OKhlT%io>^agZpTkn*;MUOH^m(4qOh#e|4L9lXThq>04yN1s$bZ&_CI;@{ zcRy*`V~uvvan-j*_NS~TS=;dp4e;hSCS( zWSFsEir8EYVRzVKChnp6UUqNy(k?$yFg@50-sg zzoE-SZ_P=wC2KOzAwHM$Od%=bGgnf^4|llSaoH8E%dDHK(dVx$Iw5^3l7rUyQfK)= z?Cyq!*>v~W-5t0dyfjB;kGY~t)^(ST7JqL_ES;R~D|uO1-GiK#{+K*zJsiEr4^DDL zubt3)oJE+gG_=WtTQP3^25WBPb?wyWT=cnWL(`})9Tnn}Q(dpLG%|XznRsSL#jt3s2lJo_u8~Ay{&$ksf zri)Xbhs9;5w&wFnsds}|n+)2|&DSjRA{wibZ9ec)hJHFr3qnmeIZ^c77zW;zzhIkD zJ8sNMZtK+6R+uC+J+37+8qC*P%3ajrQdE-N%d&fG5;QI!GYR8vh0?}umw+!bd-BzV zvG6*Cyp`C{CetYwYt2WrBFbl%T*#l&_7%TurJJcVJ1DgU)P?MUV2y}4E{4T3S{wU{ z-Yqp*Re9fqc3HOBZc8`1c6MMuJNoice3g1s9}=sN)2{=vh?2>Dz~!I22OD0ti&pHV zHL}xIfOF)_&n+d*Ki_63`l8B>$+&3ou1KgwUKCMe3}xIRBX6rAB$PD5K8jNEC&Hmq zEtN58X#M<(k z*CbxlaEe!{;m>|u4S6hF;Y5?$U2n2LqT=!evv^%jyQnsVefMz?&7aby({CG0cjj|D z3$CI=9Sg!ux0zsKJd{E@3JC+Idae`OqFIG?#0 z+wUmlqzvb5F|LqgU2^GWTumCu`Q(dG#}Bnhf!mq#TD z5e32*H;lcNA*kZXw3{=r-D_xHOH6UmG4kdGSF-9V@ZJe+c0WSz7I&{PirV_S!Q#&i5i2ck=(2 zEPXe2?+QIRSD5GdMVPt*$W}fH8wtgpC1)4M$Bk$8UGxcGr})`OEtq-8{bN$sddCMlt#$qnA^|tw9tK{4Bgr@T}!HSlz=YPnpajUpXQS zH}n#6C-`M+&g86JMhf*`s$f?a?#TvEzmZ(3i}wq=bF9)-$kll6POw-0ymvwI{NN>% zalO2k(z1?EXp*ttsnz&)rpOlCVbR`+;x{5l!rFT>GSpsh(R8|noXMJ4AD2SsYg`j^ z?*^XBKjHl?m!n}xbo#kPZ2;7~LSB3z0?{f|Q8bWRidx7#7(Ng;iA7fdc$Af2bSL|XX@ zRNifUm-u&KEtzYr`OWLeGSAGF_`7F?VsW(`4W(K35~au_^3{w+K<1lfwTs5$EOHwA z{MZb~=3CoSKoPZDcLOdXR8qN*wh*8r>V$TpE=x*tD^os$`i#naOfJ|mzfoM{YS#H^ zZ=rVQC-(uO=q6pb|l9xlPx=JS67lo5};c-N$$uGcr$-{Oe*Qc9PJC6FEC&)wdk`v(mVNm z?NaKkgHtJVQPX)Wx#AyT_UlzmUjP)B0uGb;@1aZ5(4~ZK!y|KgrO7#|9YJ}ZU7iO8 zc&^TwWKb?|AlAJ!NNi7Db4X|W)L%D=7T5DbpVYc1pkVU%6TJz!SGg|X zO?Jv3#ygtjTCtXOS$bE=&&t~`k4E>aXT{#iA1|H|Z^gAD$NPuwKpaT}CA+1&++X%- za;UE}$!GX0z5t*(Bh#mw67DxE;*f0Zrfm@iA9XG2qq*1Hk5Z^3dnN1$7{?ceTx_aO ze!9U0qxKE5{R+<0uTdMWYn4~#&mwcDl)i2x>88bmb{gbUjC$u(D|6qQ$l4G;_;!uB zUg1mlTbWY4lp8gNWV&1fD&V%WDv4FBR6NT0s2fg&xH_VN)^E|N;HbN}_cUAejKrD{ z#vAqr6`*OcqSZKd6c!MX%wabY2}W5v<E)#s+e(PtebC5aivKi_K%v|h#Qy4~sHIoxedAG#;KE(&a#14B{E_isft^vbW(*|rW23F=V!y;b+1s0O z8z~wi8-w^V=gTSUyB?a#wHA~W&byLiWKgnC7pX9lTzbG8UA)ka}yWuk^InmuY!TT-lVElP4K%*>i&YE?HDB1hs zt$52-u6Vvzl!({dsCJ_Xku$d)8f%^H%37FfmS?=;WwM2r&&Yg#T|KI#dS2vTDM_$j zcdAxO=c*?zzM^pLHmfPWVdY#>2~vXO_)2#R&MPZp?{t!1K_WKVsS?NW08=yxF$Q}m z^bb>W*Gnxo{KMdXHM|)%cDC#+D4`ajt&Hlpn4AWKh&*3TzPBVq|Lu79+l&b#>Vs5x%sIGQ(u^gxhT5aWfob`1&nWMa3RUoVhx#yh<=M~ z$VD4j@tXE>5W0$_&9Q3@7A_}g{-=_R_wXkVsz&Nh$?X2@%%8ap+3v=*Tq-_?_Q4~0 zr-M9Naw24g&Gppe-rBp&nAL`*OCk3@Iv09ZO=n%VmGaUG(wb3PxPMiUC|!LiA9YyX z9ppG_*pPhp?Jtp#Xe?}TKGye*s%6t)gNEEwTO3j{~h=4UUzeUoY_S>rR^^KF5Apgy3pG- zT5E9KYu9AZ+gK~Y?Oh4UhTc(1LYmHX?_=egXV>IRuW!Y)z9YE3#cOerBomriDlZcw zoB}?u2Pvk>l1;2$X_ieXHwiM+VRJghD=Xn>;K6G-&z7H1mZ4m#XxoMp#2YdXLw18e z!DsNX7ElPIEnvXVVbb?7VIFku+kyAP$+LCh9$U=)sT+AuStbF-aGdYXB zHreZFVcqtX%rTMGs+P6eByy@=sb7&=IQgMB=_j=x6|S^_G=#K<{%G&_#ZW%o{k&AZ zRTiA&4Md#}mjR}_ z6Wi1AH-IE5(FWUBu5CM%hzz%zdZP#tweIQ>PsxPRvz?Y5&^9@%Tbx`+o}BEzx)}c= zy*Ia;t^K88SwlJLb#=6IFCokr+AK|Jn@mi3Wb>T(U8a_-4aC!>%h|JerVb^~wyXT9D`zqC>B z)Wd?BTTV ze|94U#jbLA=Pw78xXBKGM!ln)z7Ze;KVMepOJF#|ON)sCC1%`Hqd{6}tISOv8EN)P z3onUD6ZnvHPt2@6jyX#iOG5hDdCh&DD2tnZj)poRL|j2g*t*h=9Tsn>x&79Cl{wwL zyIr}G$e8JCt>co^di$riucV`KzH8-DMehjg1t*(3J0l0_PC%U$cLgGj%vKwY?`GOK zLJqB$C7o1{&VuU_qffK<;5W;~RYp=*e^kpco>DzJj*`s`xt_&IvtT05#B!@U6}6a@ zWB@X@8BTGVlNmDUJ8R0FEvb{^d&nu-QhXCIV}PiWoDrN+itH7Yt!fbq#T~g!=|&ua zu`}X$iB?JT|Bl@0D$xCQ{`!?JcNAmDk`YhlZ)_FwLCz zb0y#O?qC4Q@L0@YmwB9f7x8&=dD(6{#2)KJp^P`Uw{JhEz_x;|`|YIa_Yh0g zNH}PNUgoI_dG$BKcQCvK_|WwXqr_e^lC1}lX|3W!)!U#{-f%T-H4)c%o@&M{C-?FO zeDcNr|G*0?TWF7?lpO4R{=>XQoA24>2o8ovN`*zawFlZ}Pa z1Sc;`rN-Q#5}Mxxb~`Y|8qG&Wlw-2dd;-wOj6%zV>WiZm3JKMjWU}7;R;k=SlTZ@q zlch415~iAZ^Xb9bOux!LQ<|C@tT+Es=nM|bB=zQt6{~0>(eu4heO}LB@~nEi*%aU; zRp}`#DAs8Gp<-VT(5HCP-?DJ}ZbTNqlmK6kfFY1ny4R#9eQQ2Wvbrl0OxM)tFX{G6 zG4P7od6@JFcw=a?(YmcXkxZ0ogq|x+)?52xRE@=G#Q)tG_)v6tuVih|(big3{a&d0 z>jH$FtyvE=S_cWVCrcg>by`Qg(0WmWl=a}vn3l=cdW+;Y026R@$-k@`=(D%hx|kGl zbT*_p8ttc4_To~bZGHZF2#_T}AcrMcp66Aa@+e?=6tJX|F-ZYSQoxd4jY$evl0m?) z{f3gjul<(i2>~@~go7^a_hTLlz#HxNA-&W3x^gW<8Tfk3qsGXcORF=bMrTW-v)!w1 zv_J5QLV$`|&j_M`UfFq8egCE4VP*|P2M$beN`G)CSz0%)kjWt?OzV5k(VCY6`fjIq~9)NPgtHw*< z**TZ|)9WE51XP^>2FCHHs*MQ*5OHuxkPi2P(X`F!+VsG=mElH$Qq{{Qz>; zevu3|98*&wV&|eNEo?%-yfB2Js~}8tQK=+W7#LOtNhyg^uvdXg40?%$FSGDvVgwq1 zRV(2MEgpb25OgB3)XwFEMy>uZL}WGKn8sq0I7tI%BltLh@?ceb=y|+~D*>yNp8bQg z<{1?A4BJ8mJsI;>zh_X?Gh7og=sD!=s^ivqr!=C_FqOHWCt*B2YK(P-U3L&%1DYo^h@V7wbJl1pULP;R2c zgc6%oeV&Tz3^yvNmPeBT1j}_*{Z%260U4V{YkqBIpwapo|E2?2{P1_|2KNVE%!~)E`tvg@QNIXdQC?E~3Izs<-Yp98n?sL%JYUTZa%ewEG$nq{R>W zlTw+snR$mmE-FQ27NaL>PLvTmHqRG)GA)2pX}BMmR2GHTYj8gjik(~a+k9!n@`FsP zG{A6{$30j_hQc$F1O`BSO5~c9F%3T8Qi$=Qk1!0=Z@eU_p&7)4t_b-tDsR4Gy`rhU zB&m(gFm8wFNo{IsYGekP6e18s3d;=w6rTsatAGiIhnyT!m88F>vPOgj=l{FGQUkNe zpB=?vT%YxtF%R(58F!|)L?pp_M5!ndkZpf>L1nBu3{k&Xu1)c{p)^%*JydT!V*ehC z0?j4cL(rf+F8Nv>A4YPHK@BTtxISXPk0G^H3%UX&VPtud!9)dutHcV=M)PO1X3!`5 z8P+)s?9`!J4jupP)go9KDA8gqsReZEAaE)ig3*WvVqq%ae`P(-g#} zpz%0Y88O28jgvg0W1y+2@-&*v@>q8UG%w1UBUI>*XO#Zk(vVvD;F@ov93ci|*glBW!lP2bP^mZHb^H~oO6MP{Rr~t6Ag2$+ ziD92$W4t?DDNi>#2d5FGlAJG+G%qp;!%Cll%ZLW0y{xn>0D~%16=5NH@G`WpplFK_ zAh|YG8?2P;%@1pJH+#$!@*gl^E{J)`L4TJqgiv~86P}l#v)1{@L*!?*Dl>qd55{1D-zSU_nSMMHL}hH)EFhQDei61L(T_DwLYJfkmee( z5p7t_1C>6gz<5s&IJ%E(+OWiGU1JD8Zhd%k%zzOyOL;U*hT&Beu`kr7B53K=JYjjB zs8$B4UH^-4Pief`1D5m@OwL%CZba7%4wq0JFIcv}5I6tQ<09H$81z{y_N;}UxA5~8 z{745t_hIypndJ)UOmX3YSxzb>wO6#bR;vllQY?g$fY`XOj zi7XSVwoF9qfUOUlRVvH#>sG0xV(X}q8qMdCz}~^ub|{GamVL)M5w`{1u8t=CNb{w2 z0LP)V=N+yj{7fTgH zKI#A|kC>Pq8BY2nJ0v~^C5uKzjIl@5|Mt0nYPD+37um#F3^gtl|1F(AS{W2;G}`B* z!n|q1OwKY(WerQ2il)kC85U1K*76{$VC-m?;e%zQGrHGSDnGJWYRjj3=M5q-NJqf9 zsB);*CRUFdcFHg*>E70|t9`MgqYBgD;4tmfSadfi(v@8Afv7bVL{Mb4)U>|Iq7A0~ z_%JJ+3?xYq5R$?$D>GQj|CSqjX`vY>~9 zS0#nH&^KCRY^*LOdO|JEO^-Hm+-?v&1Ylu7E%B)fb;Qul+B~{l!GkvRQ(F7D z*F)w+U&X|MY!it+kI9Krb|bpB3L0IZie)0Qu+f@mYV9Z7^#Tc?nNh;B$q6$$oXb6| zakCsXr2PGuo+&4(s^6L&3>cGc-J8BYT!HXTljqoe_-Jc)>iuJ?QhVLXlYBrt3u)RGX&)uGc$wg z(Oa-kqrF76K7t_|4h-X|H^js$L9XTtNJKnCS=`NoB@?|%wz_+pjLK4PDMS%-N?7?| ziwf>DBjlh`6B5EiB!5DhM`;L>T#P|q>IZ7l$I?+uWptIqTJw1WFO8A`$zV^bREV48 zF_32(51I7zG=}ZC{?IE>R1)cNp5DlL2B|OU>3JNY@$xnP(v;YN zU)W@6#=5S{W*XRy=wP zu+U<;R2i6-%K*y`|AeNPIS+7~Lcu^GB*T;x@zN#r)hp6&^JYDI-vZ zsCpQpR~m{}TKIAcUyg=mDRsM6LXGwub+T_#Zy(Saf?xG?k7eAW93Wt8m!B|$%Z)aA z?_Mu>$YwO%tDzH6d)8HR+bnGv$CJ5qEf8EA?Uw%0+wB95_JTzpska|1Pf~d=l<7s4 zmw@b$PHxGdl3N~1M3ENzRVC)K>6 zCiL9~0_1j@3YfvUB!^Lb>DDz`6L}#V6zvOQ{hIwhRaHi&+b#3$VjXuPklcQ<)L6P@ zGN>wYB16-v2(ZwMXlhjnn(mJ#A^4-$V^2=j+fNJa=w-|WtrMiO?CQ=n9_{?-7GNsN zx}RDt8npkCxp1PDRKH&?0*{*55V_!z*3*~{GW`#Y6RuVU%34#K8+hqnA-A+J zn$X_8wZ_uDM67|wtpQtKEnd(}IH`?E)H4k8(NMLv*II>8WAZ~wyf7pN38gMG2+-rn7B@3;Z!6Ap?suWEk zY3i3ij=@)jayMw(qQ3M>1d1R6n!am~0Y(FoQJ!uLU?8UNEk#soAF!OA0n4en)Y@C&XNigjMX!nZ+@EAz5p*=o4IL3bh`_FKtKSak^$%ddwJY%AlH1ciy z`6Xn~fyx>9vKhsv7_=R>Hkf7rB!XTlZXg=$WJr59Jf9EGSB-a}hyH2PQU79IuO~`2 z?Ynzj1VG4%h$;=#RMXGKJkQ6#tCEN9r>K=VJ6$z}PJqdy=(JW0;#Zb7kN8djf&>Jt zOXC9;+--_VMG zJ^+HF)U?bB5AUXT$_lA>7O*n}n$GH`*B1jXG3uqUODdz)vC-k0FC=2MqT0v!*i~}W zj0zaah$?m?&@ff@go2SzBUb=cji|%c|MH7ZmpUhxE z2a%4eO17H$X{pb*__gr2R8~nayBENrHtnYj@G&rdOVfQ)R@4ar_#IQvHLu4-5dfMi z*p~{TZl|XZCwOQT9Zj>20)$-z)SQ{Z)F&uHltWQ^8>$_^!9^mQJ_7NFH@XZ~&lq{0 ziK)1^@~PV`bvrDhvYkyz^@5#EO6qKi1)nSyeA3Yx6x6yk2(E(;>`#IH0Q((SNr4rB z6$cKbz##{Wq<|4}jTi|LCDLy1*M?!7=>gl8Oxc?JV=~7AzfTXWsbHyQ$2j1Rdgo#` z^qeOcQ{xGDjLL|vR!swn50x`e!ie?oYKr4($5G&QAFKRS>KlQk}}u#XM@`trm4%hjyy*@xnMQ`apG3j+^DF7GNiEZ)wV+)x?vIs1tB9kl98`bY8W z#MJN0XY3)2BPHi*6NIUngK%08h_&5kZBda;MzFIX?u?q<_T=iypekdmO?Z&ZKT0%O zmu4lfA1%iW+JTu+D^NWpx-*6lY5oe9>FmH3!?x1iF1yDURzN4B&}e^9D-R6x_YV$M zu-b=)hKEN+Mn}gqiu@zFtW|=?R%>+^ONLMxXV}>A*f4#;v>sBIcpw8Yn}-_hn+TyH zLufD!VXy}nHhT#12%+ILG?Io!)6kfQmx@`2^Ll2wXObjuepK&_ zM)SDQxfhM9^47QM zZk$>`bShmwPLL=U!Zj#3rO0A@s{gLFG>|vC7t^PmyemJoF%P8kOv#hPQ`Gb1fBde z4L!s^5g4OQfdG^MB5o_I&O_8J`aJ^KZwOviHq>n{zN~{5^!ab5YaE-P9ul`x&av%cYNA@}uEMFpN3)Idh(nh`cGN-wkFJH;A57-G3Efx!< zrEi-*l$)UWy13F#JWkb{KdCo=%tC2m23UGD*!GO%QC9ZXj3XELwJj+}24`Q^giaDG zYAYSBYns|5);(7pOrb_`6Np|kYL%7L0n@vtQW2(#G?0K~Ozr|0lRWjkv* zzP_|dUTf==cSkFt=8x_7CnC#F@bdE;I$P!3$clfl)M!38`1^>xM)OfTqlS|`CFAfPQk#Qc*ORuwG-`o9OPIid<5NUG@bKgxESD$U{D2YbXt8$fh6= z3Sp4e2&V33Mbbn?ei(Dwu&1%f(1*0jjt(3n9>YN5n48Z);65|$@k2X0q*1pMR66(?CnLqJPy_ds zSvXa5*67$IUg*|$QLv9fB(+p;zRgk>S0ug^wwYp@z%d=UiL>((tKvNgw$?j1qMMKL z1_A|sfi&k3gL&Z;ac}ZFU}K99vYHraz2}|aSsf9tD8Q+ZwVJZ3T=nK_&t>{Xz~JNZ zJQ(t@kX1eUeFyJD(+=nT!UT-~&`+tca&*$e8!E$Ka3x(~b4cFVqo{y})3{JIKgiNYmcI8LB-ofSr1Z0tbas9YP z;}>aOoC&#-ioKVnH3B_jy%fH%vI>m0iKu?Y#0mte=)8%=LoY!g_6CAH5ySNCi3t`5 zA2TvfnM7<|qn-;Rf4<{SJZi+LoS8*W2&*Pb^eTavc=Uqx&bI-3p(&cx$rh_L1m3Z; zEmVi9r#eApzB^c<_Y77G#87&@^A~?yIn!#wKH^+}U@Z=S^zyoMa1bL zv?V(y!&=^t4{tV=)RJ|B)Odr(6l}8eJ$W7!Bm7bfgPN`UmVPJ+*iKJg*v4TvN|DR% zF30at3EC;EQQ9esnNZI~{Q!t?!|Bi3-(HN;L~wMR;eG(^5l^O~O-y;*bT>#AlA@s=8supE=zh0tT}^VeF;6K z=S*{{;ZUby==)p@Z5m=G0%QP$c)i1`IWcEY%`^nqIObXj5Khl%lbn5gG64aaFlmSBLGC=5G3a~n6jXp#?3iu z1ryG@5KK6asFhr=Q*=Vd4HG$%?ERxipzU&=S|@l+fK??bd2s|bjYswlpXAlGgeMF0b)DK%i2+{FV9MwZ&Dp5 zM`q8G9BHpcsX=G`e#?GeXBpnQozc>$0@4GRkFlFm%3oi)e4{L~_G*#Zh69ytb-8%d zFN;$uigdry6fcF#^`$Fi37k`|FCTP2{gX9LK~9AOSSV#PbUA*{5$OnJxH!S_iOP`n zXxj^o<)c*iDYUAWJH_p#J0}-HXuk!1)`}qiM zAAwG&*3O5vZk1AQFROU_0hxeHzp$#_367ig{n|;aPO<+WIY{G?T91?Kj&;pccEu>{yRKKVAY8Oi!+W|Yf zGDHt%RCoZqFMw$X+EJHuE=NAOby6#t_KXBdjx3YH(_iQT z;t9Ohy1N!>w=`w5+U9z?OiKlDu7Pi;1Php@Z+yx+KohuM%-+gcYG2B^4O<=2n0kWZ zY~MERcCjSvgRzzer%V{kYi{O-jU5+>l8D`-w^!EEs}nAtqYRg%aCaN7B$pZylMJWU z{e~bJ{mGKp{6(+p={U;xk1ahOZGR`K3mt%xNfc1PYKj^{l`K6Td-J$9X?y~QIz=fR z2A*U>p&ar_v-Cm*eNgYLYPHLA9LkB;yJ-Bg9mL-u7<4&gmEy42mNn*_!(W1#pp)z@|`Jt6ObEh_cv%1}XxQQ^Ss%pwK+=6`oWtb}&GEF15Utwhx@uZy`IE;vt5nGda$mwWSKd%qkXX0AsLpc&A{}#0fU)I`LR%vcbZd z7VrtE?bb(d;RIGBvjg#oEoo`IR2k;*8+Mq`UIXW_3A7}m#nvJ!t;|4IZARqIGzifX zo&!GmIyw_8{gH5PYrz@$_bu%>X*ZD96SRL#RF5?}L5SpNzZD(=Dw(6Cycr6~ve!&( z4>Z2op)JC2c=c@?;>Yy6^gi3|jk${UHLl}ioVGRQNYJks^AFj(R(n!TA_r7I(e^k}9WubhgVJ z?tDd%Iq+>P4@|A%AldSeAnoUr)pFcsIeZI6h1paSq;ngYc#R}2;P1+^yOe_2E$eJI zhT1-!^m|5}D|4#a_|FdKEsqhcvGLA(-HcpdxA9~ETOIB0TU@CtWceIh+IKh%_kgjo zKe5m)&eFd1fMljkEy4=0HfTK%B`rbro=nACC7HHKrT6j$Mxci@e4S<9qT&@sUhd{i zV>@fi3$RG%8e5|dhA$X1e)X z^@U30f_6Eb`jVYmFQn88b7uK+Pk5;(;Yv?%##1<#(3M&$=P9zom`HnxOW(9}v{siOYU7%|c+CT_%o^Y6V0s&4`NLp3V zx>T0s+s*hQv9Ua@gOlM+4xJJ-5Yhxot@)yQZVf76Eh=EBq_nX50DJQad`}Hqx(8|R zQyPS&%hY)DZT@*J_N0D$QhoF7Kz|E|rkZc3O;L1t)?WESp78JdtlEec&mx7e;?3qt zD-piFl553gX=YK zh-Qy(`Qvqaux|=-Qe^`3E)w?(5K*G*x9I^BepVPeJ0E!v$qK?hLqRycj~dpG+dNo4 z+A|NHs=oSX6Mz5Ork~u&e`ejAf37vzWKl#7r$8f=+po4 z+85t?2Q)yiq#qW8Nx$O#RsD?XXGT9)>Zhq65ax$&^b7y~gpBL=5PmW#U!9b%NrrVBqwX9$o{V13ja+^m=;xEoyMgJRQojXrhH(D=)8f^Wo0Bti z`KGRR^NUS&S+wr=>er2-qq8= zF~5s3yHc%qAEIA)rmF<~JHmboo^GU!w+)r# zbvIuA4%m1ZTTu%k_mcbb!0q zbb+J3hof(%=vqDzOt+6-k*xMh+~UyrWzVfUL~F;Oh^gPijejdVerkLF4rQdND2tW&z-SC{VT9!y=MD$L^TiDFwH znf!M>^@(x6H&DIRNc-nybtC8z+MJ~Zr@h}A7(bd4uY-)&Sk92Qw|643zKNhd$El+h zgn?hln*SykWB7%nd|}e?`}j0P<4xqB@Cl+hquyqBejZO6LR5DGYSO5a$CD}bC_g#x zqLc>tDA4t~wp6oirOGZ$&bW|V%AIfi!sPd^qjoi}s}j`#G5n2P%^Xk85J>Z8kvrzM zST^{`>xizgzCV;=lguf75^A-@UQ1 z|GB$vKBN4pp$x% zb;Wo__Fg=@Is?Z$ndg$#Vv+3PWeJyA^w^c9r2o@Y*8k=|=}*?iYkIpsF8PU= zklni*@9(`n>;FH*^}WNoSJ?0EUF}y27e9}*^SL;66ER){_eTJl^Ze%Tf?Xem^me`MLg>5W;nm^0LxtLW-)h}q3 z9C6_+A#yrGJ^LKU$BB0dJc&cew2#Y|zty*Rx$SSR3Y!0I)=R$<)<4cH)$qIO=kE&t zZl(MG2mH%NlJbdUb#@7E_BEIOidd10I+Feo{fz2oOg}aKtkO?iKMnm%=x4QlCiQcM ze%A0alU1D=Q@fc0IlI)YxIg&qJ_$3EeE}@5WH00jbt%Hb$wjBiAgwH;LZ4f4-qUTg zhmxyKRY1Dr^uE4ZE+wtxCTfkwjUMxH)OQnWwa#17@f%rqY{S6PM~)S0KDoKn{PW$5$LHq`ZQeb%f8p4H`Nhq<=8hdYaQygz zBZrTtzznu!e*V~jI~L~WE|@tyH-CJ7-{IMP$7U~>xq0rGid^yO%@^ta3ud-19GqV` zHh0D0xrO;-`wm_(vuojwg9rA1X>M`Pk$dJ2U$KAxXYaW9Gk4y(fA-U}v$L08JXzXP z9^ZY>fuq!P;LZd4_svrsZ!Ap@lm`d6ANJP1!N#0<-*lrZfTQI>-pj7f58_zj{G44S z#FcRz76_N23i5#NJN75n?&v-(yEJlOP`BUImGuVs@8i4Wx+3AEe)i~M&S^r;SFFN| zIeqYw&N2T$KW_>TUO1~wg}R#`D*yIyYn-lPQ#O8h0i2)qC93HIMMw3sB-jPYLOH!O zJUFKP3f{ow1!>UHZDvZiMYYZ-WYGo7^wZEsJEh3+5Ie7E9f2y-RpnN5t;_YZO+R<5 znpuTz)z7{9Ii#Pbm2gy{gRvt*yw#+l5y0(p2~cZemOo|jHy_J`L)ID?#VhUS zl={9xAC9PrZ|c>3gLXu=wm7JBLqJsTh$vpQ%5PxD;2}%#w;!mfvrKaHQT@Ec@rwMJ z-ich)9fM7f;*|@VMZfeD{WDqB) zH0LbUv3O)Q%g=RYmgPNV0eNNC*-Q)iF-~;}I_R`z>}T@@we+eQ(ZNRb6tXrtZ;q4K zH%PR}NN)uF*<>C{W!$?HlHL+k(gHQ>zz>9wpWO>bQesq%{yY8rNS(P(p@;cdHeOq; zem^Rdnw(uR{Qd9=IocYB_Cxx4KtGr1XHhp(bsfwQd?6B~{ZI_G7D!mSMX56qT$&J# z_IZ&U9=%AgYr$e^UZGw5EZq-2b|Zoyn)>bA1^${s5(n)Qv5ux@1Ka(MKQmPczP+n_ z@2JPWQ0R62ycdgEbm=cNMvzf2=!*>E><*mGW}^tA%|9TmQYeLAR=G3@m&9~z$3aDn z)$&xRiC3sJ$#pb>-5iCWDk0@jM>{X*hgsR^yrQ3z#);WEM!`M|#n_Ti!+w;B=9Wd8 zjD0kP2XE`{7nZ>e^!DW+<&;1bu*QB`@rNo}3uP<2hkKp0=O8sRlZ z@~G2|pON+uzxByv?08kJB|BaM%mjGFajk4%f*dh~NwEy~jhvo)u z-gj_eF3YUqdd;fFW~X-hZ`HGpC#=r?%dK{}_SV%28(FurM`I(-k9N0|f4nx%1+i?% z&e!Md1nxX%&Fb^Dv6;U5yuEm+chfk{%+LTQT+xd|=wj_9`iH4l71rl@r4KzVZO+@?Cb19*x|-5X1uk+M zL<-b!63Z2b=+R|u&|0`Q7hKTJp zUW`S9OezD|qw^Za2AEfIF)l_QVVNB zS0-`th+ihV{hqW2S|=@HmoTZk&eM(ittHSEY0kYtdOhc)?e|kBy)LnVys(-pcIb}XW@_TA~~D_DNs?4gl_(Xom-@5^2Jym`y+b7!3E&+X=X zwx==>-QxAj2iVQmgI7a!Q>KEA_J<%erFZHz9d)SUqE)xECZ{PZQ;c7nM*I%yKELrYxDe47 z6xhssR~HK@PE0vnNW4pkvxL^T-cXW-4r3}S_Aiq~hPvHbOwCx+&P5+M(MFvEKfu7& z@U|~8aQhPD8w0hLEP)qMVLt9r5_TUNIv)mfK6E@j1kOPtNrkfR^K!YP3yYzDE4(co zkFv4Dox#8X5d-^Gb?gSo(K_GuWEJ4wIV%4!^a<}>X?Hh`nE28@uPQ8NGJ&DBfeArd zC9t&z8+&mVz^H>_e4s^0sF%hnVMl?rvc?FA4 zeSjy|2{UCC=QWrZ=9;9%QRW6l=6G5EbIU5TgZqFv)Qm#aE!2U-us6AVX}~y7t=Zh= z3F&RbhNUP}Kc*#z3_}Ent(&+8$gsVHb)R7!C zmZ1yAoVVEMB5hz|$J6c>Y|Uz(wq|{vwq|Xf>dY#gL1Nd+<2+0_gbO8*Yu>eQfq_8M2gst25K)4?DZtEIjwZa4H zQ7_jONFWADDFtp&ba61pbn7xCko;q5uLzF{4@p>)De6~66JmNqFzeLU$iXnlOyPK_ zT`{$RD;otPYID7PE@R1D=h$i5+%H2Cp(k}XG{C-iEJD2 zK)D~Qr&d9sGfuS;JvDy_>&6QiQM$uH*Ad&R=gQF!K>ybyB#={C)S5WHp}a*!(U+Laa|nHfCj&KtDz?oY<{li4XDdi&7N>mAfK%tmhpJZa`LGeR*`e zzdr=m_tnM+2GYp-{_*j_!CZ9xKx3S9FkWtb-}?Ub1M3G@>qU+tXnkcQ=`W2B`TvMs zuBzqOn%!kEw-5tBgh{vKwH`_`w@(QB8h7fyjhGcAe$xk4|)~uHq!v0C# z=G?o=129^eR1IK)9I~x)w(eApUOGqUH~!0J0$Ar~nI0lVnM;KvIGBq!h&-R5}kTe*&`gT({~;mj7<5!IFZkGrCljqNpW4B}LfAkh@M9SMr$MXYOD|qR1gN z3PG&cU#s^L+SWH5I+t&_4{kiELOy?c&;5IOGF!q7}B>Y}JG2VrhS#u6j|x1>sN z+ERfAAGGez3tORj3(SQKz#`{Mi9BVaJS{Z9w0~F(`g4;q7#<8*@QlQXOTF+YU>gc- zrq=noG(*V+pk}>gGE%ne_Yr<^$vcT!jrJo%m=Fm04%T0b2k>fE?g*gPBem(`8D!ptBAgiWhalAN1-emP}(| z5rZgeaFZkyF|kINbO@!JIemWE&PTM!Nv95eb<;1KA>y?5OQ{ROIZf#}9&7?~{xn}aW3)h($br&2q0CS zhzY(dlW=aoA%sIx+Bv{k=hDpFIhp1loaM;6|9sZ{=dJtCS67AlV&+>uIUhCGl0az@-Yawwk6p~$77y(4roLs8B$?!C+p@Uyw%&#qMb zS;G_UqlK;U#H+a?+(g^k;;UJUuUd<*R#)eV5-CF(bBd3U>75>3*E)HT?DzJMcv(Gu zpa4#<<)IVFI_{LpWx`pqo@w+jGh$eCwK~QAncFaL577W~0vjHN2qBNFQ(T+I@6ykV zr0=`UvVf8_L2KCt;L1k(U7uFuH^uj^@icyIOT+I*0$m^<3y6>0R}j8tN!;w$_Pb(K zzu!i3?;(25J|4~^JshLzjKnEXxFn#e7`B_<W3=+fKvs}8D7WPm;O)gHz9N|HTC!;_Vl#id=8Zr@Yt50UsBL{5|{ z0T`b{AwFWF@_p_k*%U*qC)3a~X=pqBff&;%0CAv6jg5nAQYm;Ac=B;N-R`Mj(f#=d zdejfgP&|#A`ELt?Ik z@w!O&F%Id(9gp|%;zH?0>ry83R83ZO8ONCVF(t?prW`9$@=pz1RAMzs8eAh!NO+)` z6vKAX1G7pGw$t?B?nFI!cU2FrKh%RO6ZPP}L_N4HQ4elP{6J*0iyRfu9f<~MZI6K` z2}qCgn5x1~d_J}PzJ|m5fD=X$9+YP^fGWUMh1$Z=eo@=3F4~h>!A*Y{Nga111eUkg zwzM?tH&aY6amgf==bQTnWv%+cDaJ`+Dp{_W6yuQ1gLIDfkrv0}^2hSCMzq#fOL$_T zm>pzFo2881>8GznaN{Cq^Pxm#l7W13%rrY!>L7K+QkF{#dIimGB)_GiV-n7_G1p+X z$PU5?GJAu2fFNFK^|wx9-yp!k{etYTJ4tU4@j7dXWAOWxO1Q}|w4i}`^6Zu+1F5f_ znXsl-n#Y)K9CDG&l9HtdFG;XXJ1*b&ma-MYH4rR9 zir7nM46mlmH2$sgy>AZ_;$P$v##^hs@|jv9uJ}?|>(SN5g(wXS3cbX%O9k)=y6x#v z-z#h{*lG!0Uoehe#?Ted!1222K%QSM2KAkeM=(Lv$<|uwb^4=K72EKp@8v|EGHa9l zc8uc%SeOeu*>u7|&6=RIT3&5jkIar5X$vIFh*cCfsABaQeOX%0Rbn!0^)&&$T*VI? z%Cu?Ni*0YEWENYXBzllM#?n@jnL``}iFs-|{PmnZ=M``*JYQoQU*>Hv?ruQj{nB<@ z(ZDn+lUE~Q_OAN9bke+<_P(+b>TOmJmZLMN8<~&@lgu1G5C;KKZB<0yTZ~#%ZWd>m zQ{^NE8XKYO6N&4Ft9Ba>nlcJq&du8xO54J}_BsCa9}x&5<}Y z+V2t(yCL(Ur9zP0{HBv7swxh5$) zhf**lvGg`V)QHFCn8xC}(Dehg+;{-8UJ#z+$? z_5$w}wsQnS*em>B-|d;Y1?)}vObPhwnj zNR~(AoQ_Xb4%i*m3Y0N3K2xz!+o~^Zp2Y_-C={!EDQFRcf6bShCzd&}V zLLf0VyZPs3yZHpQyJ^`Aei=1$lxC``zO}%w_QMr^z`*2(_Zv$%QR~h+-l+5)e0Y=R24@J zelS+-__a=ife@w87xvp!PQFk`8&+}id4X|uQW?KW+^1jMNrr*BlSUK_UZM=#q7059 zEA#)h_Z)CdCC$GVnsgKputq^ef$$OtMFFLQQ~^ar#FPg_APFfTDAE+=?7b^0%GrDG zz2Dh;!_L_|dY1p}OCdD9`|j>{e&6rUok`xl-PzgM-I>{$+1*Xl?>OpHMx_)|pVQzI zqy)P8PzUW2Zvq`>tVGLL+a8wM3V75)8hV6UJ)RuC2*(lF9<>G)>Sd_<(gQ3g#2^30Ddr3VlYOuy{h~ zzEP2$dIxGFdIu^ZP^cJgCxuT7s?1K5yZ9vf1Sd2_Vd&#l6dDS#gt8S|B8scnEmcG@ zPAR596`n~IQE&pq$U!p}q4KB+L^V^vPi;`3R2;2&yo4i;6bS=|@JKNV8IDVph_a

B2-gsdV%U{_&Y?KA*>BdAfOcusqo=E*_j@SFXF8hnpMWl1#cWT{&Dno6RN(PcoUy z@kr)+c#!CUnG7M&JRXN6`7F{S*@NYh%<&}2WS3+9#r z#63&|6N?}TgaBrXBxwNxsW_dJgCYW(q9Sxv89HQbfn$~t0-i)96(!5)Fd@Vu2^DHj z#TDwskm)2xN@AD`jxqKxqc@n9LHA8hr%MDWsWK^DLP|+V7RhH|m=}(@$E6CSbogJE zO40=x;&d{D6w0Uy=%QpQl^P~=|8xPophpYDWV%2I6B)|rF& ziIbF{=9DawIKfT`DrQrM6gu^erD8UL`5+Qfxf#CF93d~7lR|R1>Es}$gI6#qqtXI} z@(dE_FOvB1laippz_zG(Ps|g?Tor|*#3%=FHV3bGjzAV9lK6`dVNp^HDHX#$4Uz(e zK)7T7X-SX&xTL3MQ`Oj_X4b=3jVCmFE z*E?8~E|iG#lP4#W5|ST7a`>?_3CYQD@It@UuN0)BriuiQ7 zltcm~IbG3RPFxT@d^*Sz0ViFMtB@MmsRCXqk|+WpuwOAG0uQBU14E|6PPB{+fiQ(Z zkCWs8F!)Iq2}zZp>EtgVIWn>nU6e&i(nTCTl1dyIoi8G#!cH=JHfWA?j=DOi8S-VNskk$ z66i7!&=KfCW|5STMWtbr9-p2HwE`?Y$pE<$i(?V$B7X-O0MiG@JT-`;=H;P687UER z(*2-M9lUyr`Op=hh{)tMvx^DCJq*W!zF)kaAgRx+VW$3VuweTBZLnan)yQ&c*3=_W zBjkaSzBuOfE$TEV$ZEzO(Bv;d080Et2+)ce3EXh|Q7al8AS{r;jg7BpQF=OJ`Spf| zy7_KMNdD)=Jy7vFLQ>sz->)69%fC<>>UPAjP7QUws_p<1w0ue%fFm%%aV%IPvr4aK z_>mk5DWSI9`pSWc2xS7r)>?of;N^fck%)MtRAW*?&3qh7`j3EVR6+U*`RGw35#*9F zWTqUJ-RiDk0>(XXtXo5sgn-ViSRKSkI6{ys5?KRS0)RSQt8Q|G06;D&g*!#D`XaDa zan*x^S1bw5K{$3h!xw5oJ0)CNWjp-3)ObyBEM zNJ{GV6wGc|75aS-oSKR%V0GbuZd8XusW4%Li&9cRsy0>EtDKUoI4aZkBa zrru93kAr1t782P~kg-T#5ObtR=MV@%g2u!CcM>FKjSS5Y3Dc2g0Xf7H5vXo5K}|{3 z%2y$w19F6%447N#={deUG^0p<1ew7Fje^nGKvfAbKM}vtRsx+G8*vR4_ZNv_f4zFZ z!gy`GgZKgo=v|GGx4xFH9u+a5X?zRen$--&?;9?M__ijV1=~SM+KBpxFW{sIMbK-! zSdm=9BYh<)pfO2EML!6HpgkcnBb_IpPF4ohg^qOeT1cW^;DBbR(RD(wwV{HbV2RcJ z2O1x6M!GCVOx7J0O081axdEgY*a0cz<mR!Wg<9|v>=Wk9qclws@lbK=*lx6)EF@0IFb}n77OE_ z0pCbPMQUhc3OA*$0#*5PATe}DHb){vlPMeIi;Ax38FfSLs$u#t=&_*6g9;BlEuyM{ z`K4&EvZHdK1BHAc3F1l7pc@+l3?qQYL1a+c$mCKm7O5T@oDZ<-1^XVT*c#+Sa|H1-)NYt2 zLOGBhC`ggI4xIoiC7~GpIOe0lh83%QslsxFly_x<=AxCFW$MWbiq2n#p;S7k#i4RZ zB$o+b5eR)>Z-Lk|HY!rRY^$?M{MN9AnTj-lU?%156hzrZOM|GcV)M5yGc2LV$4LNF@|lY!WbP=_hZeUZ(z8`MDVmO8)`qUz@wMYp@NqW+~up^52N}UK~T`VE)@< zrZ&ADzD4i4GZtE4_TSxtgE)qcn*Oo+z`3@D1U3sYLo9=ZA+k#$ehE6V2pA_zDPIfL z;}|+%_1|tqZSK>$4%b)U%v9kFvK1Zn`fuZ0d-Q{BrHq(LR#|(gaRbLJegKSXYttdM zF^(Y>=0UX$MKM~Cd_}eewI~2vm6Y=8QBFoWEKCY+L5R^0(7f7%sAuiwfei_rcS_Pj z;^LxXkwp;wfMzLLtuPyDG&viLHe4797$LI+Ksksi0D~}Sltf-lEC*!)(TL_j9&Ld- zw9CQESBhRrk+TRqR5gJaf4E4USOaCJ`YYD94hmO_>dA{*w$?WH*YP#fDesFGvyB!9 zlmEA?2Zsg(#x+_VtWBXf7NB8ms#8633PpiOB^EJ9FsgnFQg0lK)_|n;ysB(b4(b$$ zj#7olMJ2~YOGHD!ty$wwu8AOm9^v8GKnl`wVO0cI z4h#n`RVW;(>79j+3dFG<4FRp~kyJi4=wU<#)F>S5`F$wLVMrOm6fP$eR1Rax!3!!- zHx-8W-wF?g3Iyat{w4e%8Z?7b<3~e52Y)+Epku)}SeAkXu%NgBORuleQR_%=;AM?T zSV7sElfogW_dh!+oZ?al8_iHa)xctCRET^r4mHmzJi%WF5h;JhP+Dk&gw8+eH`Z`1 zD&3JPbba|8G4k_(sFBF*J1aeWj&xX%gMUn=i3zyiEs^CQJFc=km~$lx7ZRi?eJbD@ z0?!*NrcB^9=&7QNz-Wp#!dj!~2e8I9O;)8btZe z`}=%QQ+VlMb#KJU_ifVE;UCBs#E4Kt0;1mmA|Awp3uO-esT^SniCidYhzo(N@#TX` z0GYs&eFNc(>w2 z3RbP=sSp8ZrSL82DuM&`LZy`9Kz#->@;fMxL#9Evp|v7+lV}vB53!oMiueWfp~o~7 zKd(F?85LDO!0t_rH?XBs{RXAilt(X=r!8w9#f$?mRkFr!RGSJtSc0l*hQt~$uwxX% zI^x)fG-{PfGxkkS7iBAAXVXd8!=xW71UD`C-uWn7IIIm}G5fu2XdBcY$cAX}y=;~c zc>xAHw4F)=6_nb!p;T0JoxFf{fqg?2!KDthLH3|XQ#X}gKNUcJ%~ycbfKZn#IAj|H zq^{q@dNrTSsE0NTCUeDD4~*laz^H`)U|_Wv)*i=ND_*E<57eM^(8vO1QNLokiqHwY z08$3NMJa}L!m;+X%Tm!>^#HVi9X+-41&~~MN*@84jUo^2am-fnTH)G6zEuBok(^Jd zDH@3A!*SrDVA!EHkI(@l>IYghX#$}lae_$^#Uhm78bGpfOhWm^6};_F`QB0NG9T>% zYA9;^JO21OYF?uZtN|vefxQhFREAR2OCcr7?N5%v%sfz7<}}Fo8+D1MQ~bR_q4?gF)){N1(#x z>7daa$|Q~6@T(oyS37D!6-fnA1r8d&QAHXcBsi9#IUF0@C(u9`NJB%Bius3*_|8ad zj<|iC33ZUZ0X6ZQ(40Ynr7N4Mh3%76mDq{3pAuefMh}@NE1aNz<|nMuar_(fzbzL z)DMVxE7c8zkm?0!H;@aoKIH#4@JD(m#I}+WeNYt@q0&atq{JWM?m{6>afmTIP{Eqi z6X;A3LkAIfW}#Ab{-|srs2!NGA|L?3qY7Y~6+&GvRG2J^<4MhHEDZ{?3Zyj$os=?% z)V4}cvIjYisUOrgwNH&i4n##7)gBBh>ubc)&Kz{=NskLFgGTmrzchTX@Td7K+`HLL zp)l*r{lSN4NKP#x@?K0T-ZpB|Lf1sCGf(pu&?}^l63c#JN2_o#dq&&ciWbo6|RYksb05El%s(Sf9{;lv!T7x1{yP-%}U>Gcy>ZPN6A@Hy7 zZ5?c&LJLDl@EhXnu|62OQMC_TzZL_(La`_;5}rfhGYEd8zg^nTzaT}`4A{xxt5%pD zRTJ1esJC!|A$%*RkTL~>tK3itbceMB;Gl~*Nq{MYYw|=?9y_X39Ch6)y6P8Q+^M?w zR{>f02!3*FC7M)OU3RM!(Lkx67qaX#SAcH!V0WJPG?HG{Tmx52%fFgxdbakWR64xyF z#fO?PpfJKeN|_UlJcPfB?&wL;d*5q^f)3FDM+A@+7q)8leNA~f)EfyiFb*(^g}DRA z1Hj)1pfI=`YL&0s8>+rwKwbyT6Yi4dVeZgF?trBme4~CzhJT)r&W4`yfd2?cae-$~ z$b+uDPljJCz>t7vMOh|1b0H7x)quDe9B79w)g__b=wi+s!17yoAYA_c?{B2QUL7i$ z#-iKb2=o6z{nt=nEmHPqG>jf5`k4BiyHz;!Y2l_FMKez^OGcek1O0pYHX<-LBsu*0Ha-oxN_ zedlM}vrKgyf`^UWCO+G@%|YVvvnF%%(|^(Ky?prBhao#%>|&$tXSf?By}ei>zq)bc z&w}LYXI(R`&lyDvm}ay1DT&E(zT+LPod_O%p|81V+;jZWK91hbE7i&U^sR$G^qEQ9 zy-W1=!-gGWv(_cL_#Ir2Cqy24@q*Xuq|T963o@QAZPljT`P~+$A6~7Ne-$(}d)j4Y zicj7;soOEz1-r(M9-lk8+bLt~<{R#HdrcR4b&4uo^NFxGW+^t7~y)+mFCc5`iu zxktJs=RccRmaf~OeBZgGwKoOX7!inGH`Vqbyvn;09;(4**huFvn-dmjaOs$%kpl-` zIj{+W&2&?sVT;fxum}yLD_U;l?%sY=#?Qy)v}r^fs;8}X1QAArmIapumiVW_ zW?VS7Cp$Zv0ednPhaFL;_lVO3BC*t&CrNjP}=!L2Rn{yX?KRmMDzdY7J4`bQth0IT@bhsL% zv+8YBr!hC@pSgO<@FgAhdK20Tx4V6&N@rN`c%gY0_YL^Q<;%7@o=CKQQr7vz^SG5u zH%}C-+^W5D%FU=gLQ$^pms#CBu7234J_mVPjpSw{cOnf)%vPn8KPx+l3zuoMabY!^MmTfM#J8#SwIKe$)y7soK_Qw|N?eo-Yea9=; zkLh|$ndBG{v3J?#mfO3?9#{Kyw>drgaKXvDcNYiR8}XgG1Ux7_J?L}r#!vF8?+-k) zjY*$l`e^Ia)|qdKBE4MT{agj#H{h5|JWB~utvZ8+C>;Hd@KZSd4oyid^UgJgXT^xX ztmcolLQ}VNlXT@Se{eplI6v@zcfx~3ussQi^Se=xOaeXr>yoL6R$m6tkPM)K41hVe z;>AaaSu4h>%fjVFW)ZI2Uv2K&Zh>FRE@@T$qnB^h^=P3Tx;_7ZQJWj?X@{F#Hhkf+ zf0pjrqn;OV3#Q+>QsW%{sNquw*`=?UA3C=xb>P`sb7I#UI38GYWtqe3T>UkdruREO zsD(~da@HeOOvh%<4_7pa{&hpZmc+{k8Cvocsjp9DyzV++Ve>aZ+i!dDR|@&;Axq16 zrcUR2OsT$mQ_uLqfSe_vogW(SE;G;GJ=Od9?{^*go3)MTW4|a@a=TgAEujN1KYi*y zsrbs!^+QWqUh!EsHt|tu)QA?Z7CQI4H?f=3YL~u;w)lKuo!g-0y>9)Q$sWVc&MRc&=TTPt3th@!jpTUYyBIaK2!BSDa|t zD=2$IHCDNEC9Npw+Fr{IyIP*_9rn<3p=p(E=uYdc0mB0C?K>dJy)AiYcWY13tV7TD zw~D`3Jnl(EC{eLu{H-Sm3)XzPu{Qb6z8Qr>pI&?#_As<_g}MFGioBG92S0I#B&~NI zaVdW8fIZpv_Aj4i9I&6@IH8Ao)V|7*0i_4^!w;Qb;_ob*_Fh;$gx=TDJaN#p**;M& zBd)F;ZFO^gtKmY9<`b)_*U`fsz)iLCss;t2DM zZK*5KAC+jU4U&k6DvKx!D+yIfA&^$}#T+H$AeIsKXe%TU%v+eXFj>{YE{SkSVzDS; zH&7+qK-k3)(L|)`8HAnRw}hQDPbKNT0bfQGE3Y)f}(q0Hkv%_Y>Ti~uf6=n z#GGFHIqj~G9;5S|2i`50oZr+sd#dN1D*mwm?;*Liug&w8PLvgodvl^AEvU=>pUifY zFViua^ECBiDq~t%m+oEC`iAn_>I;PZXHLIY{ATZj*Fg?9KXp63i~U^KVfFnrot~b) z@!Dj~Ec+QVBTT#vUo|Pc*!BR+`p%0(PQN6~-x%s?aM)n~;Z>{eufKB5a&)i2z8kl#vVnHN}* zb-za!a`A!07;edd);zZvCAY4=u71^g;p|S8r*Q@M zc5^tJUR*!iQhWC;-ymVm7Ow?P;v@p>=bX zbPvpK!#;d=(V_*px$QrOOl!O1_h8$CxAUv_q-_bCap$poNQ)=GxzEb64*Pm>gKet( z!J3bs#ymDG_)XAl%_riicKG;Px8xbTN#1AX^@)tyQxM;N;gF`RcDc`e4c2x4{pXYA ziTf6go)e$hCo&{(uivpbSqTOOA!(m;7VO)VkumsKjMUsXH~JK_$YudiWHSfWd_>{2 ze_L=hy6n?fiIx?vCV&Ac7lQg)Oe3}C4l7ew+|{g84VfmOf7U!(63#URwVCa;>E}9r zYNfZg;I}ar!8u!oSASa5ZEZ!_Sn;9@$IUXwWRzPFej3G%n63n?%%Y%KeM8~G76sOg z&1ubP2dgpdA~=jdFzeZ@71g)Dvb%aa$D`|r8@!n3E>KpmgV{o;aiAN%j} zdDtvrXHV?ah!V?%?{-WyePO<0wKFT|=Hs~OsV%3QWR55u8K`|U$Aq(I^5Ex>@+M9k zVD5eDmi2QRrxl%V^|tfXn)WK}mSwl$DTTj1zeH=>F1)|@$#xUR9hck>TH|`$x>{>j z{6+e#&u06q1FSMX?XODm&R{0Kn#5RGWYw7{vg)8Fu9gPclw#QR50oJsj;~C;7~dgq$p@- zI-DpG7aL0tjE(Hd@(plxa`p3MIR*K`;;#c?i}Goix2ge)&MU%R7NyZdzlH!EeqFnLmAjeSkMua54O*=DWQ}1XD~%2>1U(jeOS-fdgA|H(z0$PeT3r_yaKeVvSEENl9~t!$G2wbY*C@fPgavnzvW zv0pr6=6CYA61{hEaK-J(T@TA2(MJC4U^nyin@D{G8D@%ydy zM}6)!PUnrd`=fQcf0j&n*+yhIBW}9SDz60@R?kLVd4n%*H{yC`@rodajxo1;XpixmF_L;Z%bhD$iwDScOmWkLvZesD9`)A3Dma%M`DhZK<6x_Dj zeThCqTv<$6bV+1mGS9iT5lUg5>cApuSPeYD)P+w_)d_oMXG%p+SE;z5q7Nblg3(!N zhyxWp`nz?hwDdn#TV2ysbJVyF$WUcO7^v#iYC_qMTbrVESk&kh)M0v*5`Aat-l0~; z6}nyDHYxfg*hK5e>CN&L?an@8tR1#2EYnQsXBLIs zIj-k-{dEej6TA8{?-%*rEZY`F789yTCu_5AQ@5O%JM_ii!p@(TR0#Wfa`S(#_N!)} zysC3`?8s{~9#z>K>fvq}*!-P>B4R*Tcy1GvQeSFxC z^7~Pn;{)!NcQ7%1*WbJ)_1~7 zN(@I;YBy(#O2xX7k;~>kw>|Quxp&&e@h5*jI^gze(IHk@`Fq+H#-}k_^ds(-ndxHY zW}_C_+YNiXcJ0e)Dr+sA`C@eGm}dFazrX1@DyvxRJ0h}=XjW2U)1;h_88!v;kF{~L z-nd`hKc_$4@ko$q)o&mwGeK1Ls}Yr$<)MdZ^J#NJXHm8+%Q~ax$FXH8E^v*6zkCY!h z&W?YF=co6)eP`D;AFDwwUk5}TNq#>qHnabo;XV6*+3J=uGRW3w(>U{Avsru1tRD@^ z8yr&{ux07^pfo*;*N3v+mPB9Q7jQIlKrg0ynSqCJ+|x^@mpjG|^W@NS4=(>K5v*yw zV&yxx-RzG1t24W8Z!y$mRYAh=v1YC2#eCWPh}+@%VAEd{-+UP#`|HIgBl|==zp-;% z`Q1qq)_Xeknp-6n7$0|Y5|3vdW!vw%yK$7=f!oI>4Br$t;rd6N-ZL{&yUh;T^|X9- zZfEzECmt6EJ`55bXIkACC=CKk_xt8TRzqbZLaUY-%glBGVUUueJnRKdpE)YgqU2YikDXe|_Py)Z0IDpNnVsc-l_CREF7a zBYFkhIkRi9b$<>nJ)W{?;3fMk+8q~b$)yVVi~S#)8C>FtjE=eS$0U?3EpC^XM93yh zoqBm&^asOI&TBVaw)KeMYu8(z`Mmyot3zq;2E_DAY<8`~_BGKux#@?Rww62}_aWxs zNUJG(y)3V_a6i(-(z^SQ6@i=Iwiz|>>V)~tC4$4Nhi=*8Gx!c;l}f!;U#6dFqIrzs1IO;a#5-6CN!Zz)d~lJ#}KjrC(-S zA0+xHq<9no&ZIJMCaFC=f6~T=oJoWe;pPN)Ss-Upf0fV#;f?&mJyp*jynVhUyc@8u z)rKvr!#*jYJFj=%r!K219owehOuK~2`I4|t%S68ou-NPq8O$HDPIt--Z>Gy8&rAC= z-MU}prw=RVzaqVq-zFgdAK%|*QkwCCa{KEkHuiSgJ;G)Se{UC;HaM_p z@UoX%Rv&#-IxuS9+0)@!o8sg2*9q`|;lmbk(xqPvc0BP-_7;3TvClVj`0y#aPgHli zx5aYL#$SAvFnf*Ixrer|Xwgus)|RE?#9tn6I&I&g)Nq2^)$QRQ=6p4%a;>&wr#Rd; z-uhtdtc#WHe|yo%&%49a2Qpd0;4|}mo(?Z#y5#LVQ8jdrhdAKO#Fs}`bp5Go6K?($ zF)ub^+_R#LB|2vNGIa-=ZEW4!rSFD?;^bEgi)iOz{o{=+S71_E_`kavUu0_lZPe4% zaWK)Mwa~J}Qp;j~I=S`4FUw{edUb73DL*{m>gzHvF&7q;5C50twT6RN2d*>J!5)2R za)@YeZK^b*FbNlQ!&HBD0!x`d$cU~rHXCi6=}2@T43q$nPeKnqXf(ZJ${$UiE8c$W zABf(%X_Td*7!I}J4_Sa{Wd=kOR9;JOA$_6hH(pYv$yfkit-?aAxMNm3qaw>bJ=V}V z9J<>j{P&OJZ@g~p=NF;%^~%m??@1TuVP#i2C00eHDQ|{_x5R3DxcWBi?uB-iEddlPFMq6#N?_Swgd46@(il^>(4(&)QJ8W4@a%UMg z_iDcI>xZNZ+5sc0yzX0n*~cu>HYSR+^(l+&lz+E7DSK=~W*<#^Y!Tj*XrZ>+fkD=| zmR+u%&GpTc2_Y@tr?h+Z)W50O!@ULNcgGuNP0P2N+a+S?nPL9=MBzsb05oT2;crCY zL!$5=QMgN+KHkT6f$_e9W@e$Z{0D|o`YIps=ZFojV=kMH*OLx!J(MV%`2);@h6x7- z=fHjz)%Cmfi8Eb_-cJncqqF>Me@Ew^CMO^MZD(0l`PsR|#L+hRV_TE! zuTuB5%^A*^+|ft0Qm1RR0U5ARE>0Lkeyk+fCHZ@QYT+|{#({3H?oRIMd#mZ3=z#6> zAE!I;=KF2^5`VnI818ZA*2gd2MJ$OQ}|IEDZt><~(nicp_nEBl6 z!<94V#XEj|Vn)R6u0FR_d(n*-r`@~BjHd3u6OKK7Xghy;r;*X4#JNrmD;$&ITDw@>HRv~FK9?Ee6aIXy%G literal 0 HcmV?d00001 diff --git a/Modules/AzBobbyTables/3.1.3/dependencies/Azure.Data.Tables.dll b/Modules/AzBobbyTables/3.1.3/dependencies/Azure.Data.Tables.dll new file mode 100644 index 0000000000000000000000000000000000000000..33b1aaf7903e2580f113257d0edc92ecc8f7d057 GIT binary patch literal 388024 zcmeFa34EPJ)d&3KS?`jhxk>I#nzT(oQii*9inV4nJ*m zb#QGIo*Es0=HQ9PpLJGv&fp0r4@T?G8eDzW;9dtGHh5-u(#dn$+A`b3qz~EKvJPx< ztb2Z_udn6yytVaUwq>4Weaf?}l)>KpUAPC~ejd=WI>c?8audPw%io}HS-`LQwTF5g zcL}5NUjxQo6WclxbPuK*bbEz#9PlO2dT?91eXA9}Z+hCZ4v&Lg6Bw))U81Mp-#3wP z&N(N)=^XfbAB^k8x}x04zd_47ZcbEZnb#h&81gTKG`p(h5nJK~7j zS0$o_`y;}NB4`HIV$eiYbKMarukE?AfGmazhFqr88ajJEvf99(iaWczl$|Kh9UcG* zx2gk~(JWiNAqkH$e!J(&mxY$|UX2V~)`;;?qfNZ%KFLr>V$uuty2xXs2GM?QacfW! zM}ue($E!iey@@A|<@Lg6gtFa!LP2q(>7^nZA-`;_aEZ)Y_g>hmrtkwxmXciTNSb$hBk-JVfUKc(Vq1Skl1?1Jc)ig&0}Kp?6> z5r(J2HNGum+TeDq;}rV|W!|w6Y(d@Rs;41x#&`5;z-g90;je+CdOCh43OiF>Lb6NL zw~mG69FlX@GvhR8)zXAavlc&vI1yM|Dl*L+q=BBwRiijf70`Dz#y^wYIyg4VZr5p+ z6H`JVOT}|-bspl`&QPUwb_4~!w)!Uc*XuXqx0opu7uae&35^g7O(A$_cOr{tMQE$F zb~p-8sPVJm*U;{2jA32#Y^#JaW>7}EdJlv`gF~*Z&Iis`5`O%(P-3K==V3z!U~ zFC>IAQWw#&*dAdz#|`fXjfD5!X77E?-jC8tK21Xzptf@{nNBN|poOtN{5T^nFuw2s zdQeLg+~`AbL=lRQYF>=;Y=EG(*x@B`s!LfuiI2t*eL6RWP<$r6IHZlCYH3I0?C2p7 zLoqHx>WbYB0t*e!QQ)R8YFOw|9}B^Swo`ozVux>KhWpzheU3<@LO1e@OYQJ-1PxW} z*+q2)BOQt)8;EklD*+U`l3zT?9+`)NLB=6$rSNTxh_boTP8hhrBMC?0u0~j;EA|^o z8A;$9f+(|z8(u>ycN^c>1-9i5ReENRjl(hF-|bm`^;$$28fS=tyh7qlKN$erJkN5* z_0>rz?6RJs+r6w{`bX!aab15|aY6JeHjTQDrGSxfJz(`6_|dG1t=>s|Uv)25f0m=r z7kw0fvbh6jwxiC_Q}1H@i%`H$%h4AL%&mZsACMXv$F-|B!>Mk;PiDxEJVdcam^|tiC*!DF5gNXqNft|z+vr4;gu5pET(=TPLv`5p2pR9V)%(yL!jFJ5if#4J zYq21fR*vl;F~Yl9xDqAu9=Jv>fv|=5!Ue>A0F@Uvwo_v+<>0Xm5YNWxpwKeK7F5uN zWX&p4tV!RuAe0vRPR@xcEFijD$%%G?(;lIeM3|PChEq`Me)VIZ!)DvX&<&_@O);7f zm!e#)j_n621!49jEz~m&pa=nrI5FV85kLeGYgx&71^9OLWvRHbp@qGoq;f~D;0F6gnN?j z82YHYVh#E>u;iRz>6Ze)fpo&ShrqaCqR?PmJqB`OpXv0&FM&WM?G)A=QRqr<+%w4e zNbgE7TD;T$(aWS!uMo?=F}6=uX5of5BYC=5&`{WS&^)T3nP z9VWyn%*#eEfK2u4z^=EQE9XOsn_`||k1%1uR*wNFXvC8G21#rZ0G(S>Pci_u-Zu$p zYl&mFA#v5};vO}Zp|(==kz;KQ9`s0`NoGZg)YIPrv0AzRpdvXhuq_yb)Dbz!yse(OQ*nAa zS{z$_7c}SZ1RWP={S5qZCRbHj{Xs4!sU&i>|8&+KW$Zw8GnZA-0La=2(?BK%$d~#F zGEe=Jvt>dscn!!6_uAq2k-p1CAN&CvVAQh!w0<4+99&sfK&vmHt<&lBXwv!RVL1KH zU|<(oc7FNAoEP+~jYt8fpNgG7pguT|iu3@46uZU7c>~JPM?OsC8D!gM6ATQhA0o~L zf~sNiY&^d(*De$tyWp!A>M?A;XNCGv&D%r0N&VW6O7%BryC#e1NU%jJfVLFczWQ-3 zZ9RKtmNh<4(bF2F=K4W?4suV`%8-&WsGrnR+o@zhVq#lM`Zn86Cj--k1v6Z`&=jXp zrP4eT;43KpQkR=^3k!0Ho^um%T3r(5S;TE|66X3#{GdNDQur&l zvq5wo>eCy(3{N=~^n@^pGg(-+VybHANeni&`VEkscKBOHnw44yDlKj4a<`wBXyvS* z4#M9dFjLyvSHFj&0;M$F{h}%_GEP$OLpP~ zdM~1>*2IAs3OYmvYm8X>AaDF>*0h#sHjQo{rs*vJ#f8?{cOOAsHBlG2=z<&%8-_r-uqDst{ueQuh5G=41IY$=+COt5C6gn z_+x)%1Y;2QWKA+LU|LHDcG_aUv;{D6vZXd(mc?CT-1(hO!XSj_A5_< z7_^N|^C1`{cG9NtjVeRgj9tI2wQ{^>1A5jSzz?9zX1e<~04?opukA z>DCHEDX=?X`3t2K5`$QfO9`=fK<{h;i#~*$7O#b=W$bv*Lid$FcmMpb=N1kxO?SQh zotX0B?*6uME`S$EUS5JoKlql%Z8Jf~*`2WeB+xzoT0nLn!uFrxA!hf&;~l^wS0 z>_0z;mhM@Z2>&UtE9;9OuONxumt9u6vCIpO0GqZFS!V$ID@J>0B6~#qZiw{;tZ1!6 zTlHrHD7$#ECk{93K)xt9SyqZymrOFyrcNE6G>`JEI@OFDa3<$3E2UgRE3ww&T02gj zew%uF&kdGg;M%M(H7ZaDQkxLNj`aCt-Rgm`g=N`_fn%^?&9c?ia7_50;IfsA2t(rx zQ7~sp%_~h?!^Zn0>X6X8`+*SEvA{W1EX!mY^w|i+c9Tv*csfdIE7N%G)(5{ z2?NB-D41A&-wI#BnD%J{QeWB@Od9KTTT16_IJi!*Wuicj5X=g}Suw#NK~~nkP6yp> z{w=!hhC}KZLTS+>8MaD>1FcOtrkeA0t$UE~(Eq#ndK+Ls#4N??Ha$|HwobRxqxq;X zMEg0cEPfdfHjft=mj@ftxcpp@Hm-oWF$cfGAmI;mh&c`=M%(tADEsXHp|ZET8xF14 z3X@fOq*kz^rBawDOSQbXS}1f}EfhYk7Bq8Qt(2)$E@i6Ky#fYbL(ot!)(>_G_b;ZF z(J5tZN|~6lZMIOqc5lOB^{RUl1$s=?ZovBbyPU6dMcNWtDa_S=HNF~ z@2yom=OsD7`sZ6P_xWF4|8{@F;dR#d69swl}GKt28@BRs=%a?9>czvd7W9qzEsRUFfC>u zm=?1ylgq~J%R;JLqc#u`@+A5NF~K--A}SP#I2o5AS;OkVSg$;7kL{0o|5#d1i#DOAAK13oWali#do${ zRlMBp5w9~-zzTPu)i}I?PUFDdg)=a4>|q?uIha_Fybw4O&=Hc6Cez}#M0dwgDmK5kyLCh}IOgztUjn`WVbnpGNv|3LU4%H^NMGqG>*iSge+CdVCZ^ zupvqqX2gP_9fAoA_X+Fk@NefzEB5uT7wG8g1iJbi0`vM>fukmx!fFZE;pvOl;n}Xc zfM%ZU+Ss3v1u8$|G*-0Zl3a*_mOB%kc*_BDA$I3(F|9<5?g@uWz~$))oMYC8eOVhW z)^c+W#QOP~6y}Z?Z#c z%I8|wfMx|W?P!3^o*~SZEoCf+O%zVVOi$)~vYH{w0A`A4JF?k4c~~?Tv`joliqqPO zojc$#v1moHD_hyo!SKd3+JG`E)9(W}O*)pZA8T5WB%UcqmTy{%!b%sGEJ}Vj4UVi0 zvK^$s^=r6ub$Ykf>G|Oh+?B^SX8f}6hY;U`{c zuqXU(_^KF&GrE8u=(8txM)72IMfCvVgfqc7tmkfucSB6#OT}HWG9~f65EJAQx4fAF zmODu=>?2WQ>u{bi7xk@T*Hq4F%mBpsiJ1hpo&{ji`XdrD;ST^MWiw>9cI@gPP&E3F zWuM_&umcg^7#2jU*bxQ+E1@dAB(jf6OWIH86RM{NNI0T30FnK*zrsfLIh zlVo}_qck!VFH)XDG~lU(jZ5JQgxAQ1VSm@mfEGpYR z7J9da3$x0ZL3A`kvOjzs{FSyKI+ZfKjYR9g3B^6)8B*YwqbS9t(=0W_xOEKIZO%d- z^O;8-ZLd29vI4Q|_CxG!Wh$-F>6HC=Lwem>2qE(C4#I6W4-IiTPk2X_ayg6J>vP^k$@q8H@hJ_Lz-246_a+b3qh~ zGCmXp_PEiD=Hs_@Vj9J({UhcRR_y|;mXS~Hf%eGG zfOB?@ZUJ}u;#0R#F>S5Ab*RS#Zoo=V%dJDbF?PCppuwnJkkTx(#>}a)s<1|rs$I~# z5{&GI--^9)d*jO3-I|zIS z#4xxo=&1ehW4!y*djP%1m{?AwrHB((2Lh$vK)mS_OHsc?te=pQNY#UCah&jAI5VX# zXe(rdRc59P!b9*I528QaWDqrdW`;GelPP1-r0Je$LH|_Ckg)8lLjhpe90njcK)C*rRle$}RQ!j+SwR}qczh@}M4 zBk7%_5JydcKbrWlII}eN-_}SkuG2e);TOi?*=P@Rq3W@~t*_PYI7VpXe>}b5(+M#= zk+8wiX*4BF((t6_psf=@Co_m^pja^EIwtx!n{=o$ZMH4#K4hc=N6`w^Qy3XpHiYa{ zVAN?ui_ER2cMZK@3}YD~Q?Emg`gG#=PvQ*<62Tx!1dI=ZLp{y_4x(`;Q`zb)fDj{y z(wj3^r}5 z>BLU1FJ&~@``hpcE z@X$E{)} zbH1HWXJ~b-*k|+uGN-fkCj>hBL4mHuX%EZ=^ZMfgM@=*ZtA^treP+%V*;J%H24rSe zh>H@RTRNyI5VJ8%#<+LHG5!j$2J)J7D%of`8~RNs&3dyv=Y(%TfwQH3gYd0zwEE%Y z0EPK!e_(ca1)Q^e46vU=0(B5FHtQDJ0UQ3pFOe;C2pG48C~3O z9UdB8e620py5)H9&{i9ecQl65MwjA8Hh+r`*wrh6<{@p@jxGmYT}3~s+X@q>l4%K< zmYe<0ePg*WeH}+cZ)Pft7$prZxVDo(yjc)>J%Oi32wZhFGN@j|Tt;M~z;5B&5i#TEhv^kdS7yf9z$y6QbqJg7__8AjmI`%&dbl~fNM@CT|Snm-T7F5@A7&O!OIV) zQj$*>@cH3P>~Tv-+_M4%vEr6qsop{AL7@waAFOy+w$RmDdL0(tT5srT!}?~M9Lb1} zihy#e)Shca`qo@)E_>DL1yAMN^vW)w)s@Mm%54D%r%jDY`{n#*#3F`fOel_}m|6yg zcSg3bBp7eY4a^=+2Q?`K%@u8FQ-|GtI`PUYflTR(Yt*)AOZkazL(^6<{`=#aO(A^{ z`#ILGrVqXoHPv5|K4$B$2z2yU1-kmn0zLhRz`XvVz)=%jDbp9}Q||^DV}Ff<_HLl< zDvaL#(8vu4$&9=Qzgcwo_X3vF(;RVB3bs>oI)16e3vWblX)E7TH^I?rJE`z}a0og% zWpcusiM|CtWjE*<4h#Y!M11vD{H!;9X-{j~p{6g@bk7n~@Ao5){+!gu)(;7E^ydY7 z`U?W{`m+K@O*DlSYU&>P)a^)4Ub@x_)OUBvwd3*P5SDma0tExehrtDoWBxaY-eN7t zqz3;$*jE}%4Sp4g7WAeD%fQU-=oPyhAny-KiFCq z(rBO$!%+@=Ifzx{+RR4;5y+GPV1*|nwX4xOKW$$}WoGxqNfKO{@aeFPwcAeNKq!}CofEODgG3HY8l zg=is4;YTa*YmOlZOZ-CkK`^Nptp(ncU;|mF#(*_ki=w*_hP4$obM&Qp`Y*z}{v9T# zp-O+0Yn_AwhKkI3j1_6?T9k1wl(9S0?w4_+DpMM0_bM5j!d0h(ixsE4)Ygghi~}M1 z(r~c%Jr2pRE^&URGS>@m#xGE?L;dpBX%Vz9p$Is>>(LtaOFR+$WnilRz`lIZGe-&2 zo$2UVlnkQyEXsoOEsmR#z1w!zr*Tat@-8cF@x9q5jVoUYDJ^LpkCI}w9_QAmwKBfwsFgUFg4p

4Wh=_gFWX#}Ejw6tsO+6(?<@Pyvd@-bomuu{Ec;Fj zof^u7ZVufRS`a=f+#dd6`1$bvhL=Y!h~y$SMqY}XG^1t4Ei-;PqpAFZ<)1G<@u}Kjx#yJbBFGV{bh6?Z>|7*fWni|F~Vpz5ck5ANPghetz82 zc^l?kJ@4J~J~8jh^Zq*T==sObZ<@b#{^b1I=D&abC+FWi|H=84$Dek5-SL+lzwh`D z9Dn!mFCKs9g6M*eF8KC>KP~v@g4GM(u<(|JUtIX}g@0T)=Y*3_=sMxX6aI3-aVMU9 z;-x3&bsP`R^yMU3A-` zA1?aEqTejK?3B?{es;>sr_5Y@+~TtqcP`$(cxv%=i{G>O^NYW>`1mDPEqQRsca}W6 z#GD#E^^#Llr`~ev_fP%DsTE6)U3$XObC%w=^vR_wPrK^08&7-ov_GA;>Ga9dKXv+y zWw$JQc-dc;Z9n6lGb)!aTVAz%X!)+?S1kX?@?R}K`ONFiy#LH!ocWJ4vu7PT>!q_g z&K^B`>g?B_eb?C!o&CGBD^|3v*tTMP#dlY{xZ=2#D^^~z^8G8HU3t-}9jm5RJ-F%z ztB$RTpY!xN|2XI5>gww2tM9A+d-a@}vucKFZmIoJ?T)&gb^GeV^^58U>Tj*Tq2cL< z7aERgd|l&xjo)fq(sW)^N7HMY?rbVsJ!|#y)vc>{uD)~i$5(%D^_NyRHP1PB+qqYr z`@wU6aBlya%h%ko=JRWQvgVkzC$2qh?Uid^zxKUrFF7x9-tO}bocHtd#@BuD{Lh^K z<@29D|Ih{RxZoof{Oy8;(Ph!vXlLti>y@o{w%*nHz1C-2|I&I&+wQihwyWFT*!JIT zkGK7yZEbsB`;G0lw%^hI;r36pf4=>j?cZzP+;MfsO&$N)ad*epJATs9y?)F3{p)XD z|IqrgH#BV+-SDOjw{0lzoYUFX+0{AF`CR9VoqzBA?S(I2SiZ4tW5>q$#@xm?ZoFyZ z9UDKq@z)!V>6+VpLif^c(>tqoUhl7Z|Ju7^^XTTx=6##X`{wkW-q+mswZ0$s{kpHM zzq@}+fB!&g;NZZM1J4coX`pOy(O_zD_uwOgRa@3>xp2$Jw%otvyIY>W=*5d(zG(K= z=+>UCmu~(2)|D6UymQ zSN$2DCt)%0b39Msc^c0%czyvr>$7-%iRU>y&*OQ)v_OVyf$Y`-nXLt~S_|~39nhk7 zK!@4^4QdB&J?p^EdeF<9Gmtmh^ zoGx(nKFDtaklVIm2Y+FC;mx3gh zf&`Z`^PD_MZ;;yZkk;~$((;hb@{r2%kjCE-~Wngft#4wxqBZ&y24nPxoaLW{cw&ssd^;aP|0d^{K6iQ;L&(~74Jdfs+uc{}i| z$Fl)XC!P!OY{b)rryKg;P0;4{IR9>X@odJ^2fc1To&h|A&ONXkyT@FFXDgnI@oaN` z014=)kY0WVx#ahdIQ|G};g6W_|A<-rkC@H>h*|van7#jwS^Mvptazf9jT zeaH1ZtnZ}0NAfI{n8|_yG++sNn}S{2;FT(N8Jf7lTtMRYZ_}6OuYc>A08vk17%;SmIUF*DY0i`>n=?-bSLz?c8 zraPqR4r#hWNJkBI$a#U&-{1)SyhYz{#hcpgt={KjZAfP965@^!+)-->vWa_5FapzozeR==)px zepKJz(f5z^{e-@Ms_!TD{gl3+(f70Zeoo&n==<0D{;j@$ukSzT`+uC*?xptoALnmZ z(|7z;@&C~GOZt9U-=>V{c%gCljcpV4&s2YfzAO11HgnWJSKr6!d!D|J*Y}C~KAGQP z)1~iCitknbW%}Ns?;#DpT;F5*{*1ow()Z`}{RMr0QQ!CJ`^)-%P~Q)iNxM8;ChhVS z^?ybEUsM0r)cu==*p2eo^1ML&7I=`kvJH zUVR_b_thbx&#Oa1pVz4W8ul+V*J`}$6@R_PyHWi&s{ba9cQd~inp^aJtK#3M?+@tv zPJMq!-yhNUNA>-2eScElpVs$h_5C@0->vU^^nI_s@7MR^A!+}|L(=|FEB+Vy{-eJC zqVJQ!(r%0N-Kp=5{9cG%5$TUX#c#)(=ze=x`1Pgw{)L9mj!1rU^nHxJ=j;0feV@ed zF!bw^e}m%J==*$qNA-Q}49WKpzr*H@`o2!z*X#R6ec!}y$ddZLMc=pT`yKoaLk}zE zzf0fm(f51#4GSfGN6RJN2{WZ0Yi8c^5o(7uGd}~%1z3G4et(68U#ai%*~2G()qE)Y zU!i-$cj5Uwp2y9+$kTX!gJ+SmV8(JMJEP9Id&W!7vE?s03-N3!-|bA4-{j0c>YaGr zgXbf7K8oklch8#!b%Cm5W0QX556bYeHM*bcSx9(;d2R&P}0D&V5&?W@b%j;W3Ye zzJcdA$7E68n$S_l)`aHa$shZYbH%YQh8_d_i(}_SuE6_6JpaTq^SDLfZ{m6WxOtJv zd5gmJ^J+rd<~O}v+$^^$YuS>2)iXB~6Y zEqK0v*1_`M;+cQ;x%j5H%(yo^H*)FO=O6X{v-^+wF`mDieXxAtii71>tT?Ld{VU#$ z@Z0emEN@#m7yWUtym#e?j>@d;4t;9n!SV-Ie!Kinz|UCq?eb--&W)s2z2tmx)dl4b zRb5cNV8#XIFE6~H{87N)!}C)-&*S+6o`2$*an4Q7trg3i)H$C=-R|Q0jaMIY)H|vV zmVW@xBh}rZP|fz4i)!LCn`*j4yJ}u?cGv8l`Dj%R&%&9*b<1WQs$Vthv-K}In;YH| zn&0?3(AZm$&w)@=(`Q1U>si;Xeqh$0@hob7eAa05-Wj9Kf0~6ptk`t!qKf>v=Ttm0 z`%kkTnSFGmb4`E6wQJ_${lKj6u9>V@x%N;+e(hP2PvQNYwePK%cisf@yQktE=iO8B z{CS5e&RTb<;^K9WRqV(6LwKIRv*7$g70d8Eis#q#zTi+rcXZ~_R~&m!#mA%fRJ?>| zQ%g7UnSbuW+kTEBO8 z&xXCTcW>wpJu-XMtUEW{I{W0#TW42wJ}_$x&kcC)?7YeOMCZ(-Yq~a9UeC=^` z_k6l?RnI+@ug7y^&;H7H^*m7d44zYZzgM}j_a~Lv-uXx0+55Z7AND$P7HoFr)NQVf z%s=W5)cGZh|8oJOtiI+s|HKpP-(Pt>p1bh;rhoICTL#`T13Y5R*@M^5Ie_QqgY_JL z>y`&9f4Su)XXizWoZLkXGjbO_P&swc{>rnr?ytN8&tLJ(x%h8$&c)Ml@g3;n<~a{t z+&pLIw*8e&+h)$af7=Oj`?v3}e0cj!&U4$>%JPkVaJ?f-izn%9p@Y~9zW-pAH`db869dp=E|Yt zv0`3;Rq;Z+Pk>h747|^Re-++WVzqt{)>sGez6#b?Z!}LhZ^CmOo;TyU9?uPUZp8Bz zJh$U{FP`@y{wML=h39TOkKy?l@K54-2G1|>Jd5X-c%H-aJf0Wu{0h&n@%#qQZ}I#N z&+qZPi02P@XnruG$$YFYnVZO@bII1RcrKS3NhPzj)zv1JEsc)#=i~X*a5S5ZPj#kK z`GKj4WPj?4KAGQ?+?TiIxnZ>k zYfBss4eJ8C*w zRyQ^`Hq~@A);85d+ZtM{8{68e>+4&po2r|d+G?6x+uN#}n;Y8UAOo#hdpe)WPq|g2 z05kx%UJecDRk}e!qQk?FtqouR)bS^$j&DxpHC$s7Jn45bO zVy$bA#j0ZfTC+(s&AK7=627K}0#JSw>Gz;s{h7(^FvpP~id4&yq7xIzbYk;lGCPG% zNul6mg7T8kb;Ge(TPim(7N25zspB-g@oX+>E46Mk7Rx2``BZweC)<`BiBFE@UnB9j zDpZr+Y=*wJ8&7;Rc~L6AGc)ND#+LZlq>=*4?$=#F5Twa<0 z@g$hPI;krHY~`jT}O87%2P>w=NP!jnbbS9Z#n7IcgN?{%rm= zHT9HzpeY55tQjcGn#y*=Ya1widwOy_nMF@;NX8S%Y>vNxLjpOM#5QpyP~2()+(uwu zsk}J=-(bVgX7W+(;}iKQ5BnO9$RuHhI(R}$Djf$!#q)7W)rTs3nAg-aQxyVv+dPw8 z!fQAZ6Q- z_oRlwI#cLm4dWUrT-b?HZE(YCLk*#cx1jGZrt8`=`N9hJVrWny(qK6ZqkeEnBG%Wq z5f2+DHa)Yhv7hVKsRk%~YFB1>S5MYA1c`YgXnJm}3Gt~D$!y-wyEMd7fm>89^25ic z;$xUN1~UD5Fs$){(CJH~w9<*(0dA^#;EN^^pz5m|I-=2<_V$j(#^(Ck)*5jBj`qgZ zw&rL@b9+-Wrh-BK}PmCpCZQ(0nsHfj+s=t`zX^E-(dXc?;s@Qp)4uSV;ewS`1)5mXV1Gs!O> zWxGVd6Yma+Q^dAwFj17kPlKj8qEz(h(BRaiqSsD`FCD!GY_wE1HDG6@@D0=98#Vq& zEEY{?(o^G^$sEZoZZ5Sol%I$cMe}w82Z6~H;p=NDiB4~aA=e{{RY$Ry{T0Xz^$mod zhKF$2^aVE-WZ5~=zAu%_dtya>Q(<_qKvBP%!l%!kg9j&a81cmo(~OioU+^f94dIz`0e6|CH@5}xf2us^ z0we_1;azyU6#(2bL7x;KV^BNVN`Ju73oNT7cP-|v;Odb{>D33O*+ve;@~T8agbg4#ATA7N zX`R-O<^vTEW>X|9Al|qviq!Z1rOlC|M zcT6eN?)VsQ(e7L7W11n-9LV@%YHofM$vL&m`|*QkG6W|v>fr&G-h+wAVZu13bmzE2#Ou)5Dz_miaC<_FP zc3IaHi|qx6K=>Z=dPH1n+M>*}iO{H^X&mDC`B#Y&#O{Ze}^Lb{XL(PYuYUI)BS z^6nhjl*t!M6?J9+u>zDX$&|zq!AIioxg-vlh}d=u5f)H8b$KhkVXUPU%0OsIW7H;+ z`xI4*zUqWz>V$>VX%Ey%4W5|lw`N{2=gd= zismB_Bm`@S0MT@!FS8eHz%9G6!3nmvGFin-)IK79MgnQ!EnxR*`hO%99k=4y;>MlBk;O*Sp_Q z1C$rl&+ZTa5-XxEAbrbbs!APDAS@Ms{A{rvAtl?o0e0}sE%l91CA76PwY4r&l+FB^4!Nkn~XMThYjJU-O z+$1fC5Z?f=Sb{XohwSY~Amgd#X9kn&sk!X*a{=pU#ZEG{pO>L&Tr_J>DMqAs>`gYURZZ^^X z_0fTLQ{7S*t#4^=Y{8C4Q)6{CHX^X;QQOeb+T7k8t?5AKt*bjAD?}TrSGRUl*S1$< zdt^0sKcMSstM4$aeO(=>UQf;t9zqkZk0Okd~v4GMPV zHpMrgL3>R9R1N}6Rc8;l%~&Sg-)q`8o1Q+?-)Ghjn63e{sb|2nb#4)gip9*9R4$e8 zijNN^;+~Fx<#n3*l3P+Z@i0Q-yX(~=WFb&RYEvd^23jX``OJ7UpU-xG=>C|`}(y)e(LR5f)8rwX)R=qHnNlS8xH~vcTI-uEj#YmenZj{^*x@y>r)1FB( zhY^qgm>RZ9%3S|Ma+sU6GuJygglgGd^_IxFs`be<^tCn~ODQ;&GLp*XpyeD*l0wGB zXocbVAa{^Z&Ox+n;(>)(l{bD$uM%vif8}5fGiD`ApG+!zZjm~s%Un@kg@A8%x+a4qtR6I36cZzdI7cd zw0%gjDYxt)^DVVbmn4Vr+!P#BD2MD8d=msahY_VjQjf#q%%W3xc% zA1p?yIbFB;nnf3l^ua}}i=8Wy4KXxm!Av<7O*|$j4_HEV zlV~&ewXDWRm&Mbch6T_b9jNG{5kZ&O{gKkB^OC4C*hdoLY;j*oq>_3HqqJLMU{@6@ zbVL%Xq9z1^uB+`BsK(CmfpA5lgi@501|eIb%KwXv^*6zO%(;iP!!MQxk{J-sPj z#u{m0=`Bg&7bgUR`uQUSL=A33J-r(RB$^BCeH9z1>cZ=M&Co@391~ z2DnkoDxC?FlNb4TQUQu*BfJUMD(VX8mC>(>ft^r5B@ncB-B>J!=_ijJITuOsmCv7?NhrjkgpI8u!qaa zcE4st`a%9!1~`v+n&Dx6%XgTr3?d$m?mZe_dzff`#gUCCoNT40>KVEmT4szCY!w+* zS%5pivp$*c$r8YND2(}JGLe)Pfp)Zi5-LMR?DTv1lVs&C`-CLFxalxdpt8<)_Vo65 zk%fjE$n!K9!}_tz5QHeCFgX}wXmP#CEH9%eU0ZTE%Nlde08NMf({A#`>P$};t1}0= z%S+S-RUES%fPNXl@sPsY< z7G^PkEquskH0?+&B$BnuvDj3u7?bqH$IenqQnr`y9nk$?M7iGXcy?C@Rv-w8=7dvC zj$rVNJI?#YyTU3fRmqJ!xP5_*E2ZTl1T zOK0*eN$JUi8G+15DjEKkcG4_^Zox+A(+a$t%EM5dz&%`ID%>(jL7c{h6NaKzg$ceT zN$UYNF-t%W$@QLyQ?zH|;dD?76G7T43eHu@=3B0+coWmI1X6n^m$bLFc`{?$wL6(e#R*44adKiJleHnVqCuMuWpYVceZ}*E7*VW2rU|0N(*%Lz zjE&JMO(z9Z4E>YY+c_enFB`31pf-|k6SgpnRjOzu@K0OyZr<%feNj?ouTl`k7TK~9 z(?rdp!a>s@>pfV^X3_}qB@p5w!$`4i(eWU*F;ko3<4`n!)>DF)ML-6YMS_d*#JYYG z!O-mTdwnv`@7OSJM1T*mcT;jNzq@EtFFw`__Lthnn6+F%DrsGc_QH~5-~-tB*^O4h z0tY*R0~uN9N!VIhed@Av-L6=yMYiTN_z2djN0!LHa6PgV-YPa2zcUfUsmK!ya3z;u zP^*Y7B?1bCl3)Z9H-cESa_Ip7TwfwtskuHFZMum+81oh9`okwFIq?URxD$7YX+Id- z&$fvv*cm<;)6KV(KoE?680jDwS*O@wKxghSK}FMXFtyB+LA?K?rTuMfe{j1VJ$sC(?qZ2#Gq$QZU%nj29%er^^86(d~9SEQ|Ayg{-V52BUH2Ln2L`)ElT3;=UsbAW+N zrYnvO?_dnu(XS9q+HLx5Fe#)nd7navRCgp$tk04ONS4~9JHAh)4$HcO)fr63_dv3z zg+nlqr~E)ac+x;Hh@>}?69OSU*%a0>@v+jOItfh^h$YAP&=`w4!Hh{@OqVROpY2=% zHK7E-YC|F1)}I^+ zT95?8a-4RSGU@3PSk*U|(Hqb24CV`lzsb>imjKCD%4&?`%a0P}*LAl(U8#0+) z!ED-~m=n8uuHj)~qDk2{GnmIM$&_OWe4+eL|bNPO#*OM>|4TfUD4y8h_ zR1mcK*?h?mti^^>iA1tQeo9Nhg1jyahFyrwM5wD|S1uU5KAGuDy1RD4aB6@Q%ymhn zQ8H8%SHU26BS>^M?mlHOCe{^L9S8AkQ(&p7Vb9zQYewk2>T2!q#j%wD#gs}U!>h6W z)uuyXuRf7?{O8pcN6Xw-o2D&;z0KsSPKC*N0EVZBP3Kw*QnO<_{IHQrb=AL+Miou3 zwkT=y!=>`9po1iXLi4#i%oKw`1DO&?$txJS6N8q98q7)qWVv;GjHkE~K_vW77bep~ zFgtV!ri~z;#Q#!wY}Uh&01brA?p!e021vit2Fi{_TPi-9&hQD(V0x1A$ke1iiQVx; zi2_stlpZP(&hrE&>`fVOY7Z8JDG*ycR+Em|KN!V7|CI=quA|AZMBpaU>e10HoGRE$ zc5@}-==!Qe2&9Rz$wV?bktz|`zbiGt8krJdH1m}}L#k$aio@h4Ku+48BF~lx*O{V3 zh&NS~2qdjx939x1=A)<(5PQ;XDYCK$WxFe%5(&xffsSehDvBu(`qIR-;rb!dhNDo( zKA`CmdBfnK1Xi@HB?7P+Ku315!sJtIC1NlYM#nJKC#J*#xWot1uKLs~M4~eA?-uQ&q7Zyu>^0*OdEmt z804i^+QkbdFP6KfiH7~Emm^ z-*jLBM)!NLZ5Pa=6*A8#4&4Mp+IdI^@!q6_&Fr0aEf$E!+uyvsgfD>2!Jb%b0tW4= zT(W0`7a~1b3czSA+}{HZyB-1DgntiE)5)h(E|kLaW!dK2=FWtPIBbk)J!CPX8)Alz zaB)305`Zly76RErwd2aNkJX%X6p4LU+3_3eJ}}}m!&Ys~p4cv%v7LUcs*OwIb}Yb1 zi@PY8f=nj+NVCWBMM~gLRj@n0E2*Y>ioy0hs!x_XWXhvR5E<-;`jWC^7T5E4nQZSE zRCzlybl6T~(&w&E=6ya)?CR6qH1*-W5bOizY~VQWq?vRQ5+i2Hcs5~nC8zdg@TNRT zCxbQ`L3wJELyIf%(U!IK!PFGyjy>6nc0$a+c|t^&J#Dl}Afz+ri$FjT3`0pPAd7z2#ITX9 zBC}$Ox7YQzLg=>MeQWU~Fneyratzbw#6N#G_*0{sz;j|f6-AhgMerrvlW0UConem2K;QxN1d z8WM=@r~z@|2a3rNQYW4U%jSI$))`dtRz(`OJ8u?nHwr{wtvdypiS>am(9}(IQgDFL zY{=&)iXvGrzCc>XBF5$Lri@G3ci_Tx4?@}tHtN<7dkmIvl&y89#TQFW2rvMB5O4hR zc^=55uHWh=?SUHKSq41~MqJ-L-@r90-tb@~z8j+@U$_;*Au|2gZ4G7AY*VQ=kOIes z$qvk@MhQY0MkuUo5(>2>v6rB*bQ=>5tg`9KCxNL~FecKkev?Eykxe&=254`@M;+`% zFSV!lq_UYb9TDFWhX#~lQK7ya6*G{r=jm}sTQ1k3XkyYq+Dji&K7>p4VPkPJ1oa^# znh!xo_^J zPo=$>s6U1RucXyp-wUHJ+1d@xijP*+F^yR-Lb|}04AL-HEl)kd&Zp=7A}}=c!K8*H;x>P;|rVg-LvLH=V-f*Q`1LK53$FccU?^02E`{PcsabUe{Txb z!yFwHPIYh34aeygIqFC@F@wTixPx$@BTK<8O-ct}bl}{n)~&67chlfZqPx|}Btd3M z92E`C()Lrf5LorW%8 zE;&T+PM*0)bV+t&@+Op&<@r&X=kc9f>P=0+fRys$r6n(6TpW!F*AtttQHk`3C7C3T zbZ$FlCfep;8^*UTAl`zDXZT(Wi6&)f5)P&;iOFzYu04R9c3`}3E$qhY%<1ZwF}h;K zlEUWm3dRG%AIPGTQ>5$?mVK?6ByLn>upJl0Sy**cR>pUWB2kz<`kj&oi+T)VO0lDy z{oOh(avj_wj~qlzp~cADZ$AgK?HGg|9JeA2h>|S3vtv^hBP&H%s^;~s2byI$F3BZs z-n_D6AIVe0+&Sf9mFeF@bRoeF0wUQa%1fS8P2BYa1 zGZ8MkM6e-MB8)tQe67g``-JnmW*}yqX9CYpMPg$KLBCQ*qS zo4?&N`r({>-dNV>DQ*pxuic!ALq!-Wj03`huGUTB-r8$a^Ws}oK=VQi46NC+Q)n#! zG#hb;U$l2GEhn)!;xjySyAF%Dy5yr2!hsEc|1hjMNIn~-^se*+O~E+G2B@~=(B$Z7 zGTQ>ZD+_o$(O`y5VU!giM`TQC3_hA6aA%G?TRb?9qG!VWJwshB;f0i9eEJ`v9MhfJ zC-DIAU83S!yRHUT)pCqj9_M|)04TOSYr;(F0XW-hd@^>LS~ z;>A)GOHc(dO0AwW8WEHv$hi>VAlM3e*aCe}t7M^0+Dn_VqTUvE&B9KNhtUOC)*eCg1uLWV%9 zNg$0=FmN#KY9obF}Y||5EATOL^LE-jNVlURFu{$4tdgxNAa7KjC# zj7f}}Dd-Z_%+Jd~H8yBazZS&{x5eYzSqZ~sc)|ATMJVta;CXRu7GV0r*%WUhc!72T z&(W3@s0<2Hw`paTZiALagb**JpjZ#Bb6;_6Xd>}x+v8yEQm)+ zAZ~ry-P*^HFI*W5GM|!t+9V9gXwB}6qh;A~;C;01AqbU;$>Dr3pfxiw1#QAkUl4sq zGTV=98pd!^ALGJHrRB(~)HCwn1bjbkPNG;;K^x8?vGaT z1eHW{4Hmqj+}%CR$hWx-tzuEAo8D*TUKHgpC!&HS*kux!8#M6l5#37*eYyjr5~cKkAul<&2^c-KoIRQ>&!icq2%#_Dk4jw|yi?>QIOiauIQutIelc&~S%6)gt-%_FV+Q zGGc#X7wdQg^$OY;iR5o_l38rhSNeSkT1WI`rSg)7g=sfAmY#GejC*cE0*WoO7%M?^ z3PK>{EP{Y|IbYf26a#BPtJ0gV!|_G*M@iD1-B8v@u!Q1?G|xz)c~SiwJ_~mhT!7 zFMUNxs?<$ji3P6ariQ4<_Dnq^BUn%hIw3Zn;*n<4Un>w)fxV+2<=Qw3vbZK}xmXYc zHs;z4N`Sj|C$b?sK|$-lX7dz{SZEI@$aHdVL40>^g!PvMPz&i6i)DMfoG-@NZ5B6D zXHM+pB^&6?ajr~Yk4F3!ZxR;ULk3~2J0O& z?OxBLnjG)m4);2?DqL-EFE_VWP4#xF>OXwjUvwT3T;u;Q}l?Cg;+K zSwV0hN~Gyu^|h2xdqE}TDqVX}2r)xHd&ibefmawkEzqRRsXnUdNGL{1%@c1>OhN~# zdcD0Li}1F66oX${Kq9`9LoxKN(9R9>uVmSbNrx0b4rC{7IE?7IRHLWr(;4LFcN^=-{2hjJ2MSsFY*I`Xbjnr_$t`q&GYtG#t4#Yx+|7*1 zVQ-%|&CqzFC3Rl3rZ*D3?AOe35)Kok(TMV?eI|VUU_JN;*Ci;vy`?vs|f3 zeTPTgcqr3_Wy$Tb++;!#x!5q@5KAV!io!V2PxRts$3|RF0$mgsHEGcj#XhIIjQ>+Oc;U+f8IYW7jS=MCmv|vwf7d8ZdB0bg+ zt_8yNTnbPVcH)M$%mm|On2)lu^^3khM0Y2O_m!bo^-bFue<3;3cc3;9gnLYdbvR=kDUtSWBiO)xM6E=^T z!iN_c=S$rR1H@FORFYhY*j#>52E$%m)X1Xk814BPwR7iu$j`$+I*h8) zwe(gw(G?#`j#+uoFK&x;%6lAM@HjTXF_8)u`gHv*qCr?FvZ>A>_FTsdS?LLc)pzmE z9S=I)EhI70T4N>Jz8c#1&w@W5lk;!2e0Ulv$BQEnGgpsUR-VIW2?`2J>vJ5F^{>8Vq*I(L95D z))biG0>uI6OZIA<9RnU;5Cc<2rYMTEoT1q`I)>9!n4`uqyQjtt%(@eqaRXk-))525 z_+hk)J|JrlEC3jRjr7#`u|LW(+GRd$$6Iy7DyF)boKw%QXue z%SzZB$@8e(P3CN>)}dL=1<_DshXXq$cSuQYQ1?i`TjdXyK`w|KT$t+5?3FY`oR(A^ z=q>g~aUVI*NZP06-BnzMAtz?0o$1foV z(2_?04YHMFdE(CK)V=a4B6PTPiJql>b$WHdXkr+0Pi{Pu<5AFt>)2CiLkcczM?;y# z71Om2_l<>1Y}?x)OlRZmy^`w*CbKsY4t@fij;qI)wT)}-ki8PWO@QLo9*9v20mgX|u& zFS=*zP=F*Yq7T7io3wyF9P-QI%#?50XK=xyF9OunSfhB~C#yRjBI$)uD|uo+ccITa z;V$yHqYG{w;kbnu%B=9}5hU~9L_(Z|%@XX{AkXZ}#l(n3Y)ohNrahFkd+t+41Xkq+ z>MBpvs+f@U)RE!aNJ+@{4?ViE)jfn|;<~-&ZMB;Ogif*xA~Nx=y_fkcO2VZ(-Mhv! z2@mC(4|^yUC_FDL$IzRQx_u}dkwgdUZj}$8LGw#Z{GY&MxDUrvFcC;7q*tGhI-zY+ zg9bn>-X=dL3BS+Er*4t%zL%EjVO>0)fE;Fk>pTnna7YQTt16j+UOul89R96NU0*zrs2#9*anzpz~E{qT?%>0*HO&d>I(tjn@v{8}e5yg`U zpH^RXtVsFuJ_Nv7_2Z2&hE1FA*m|S^}ec-s5XlIo00yV~$EcApdd$2l%5Rso^Pm1!OJM~3=+?LD=^}2i8rhhD%oG^5+ z5jQq>*d8>)sp*uQMWQ1%evZO^$SbVegFbH8rI( z&hH%2Sw0-Z#R1&I#YXpuK1ZXr;!6E2tq5W3pXEjrGJuwiP8zF+FY{1%oNfA~73@Yr zFD|GTivmc@dHcJzq=XVN*NBmxSW_xWHbZTA;r@@SjL=}}1_eP4bOw}9k|(pe$Z~Vh ziwKOh_y+d}sp?OL*aNswhVac2WL-4hyR^M!6p|PQUM*d55Yj|g_CzB6|8JKOY|Zf2`eE5H~Q zh1WQ3UT+{Cmm7(fbxp+i#0wcl z&o62)K8W|k#B0@p;#0kYc)X9+l%n>?iO*JudQ?%p?%G=s#cNsmB)eqNUu?(L5)r;? zF7Rb`Rq0}|oRN!C0wKd9grQ0G$4`0r{rHKbVHn zU{?3UjBr-|bQ+7@lQ~@7 zum^SmY)ar#4-OdQS}{@CV`P9t;OS2iT~SDEms}ym#NnYi>ryx!&aj2BIdD|Iki^5q zCSVrjd2`88+9vT3Bsq9KI+W}Aa&FG{#t^FK;nq>n!W%-0e`gO}>yN=-9rq<6gzPhU zXHpJZo<_sQLW!bYeIAGTv{$kA!&kogqVYq5ub9sE0zS7W^5qyIY&qjA*ws19Jc*_y zn*<&fL0N%*r4su@Nj)8i$ZMJ$A<>&=4SJ)^=oQPsDIUgqrdOoEw??M2nV6k6L z&iJvqIZ=R0xR;CN=+H770MYt92R@Vb{SFd^78rQ3Vgguf@jzCQ^&v<=ukK~5KkV1+ zqd<$}yBrEIw3%l^N6{fg7XV8$7hVcXdwx;hCBa2Ckeh?O%FA*c}8FAFlY5?&5hg7JLgN!di|B%nibqn-C0mQQ5Ln!`v^EuGGLT1~9r zu`{ItFQQRjL0TlU7rx39Cjp2^@imyGT#UwoaWtf$3~AyJEe2CkI<-Vo4f&}T(Crk7 zyqNEykf!Z_OwaK1jKoMzOvb?^{cVDlAc+-33R95^2NdqoEW~2S*_?xjVm?IiDAykG z#mKW=lk|xX%~Ffc&(VB-`d*HM<)hy`o|?uN4a3am<3z=l^I}>dZQ+YcTmSB7kjuW34BEkaYDL4#MhS6*1S&Oj<<9r80x=5406xG z5XC!ZQAF!;2;=@hngf`gB}1AQxPqF0Y!~g!dBuwoL;TYoSd?H4bhY>54bkt8}vCqj2(dOvBfb^zkVN;zA&u8M^{mjjhjMC0BAYaMCz)v}N) zvUop|tX`=$)Q0ThSF^fpS#nr*79aRePTjRQ#UzFsuk*kfefL4?=opGD;z9AIX79{_XZ2xlo(6Qubmwi|dCL$-*>VzzVtI7Dr@9b9XZ9 z$B6pQk3lo4qRe86ig-m~5hMf_AY!cAvcbM-!=ilaPKy!&q#s-MxYrguk z8*ePYiD(Kk6T#CZhfT?R6|uM~Wd~-!0`!4?7{d!!P}$!(;R(73l`M=w87L38`A}yR zp<>F{ZImMRB+Evo4|{wI3o*1OX>M#9Zg{aLwg3ySs6~)?_5P z*(f?p*ZY+mHjE1`SOeM+FO|1IDheZ};VzhLSiw}GD-#s$Te?o!s9ZQQnKsO;*c3GZ zRxNVr0C5ZcNd=peH}hGH_hAJXzA;+XeFbTMe$|j$_?xbv2%sg&-yKCtV}8OS@HM`aQDKt1P!WH| zD=+R+HP7>K6vOwyUVy8lX~+GTD4QZGleg9g@@WC&`efer7Sh2d9qeSzxa>dU;82%v`XkR9_$spj~Rgk7g1$h?|D&cq{ zo{uXIJijxcuoa?RM1jWJ-Q3gIR7)jWv8GXcY=jTalU9PqQTx95aGq-d0CD+p`Lu9g5$PY=$>Vxwk5BA;hv(p4|lUP$Txp#v`cM> z7jl?^uH=YRf`L8~$8lyBxG{1D`sj)=uB1R%%EC|k>fZi2?||c|UCdgL5)46$twmw5 z)`m;ZIeMYg!m_CxKZB+mF{mlDyQ#vg9O%J~m%MdL82>FHUO-1Go5SroHlBOH%pwNR zTG$nnj}WjkO1qqj7okc$%x-+v=8FD5;5GkRPQ+_$)o2Z7Jz4n>Yyy!93|SsyS&>GE z;i{g!egyB~+1ZFlhQCndJ(2vWX&I~Dlpb+V?1q@KP) zuq%EfDT=@B@X72pIy8<)l)JA!qERDxdhNivbyY+_|4RM-#cX^P`PW+iNbBn>2u*pU zsY>+1DgFbYuD96BRh#7YzOZt(Fi0xXeehW$~T_r5JZYNx#Ssx zjczxlA2o>E0Gi%34h7*HuAIPiu{f>8`<5C>_&D#m+jLYWlo8&qXX+$C822(MvWY81 zxcW+)5BRPHixr8go%Qrk{83iBS%h{I7va@ggoUbGn#jipNyz8JOB=wY<+SMp$e%7n zVhmZ2G61!Cd`cpbwnzqzn$G_u{;s2)#B~CU)zSW3qIMELMFM zNsUCtY1}Rhka1d1mO-2g(-0P&*yrDc@UZA!DBC@M7i|?=*=#qdat&=P0n1_?v34C5 z7B8lu9$JRItQmV?285fUZ3+nzw-6_a9*ZN3S&S>bjvm@3Ye4JfgUg~o?$}eb3CPQg z#v-JQ0u-IY!kMGO7@$LRlv*Mc2Ju?Foit3ay(kPqDo^!R7zEBVT@X@HD)?>&q-oCDIpzr9%G2|a&>*AWTJZrnQ`>uod+VLemzmhCej?iJB%nezNg4^ zV=IM*g`I(Ei-|UQP^V$OUx595?*xb#BRWqA&-5Ov2HYs1jcJ3qc`PAXBolQ}L~VOF ziXMZt{$VX{((IukF>-KRgHF8j2My+jH)RCWkM-ZF2=fp=Dg^c3J`(!DL~}_VWvt~i zWcMu)wW-*vb4NfQfE^^#He~Q?fQjTj?#aVO;CiOzdO)rkHwv>=$$%k+qLNxV4@-$#-EQbR}6ECU*yV7-|gMi^3^9Y0Kw_nw2eF1Qq9q{uxeqtZev|ElZVd$t0!>t%!NR)7$MkQm9Ew5*kujeB8$K zi*h0k`D8ZE2_zecRE)zFeK~OBf_PLX<~Rjd>Y^Z);+FV5$AXk}2BrWp;jbx;9&P(o}r;lKJ<$PsWKvya)T)NigJW)EMHPIllruQ)aN#hFD^HV zFT6x^Xec#=f>{=q=?B71Yy@3QH_BnN91`a!xJ7E8vMJJpZ^~Rq%N6{vi3ZD$QqxHn zW>YR+*p=(ex$#BE@7i>eEC%zHoS@c(bQ)X%=M#Y@MF$V3yTa51&^j6~B@pfk+aWSBy`NNj-0r?d&N zo>qH2tGcMz5J;6{Bha0%V9G>$0c4y=>GY;T(Mj_yJbW`1-^EOs%496T3j0hyAw}`_ zhi<2Uj$EryOkKIjY|@7is|e7M7l&%%^Fn(nmv&`*ND*Lth=iA(nua5IYermtX@FF$OB7uvDSA-yX76)0klLREj}+4r;Kl9Wjgr-H30XaaZj^c zs#kVu5LN#O&(Bj6TRMae?#MDg8ja{*s_Bn-Ye-V+<@Fnh>U4Py)M=QatWWlGtq&Ri z(IvWwg2;60h%Uy#8p(}7-^y|uG+ks)+>;fb|4KrOb2pCs5h(*4FdUyi)nwtJo&jBU zOTUZsP6riWbFkA5LQ}}DgNwloT7)5cD>qo|tX(f+yYPfw1>s$}1%6|V@o>osBJP_q z^tWQa*>9GZ0TVYvX3QkbCP3qOFEQug*>9@Nm3Uu?f2Lv&!p6)bLd`L0xcdy2swQR9 zW*0CxRcUf&!erpjQJl^F2#@2Lg#TPOx0QhU5uU{&FJ*=SEdiY5csPm+C;?0w`7A*w z<%ab(yJn89&wf)wHCnaLtU_&baEDQ|l*U`d`R(SK=8$?7LK4Oat;9Es1K!7Fn9#Y# zgq9jJe;hG!sU|`uP~R+|bBtNA2IUW-{7ICZVEh!?#2izMGqC})6FDw1BV2)>Tz@22v`AAT`Wr=%m=ZAHn{$HR=n5U8MUrXJ3t zHdMkD_`VHzGiFT`wWiihBZbf(^|CMs^*Fxx*>f%u(jrBBY zMlHA(6hoAs1dpTnkGKm_Pib!MtUB_tQPUoOY~ktD9@HoP8HC0il}Y@8_#Mq?apBk52~&3RGBB! z@Ke1J@2W%o2|!qu6#|I7Xv&wSAaQ{h4-MfxE~!<)*NW`2{E^gw!ZfLJ`&1|)QG$e$ z{iYUBFuaaLjRjrk@?o&&9^~Xz-jvI5GZplqlB-#6Cm=5#4d7x@Hs#AuVl}3M6&PC7 zxfzhqYW!<3&46kkvYd@+sn4`y8jRvQ1{gARn-G(}B!@4Xz&|2U%h0`VCuSwJ!bBVz z#M5R>LkGvU0)&v1?XqBgG?2kaXG`ZvDsw7Lqu%h9p+PK@YO%yXq*|~PZ({vKg46@V z{<6k2A3mkmvw@T+M3K(~^2orIl4$UuZdY$4?p91~!folp(r8LcQC7+&iENT9OSDhp zHN`xiW?Y+6Xpm+cDwIZ(9c4sjp7cs2M$(xyC6N{7NBq^!#2&ApW}pruX@JO!iEDUeI#+#_K827J$(sr!8{788EbPbGcp}2kM_EQrMbHEyqt1Q`R41JOax4O5 z1k)tGoJXMT6kAae0C1BH;uBp-rM(>Olu8qs%~L3d1&w25#Cml#%X&DTh$T}0Ran5# zxb|W>XGI|d62~Bh9z_#P;R}W_?uG7rF&9v0rVvYLpTsiiYUhN~`13HHA*#-_Vyc;6 zNYBE{%xQw9#gWaCx(`3}gI1u@F%h#UPB1Y}b1K!9xChmmh_CpY48|{sQq&^}a1{Dp z5or~39F6>8PD?R3R;Q(eQoU~5-f|A&0W@(_ewGtWF$^ZYfLeU7>4U#ufp}6Ch<*a) z$yeF$<8NxHG8b{3^F}xpaZs-WY3V?Y%Z?KL9O1&w|EE+b_g5KiQaxWQ97ozQZ zur#J=f5=>}Da~=ge9Yp)lrk2Gim45-;5c;-B8fB*p(RprkjkYH?soft5fC+q6UdfLl0<3H<3tBB9Rejk``}7W_Y8Q7SVKGzessfq6tzmJ-`22 zXP=K-RmLQFBaPHhzGr`~z4qE`ueJ8t`<#t=#R7EA2`D*7IYzkcAft8&QM4_()2Jom zqHwvV+(li%%;jAfN>4-IDO1E6)ot`d+$1h3T;pYg(J5f8TCNSrU5Iv1Qex8PsVH`* z{a>R`{(p^S(@ns+34A4&?;w9n^7#YSyN_D?RPXwWZ!g;RfiSwL(g_}0-w$@QeRWJ% zrOF4WlVEbq#kCV%*NX9~SiEn^r0szV!HjNk%mQ~@1D{)!`$7lJtty*%8|`FpHzc_4`dE)R{Q4 z(WShDAr-{5jIdAI#23P@irt4M>m^lq^33h0WUBsCwXQWzUby)X2*RgRg9&j6^1s8o1N@p`zxw+`8CaF91BgHwdD#c7$L)YuJwiRki&G6QP))Q@a^KY7e z_hNE~!II#-6PDG`7DiV}9b=Gvm|eihFLylm|7TF{N22HoiRY8#$oA4$h~5&oXP^%& zWPD$4S4M4ju)6uDca!DI$ZJ4ShHR)RvZ<=1>2kZ=mz~lV3TYiAi_G028thh5+-=B) z^^u#nDt8y?oHC=4FM~ye(p{i`R}@_%ouc+vYB{yHqI$|YgGg;RI0rKfN~_Co-iA=e@M+cA;B?a5(nV7r}0pI-j$rtPL?yba%G>pp8Y1U?plW1~IR- zB6A1#Ueo$A_eC={5r7r!rs(M2=rfFiR$LG9?*UvL2Z$YlJr02D7(F{|Id>7djj+o3 z%IpxU!b6n!G%2zc1Z5xj0sF8fOnWM)u14Z>&^f;jTW(E7mp=f52KS2?R(942aEE2r z2)ldHxU{zL&jr-GdJi2Fku_WHAS5F}#F-#IMyg0CpFvoCr-r8n$Cqxtt{SI|Jmgw} z$(Zp$bB}>cKKDlmZLMqE?<3<%48g4Hb~7GBW}^@mYmbwzF37VKtq;;cbp`tjB@a;Y z6s2whV-ZjNkjdq#he(@?c11ffCHLD*hq%im6)V1$ zk!6^5_pCG{e9lVjIVpX)=r)yBEfSkfZow3Hx}_YrG|XJ_PZ&I5q&cmcknqx5ZL9<7 z0=#G-OHjcR0RxGn?gIu95?`U2r~z}R8mJ>cbaya>U8nX!+YqZ;L}J4hvZb3WE$f^s zvzspR(`YcYBG533&8S_`3Q3Hnmc)QjNwWJPJ zwV?iL_R96Bc^wws(G|YTPMzJpUbqpv`;^+=ypMXKgwtbNG93!TM@bdiy36w@CDNt7 zOE2|Co{o6EwoMdwrn`vJYn;V7E{c@BP+Q8=XjATLwJT?u+7-s?r`D!&C8&>eM!aw! z9VefN!cbf-C}FjG7iG0=cZ5{$L&*CiIcKB7=m&vvFO+%|C2ci7{y}P{e0~?0XdDac zZp?5$y+{sURx2(xXs(M2Ti*|_XieH`lxtx>kb?&x>d;1Gv^9*yY8)4B3?;JM z6kT!csyup&aNQ`6QMQJqZg%w~p3d`i)GNCq@M^S9#%H>cj!JUcBNwjJ>R2*NGwKlk zg1nT^M*IR_ZhgNp5uAJ#5 zEvWw?G9)e#&$U)p;Omq6lJyZwN^Nzi zEZ$1DX(i=llF4$9)~E9-NX3X59`Nw_o5vzL5XMkPEaW$meo6J$Afp((nS<8~Yz(ro*lj1?8{Q5f3@!wb$Vk30k3k2h#Xo7>9p+s$yjnlytrVANHfla3H9oqs zS1+|C!@4dk&Bc-NA(rl7CtkQ+*E02dyH~D;X(~~oRYy%r0$%N46l71xgikHP*tXfd z8hmNb)#_qRHrA)>4OcivVKzSJWX!&jcR>?LB_#&JUP{)y3_BanGGZ$2EvF9LFd2Q- zvhsutW~Iz|wW5La_S{W7cEPFU>v+}G$&66fw;f$+IINY02qIx!y3eB8(ZYAf42hMG zU!}`3Sre{F(gx;8b8b$L!2}s5mxE-0BkY<`63Y*_I1FEJO74i1>b`hDozsCLCywM^ zDhs0P#p9pjpY*8w4ngvYcYNU7YNx9k-NUUC;w!g4qmA0_9Jam9A$C5u5gS31D^>rr zgQg{g zmAFQ3GwDCH;jsFeYM@qVl0_N|(MNQ~Hrtl=Q_{z&FR3WUKx_S|E*%ss5b=bMmwa6s zZ}r=`GVr`CK*99h``pR;;zDVqsf-<`Sg-Mv)AJ;Bjt{|X)G?4&{0iMcPe<#;<-4K8 zQ2dX>F<}qtuDNHfDWJKNWm9C_)eQ>k1@1&1OD@Dtexcd zJ_hC!koz#PQxKBRxv*5&kMrvjOh`GhzDUV24kZlH@uQfXpTX~Ph%~uEZU@2$W$vdY zS9ef$2YI`I@_7u6PXgg63SA1*ATi+OQZ3;*{FdECQVT65}v`c7TiKIFCFhRR}6UuYPdlvgTmZAZHF;bAAzo7 zSuM#P(C_-7{Kd3d1d_Jq8er;lF5!j6m1LFA5cjf3K5M23v;b&^rzmHSI0WQVgf)*` zLEatvmDM3>248QB`;m049zo?))+4*0dLry#j_iX#k^Tt;KR{S>NS3+elBBU#k+NYV z0i;9jCe`f~&Gf|Xn$G%bbw)-W+K24dy|YJ&?S~;{)dzp=0b=`z%eQ-!yt{xbPwqXi z@!ix_s&;$jPgP8QU-#@rv;T0tlROM-=UgA>{~`ORqbKUS`kCwLC-bZxR!187l~zc> z{917>bdUHgtCzA)XXjFJiALVdx0PDZ8c!P9rpc#Q#x5NlH#b*WF}=^a?UuZjNqv9$ zRf9tocWc`%aB_4s4NFITu-dDvoGuchEdQifM0?Zlg)mZ{yn zBG=Bcq+&1fz@VkN#p~%{BE|O>K>baAsKT7;%u(X}qWTi+FN`OlcFXzv&P;p+4cT}WPg~v$CuVpmGL2o!=gr3GyUJwn4ubZ4;DH2{nlF82krS@M~5N1&u z19|tGiR5ZeUgEu(@Sy}l_|o=5rqG>y6FiD;6prF8^kdBWoU8OgOlFZjJdmbSakxGo; z1D19OS}JzPem$QQY8}EFh^~CU)@TRcZz=`Y(b^d7{#pFhAsn^IkDQ&>8mVO~9=L*X zrCBHqC3(tV6t58DmuW$ocGnbhF7kX*EC-)rn_kix!-k1E_!v|Sh1a!8I-;tlpnKe& z>&D=}y`+h^@Z|I!z>wD-l1`gMm+vE2lh#K+$BpB6f`f#Zq_XCo{D=3Gre%Wa-^Q=- z)Ip2@$EP$m(-{wk)xMP40L?ww(91Blpyy6K ztn;$TnTLwUrF7<4DUX09v;N}b=-TBjq_kMO_G!)RTL1G0BNcxr^q^6A#>6_-S7K1HjsJv5*>AP3Q- zl$iI~t@j(EULUpi82jeK&``7XDB~tWDB<*O$v?>hZKY~% zXiG`6TU-}iDtDaT*>ejq$e5rCM0Goga;Y$oOM4!g)xqirIDv(!45?Z_@)2EnkQTH! za7rZgFPDPTfeMXzOI~-Nc{HH;HEo8JAI^}084SUwLw=p8^(RHazKL}QQ za-X~v7lEV8-#=ZcT=sORbRBfcIDXSMj)H+GkcYv{{pj*`+(d0Hxk5{s4M=glXroyz z_i|<{Gvjb~dTR~kF5zfv>&PuDVUBb0gFJrAa<9p*Z7zVrurCQ5jvFrCONY2Z->zsi zYQzI>)EiIk&c2GF5tfz|mJU6@bzau7fOvGS$Q!FkjnSk8(8j@{%q7Dp7QOz78LSA8j>V65A zbbiCQZ~Fg`8YLPy7^XzLN?iPOnPR~rMtE)ZTW0kqtdrWC(&gGoy^D|u+efR?H$S%@BwdDPR0q?;f zcth4l`U0l4ePvb$c)!Phpz)D?Y6of26ME`}fqQ8|v~=4oeuH7XQ&iiiS`}$zqmQp{ z$*g33FSBA6{%KfArzhonnJRX4m7_t@YrbkWUGPrW;K}sY0ET@kXEz^|tYcIYOpe!C zh@&BqNOCnMC#(dT4~0%ctF}tZIT{UXkt_f2X-a7UD#G}}*Qbnjvcn0A)oS=j2%Rnr zteAbdIC^NMJvtdLgqD40&NmXn)N(^vi{Nx8Puqn4hI%}RSEOpndlo)^ zp|<9t!oF<&abv^One2Ps>01k4M>NTrOwk=-OoOu^JC0&#(KBDiJ?nvWVDwF84`MQ(R^pFXMxBOiHwM-y#`!$;PzUaGPjxyj^2Mo@bPNSWqEaGIoD%q3iv`C) z)W&VH#_W(I)_}E=f;mVD(Z`*gR3gfr-MlvWDMRdA|J;2q7ks zhSvuf{L2~|*w97)LW_4#c7%6PWhHHENWuf)kirTZMsAgBuyrWep-HPb3%W((uvc;t z7J6m3i7Yl$S8BsR!a;cE_c@&PaK)~AgisnS_zi@s20;U``T<4v*W}8+&yl`tS#2uj zRxhj8)r#s^Y*RR+i9rLSXl$daea+pPt_hIZe9=8&;%9|7>SG^hu#(8P4L(jm z;JM1s^r($Qa2MydW_4^p;{;8k(#}hFee&;qdf=b`<;{?1DCtOlhM`cxX*)XMj~6?G?W1sv$TN1R##RW+?TKjK-f6|G6A)=snt zN^w?!UM!p|4)phfL zK&?v@J|_~ATU~g9*pqD@D|_@@vAS@cly4Qu`!>)?|4y}Wq8#cxCulzeS`UOV!0V&F zQVh}xRTf_EiUTi(z{`hgYnf~3-@p0F!gm>FZ?hb?8lVO6n@Ta#tr=plg%|DjW#Rcc zcy@~#&0iC$Q2dvoz>oCPP#$zunkemMs-ju85Jc{*Ed02=6Z-TqMmd75QNlU65S%H| zIH6+SQH6Jlon=LyD|U93h6;s3AFcHSOvG!NIn?R_jgBa)Hai&7fsV4!tu}u{Djl$A zSFKQOZm2eXzs4FPKvcr1e^YTwv~j4Y-uykmEef0~ZlP{hPtof*xZlO#^b}U_t*OQN z)kZ;+g@j?v6{3B-l- zaA#Ks;)}^tLd^8iUHwW}R!jyrD#r25DI_y_PbjbXjZQea+~40;DwI26`*NSj?ST%j zv(*4>)d+mMP_Fce8wo)XP0lTxPAHT$QJLdjM6*{?+1gT_E}Khz>kAtwpjm+=j>}dW zn=k7V9Rv!%2GL51%$1(j!aeGq6)S5n7k{LdkqX|jPZjhB^A-v$wi^Y8J9-qh-YlF) zUKGpL<8rwzipr&^y{!L`58zr|?CL1BmAl$HYi)&ce_3LnTv>dRT5VnJQK8&sq#ZT# zjRF|birox}a*w7!;}$_N&Lb$96esnT82r7GLlR?F7uu>sHx#QjwrWZV?X`yXeTMd0 zqy7P#`He&Byirf%2Qd1?Z+VT_oLo_z31;Oy%~hV#AbGhRO;$jb4Rn;~-atoJ*VFP0(TNmg>PYf)sFU?cz>ygMUclH&c0XVaV4!|1^@M!NuXs_!lAT%0N za0c03U20pJrH{kvmBwcY#R+l2dbVIaDLC#0m0*IUp%4Q=%Y6lLMQ9+71~BcVVwWaC zS65dz1q*#b;v=Ol(QVu?OMWYjQ_B-=U{7@$vXm@Wqc*jcR$6=$$)z~crE6W3%WUhV zNsae7owAwHh5)cQqud31hVa@_heH9+t_^u8o>2}cc(j^4@NjHG%PPsQez z&Fx0FC7tao!Q}mnKa;T(6{_=<#h;6{tMh#*UO1x+X^TuL1(5-i=!cT!@`e)pu~*Gx zc&}2Dab>z#=$9dNtz8c$ilC8JYa^~`sg0O`w;^U#r@y;Y?Dy%q&L%pr;mv*|!P+q0 z6@k3npwQiooCQj^0>z$E7XkaPxTS4PDMXanzP8kpjd%2x)}(O?be2nNGYO=Wgwx}U z74%V#5v$wg;3k`Wn+VhY?ou1VvRrBSjNjXf9+rs+n*8-J`{I};w1*H!FHxPB48tl2Ra7(^2ZVz{$!)ud5Z;iw#u63}Pv_ z#UXFmo^74gdF&KNW37#F9D&FZh?4t721gr20T;B5(4#UtBdt-~hQw>+ak&=JW zG`dyYXh^*&iThK569iiA?4hwTHW_wBwUN)REK8w>R#D0$fl?OD(kK>ip|7Veo5WnE zi1n@qs`VGmlwJ5KC`i2YseZg5q1Y=n5?J+Va#G3{CUKred`fBXdej9^+#EBS%@O4# zfj%s%+$u%#K2+WR~}5YnL83d!tfWmUS+nXbV;JvQ{f&?GYhV^gWzMNJ92SO=hU2FhI$vR!QmK+i-T5?d2VCrY27oP_WZb@rFC z)D80^YmhJtFJjSGo4squ`j%E)L|LVVS`QaG%#vZ7gM77fy2WED^; z(}jYiALK|E$vo__73AW<0*ot==c~<)GBp-nyrI;Ku6Oxt#O<#%ud6h-+23$w;k%XQ zPW>rxom8ZLF$KCXIb~o{&VGmWyYO9z#sHyN$k@p*W&x^&`H2BC&>;deN2$r2RjB96 zQV%xP7_$SpQ(5>8=A08NB%rBd=2-ZRB=W+qB@G{>W4$&m3qN68NHx+WOaJM~3s)UFwjQqrt07vTqXAj>ht6tit0Vt0b!0a~bebk=m?1ti6Y=nTJWNHo7tS z=`W)NU!fkJVBoPImwNliP!f-l(f+;iKxqvOw6)sY3&kqU17$tIrBOOI06ni8v(&sj5_;ptinufvN&t|0E$*(G!W= zEO-G$&8XGDG||Jb?iuUv84J%@c#dI3yD;d#2ek)kwN8n=NMq7C0h_tO4)tV%RvUk? z9y}o1Ni{Tb;>2<`9vkpqGWhzXOjvFg8PRI?+xr$^kqR1JJYE z$0lJTOEc~NR9s3=D`hg!8&sMWx*L0I9U4$MV3Hoa6f>xv6l!#N9Yq-wO3Ut$kI=Ds zB`&U~m-G}doYkl-K5xVLybb9K7Jk9P&sz9d!KtG7%+|4|=}OePI0$VWhZ3FsOUtN8 z-{)+Bq`<(k0oWDFT@zLN+m=kJRO_qRYT~&*O2oz8fb&G>yf?|jgA3a7 zHNv$5j?d}5)9Y`@*6{1;^it^ZQajxC79k2!r(Y!b9#O_$e5f3ATbiGdGH%gZVJj!S zn^YR8$(TkU;O9b6qNCo8ZC*_evAp?<1mAt3l2~y|Z77!tqt9fLfcXI z9tu-OWr(khSDNdkr@Ij*o{WMo<0y!m!M_`Pm9*JgYG<|Ayw6Me8dpnutptt#Y1&Z% zJ|JL%^-=7^W8_^}Exae+)vuW`SsBBCZ-A^Bse>4iyfOLlu6jZyHjfKOF|87Vp7T@_ zq-xW7Sp}G}i~rGP;3o5!n;JBSt1YuYsu27A;LOGY5(13}k`zcw3crqqyqrPZn$!^* zN(^YY7u{P|`Z}}9j1Xb=KojN~X1oSreKb@OK-BEwZ}^KX5p0b(WTj$@#KSUktT--; zT%pS1n_V(Hvk+l`!u{0oZE`0a06f$k0c5x!cPqa6X zvau(Vn0jZ0uSikwBpOTtG?_It$Wk;w5o$?M$@%7iHOBXFs)`!g6d+0#HX4@7;>#Pe z>#t-rAvcQq`phgkF9(2)Me}?-D9!WL*i~O?%F8e7X*4Z18j6iVBwDh*i%Ae>i@$^F zmY^LIi)kh@g3Lsm&JmtN{hEWatmXFN@5M+iqmYB*eUflC2;5SX1!u7iJ`mBtieDC8 zxf3rBxEXhBTNibBzbi|_eWdm&J|IHG3G99J_gCjh(4^L`j+U*r+O+C{kF-Q(ek=24 z+Qo1sDM_$NNNJVQ5G=KeE%-$mE$!^G#XzO`TnPtk53OU@sA-c`qo50(1#p*8Dzy*b zSK__6jxPBwiI_u^G_n+JV+IU#s1O|ABQR^DHekkmF$O5~D2bsY_cE3s#eoi|JLO2n zbuPx}CmD*uoVL_#z6hQ;eX-1g*S2YEv868SOc(AgNd7)P&)}f_osPJYU|I-I7h`&nn$7Oe&{Z=VKlvu#ZgiH!DO#&NZy}>li zALAeNg}~3~i@7$7a%JMQ7g{WAwPyH*yNhr;R-13qwg-w`29BMgHNkaHwm8}IwZ3bd ze9cEttj2Pf*QhwRT;6!XRvB!=}1;-oUI?kSc0pb2)0OF5P3W2dFIeS-Nk)7=%F( z%LmCFINezC`-Sq&C0W#HE-z$KnOLF%7hzur_AP{y1S>+Spa0_&sTttMF%eef%y+i9 z)dUkI2!#^1ivmQ6EKHybY{}0?FWX1OUI~yZg}NDJ)R)O?4SP2{EQ_Jq;HZH|VHqol ze4MY&D@)t*Rx6&69;uevZ33wuu{jd8{zPQ$AJtr%vyMH6~5m!6aaloIP9d5wDOQ4Bhz_Qu+*(Q7jHxmd;q z9rqlbS#*YWtN@G?s%u@T-B*%ei^J<>vCYyr+k~|BG9ls^5igrC1HMX`nrfWFO;&AO zRc$;oLDVW23vc8@mBNUKuXgq5!o2%s27mWRV z0miMg{#Lc|O{=_rbE(5Be^ZIgmjMy-#pg>?^3g1vvW;M?Bv=P?u->jVo;Fwq1FWa3 z&9_rn%D4Ios7T`~BW$Jl6n_@%0?RTobQX8*f+>bD@bh-~?D8MpyaPgaZAg zl2%|M<%j5HMDi{t2z3-ZFqb&(C2M{Yd$Dhzv9d@ zxeBjYg)^bTYjFi7R~xTcg~?n6bCfJih6*pl6_i|Uyf6|IV0jndrwjDr!4!u3*M+G$*dxYl9rBY3_wlhNlo^ak+PBE>yOF8h*#n|8i~! z-ZHem9ERX6>T8gdtY3_u#cc>?Hq1+%*hA|IVNE_>D3!HR8F+?n4RTt#DxpihlL)w zPB7tADd*gb;bdOdrLS4|>ryc#k4BpNhV*f(xEM6<@s5b;$RErAdm0;QL7yl*CZ3F0%b#qfI`#3J2EW zJxB;^Cfk63I_O4Wa|xpgH1uaU5OOpO-@{j$z@s&36N$@s&OdFw)@t)rM4*tt721?& zC&l{yOkf7aMrl%T&(Lj?p3gA?5}?hE87MZm+D&>TzXdfPZGb0 z;B`6wycwZOPrDInPkC)!aLWz*J9BYZ#)nHNsgq!AmP)Kds?BfGpmmK|Cg?J5I>c3y zfda26wykl9LZy%*htJZhq~I7awV=JC)SaL0ZT#k}FbqdTOg=$O|aC)kr`;>4K=Ry!RSW6UjK;yxh$+A5vfQ z*5y`J3wo-B^WK7@S7eFI3Z#{~Vu$8=yiGO~cJ>aMCvo{!i5uCMp0Z}D_S_&L#-fBD z^ABtIx-PZp>w}l(I%%s*-;As4iPt(;vzo6d=d*E}s}J+DFG*`x_!SqvvP|G0`jq|3 zV5!r&Dkppso-#IvrY>F=ej)qbxXTg}u@ehY*VC`}2bdDt?z`bYB0N$J&a$hj&8sBzF>adI#^m(*fqjR|NTxqU z6p+xr3K-SKJ2q{b=QaFfp!TRATP_?ZwE-f}0$7Q*fO_1dRpUB8xv`Vw7K=FhYn~BM z)^XteB?V+6D~MaxpnEx;4by^mpp5GTn;ThLW)WO2_LjOUOYfG;T2ygD1a+ZZO&{j! z8IbrE!e4T=7qKUgN?oUcrq~!9ur2n*x}8{C`U)6Um(H2@X>p3p%XS?Tni{~P+zAam zY-)g=bQTUA>7coGhb?*D#AV9T#AP^+A{K8L_luwPKO90@eQ=nuU&;dP>^*F`lfgT(X{XM02mNo+&_-t$u{+vnJ=5sn7 z(tmyFGR^~Z727*HIktokW^HfJ8dRM-edJ?$uB=l6EVy)vnd8JZYdXs9Jw?u^(s@c$ zmcBzzbe5p}AuJ)rgXLL9yTKLjDZx5b++6BXL<4Y7KIe*3Psou%3YkewxVL(4gSIX* zJ1nt0K+S9>BfCkG=2*o|@qusSN{YTI)uhv&**cbp*%Cw(MUX{F!uM2%1kIy!{hCMT z`ca~k*0RC2h;8DR^6Jt$K(mC~ z#+jP~<}DZ&1Y8F48u)J)Gm#Src66nAevMYBzhK$(S7q!q=@Sz^-_vj72jXON#P#=^ z*Kl#ZvUnD{RGWL$lg3`*;VjKr8DtAC+cxG2e>FBOSW$1Jo&->3>H7#Wiet=XP9Jjk z4uKm_;)7widXQrs-uE#VoJ_A#KV^9fE|X$eb_?fmIV?^_IcnE$aBWM3G31@hfH? zFEM>he|TVB)SmeGsQVQumTpRX#UMOkzh5ypU%~5R-oBqYs{As*loUazw)hK&NKJcc-@^jhc-j)--PQjxojh5ZhemxSbfM{Z zF$r=Yy)}6Fx^R(~?F6I}m;&;dmwWZosUJK3-J?*ue%1mH{bJ$@^$WhurxP=wIf{)D z#x*>dXD|Do;1jZ*Jhe$%52&=pQ%SxDE+K>evU>$vNfG>jOna@W=`|_WB zo3HUlrZzz+o(^@4-}B_DyfOmL&zsTt5-DpjpsLMhJlp8~uB=6P0&7vzXW62W%IL+OzAc5zbVeLldE5;v*^k9*YpdAAngT{Fkz<-aF|AvG~Ar`*M_jO z6068x;cdtqEw|--d;mRD+@=YTj8#*J@>Ha;jpF}I)X&aCc6s5X6R^x36X+v`*Upun zd{AgzsRPFS;WD<}&urmf@cQWbQaAl$eJf|4%`~2FtNy?|7Mk27X`aaTvP1YPYKsTgwX}w1)jOi zBV2K1$(xny=j14@81WJT3n48mJ5mzz2XJ{vlaRD9a6p~ox_-7PDTBl^Nos`@k=V0{ zcp{A%Ph_GFYS=`6Xe_DvK1iGtzKM*DYjZ4keRQ3XFyRT{q@98o#Ek`7iE?JE$;xcK z94%YR&q<4&JBhLmhrHs`Sm#b&V{G(yPJHr>y?9;_-j}X2ynp8?UR0H(8?2$0Di_t; zFXtHIs}Ggd!B-B52_JB<8R`)RThrAea6}y8fGbI%d?*@9S=KM0951O@|E-#I@4|~B zTnbdN6slq{LTDola~!WMevOIj$mF{5HN6_+Q0>6+)lJjHrUBX&2`t@Y94C znKU8BCrQZG3}ICYVU@SAI=t|U*!U2lae8cVw4}rx4RzxglPQ##5}7pmuVcvO9ZulO zft*HIEQs3;BNmg5lbV?czVV#(?0C+4B+OZlC37r}db>Tgd16bKTV2tJ$f?MnPl@)rp9W%; zqiwrbbZFLO_0{uQx0=>tp-K~kar?OKh^%5Cc&YH-)021^~!d?bMo&-u! z&MV7ulp?kFD$mVW5;?D0;OM(|QXpgWVP*c;@>Jc+va~9`mDdzK7B}U#&NH*pFMGyOPH# z0G#`*$|^KG8Xwqv}= zJ7lfA$Fn|~;O!&;Ckw_5M>E*qom0BRV;Mr724Jm#O@=ff7EWJ3k?m zM!T67B5*MG&u2@DuNI<8fp!SGr?eZUu zRWpa{^*s_3Lwe_vslg5jRnC1iECu3_t)Jq`+S7=WFVTx-Cu2Dl!vSAg)=IVo^}s8~ zaUmDd-pJRi5$V17twdXVobzPUfJwTRc9l5CD}Oz~&_iCr!^s;VlE(12wrvaU1Qb#! zf$YsS@4h5f5gkDUP;u5FnSkmc4T&y`m)wSk$`q{9SB#4ws^A|AY zEqIcCW`94gG=B*hpA z{>tBJ0a<_NqM5pV5!MB5F`$U>2r(v=BF~6A+X&s0H6O01{`+ zX@$@4=s2wlCp%2b(8bTnQjH8;UYZN~wuP_Um1t8>NydA3Qpa8oH}_a`oOBNCYsqgV zE0$uK$wFj#3RJE%^}!1j-oew(7kiSaT8UrJy&(pLV6lYoT-uXVgW+LNI7X*^?jc~f z-NSg`5bp+K2fS9=&06&)Ea=Dy6}(N9?u%;}Ot7=3$Os^W&0?yQKmcO)c3ij}h z(pu2?NsNXL+$6>9WSP2d8({}*6bNP-8RIOq4W*Lt07}F2%_R*kDNGN>Ee;qIGZJHf zOJg6wr$W=!3p!M2jlZmQx%7Z{O*pG-FY%Y)oI&ovT&0Kel{n1!!b+7U_pyiz^q>Jh zK+$-Gb8t!VBzeUHaTyFwe6m!@0`udIc;jOaj}h4S8H~js6(kH)t7J|oXMmo}5%FZc zTd#3EF#(^cbY{D~RUL-;^=jjdv{-ZR3aw`<&*fU2%Y)LX(2EE4SPs-NkY^=YPw4b5)m-EG#>~F7B?5pO!Yw%*+p=@?H?+J4}gx%fL zf4F!k2$HW!Ct|a04`k}bcrR;*L{uf6v7Sz#?F?RfsL3ur$loK=#aUk zO44(5Dy$Q!2A#p#Dij1Ib?D#)?f*)2 zs>-&~T3K}L`LqB+bBA+wDX1}<<8nXAieYdJ5W5&9ej{Kd52@LG3WLcyf5dTaI-G3sY;6ECsA= zGM_bnp1nd|%Z7UnTVSP%!ZRvM&$HXSdg&bC7e1Wu1U8bqvRb|eK`ne@MB_>E(u1bH zy^B!H^h6k)pfplqg%VOD2|p&Z&E$G3S{BCxk;&te3O*=Aa1tcHCzh z%hzHoJd$#T+()?~d^?cYN?I%#!ne!GT(AZ%Nl560;ihHqUdzF=SOV|0JiOOh;DNKj z`$uL~xq1`(Hixo33v~FC$nZ8~XlWhtarS#zvXD};7FXw9pmV{1Kv6M_q*;!gdOr6O zU)C@$i)oNB^5v3#QZIA^&{^E`#_QpAYq z6OYwRMu}w=%DI|pD!!W<&(LgzWt!^TRR?n|Ns@$BVHmp*U&gy3!n zu~ewo(sz~N%w`@VagEAr-I>Km@f9&r#tIlIIfqe5NH9`D3r0$+oV#H}W==}ccwRrd zta;6~XT9y*RDCu#wJerQt!G=L?X#70Lol43-P_#3v1QHx>VO^Z%X1X-p7^i^hBD_C zDYy7tmh_tsA_@sV2)pB4Y3E_CN|qn~%sD%CWGr?R@Q~kvhrAVFp7V6tMm;-fw#RRu z^pcO!tH4!szfW?-Tn^aRCjildr(T|6@_2oYx0N3=eAqF*07B%_v@x+`%yu)nk$z~W zSbPq0V+L}S-=d)sXPz+o(%17S`AJxJFI*# zJCcY7&?1T1;cyd4>(O-U$Ku+eXnsYXeY1!8OKo$AQ`hk}5m^k1O6Z{li^JgiY@IBt zq;XHt`%bxsJclhbor$S7AMfO?XOTyiNK3cUw@8+Mkq4WDm6Go}xknK%WZXNx7Yab_ zH!-Yyv&O`U2wX19;cUGktJd8s@g%%7}pU`5PV zZtR=%<>PX$p3_p_tdp2NX0T)sj^pvdzuHvXX_BLbl5?~O2?;F>P`>9%!gy-Yl%D!h z*Bk$M{eOOQ+h5<)_0Q(Ee){Kw`(IypI=U)~+83he>s(>cS>%WKy+`*B^Y!Sc!2jJ} z{Hu@r+rRx6KmYbq*WB?&q4Vh7_5by6A1VFqucrRuriuUkZx{a0tE+P-3jgxmzx?w5 z_1Kor|EvGH_bdNq@ap@oIP=1P_&V^tIgy8a`PL%edgc)lkR{0@)tjQ-T(C3 zw_gAEQ_p7jr9+Er8k&wul&U;p=a{I~ye-~aZ&e|6+vJn{Hj z!{00YVdNie`rd#16=;B9K|g4ih{NRkbm@n0x<>6a{oJab1^s|9KXjvA__s$CZ0B3r z{M7jQ&-`~odeeON;+$=EjNA8h75r zeLpuwMgDGziXV@PAC8K*M0?)v&hMMJBt@5$=yJRC|Ib95!o@_BTwUZB6#4Z-mxYYw zHx}LX=e@9KL>H3zJw^K6#zkVflt*H4foH~iO)qnit3)JTOxg6KiV)7 z>B8et3J!7EvH$j@$ZSZ1=`HRB*!`L)TKH#UNr%(BXKGv+ueNj(jo;lJ?hUNbuWI{lLKP6>uDC?*+E+!l5E9b;X(WlJ|` z)!y%-@GYwek;j+^C!NwA(@O zbcMiet2Ou+Fr(yQ{wi|y$M1nt|8@P?cy#!KfzUmixJR71x!Psb zx37k6zWV#!RsEqc5WDbI)j8UF@${zZkF+*-zx7|&+qD+0Ik#M(K%Rctf__gZ$Of}b zw;f8NJrZSaE1ZlzCVX7X{V|tRw-A4|JE~VLmhZub^U>w=$8V^s)Hm!!id^jV)Heml_Z!=PklU$0awkoBN9?(sd{}8uQA6`vF{V|tP(^0?lRd8P0BHQetK z{t$Cz`Hj>c%1Zf_FQi5hTDe6r1~Znjmh1cJr*1d()$0Mm zTD?f+9F1k4tYcZz`eu!xu1B9e-GL3ZOonnfK&P* zo_o0@RVfcy>OSH}EOdy8c!%ZO1EjmDt6Fzk>H&-0#qS~heL9-?hwEEb)@POa+&^Rw z_tRI=M14L$k3&DJsYfVi`OA(XgZvWS$@rdbi5d;gWvd&aeYya5n_Xo;#}J>0*1FWH zGuCs_ro6P1ha|o=`~8ge%kHAx#{iKEn6Ln;g{;+P)rL^ORg_OPmNdTL(F$6t{WH;~ z)c~x`R@|VKSzvMr8~IAQL{bI%v$?J7oJ($nyVJ_LhgdUU!vPXcF-dN-so>6_OAe5v zE1_?r&NLcBX6ET=Qz+{bO_qswBLT9X(!TJnM}4969VE$)tA+##jJaq#_x!db?TU7! z2py%2Oc2>752PLgRSox8r;B8%Cgr4e!`GN`D+{_>Y+K5mm3`#<<#l7LxSo33c02H81%f) z7-UG5QkS4QI7tiB#yfMg?G@CH*yLn%N#2+VbGbjC>{B&lZdfTZv(jp9HM1g=S>XJs z=_hNtwXm%WvN+4Wl!JK+vGb9vEDQooE8f^vvC_!y%2ZpwW=x*ghl9-=-PeFB;tCUy!`=Xma8^d2B}n3DIQac^hp z@1*uTNZgB3+=a@z9hBzz{X8)5i|(i94E4Uqls-iM9O*YA%7>}(8A=@i!ri3KSn6%j zL1axG@40*tcYxU)U~vooZ`ejsEB$IBr}{TYDM^S);*U~rkg&vJk0gPs`|2?G>?UU@ z{>RQrr?x6e`r*5B+$^V`HTqerpI-fx^|MYt75!B8vtBKm3TNI?(h1?)I|{*pI0a}*9HI>AQ%XOi5FSB6A#_HeBVP6qFMCH+ zoQ;apQE@IR;+B(vBlBh-z!fSK7QQ`LSokML&(6-(PYoWePt4Cu&7B=QQlB|BH9I>s zeR?)YOw;zx&CN_5o1d%SP&-|po1Gg!Jvlxzc|+~~`i!dFGBP-%|8J=6n?E@>KU2Tu zbbWqqX8hz0wIlP#PEJjHvVL}K`g8Tuw@ggzJ~q7l`0XoW5vFspPM=Z zq^aXm6XSD$<48b9TW4hl7e~%<=D^OBu?@&|zWTVwR!$At*|)_m9fa2DH%p&a=Gl^^k>#pfW z{$u#n#@8vexQ!;d2sGa9?7U*}0JqueVW|8>d*DwC)HeeTjb750-dQV@!p9Jy-5C{P zf>amBtus2ACz#I&!c)rJq0qHTdq>fS6@5@YB1ZF|er^qoc=Q1pQFrudm2(F(k;TnG zSp14$?G>>WzoXMS3fcJ{GAhlb1lChYXjCzhCN164B-%rTra0iwhht zOdB@lTKJs`^Oiq{5_I@brwHPxYW$su>@VxUOSjbv zy_=G6_N`>7-pOaYEm*%X{^vu}NuHm+6jJFa3z2Slqs@0jl29r`62bChjZKQcRf1s| z8N|g5z466ox$mrk-nl+W6u5>jhB9&+@<_gwM^b!}FYtE0Kwz5`HBIw#JHX)F9#P4U z2nGh?>x9ZVOc^fo0Q1b(T9o!!(wLtd5v&dQ7B$9e3c93(gBgV=TFaiW!WQWuA&Pnm zI{Kh<8&N1}2O??(ZaCu%T3KJ5YUBHk`l4i^vO{0MYU61)jaGJWY>~+AeO!vJ*V6S3 zD3dojPo{I)`Pcp}6Am!}PQ-3k^9$>AuKt!jyY=tlz;K+3FJ0MXcOb{nsXw7MZI7gF z3&9oeUe;jTYkl$AI!3SlgkE19m}N-Bz5Zirr@i)%R$pANZ|mb0H$Nm6-v8HqYd>CP zv@;0nHbQ%U0-QN`?X}hP2dll4k55v&rN^Y`8`wOuM@TKnhUMd4tA)2H9-lH@Ry9qx z`u=&fg}+B3Y^XMV&-GyI?SpHX6uuLDiMNuL(ua}xrZQJ_(^Q(gh3}*3d#?yBZoTr4 z<8S0}EH|Aq<3|xr!Zg%ftgzzKE-1$e-o7n!RV;(EHb2 z9;_?KU10iR7xR$s^!#@Yqu5;nrFU zY$>koYj2N(TiVKf9UVzzOM72mXJ;n5rK8%%3o`<+rMRVSOZ%3NEu9-^q9tid3A_q@ z-Tpr}GIQlU*zw!lZ83e~w7a`=s8E1edxz|TdHVG@F8BCVZd{m)0m_1V3C%d`YawW$uIF8H!R zU$7&>A@KOacAN<=a0oSyb*-_2S`jo0e6S+E&&~2_6m0pdaJhU5%gy-wudZ^?7i9Fh zRD}W7yHRNh%n{2HG%_cVEk`o_xees#6lyN9PhaN1_7^NJ@?LmOWMKtD&kFte2n>`P zu&=?Cd-Sn_QKfmXU_r{YDd1l=8YXJDK3@`XWyr5-zS02I_dpU^RV;s~Pp8fse!t(s zPoUJYBA3+oByXt4%dca+0V^>VAFIbO7P5S5iI4$5uX)S8(!Khi2KwIrcFq-7jLaPtzA(ywoHc1Cl0M;l9Y5(7-ki0b1|zhp{KY3h7f*AzvRV_ONBy zZ6EsJoRzUJ&owvpbHB9)WW~F!jevYQFeWiojl_~*1d-1hfeED?rUyv8#6;W)7pXDB z@-Zu2ZyTc<<61M48*-P{5uRk`=9cj1f5TcSAm zx0z&xQQ|>p8ko4CBjbQQye2}cSppB^{Mfp18Oz|>d`P}6g$yN4ABbPa;F2LH4 z)7qBIjjf@CkU>saGTa3MX$39|LBj&G+Wb}wrP};JW%=fL2(2xyjXG4$ z2$6{ZA(ZJ2a4GYhB(*CE^&wlDUJC zOpl+#hR|~~eqvw~r*|@!b;Yf+l!t`len|5A?Y@=fRv!VrSTkx&f>%_~lGK7K(f_S& zKA>AgnfJJ;)&_1XEyVe{a=l!0ru6v z)}7?l=J$-a#d1w{a<%z=kDBUzohTBR)E}%v>+*b)c7BQ{t=K``a+iJGS=UHQ1~4mS zm4|CTMVvyhtJXmZAK2$}Ao_F$b+O9;!p$-CWQj`<^)VkaEBrE7VCi<&G*NfCnhdf; zj9bOMkga(dy6ZYEW9A#5nIw&Og8Qv7UyfpQ-QxLcFRBOZ3o$p__l_|V`B*qMq`JZ- zt=0K;ST9Kg^I8U`tupuyxA|x~ z%`35RGVRO1m@fdZEh=NEubACiV=;r8WYLV8uEqcv-H>DjlGysR$D;8|G9zWeI&Cc) zdbseMWk690D}Y;ug(|fU5y8o;sr=2YHF+o#;>&%T&88KM>9`*&WX1sXaXRq~0I$vh zq@p{NUx#UuA^@$$KvylWp(g)dQi}i`*<91rjAtLy?qULS*o!g{-_uY0>*yM zWSUm_oQzw;uNm`Yy4iZVW)91y3r(PJk1TYsfFIz#CN}LMT{5_&Cbxlok)^DJ8m%+Lyc2MBm3tIfle<^vcN zl041BGK=&vXDv7RG6rK=Rm^5Wl4J!)g18ju8IBs9I=jiCTQEG_)R#n!&9(L|U0NN6(^{1YF`Yeffk^ z6_WEQANGO`+CWF^h7GflVy&Ds85eV(_3Fi95(rv${$!{l2(4Ke-Gc*``wUrtOF79M zYq9mUj?iBS;c1sC0p6XRDGKYhhY zlQ*t-70BA;PMS<$Doeb$@SgLczELV~`r!}9-7yw&JTsN-wq1FIByx|y-JvC(*k2MF zR-_W^@1JlgK%?6{FB!D(9Y=bzJsLmki8M83@!9kbk+WU{=%d4#h2 zM?;jW+6vq}7*)?mYE;kgxs5`9rno>fBiiDZ^`W)|2(fnXK%YqxdW{il^Yc9lsVtEW zS+i%VQAY+GSjq)2r&Yi}DeK}+IEd;Q8qzmqm)`wwYi(oS+%Bk!Nys5x$~gSR7gE`f zpvoe-8!nRJP%OI)lZWiNOn5XY(VM0=dXvMOb5D>BY4JAA8q9D^w2Oavg>T#!axxXv<{)Ok6S-clVyT(%#X`BtA=B6NE zO^%w+9XS~iO^Vu1iP$g}qT&UKP;_GRW@J9+NsyLQA<9%!M6_!Bu589Bd!$Ivcm~6y zp7_0dqS@SDlIddv*7x5%*~(^R!DlAQfVEati%nBUzNc^}}{cY|KXg4=$ zuh7>q2m5P1^gWIM5>~UnG0pjOu1bcGPKse7weA)I0dEV_ghn1#BWAcfXf+=6iU(tB zX4HHRjlBp$O-*oW>{YiHAGhhV_&6aO6MJyBO66F3kMTz{3YoNfcx!E4indUNJbB#l zyx>E{$-*_`^T@d_Zfs;>-8CQw4m*rGm9@CpWfi9+G~kxv&2KgtEMf1d63}Uk??Z>` zNeQ7xqQQAW0X7R+#&0QTuVRtUn?C7P`q++1Bjkwntz~|l3PMao<|@RuEvw&l!Cj9WIet;1Mz--3wGdrTS%GKqB)F%CjXq1! zU3yG-&A-$G;?g#8h*-fFaPRy4d4+b3%U`h!-LGc|zv2j!{fZ&{N{sL;C39KPqHx6W z{I2=1T(s#HLrZ_nQ1f|#bshWoi_!v)8&!ReT`Qeet_K9 z*_9;Ihm)ohO;Y+R=v3IXro9h;AVpX*SqkE#+W0P7??oZj#6?L0-{WDdg2hZ zjIa_LLK|_46=Rm!p2~TXaO{no_W`n#gEnn^efqPq7DvsWa*7aX^jFvtPyqVyG5Zn= z7q?4P0DA@DXZ}p_@zRign0^mv8;9H1-(3`RgQf;|u^TE#wO|aEJ2t9UwsP`QTQ&>3 zE=f#ePmM|7Hy!$Sfy_U{2pN&Y242%U;U~v@+_hDMRCFz>3u7gdgzUM)qME*^9}^k` zg}zfA?24W3*YYX3wrjbP{Mx9pgP-a=v0?{-Mukw9g|>EI%Ve|TARf|Z_bJTzU4A$) z#@F{n5K4)>nNY#gzMrHKDsg{D-tYYy3=H`}FIn<4R{33p8|T-kX1EE`!hTVs z(lt4?LE>O+%Ba#}H@`5G4W&)ku7Wv~V)X(Uo``C$@ z=|^V^l(Vyj5$A`Z#>Cz)a)f?x|M=Ya;Mn-Fll9rbvHI-XZ00ciEki>iJBIY%jy?7m z_1MtRuAvc2i1T-j?A*R%c>AzQTDn5~n;hObIXQ7`WOUb_JtLz#w{PDwetgHV-MjYe z+BLNOczxIKj`3rYJ9qA^4~^E39~<9u{Mep7bw!4cbAW$hV!U3T9I5X)zGr0n@$u1m z{rL9dlasVPy!-gX(C|ooeAn*DksZ57ckdh?A3C;YVrb9q@g2i^cJACUd~DCo;bW6~ zjt%cRzGrfj=#HT}DZ>-ThK`NzqHU^;?ym3Ly<=o_WY^C6o}KmMyGAB=?%FwdZ0FGU zuF>)OFl8op?wH&S9B|w*d2IXSp7GJ)ox^}SHgRlns6Ki8*s=P=`1r`sIHjnwd&kbv z?UUoghKG;sh@!>`NPTQMsd?$)_e$J%BY#eIpV+x$ z_r&5AeAX}K=b>zjw@WkZA z@zLYEhj)+c7~Z*asIK`wJUTo)x)X7>Yxl8ZJC5(#flSy_9~mAQ-o9t(_~h{9=;V%F zOKJPS6+{-99?9V`8E{eth?ii5+`(4cCt&cE*n#-vufoqr>&dq4DjAs^Q`7 z$M~u58s9y+ok*Q(dq8~m(2kwF-4sO|3sGOn?9S6sbVniDJb2fEv7_PLsqpI57kGCH z-B8|e`^@;M`lHh`pW8n*d*#ot!#0Gd^>+RzGc8s3zp5PCrt6bZYKIZSF)p1Ks9y%{p5Xyr~Ir5G9632GLN1 zBO}`fckbFgv^|P;6rvlIIyiFuj_u>)6HxK^_^uth&>5r0M|SNP9YWfpF2*N!jnvUh zBfF`zz7UnY4X4QdPe##=h3F$`|CUMemR>~BErqD}-ujv8*{QkdnX~uJoczd%xw$j5 zH{E#SBXnr~*xZiBecQlH4K>&5lFYgA3 zW_#xWh=v~Acl5;g%$Y$(r9Q|6t1~jwGe^cBsf&IG>nG3fy4>|Q@0+QQ&(-(No;^Jg z@;)~C&_lyR4-ZGtNFmzhT`?$k)=z=!*v$CpSq6IU`kR@&6ZP3ytF2liQS`AwG@7l# zD|l09#%JdCO`k@zQs*e|){UQ>`eJ=-`sf^upGs@f;=(^EL<ABjmdJR(1M19hEVH#$bsRa$S1z zkWibOhRt|`u>OU*@r`QpGT~(H1g!#VvOWkYv4Z&JzoUid&ZO?210TTdDMZ^dM7p>B z`FTbxek7Fo6z@VprG!3A=Z_bnn=%zG>+tl%=RO6`+&_MDzW(s=^*7&9pHtf1GnSH6 zABMd57ovMI_4l0^KmACZ0iDoP+CMcRGmuI4@W}Ny3(SGj^QW9|KK95%4=Lf)nYpuR z>X-IBH1x5_C^}q-?pPJ<;i=gW|GGo;v-xyP1C`D-WGIbFzMlxnZ&EZ@%x$Br_5*8&6A{ zj&u*9{ej>xT=&+QsHbPsPL99>w-=(l8GI5v5|OaKetev1`>FA%If%cH>2b0y#z;st zBH8e#gV`=HEv$3#*evVYu0JO*=Gtf>+OZOy4k5^9PLH3=j?{cA14oz1z@$&1=4~j& zRca5TUOrifZog2&UVYi{EF;J;O!H@h1$F;yuprUiLUi+m`Y3_1tcM8$s%L*91p4zQ zLZBBn7oy$o*Nb#IXP9IJY15)96D~P2eez^|=0e@yrHS*$SKp)R*dKdVLjC<)9|re7 zp*C&bP>8O%P}}?KSez#Ikfbd%4n|5MtuAQ5j1{80Gc94S%uP>BpG;^iHnaR~GH|vX zN-}O9``EU0@Fib)8YfCPMU#%fR8P+R(pdw3;zal?4>cR>&dC{M@~=A&P`1mot~eW zsPCP51lw$;UYnoAbecMioi;I!A&+&nzoqD)0luN8?9+7_jI!g;%uJ&J=cekjBm#np zm~v+@U2O$Wn?7yU+1%MPbuwh>pBZP3Xl>2UDju&O_t($VPfylQPn@ldhc83SvVds( zt3p)0w|@L&-OQT3i0reoQ?s3i4v!3t?9wWy_Y?DUD17Ll@t5jn;tgwU6#VA29642= zJ27p>V(pB5P9ocrW#~_x#_$ex?i`=_-0kC2Ct2U9seJXbwfHL-2?qGvW*(`}9mNV9 zJOhU3xknbS&s^hEu1psN*Q81hXs27|Su zQ>Q0@$Vg9HGmNWuI3B384B+X>({(IOdNesr8+*^3;d2^hw$u*cHqjF927#CuKV6%h zKO<_)+9(EGz+EUDpP4>o=~?m&HZYo27_cjRz-|(YPXY11(=+ws^%(|S=HO&~`A9DO zK;+G^;RLJ(-A?-oVtPiTJjGzZP2;n*)d0f*6XPPo^l?LWUiM;$tT-Q7g|JS>Jjjq! zb3~l0eltx@&qIDFXrykT6IjKB8ccOl*7M5RNsC!D{oFoV6>B*)hnR_HQlcRDMA2=9 z=oX*u?*jolaRmrkEqo9VvR5(mrzTQMXc)(4D(13S*wQ@Pi+kqlGiS5dr(*7c^)kZW z^aV)&ku|~fB5R_Z7~%w3X@oznri_4e&2qth8hs9&o|}@qOqw3SSWGqCMFKdhwc-(0 zl3SaV)?K07xwfjR=Ux?F2(qFz6b32z?ojeK4m+s1-vE zMi2?X|LQDkLxx#m<~A%VsB|?V0sBRk%)WL^Z=(V&|2OUT$5a-6Hla}_anMDMv|p9K zm+hDiM-@7`*+hccADA`p@foAqs`$M9ZzKi99-9;&v;Ib@nS~urYT-Agu&Nqp*!z!2 z3{A9$Ye{v?%;l%fg~^3;*f=d)RqMxj&u>!u0QNFQ0%|mrTAN5v|AXAe?UmF(RYoRk zzsz}bTBeSo7NG`;@;5Z?#|~+C-__Pw50RXCugR`E|J^@imAW2UJ9KMbG8wGHT_6iP&!U1Ma#-JVH(s-W$oq{=$ zVDty!|3rW(#bF)N07;BLxWaqZp%E5SAdD7|zZs^0+TRFj^;2E`n!cbci>u zLChC8@(_takx0K``1uE*15x;OVh32I7*!}{L?#r$4F8BVBOXwnff^YTiw})J>>z+` zM90T1(XUAwFp4$YU}(^Gt%(Hl|1N)HSOZ-h1BEkL`EzN9Si_45bEJ{s(LXFANDV0_ zOku|0>!846iH^mbm|Ozx5(DGUVQoW;E+Z;C3M@o3j0Mp5j+Wm)A^K|^70p2YO_ZUN zOxgrHj$myvY1I(2F)|~MR5XD8JqFJDl$RXmyjmbkrO0t299q+(LaxGev3JW3Z8#XAUi{{;y3d(qht2^NgD z|I=WDIZn~__V5_msbPfjQB(7P1${dm^NgWTfS=1I!gb zZ0CpoE;zI}6dgc}0>c#XlNy=i35X(-BmvzI4qq2qjp^~HG&ma<32SO~^2g+>_6cie3jc?Ql zf}{6I>=q#aPy*`ggQ8gp{H?Z4gNUei%3CKYAjH-~2K+ zBD_ISe&&P74sNZh8o28Cz<(%!uBF2JP+UK5DCIRK11X0=t$Jn5eTA0!X$iJ!5qw`>TVh5Xu zhV>M58P`*0lfWCnP?JMC#cV53fgtUf46UDFdfA`W~&h-0Y) z0&I*!%(D*l6YRsC#Bd`-sx#cPz&$7rCr%&j9Ko$N{+?a7zMPiKFb;x&J# zOfGv!$MH49C?Q# z@S#7WE(b?r$7H2Tcb1%6X`Qj?!lQf7+#e$vN*+oG+V%r2i&P5rTFTf$H+uWJ($KC% zrBP?c!&b(hBPxdZco7`U4V2Z?2}4;`GqZx?NEo>8?##A5l5nDf?79kAW?p;Hy(BaA zWcsW`adfH=&+&e;9w%@M-ebAB}@!|dXD0m z!|(k2EQBhC5k!yR9?%Pd3%Hf=fWIc-3<9}^K(41e;J*#{vMIJ&??LxG`x#_*pARFQiVQ}8;0T+JXaKgek}x}@<`BQB|fASToM z7#@LegfbZj6M?4@uRlLidJm`2!UDkXk19C%02vTU36}8O2y#R2|9l~5G( zKs@BJ#1EcJ5=Q)WNkYy{dXf+WIk!ZfpOJ$fbXgIEhWQPHm?7Ykh3RPqy&sP{DqRG4 z?_hY#8IfKhK@Mm!Wrcjig2$?K>mN#2xkEy}ypea^5sCbn zPemBBBHxCnK_~)0RzSxer-I}b2J%G`@rT-rf;c6=sKN1Ntccew?g4oe6(k$vgN9kV z$hi{iXMvhWb!$5m6KN1C3$uPu2x%xlk$=N;9kWcja5f*{p+FP)@M3uX9+A#yT9Uwn z4YY12;LZ{16!yHswHhQnHvQO|V%8I?BRTNeqXL{F|3N-*M*|J_gc?(YU*uIt9o(n; zK|J(C3uvpuy${r}2A&37wnEq!>R1JSkoO%_%d_E7X4umT@E zMdP$S?Wk|m1nVMVo6@A>Id)}=A_aGQj&z4}ugRlx$6$1pcNm@gR~{LrXC!`T&t#k9 zbK>h(hdz@-RYbNyWQUj~aso?G=6LX3b65W%!BVYU^W~T8bag4 zc+f*ue)tB-2M|FYnm8tko^bGw|G^SX2AhH2lldh^zT&|@K|!-xw0FzS$UssVqtP(& zN!-ft?GR0!rm3o;thEq=st|+^O7S2T^>5*Ch=1}g_{ZqPX`=-Nbw{QXd7-X}93(nS zV(+r;-z2q{C>U5a-6FTo-)6=>KPjsGqmZ-Gx=z98KA$*S!^dAAQvJEme*dl00>yiJ z&8E)JiIq|2Wsx&mv9U6&b-s85_Ur}Q?v+8;D9#5GzxSG-QIU4E?FrW4@))?C65Ua; zW`BU+#}~81g>P`#1u0>ufSxcWXXBuhUE7ojOm}GwmP!7O)GOeR9br z)l`QLd^&b|V@$cbiebZ1qN`2gt5@FkS6D8H<_7og6BVC&vqqq~x8q~<_kam}{j;+D zbrZ@X)h|iqR&QLlIev@wRc>LSV~@1oN`}svX`8IhU)rG+&;4Q6rq%K{S6-({v&rRa zXNBFFoAs6iib^b?6C*()p_l~Jwb*ouFeWst%~otgDjVoJ3kxfmjESKLJQN{{!0rp$ zek)(3=LJ!x7uMbIIMNjmOTbLf>j@NHY);{9Op~cxoWH0Xnh+*{l#7KQX%2jmET@KH zYVf@w&W03XBT2wK#HYuO&1JnWPw@b$9qk zEH*Y)F?jeRR)D>g!U6+A!y=WuBZ8DbgF$scaY1L1%6gzb3Ydlhrl|<;F;8YeiA0Js z=7`xd!x$;WpQUk(SaG1_lzfxB@bf&`rk75K_MJ!%ICP3~ zXls|POGs#Z$h95XnjN1iC|Lp@w>B&C3V*xceOKFI#R*{_YHA(EMpwMMR_oK6gO&wH zy05?B|9H7E_QeMK!a%aX{bz|@9eiXx4i4A=9GsHu7%y}xm)x?dtwfLoa8`U)WI5NlfLTc#}(!c zOAdO}sm02@kUs0UQjlJ&k?Lye1z#xkShX1TeKXwZvhLutt?y;z9q;!RYBdGF;b_a5 z7~Myf%5M5pu%~-t%RFu2ybPA?t41}?c%oJr=*PL7dHe+YZWOs$sNb|VxH->UJiFE4 z`v$#%6Ivb@68TP6s@#{Y2ws$?VZDt~*&%Z&_pD3*oTD?^|GGrg+?pY8Y<;%m#FVO8 zQO`aa>WMV(JfC#s;llzG87?1%S;mi(n->q7ReX)k{80Zw${}bM?~_xRV&MZAoi!f% zelJG9&*90F-iljf@)%{olGpuP`cpWV05wT6zwAhV?+^;xtBug6bbL>^ujJ4!HCQ2I z_WaQQYhaqnn3@)b_x$R3kcOe)f7~+BNk7{F60!j#umRBK4!-&v!6&MCxGm%WozGge z>dlGyQ*#Zc%nIyVXm{WgRdX`MqH1M5m-tC%ke0Oe0^DaiCk$sd)b|B3ob97%+lu<^F-NU#zdvwgKT!! zj~SnIZ);E_M;~1Bwki1SY`1)&ccxYMHGK|+_^8G0%k$<{xS_xGe8l~Uvrk$qYU}Se%2?ID{OIzODeb!D8{MCz+OD4b zCSPg6qjYVBQkD6QCw0Fm-#A9rDL-1aMKiH=Pm=tAjZ4NARI0ed@42VM(ry`x zJs#^GOn1LA)l%1?;rKi~Y4WR2HMi{R-6MVv z>b55@@4ww|*=r$N%rCRAIKe;Z@p`W~kE2Sf@66lnRvRlL^SVE{UM5XGO<%*du6vDf zY6H7fSr^D z+c;PuhYuYXmI&G{v|4Da!^X}7Q}Iw%#*N(~rf~yf=YZK^Hq0;>JHy`@J0)+XrTY#2 zC@eV_F)v9;-i{?_V#yi9LQ*7S$*V9uW_Bc^kjn3}L&n=D)H_lsjIp-p9Tus$Bq|uw zA0|M;RK=Ag#YQ0z9yn@)Feh)oAv|FIi`>&9q=Si7DN2fs=}>X&>;ERDDEq$CvdM}! z+M@iY?c&@vq1$`Q4#RB;t;@L5>wG;F<#j*SN3;a5`c|X&gyXVytyxLI+kj5*+G%P< z+ueOvrzdPMwR3Lc+Onc`vZd(TIffe?nvV1MXG+n{<6^OyS`YesE*a~@ z#Y?^APuQ0pwQAG5rWqvDS?AXCoh~e4;o8-|XMMq;*(MJ`YhCa#91=B zbUl7+KhCqqtOvT&R*HrSCYTh*^yts>EvR>Q@Jgu{^H$%Ua)yS&@$u6>n`cQJ{9-1RG?4SLHt?k7_6N_R z<0e0Uszzb*X6I#Bo;mtJy+7 z?8{GCEmsPOUUVc=^7|VjzTAq}CZQbcnK93zudr>qId9vw15cW(ADb3@;o5e<*Qz(B zP*CsFmfbq+SK1HWwpdg?ano#jnJpTQ30K!^U%Qd`?Zv)^^g8EtSC2)e$MRp#Zx%dy zWP&b-Z_BbN8+jG)x1_b4E>C>V+0H5Zr6*k0^G(ZHiX~TNVwQ57bMvh|jf0IcT&k13 zKioD9zu5G^V&aXim*zrVkJgr6I-PKQVuQ2!r`?x(^XZf1G5RE#Vd0X=L>hgPFgz0& zt|0_SOk#mYu<3#PGax}HE}(KUwSW&W2|CdnWNQp2O&_#*i1g|O9Ax4+h=geQ1OUySQK_g7`MdC$E|`h)5@HPw|Qs;^-qW_L%JAHETU16AO#DmVc~MMF_d zOL-wiNg@&76jFXN9GqDA&XX#6=0<~ zI81VAqfQ=u!g3gw&xCO~?+6}4yz4$sEbHds15*HHB@pk9R&0dFtoXMGVyI+fez9>m z9ztU<1{yc3)d-_~!A_CS$jYq7fbIsQZI#LIrm1Z`>oYpmih1^~n*MW)A)x-Y*8f zN-sZkFZtnf?-_@bVzTsh?wLV4+_m(~+K;4twIx1>$t$jL{1qg_dhT*rP2uNEgQZ^C zr%#o9!KhO#9(1*C6s8+c@o={CcLhO|EiW)Ovr~p%SqN6%~W~?@Z}PXMZsJ zB6quQkETpX?~aQ5n%QCnGFx_GX`8)Ce$+NRz&yQ;f=VlMMLt$Olihfs>j^A?_7a&9TB z0P&%g_eAAmJ-(+YJlH-@zs|MYR3Gnot6YowzP!Fj*!-$BK}-LMIx%9f@PdO`d+XEy zk=D4LE*;%`%$;p}?h5&)iZbp`F4Kj=DAIPf_!~u@3cE%2^6sdrCo>277SJo2j2hO5 z>>W64O{6aZ^FRY!3CeuT z1#`-C$g@ka`IXHZ141#5SeveljdV2-fTjz7VW^JD&}8u;dJuDn3q$n9*dhR(hk!U3 zqTBs3FXkxy@8vcYni4{Vn~s1gE{ubjFPRO;kHvV=bC}eyCXMOz@IkbqQ~ObFMV5r3BJ81vSr=kNg5w${H@BEBTS4un1ak#k0 z+|N?PpJxqE=~17XALf{!ofu_Y#Ao?hXvu~FWyDP_%I7-k&39E~>J(OLbo{`TrFPGwURQsqd^sW9H^C~srN2)^)6gY?H6?$xO~W?#~d@_b?$G+Sv$7I&bQ_PgGd zS(AA9QU)ji*AnyM5yZu3(7j;?y) zx4HD3rOcb6cvkV5ErunVg18Mc*9cYcMGJk}!J)Wt>a2>>li2PaTIG`dYH=`EFNcP4 zM~JqeYA2Y=a4?k%Moc9^u(3BVhqTLL2aaV4j?tR`Ian6MZUStjg3&aU;ZQtS#Q+1{o*(#xuOZqaWHzSzym+FBB16MgZr+PwF~l|ggw zKd7$MowQixyPNF=zYkfC;R_!m&RzKJl)C>KQz@?FoA|HCDxc*OezG`WslzJcllwNC z2C@pgZHyU6vHPpe_+q%5JxwEzLo;Mk{~g}88ICKoJW25l2L>Yo%ES&HdaquiHp8bQ zTf1uVa+SkLu8AA@ME5v+JMqM8`d>?Vue-ndw%PIe?dNM;tY6+ev#Ic5M%qy=dHdac zVFBEi)fK`v(=MvXR6nd(D_wv8Qd;71r?kI5vp8o5FVWsIsvxR}nM9L2&K*hkEE*31BvR-)veykh3ubb|D=|MT+kA^&srlYQ&g4C z`-<<)Ni*U8;wL*+=vj4^Ejsu1R$HWwkxiY7mepp`8N(%td{0-~n?7i%UMjrMlNfo~ zfA69@GBKnFD#8(WiX~s2`#h23j&~^6C3T+-u6g@bO?CIcqB1fw+bZooai)5{Ri~;6 zuQu!aYf8)D(VL=;f$!ZM?A<4JPOmDnV~G!HoFEqQa?>Y=hBcG6o}DAuIa%WZo1m~> z+(DBQ1LA8Jb)@A8MFgBLU4HVU?$QT}hnWWME*Q9WY~nEH0!S7M{tm{w!{`ICJJ)s!H()LdD{hOyVp1L~CJnFj{6mZl zEhb?Kn7RTSqKFog7BY<{7;m&bJeL^;ty~YXzU?r9C>A_9dt# zKT~+xi#|X9*^btCv#U;s$F->|?k=Ib5XeVZYEqvB+^=GPvHafB&>GpMkTyN@Xkxo? zS1_GxAXv)jQJiD6^t{Tuxo&Gqcb%E{ z^|xsr`tV6Mwf@YcBTj1!kA3CJ*&veI`-*dE^0{OYLlKAQ_3G!u>OCVB)QG@TTB0~8NMq`bt zN8;P;zH!XIt3T(0Q}7<|D0BI88#9GE0ZMqS&nM}c$l%MH*{hEc=UF)Uv`5}qDeh`a z+`LdEBal0{Q06ax5gF+!P0O7jU#2<*E;X58R`U8}>BT3hi){C_He1CUpXbD09zZls zT#@e?6#0$g^m7A0oq)lnIs=Qu#H}?=AGIHy6s)bdrdvd_Uwx*QR7c;te3F=8>ZY)7 zy~mqnCZ}?ysdrRaecJV%qfhmtw3@%%eeP3_H}1IIJ?-hMnT9&kGapAqxh`$V(d|#n zqp2jEY3f^Es~Kk8lK%SQ!P)C)vw5v-5A$}k-t>YVT*Sgx7fxNuS0U!CGXGe9nBSXx zI_VC~f6!bX+CCxwfA4I3uM`KAk(J6K$3rGfCJPeOrOZTpJJs^8pI@<;yPPLNx)@fLI7mz6O!7X~MjtU=$TK)rG?kQ~_5(53pEFX9TmM5NS%# zw{Q#*Kx+~l@CTe-q?2GBffc`>FrN`&uo|stVd|rjlh8JfVeAiqK%_hlj146tv*t_Y zGw+Ehd87LlV40kpOju6rjk$BrO>m!9&;#MGF^N^{%+(B^Z?}EPr;c?Oq_TJ?E~8TS zQtY*Egc`4S7ozzg(9oz@>5cPgHP)vYny-wOnewRAczm(jQ+U{a@+q+`yB@8dQFq3) zIge}pMO*3fb7DPaD)Du0aJHo;^c3%1XV&So;kMs|N9-PF+A5}o3!2gB6mE=8VaGw) zt^e5?#Ua`8ke|_zES)$Pn>-BM0Vd1+12p#&>`HB?@Lo=>?5q4NA@-hU3%21UrqW|| zwX9S)Nm2aF_ZTes^C$u&C0g=REV&m;euO1gQzSjV^C;}}J!BiVWA}2imIWI9`kQV9 z*f*wSta})Lmgen;C1?K+XbR&C4lw7~uE$?T)Oy70vZ}U-5A6I*Nwmw& z$#eQXS|I^eqtHnN$FK$q(K#lj38!1kZ}wN$E>XX+cZL27Y|^Pk-&5JWYp$}D8h*4i z^=qqCjXg)0GN~@_WRM#7V)@ruG5TjD?%%(*p42dvdi6PB<=TP>t}B7!8=XWeRTs;z z&GFWXX%}bBOT0PHT5CJsr`^_4GO>yz>9o@mc)z&pT>HHtN!RfCDZ#)T%GsoD*-W`` zqvCu`YpqQ_<^y}Mgs(47-g=vm0HVZJs&pd79g6 zU$d8mpL$$qEZe^BcDosVrSYU#iamGN*~gCs3tCnPf3DhUXseg|a>e#}IkHyu2TW7h z+`Nj9R&#Z>->jKYd0&4|_7nTGtYe2}_&bYuEPa}gLRgTM+jJp7;+)ES5tSQn%C1VB z>WFAk@DX9}6s0;Tx!JFF@!y#Il5dgVtmWbv-s(c;?Q1tAvy}C(6uNq~^f-N@TbApZ zZF_9*%H|uSmAlTNt1hTr!=Gm5nUUN1xNal;NltrSQSg0_0iQ3<6k=WU^5*jwns>NA zuUfQ$w4@hfSAOu?CF^Q@_qqz&zAQyTU)6?mQN5PnnW5`vXoV}pKgH~y@d#S<2TYcY z+iL70%X)h44**FGA*| zOl$SV1gt;#R00Hgl@A5uN*Ru;;{SD59g0ctnGJGdaUlihJY3Ly+96cz3gu#iOyE)( zk5D39|Lu z9ZZ)n6u297T=1+^UU17ouQJ63f zcONa+wE=d8S#$wNX1jPfG^2;$lDZ*~>$}P}a0Ql#F2FTh8{uX>p_wBTpjl&l;S>rnIfgF4R2E%;QFRjo8eM=Z zvb3}T+Ire*%BH~3veizwMXig0l4@{duDcb(LKdJC4A+8YVT-|7DX!WX*KS7Jva}^I zvw9#Ib zFhD^b#9qpawsUXbZtHI2zD3^>xA5Ys!G8sVwe?-RSj{{*t`NvTFxCWgg*oFQN4(O( zJ}fU|6%=#TAQKvKhz@3KyJSye+SLzeWOQb1+hosRSBPx_W1gpwrwoA7IZ%{x4TO?w z5CBgjnn!HlVeQ%ya1*|3E4YYwG+%2PGB5$x%No1@TZbNkN6M=23VL`5xIyDVHEt2i z1Y4vZ1GcFZ$AaV8z=D&9`!hB2Y7RwcPg$`o*j^pnUE5$OY*z@V0!PxNvMm&wxf>O= zgR6^|ZL^{fD17CH0#t`#S~2E88;Cs~$_OZbFU5kb6A=ooiD#!)A?)ugln099k8X-; zm9^En2pOiAm3DMwINA|;)S5n=E_LR}jYk3{Mus9lWR0*4Ri z1RECj2ay8t@Vd|#gXINWWmn*FmE8bpjY8~CAqdqt-CMAh;28q(y4m@6WrQYl3Z-yF zhmQ$-2ec3|B45T=3`+^mY&O7=5X78{U>^e4MCi~dL8Fo@GSs+6$0i6tL`F_Y2`CN9 z=D6G;DKZ?c8oJhVU>{^D%7C`Dko~ zR=|L{XfMaXh>ISxy9l_b2@k__ygfi^V-y87yYVpW$;b4~gj>zU<m-}i);w}j?o>y06jpMvYw6WoHD{Njg-BNv4kqp)}4*Z z8Ucpo1Wp9`0yL9_;Ua|Te z1;BIQRzo`u-h%?>t-}NayUNk>z*m50tmDCC0~Vpfz*hiEB^Vd4BEX)Lc0BA~fC+e5 z3LjY!Y$@UK5o}z6$06;Ei1V7G-UJiCn#FqdL(wp76V!-cf9WuAcW74y-qZznLcm}p zgNOBp-rNxdyl|NJJY=oI%D_tFkS$^eZz#-n9$;dE6~esdL2teUI}P651=e5yDgh}< zn3Y1n0txQ`8Ur;QV09G(Zvr*Oq!78F4u}TqGMFb1HA9hz)x;b{fF<#yG^*n_)&ho$JT`k?C|J=OrQ5qb>srs*+zkg`ONaRAeP zj&L%m#!z#Uo`?I}^&NKTJM7eV*d;xNdw8J5_|y2uDH=UD;L+%#0gr{~CI~)weCDtU zEwmW_F3Xw4Mh)~l3gT`PJ!TIWqpP_Adf=cyJrC9ciqm7REG|mc)m&gIV)0Ohp63f# zxgHB*8KF74npkUNwAi2>j`a9*gmcDtCW-Z0ERT9c;Y>v^Qy(({ZGu+mWtzk4+NqO* z*v>3dbWn!{n_=vv4vRK3N2chK4tvRO$1+1Vbr{zu0Dx4SV>=X*cM}Z$bbB%ShHzp54$r9);7kda+G1_4=X*8@XFCiDhyeo4mxZTVD(W~ z9d?@yUW=pzE8{DS<5)Imw3Y`m)(3c#wLHKQS+;1gu3aY8i`4*~(DQ~vgt({U)tE|H z4(P28Yb?lOIU*ytX#p=lXN(81gs8a|BR(%g-UOS5YD|lP7pTWZvYMhK9oASdljVYv zwe9$i%#Ks8C_{(w>)Asr$<<=0+LS_W=ztCrnq8vY(0Lv9O|X*XjvndS2?QHh9;jN! zyJ@-wu;$KMJ#EZ(vpi9E9d?d7$nrv^E|^z>&Ktdk*f>RpNd*-0L3YiwJceMG308rM zj4rTz&@C-yS7UsI<%?bttPIA!3ZevpyBBPiJn9C^4>i+beC%g_sD+M)ZS9A860Cwq z@k8la9 z(=k{3sqMF}RW1GRC|W(Wx_OXZj*-!^aneRw7!G9`T?Ktugu+ITaoW~#J5acMpNvAQ z=R;zdT4;@guphut+X5g5{2!N_02F|C;Aj^F&>Dr1awI@|)B~UpNeD$wV1EMh2`nLS z6oC~4&ICxI^#Gfp{iM8rz*n%|#po644eR_BS>LY^Ue~XX(2PPKNS&EfXI2twK;c!q z9oAMR#44QIOh{HUAsNmDY7U2JfMcEmlvg2VLh&Ry%#-9ZPm!A#mfjVZCgz_<~PklgZAm&{| z$5@R4hSh6M$${<-kOqiH;YaPKJnD6(j-yWOF4S@AvRPNEHOZr`NltA|{JuX(E~l4{r*Jf*|L!sWtm=e&vQ6tI&PNuxjLz)k#mKa8%rvT&7A9Qon z5*_6?hX^r@F9J=T(jwU7@!29|k1PN>AqJoa3IgbhN(h`w;6{M0&~boa=mnv?2G|+# zIUl*vG8&09byi-7Wgw~yqk zfh7c161bRf_mT2l0ucvG5E8hU(-iIE!+|1bj(E6tA%X1(OyLpzdANQtfhl}78jT(biG(>bOfK8zm1*_E>%Fb|a zL_x%`g>o~9`*6PjkcK@7-Wj_Aq#=?t0@w;1FA&CuA4+^DCAsf*I*McBA0LFq(C@>Y*K`4lhhOC6Zg7zREA9GNk zM_XXRoe8<(hcg&QpobaBsO@xks1EOj9KbpVveOiZYWS+fd+G3AI$W)5mj_obc$DLf zVj$DSpnMccjY4xN9_)?yXgFB21R}^NuxAMt+d4QXIoU^?%%Ii@@(hI}J4~6An=RAG zm5SihS`Mk>gX=^p1}L*+VM>KYuE>+`3h--A}>d# zlB8zKQp5^+D>Ogz z;`6{|>zrCmrY2LRR4DV*+4(=!SI9JKjYN?qQGspM#M{7|b8=yRA_hq_C5j9g%qw0h zC|Ra=d7am3eF3|#!3rQ9{*t5jU%l5O&{iYQkzwn11T8>N2bl(A?N!Pg9fdeCabdm1 z@zf&FvCaz!-(ccVcAXQT!~~5*Ba4L}8L#@Gvl+N(LGraP+#VBN}RzAX5UdOol?#YVeBe{Aig*k|xne zLNst}otg)n2ym9PG+A051<#{ATc#pQ7sMN|^p%p-k_?$1L*cU2yo?MIzVw1)^0Ku7 zO;4#+B2lh^IA=hHxCntqC4o3(Xy3Xj;Yyi0Myb)RtH|^^MxsOoHf@h*bf8j|RmX^y zr1){05Pd0l&8EI2B|Ysiv;iT1J>MH(w>s$TVPuMI~Udpryiqs$1b&UFzi2x+so( zI34L-l0=LUl}eIdN2{$ImzSC?m&Pix4S132c$p;ads>~65Ec~%m36_3giDP)Rh})^ z7;r=LVNv2ZVUR?SsxF~?AJIr`tP5#cbO27tsC~911L-nyVkQKNG{{=NjzGVTJGG5< z`igY!hNWm@82ZKZq6C>DEmjq$RBOUurKCcJ#X%mMSC8uhdTo3HKZItmqmpGKb+Wp) z7%i8olxk(VMieT|7Lo8v_6q3|sZ1?O%g)wmh_n$DVfV+uRt^zPmI%2=0f7?ltF-Gt zOG$>;tbQPANL6fe-4Ido0PO-q-Q=1~Lm9fHW|%6!kG^`N$uJWaVn7lBC``T8JtG_LmA0=<2ADiLq7m zvg$anlc+;rqLCiMsaT?sX5xs0a>$kfvIs&p9 z+`nUMqn}LmBVWH(Mc688k#;Yy*5z1OeX#e2&h(2&%Qx8f;)Sn9wc$#Or4!oELx#P2 znk)qFdh*qB!|{Jd{xOJX6@#T9&CUZ=$T&fS-T*(2K%eZ?WTFjc2=;(KaLJYi{5_U9 zxth$qZbz$gLp9O|Wo`QZ$ryMOk*CJqpet#84w0Lrx;-axGtz-BU7%%7H{pSlotD>xT_KQT<<3!2@qE!D}a< z%wug?nVTG`koAX~P)KC>mKrsX!YP6RX^LOiauWgJ{-F3sXv$V`MR zN=LAe=~x0GkP@Meg^XuyQCtiq0jQ;=(O4$b1YwQ{E`x|HE{h8ytq_}QS-b#)xir@S zcU3%-a^NEhsFuY`@UXZXA%dbgkLzGryxy{SvlcqQlYeMM;CePx$>Bk(9E;*xa1caW z=2+$s)@BoP3LaX)knumh0F=T#5Z)tfA6b1N$FlgImh505vnYNFeeeJu28v?Mw)3%C z1Os)zP&DOWXKqf@K;2Jli0x=3z&MC@;6Vjw<$&An79bWNbD`v5#AE4Hhj|3+Y83&I zS{q~g@pzQA1ss%x0V-0lOniwLu0>#JDu(|oC3aq}J z_PW)jxDt-M5W5(mDd1mReE0--d_ssApRnPl$eqg%og9=nyTy(z4O`iv`>noi-uNO2 zY1r2O%O0G(HZ+-iw%+jmNxw}RzryYL7mKqySGQVb_I26rMNPB&jSCP&U1Ytl-!V(E zt7(tnO9MMND&F=#HEFS=HQM%3cG=;~-II@Mq|EWk#vx@%^X>n1KILY6q8#66>LpK&FP}c#oEQPRi5V*V%wlMa2n%EkbEM!J_ z5{OTOV_9TEWq5iATOL<~qUtFON+#9Ntc2|3uYz)gg;ZG=$O zoR&d2;m41Zl6f_N642#q65o?zvPO9aJMQXH$!S6WGdK`$kIgc zJQ!YPDG7r+r~z_F)k00CO!(c=9}KH?Vz3ZwsH4{%!N5-tVDm*b+k~Gf%ZAOUPy+`U zY9ZW)3V*VtNT~fm18n-?ct9vu3l;E#1{LH6Ih@-G)i@u*21Ym#cGW+%7L!hhOnh)D z^o5u2Oa-O_*eB&E;ciQqqy`!IKtDhUIr(ma-3e1RM|~3HJV&?OK}m9m|<1ZYF7K4VGf(FY|2B&9Qq06B^gU>U&lS$ z)52;a3Rw1`II2x^g*`exL_c^=PC+t_wuv#RUGL|O} z#X6iA_kIPUqT{fh#qfOtZ|J^h0R`O$4;S9#BQJMo65!obaAm^}es9(A6Q2;C5YzwW z!bjyzqV}GDKj_a9v!7!b-pSs0K|_SlsJ)e`{k-*l{i_>xZ#d(TNz^iLgR^6ZzyI7w zl$(}{5;}(X`1vE93MOrJD!?$^y{0vh9gXYPW3J0S%|RGS?dKLQ3v03OueCqn(NdEk z*uXhPv_!5zIch0H9vL}WAlz>*Amm4L7)XP6O#p-6R1_N!p-2Kfg4O;L9oOp!-|i_0 zZQ^1~``N_B6Vw%+ohJi~K=DwDgkM_403Hdjz4ljEXgB-MuUI~Q8rSCpe)E?{1i(hKPz&$sGkziIB?s4G^#59*RBQuONrzMLo+9*?1OH^uS_8cxcmqKNv;iP54XA1` zwFYHENeJ470GYmraNSR-sBOcTKzL_n`XVgqeEY){;~4{#ay3W1+VdKW@_+)Ea~ z43LWZ$I=uaO#@dI(E7uu0^nFT8O(s_yLtJQow4-qTj0L3$(%{a z*l?d}kkkPrD&UK~N&182U(NV`Lb8Tf2!2lqPy1{A6VICh#vB7z>~r`NO?1S*s)lbm zj6+Cls3Km5y|V89HVy8`DE-<92MKBzA0B0{L9JiO6roV4nGLq6^L@NZfAm^}@XXZp z(Un+H4LxY@u<`E&wEpNrJkt+};SFd8X@h(kyemMF)vuMS0PV94M*H(v|6RRA;6He# zanKV%A5oxJ29b_^AQx=o~Yb%6E$7`on3SLpz!?EwGAdX-U zhAl7D!()uq)x^;XkFhrLVN5%-KllGXA8R|v0F*A0rNN5EUjEO%vj()TU8M+>!g~ro zw*PTPYv+@JH?h)SCWGK#I$Q%_PG#^zSU;fpz^Ek1AE=lv0o(^-WdO{5Dybm>dLU^L z2=)Dl1nd>~6A0TgcmodXh%K2zVl0jdf3FAjum7c=IPGtPUi$to9smFGVdHxiIEzC} zsjHf6UDRyNH z6UEpXQ0g&8EDBY!7t+Ou5&zJZEu0~9>DsfWZ~3{K&zv^o9Wa%wUOqJK_`7IHQJ3G= zj4I5lEH!<^lyap^DZ6te3(kaSD{xH~dq1l|(Gku=yt4xgi`6MhnSe?~Vq?aL%SvK% zt>~l#u@z&15x$k6n?wz7J7j2-3b8q3hKW2YUc4*~Zo$*Uj*J7Q2&{g6LLqi#nqfZ6 zsa ztksW=j~SR!YN4TBV5(T9)C8DXYBXI+m7sgKqAmA{dbW@Zemu7F{Ywi+|I069*QEJn zFZN1Gee_rGsIhzfKdzhY+nTrS#puo}PTc=caJ_LiX5>u4{&{=bPW*iZ-&rkPmmaBp z@L93sR$otz$K_s8flIC8!|z_*E0_6idd?XZka*U-U(uD;u9am@Pc_^4TLh(>BP-_F z8gG4`$DjOqtZldS!@FCDtnE85>riCdP~Vq}w`+L9dq>{{HcKwwdbWSNVIxj79P(Z?G?%T7*$G&;++=`9^z1VB3hNbr7IyRg==}ozN(w9ZeHgo6h@3;8M&Q7kLzg1Yb zsD9~aB}?&|`F3Kjgv6uMoK9QSRNi^qt3(&BJ$^UoL8T_`e>HTR$PXMo)_CIYi9*uhNe#Vwh@T3SJHw zSedr)Z{g$P>(L?rpubiPC#*(s{f>&XM{%5sr7LU$0-A2l`Rzm=J(Wqs{WNArGo6{p z$_|wgW?O1EpZBa|>WQ{l-GvTYLQnNbx-+KN@4Y@F%%RG4>#z@JpSqoj zaB!P{c2M&UC*!t?_qTs}%*&(8rqpEhTTTZL@3wbGrB(J@=^A_RLecfX2MPv%Juqs_ zrQ?xt@|smDhmoI7mTm0NMpd=?sp;%4)4McG9hv_7n%N)vY&!IC?~||93s{Gn4C)^C z?#qA$v+U~Gq_9V|uzEbB{EKTd(8B=CD-pvGC6J&cyomR8_N?P zLtcJKv7VB3y+=dqKe&D|w#Lc3Z5RE%HMo55lBV;5B}e{P>QN=Pe`y*wHmWq(<*0D| zvaz>&&YKfE>i(r=>6dmEB|KaFZrt?ugK{p3CMB=9>g}w$wUnQJ=9zn^N#~1QKZK`t zv^#d~`SD5nCTYGIE6R^}ezVL_Eawe(&mU)GfB9CJJ#)y~_wB2V&&NHUDc#m{NFiOS{LuJjzmIXf>`u?W zyZJZfW3iu6i?v@~jMyo;r$7XOc;^}FC4&;XTCnsK)MNF0(}_2ASMVW8h?U{8I1nd z6JaUc)X;h)2hsH)2hjo=uep^kKdQ_fM60hVR+O4Yx7hJ|OZO)8L+#zOp7xAev5gzp zkR7>W=s^?5TLD=|EUy~B3_LKCyY5)f?^Jzp=*3Z{`Dr7HrldG$ubme;=V@l&3wLHG zY!G-JTzhS~$C|-LYp+b}aU!K5=V|(YCqD7bEWIDEb;56*yn;oq3aqp8~o{Qf* zcFKrd`i#oNDeG=rSXylmFQv>nE*oa9XxJ{e`4)zk9BcbCXBjcjZ$aw!f6r`Ek&KdQY7qciC+V z9}@9!|3TH@yQ;^|clNfQdHBx*4&82)je8Lt$t+tr{?3bD^Vfd9wJ!bs{^=zJ)t9R~ zKaO-;X63qcSz$(T)#%hg$s4?fUFkNb_uhf7uCJHcK^NM;iC>2MIFAh zB+Oeg^}XV+LBj5yR((>Y&I*q89d>=)NZZ@6EU%s(UqOcBXwB_venONj^sG_Ls$4c zK9Y%G-NLGc#i~zs$&7C@JX*oYu5WE}gJc)a#4$0oI3&B!e@b@V(%MY-5Arok$$YH5 zkXU>Vw*F9~Y2u`%x+hO^l8u<ioa{JC{svK|EUL~gUI+So6-w7Jp1DM9z2rX3G& zGib0=jaA{&iJG!;Z%#I&+q)kaZN78ya*oOD>dcRsqN$bcZQZlFM@kzT$rU|kOnX@N zX5WOG_8zxCw>r1m?@xuxnn!D!SD(98W43mt>+~7XW^IgL^G987e9*`4{>#H&XL`-s z6d5EqA~>c zr+>4d-y@N1etGkVJ$uickfUaMPlYVBvHnjJO%&Yip*X+@j! zbGydG?k(=tbip7CpC*I<3=ynv`{}n+i~H|oklFNiGJq} zH^Oi)S$A7(EH;DvXB}?Mc-J*#i<`2AUCymd>?8;beg2_GIf~8PF39*Cm*&-QZVfB) zO52K?X-ud=a}#k3#;3A=vE|Qaj0+kT+x^{|He7a)iP@!8aUpAU%Bv1>>5_(K-PRdB z*zMBHY)IGR-IB~db?;uh@1WhQ{;}0-?{073)Vs%RRpY@Iiqbb*SE-r zDYG)pES*)|VX^fb^|L4ZUV|>5T639~R%$z2V9tzu$oqY1taGfmQ`gv|!v{5=-u?Wf ze*HdK=Dd;LEbl&CZ1L4IQ|xaU*=%KDpNXl~_xkN}OUN^s{fB%~ajV^HE#o~uzjY9K zoa;QkWYLxPc_}ZiKI;5!+uN)Bxu-@r+l-kxeEj3)Hx3DlnzYPr&~4izBcJRnZyR^3 zjsaGtE2$-eGf$oDIb@ib@2qvEy+)VsNJt&r{<3&gh0p%bar0wj%JD|GV(fAXMuNRcs8Z)J~JpJUdSd_Tb<~>ttQ=|6~ zeEwqd5J-1viuLpPODUDaHLmqSb2x%2rNUuu+d)cg4Xa5fdRPwui~7X@Op)NW&qmtn z^?g2Nzdd33$8B@2TJ2w+`8?8MP3elE6?15=G-l?fCZp`E;PApn%!mVh#D0t~Bl7oc z(UV~p)6|>Fl1qzA&NC%v{v+FBH>Nq>78_d`ycwc@)mJTy%Y&S#6voS?N^vvBSzEPH zBK(XAUgJniNDxLO#I$5W{QSKle0_qvT7C(02tT;-f;VS!a)r8g zVk%25`ocYdIUGIxRd@76E%VzcI*>Lz&J7Ng5w*;4QQ@0|A^#C0=tjn}s(T4XXrQs~ z;EB;4Joz#{;y^#KkB|1?$xkfSq5t2_5!^`p^9@F|Q{a(Cah%(^E=wQvo!ov{gZuXN zysE92RjxbKeKKq2kmps*Bf5Xcoa&$t+m^AaSl8~xZr!4o~S(-jG?eMgci;EUGI}ZHa zV|>t@?OB!^BCAI&VSPz#6msCyyy;UKoH-D>&u-EAo5CY+8}GZ=f8J}V`g+iaPtO;< z3kuG^^R>wURiWFCq1G>N$8oxE>)^M4W_tGfE?J*SkB%JOclMBrUvn#|NoL939nbe4 zGiGV;%EkL7RWCEjG74fmeEGTMZJ(FqEV;fsfcvb$>LU}UJTXr=|0H;N^N0=0tFG;; zl8Pxu&!!z$yB)r}+Kh=YxbdjnPqviCDX;eI~4srW9mQpwBBNu^M$H5vbfVp zubPxPJLVlK9@u}{?u3A6#@$aYHY)NA`=eLxIJfQVyKdf7oO~@kh41zJo<*y!gT1FM zJuoo;=<$LNpAK`QcI;ek+a-is5;Aac?C(zTRX6>-8%U~hJ&q0-eD2HZw2^mDOwTz3x1}bnF;U_CV#8%VVFoUJ0#AnbZ z3FZT9Z!r8J8u}RAPBhNmHk30%#0*#7GYe(ay!qHOqU^i7g89p=`=Gw5eahZEx*%I- zpWxTvsftO4umOi(-I=aTVr6_~TzSmj<=P((zqCK}aPeX47A+vKYyrY80^=%nBew?G zwOebrHArFl!r8j+01$2s;{Ih{wRZ>qUT;4hiCN*nxv)(bL2aij{twZO?9^i|KZv?qOIpEkx91cCEX9Zt=`Lf(=oOSk5Wy4d#Tvz!@BQ^{ zLZsK?Ll;iw+qE%DuiEg$ZED%udUI?(EOBQ;T1~w$z{Dm$<6n9S`|#W zIc4sHSaY`jbkh!B?*6uQU&O^N$wuwQv{w&WA2EDfQ+`(F_$IgRe7&(|Ja3sM?({;A zX2rp_UIW^$k97WMzoq+1o7GmWhFo0ymThtS-Q}UPc29aNb83dH+u6~ft_#Ol#oX8y z6eglgy$9_MZa&0oNizMYe4T^;@_o+BD}Gz+IBdKo+NXit1IYl3IlglelkQdJJM6Y! zIX|ItaL{g#UJI{C`%U&LxV!bvt1tbVTylTBJ)@+@+VDFu`*I#!=Z;p?JX+S*@AZ>g zeiL3=b5|!ETYfIN#|0n1HYIZpWhz}ee?ILyzk|o?CUZ`s`65dGy}x^Vux*O(x8AWw)89``=-=~xQKz0?xA|ubZ|`KXd7RbRfj;}p z?Vh9*_KPnI-@0^s`z&7ln!^L$mdD-PAAYQV?=IqiNf&BSW6d4r#(&-NB-Q0+zj|l;y!kpl;q2uX!@EZR zd283W#SbbbYzXq~GUsWo-1LOMSMGT6F+bPc4>pZ(K6v-|grd!f6K;OwB+balY&EO> z?&`&B2D=5UI{CaT;&FS$37_Bhl{39#J@2P(IKBP;xRDR1t)e>Z+|z%#ZLf@!+kZ`} zaBS4(i}0+vFl1Kyywiu0Timi7b@|H@VPVndYx5%RY*BgNC`>Niabrc1{|o=9cOHu0 zEW13}%V8}#uU;A*pqb*(qO{&i^VeHD*i|okGIL1Vs2gkh9;o^Ks=7^B%zodXsPXi! z&`go}vteD@-#@>*pIuK0r9P3du0^1rWyjh$&fx6B7L8PY zj{6XQXt?dV(x3+6LXl2Bfw~izFUY{_}MkPP8reN#V;C}Z-t825_Ey!lq z7)$-Z4jh+p2oE;4`Xe+NKPz%y7XLNv(5yYB6|LL*xt%rt=FR@YAPxR9%k{>IK&X2T zW1>5eiz+LGJM)nL+38U@K0T^?@t2$){W8t`UpdJ8{ax3S6P_&Wotk;R&6J6~uAG@= zcZlh#P1&&wJh7^TCsz8$N&mxxJp9Cp@nZbFe0)i!?pd28AyeaL-koZ3$kf6Al&ODl zi1)p0%@5&|B;C15g`eG5-}7voL5ZDv-J7TC{CT5QacXt^5QE;c9a*x|d#nrYQ^Qdcfw{uEO-sU(ZJ{**g=iF`kt@$8)aS zmVfkVcx~F73GXVXcV~`hzPyW4Da}{rF^5~M8+cCC*l=FF99I(n{;>EN}$ zKD+22g+PVNthEGnA3 z=j30l9&WYXyXj2u5^&F5SjjxwI$e|<;PhuPl*Ph0%u z?3dwj*K}Le*qN8_HGTH7d1xD#DODOxuYTv}1y>hUihT=roqSrbH!wH+{KQwsR<<17 zlAk*CTCOx9dfXqSIZHU^`}=eInQv;8qhfJV55aUo+yM zst9d#lWv{qe1)(QSXLr^gSJ3|jCys&Cbh zP9_PDce=NoyLQ^JRI5>8LwsAVglEm0=3PiZywlYuMtE*ndpz`>r28K$9m)@I_NaER zESfG(_nP%YIOcpwo0l(~+8&vIR@gtWmAI5`3a2YDU^w%g{NJ5Wa^m}|!yUsD-%_d* z(@=jd2S>i9-<`bubgFCXmSB=7J>GJwy4jar-A3m=o^T{Emc^u0`4{XNab~wYQ}WS3 z0PQU(^Pe;6UY~i~{qZS|C~^{Ytlm_5M69oKg0By~|VV6K6iWF<{g}mA!k{dpR3s zJlQXO^<3R&z17!nO9xibZ`UoGkaA7s|CiAPZjMts>Z41B#i`6E-{v;DKX!@N zIq&LA!S@nIOG-Ez{iQs0kISkyX96zSxo`x&MZNB+DuQczv~1EYsoZqJo0;*$0ukyc)o&!kT? z%?CTXh^Gi9%V$!B_Jg~ksCBvf4-fK6m$4MKGx$m4n=Z`z92=?WHzGQHc)}mAr~H0; zip1;j#S1QOEmk&)F5Y^fVTAvn?za}JMvv!AX_XYy^_l4Vl@p4(}zPK67UW}~HXm|1h`ac8{mp%Xh literal 0 HcmV?d00001 diff --git a/Modules/AzBobbyTables/3.1.3/dependencies/Microsoft.VisualStudio.Threading.dll b/Modules/AzBobbyTables/3.1.3/dependencies/Microsoft.VisualStudio.Threading.dll new file mode 100644 index 0000000000000000000000000000000000000000..f3b23c328c0f5755c557f6b6d985d9d17ab4b67d GIT binary patch literal 433168 zcmb^a2b^S8ng5U9zPI{Tb#?d5REMgbz|1hv&85P?FvKAZIZ761SYd`JNiJ3~2vk?w zy1N(%B8pkmQBc7(C(usQ@vfA7z8?yb<%;QD|48>UWv&U2pg zoaa2}IpIF*ygR(W^SliI{`4o$`vk83Hrwwr|ICuSWX*$1ypIfgb@xy7o%+??&$;}H z#@cJ^@$>2zK7Z}S7hZEseBIiME?rySan0H*u33BR>1VHfetgNL>xYN)dnTaIIL`A< z?F+o$&7Sq%w6-65>(&nT?dy40hMt#qu`hWU{E4Lx7PEvudg@i7ZYi?fujMvx*JjJtIg}{mtGx{QMd|c z(ZIWImwZPnx%=;8(Um{p=6n6#&u;1SqF-mc0gHuJH-_HphduAzH;3MA68B8bYCk%d zPAjMG1upEDZhO%4`X-CPn_GSKR(VqrA1n-lcXukhnJJ&UyLa_RH8Ca5us3siE%#DWC(2tKGHCqk)>e|`upH3AI{r)zBekG zjP9H9R^rlx!cs3fk^+O-ALj9H#v2Bi2ttPCb$-w)r~#w<_8EKA#=?joC2!zG?zQvNk%lDRpm+A?2sFv!|;2yboKa9o& zwOBU%`@E&NjHQCBB|qXtuuR@?o)FHUlei7suzZ9I2Np~H!UY-_E(_CAJo*if!2}Pv z!eh5x@PISHL)8h7V}!>hKd1%8N?)mESd?9IaXt`z)(V2COJnIC+U@9@1&-*;*l_e! zdKY~yJLUIKdFZQfV80#uMoF6%Np90u^#nUqi|8v??E;ZS>8o10=v$1|E93k8#<4WC z^`;>&<3|X`Jneb20{(osA2}MwEBP(Nl=t(a69_~|%255ca^Jwa2^YCjSlSmcr1RBm z5S@ezp#+gZ5{~pmCllj0?H~)+1EJfy%PR=K6t@#g)u4?CWFPH?1-OWqKNnm ziWfI5amn$Sgz|GM9hSAMUotG`^0{i5bv1?6HDUa9VL1{+XOTS|$;^+hgX)D$d^X`J z(Zu00=pC@Rg9{w3Kq0seiB2CGLPN#j9Dp2YgishEH7bL1`GIPfb5&-m!(kYIjXE7Q z+HGCtmG*M*-{(3lD9-zJIQ!bMh&t4VZv~_ul(sgWO}Om zi1=J`m$vv#72mj}vN?JV5i`#l_A-;T($vglc;>@zfsygW#5&=D*4{LC%Rd$Ig3yb@Njf+UQiGEv&Y+wX>NaTV|MWG)Z zNUr=`F1lES=iHbQ|LAY&QZKhZ>@>=pbA^lY{04CIt#_++HdKQ;GXL7>Qerh+k>6qC zG6HM8JNmrF^YBg98I9Kl(dGDK;N)BHQt4vQxKe@lD9}_?d=+76c0YazU31^(Pv1v) zBD$KyiS>*Q)je~s@-x8TWQF5v@IvRA7&l_tl5h~6LC#|i5uL9ksntm6e4V*LYez!w zx}&#Cj+iw>Z-t_|AOkD#q`NRz6dH5zUOx0&G3jB@x)#S_St>?M&dh+N^p#nkt zQlh5H2d2T73Ba7+I1abWat(ZK!f&co@oSYb80~LjzSJOeRPcct|rh`_ z{#569Cnf0)lLZJiZ%qAh50UDRdvTEk@51q;ck?SAwQhM2fk8Bo`*6#y(L=e~3O{Tr zbEHm=d-CL<-~GfI{bEq4xG{AIb)vZ?-Q`!LV&U#DI$J9 zKdSr#xDIzW_Y{GX&OIL_O>@tO%pGri*xYFs9Su@HvQVLDJ3nsjIT>8^=i1oIf?;$y zftX!{~X6t6#?`OAPXnjKdp!I;nMRgfv@kHyO zT>MFum)xA9eI?PmDJVU9ii+)`C^)@qz$>ii=v@_HOe_vVH7=@5rf`aD9GnAv&Fx_j zy<8-8^57icE(h+I)_{gzk1{9xkVqt{mOQGYV!HLZ(5lW>3%jb2uKrSzy*i%HcTeOY{%wsCTOhgN43ztY;YNQ+!Mx;rlg+|gBCn^5-` zD8<=y?i%#=?6m1JYZHT8#I=E<`9nNX9BX_^Ou&L(Ge()g^!K;Xa$Zk`ec5eWl@!78MJ`0R$&W|3(t@IUl0oSJEs>u$#3xH=l zH$U3^90hB~?uu!ew3{D&-s(uy;=TOFBZTKiTPoSD3j0Zs_)!wdoi)#>x8YbTUi{QtNYC_k{Ex9pCJA+ztv1BUtva2wCku`^cDQ9U20GG(O2e_vT zKNdv)NFkR`!&f!gm^~Dn*FN)@9b?QsN&d-NI29GBV&P~@={%LlkZXcEYn*FkaYKp4 z)YVltOE3PDtoFSdsC)Nz-94OYeSb(#-&ca_Xm|I=bKq1RXOYk*t>cLN+&FU1IHHFa z!|ITqd4b~NA5b(*=rrJ+bAE>(nKHd~ZJbOMtlz7~{E#9{DK@BjrW7}*92S}|4V#CQ zd%mxdDIuNEL=N?vKXOrn%sKK_m_FNMF#a(yXrhaazVG(TPSw?^yfM8kI~M(uiZY4# z@jv5(w28b}>plOrPP@({eo?t2D^44a#Zjmxav}Z~Du{ogpF8=fJ=!g-s5s?=<4 zu83Hmhp=1x*UTi&MmrdI-X5ZF{9@ut(JROST^mORSZDp_XPITz{){}RWfb`V5PsY;D;<{b%Zqk~ET^k)!c*eh^ImK*^a8kjHEx@5eJAGM2-}FO)v36d6V< z@vmI|FDU;9d-HGTv&;N`wwqiD1~u%qMy?9;}SNwTw!Ufw>Ybha08_3fbIzxLN7{O?reXQZW`O zsJ;h!!5pG&zcVmOk;S<(^I&hDO)03!S*3IUx<@JDto|e1VlgU`wsW#n|9s%0 zpTKQLPt-r0anX<9wxgHVclHxq|A>Ca+R-cOU$E$Z?~Ptr&xFc7q2G4yXc-l|xfPOo zdusgGt7M6oiYrr%KSBxCit#7}9~$xJix-JLB5(XZ{7m`r7%A1suznbYTnJ0=eDT6G zpEIH*nTM5m1bFiFfLTJs+y^x65BRuIz)$(p-2|-U{CFu%TL#tS*8aVIh6rW# z8)?c%teI~dqt^Sa$Kd7ils{ICZlNyu0_RixuQZN=tj;DRw)GnsYHWSZy#4Y@w)qY7 zN^B)wNhH4!DuaY^;+33Dyb_^Kjc$F(yjkV_vb=5y>o>}v*!qfMg4V-wGOe%TlrQt6 z+d;Or)Q?y^hin2wOhI9}q!e(r6qdu5f)1>d^?q>-!{a9uk{=sk;xBc@m%8F7y5c9= z@vNqWuG8-^zltX13oy!vB5{s3M9leN=ii$wb#Me%VWWL}foz3^b0Hk2%s zLgeaM;!U*ImKkpwa2furlVGU07zk{%$gY5jyY>vu(7|y zZt!kd8*hWz+IM=iG&0bAoqge=cfctr4Kv;u)E!yfT|7knhwobd%1-?Q?fTo5{o zM4w&Zm6LVn(Lpuq%Y+t|Z55mHLQMTk$*j}wBCVSjni|9LQpi?XzrxLGkHe+D1b9A1 zf|*j=SE_RaAvLnAbK?;uZ5Z&QM}asrH%#aAWYM-!_1v-9$qAX(eYg?gPsz{gNr3)n7bo2~Kbb6lWbT zQPVXxDlZJ2ev&(m<%#KQD8$}@{HvUh$(-Qu4dT@R-+oqQ|NefWgmoIVB(sEELG*F( zAj7B&TU*jBnG^a?*ha2xY&?|$H>LLlwVQjSX3Afk^}Wu%d=flZ+9D^H(oM;3gCto2>fWXua4F4at~v}LG+!c)1f{^;rrcB9)OW6ONs@Z7;&`D(j$ z<*czZZf7;butRmphqira%6s|yQ(5VI+iBN&^-p!{E?ojKh4D~jpNw@)uyHt-u@1nR zH9S`iCN>WH86&twEQf=T^vnEA?Xm8vHENw~8uE@mt5Y}Q+H6yfI;D*V1U3Pbwv{$w z#9u&4*E&bNp}C=sRkzq>6Wq-!?VrMTGJ%CuVM(So0G=PBE!CrU0gNE%9fy8DVm%W* zNOl=lJ|+_EQlV>4(c9;^v_9WEkM`^%9_iA(RdwL1=7`S1HtoU}L;bmJ)E-#vx#8Yw zJF;(guX3uZR|<&u^NBvs+n2hrOD+_5i8NT3sjYDgS1Se46^NCXJMT^jVfiOJ)S~K3;l@qu7Zwo+A(6CRN}Ni^eMcf zxk8SEa7L*@E?z6aR|(y8%Jx|AxVO~qnI)9nQp$J`SLp;;F~@9yudI>S}}>7XsD2S7m@LS@`B2jf@pa3qt;jv`N!UlR-&HMQV~6O#N_R-hoF z_5mne8|(Ng}U~iKW{DzVskUCN6qbTJ!0;XOzU&z8E-vg?zAfxt%Kd!pjIf_4m{J#PE}?6 z1zkF^TL(BD?RRjS>1deRB}Jq6L#^6MLK-hFG)zcrVj=WBjqzDvuFx3onp^(Nd@?2O zK0Ke)m#OZZFb-#U?nz@)ezd&5YscDR)$flU0XdZ6&Saa+IkK9JI|dk<%Xe+Ft$vdQ zQUS`@dTB4(ekOZYg<$N=r`@+&e~@c~aFnijfZzwlw+uxwX=ps^+7WnHlLvj&=GeBX zRYMK!%wC%+QKB((qLFou4ONCw{g}a2K4qhapbk?=N3$;O`=!cQP-WZC;)>cnLUfnd z$&n7d13rd^i?zLt#-wtFCKwmDM?OvaZfs8 z=96?om&N~3Bu`^+nl?GBl!&2MnfX+2p2L&}<1BfU5@B9oi%p2k{C#iE!#mKF;-G!H zH_s6rXi70?(ND1T4dvnrl@vFy-PdmAaD|;93yJ>PEqn!_(*K{HsasLa1~l|I+za=kqQj-gu`&&e}0ug1yEOk@mu= zxZ$uQBnv zcs)%YsvN?h zvyX2Z2(q=egTN?~`C!d|lmwvAfEe^4|Wp=Gz;hPPjc3~I!iyK&nw|ld=FUmq^cy2hzpLw5+ z4BI>U0JSzYK!V9x#d2PNMRh0>wliZi_9M-VcI9haRn-ya#xmL^20eI5bIYaRw#oXb zvuCi2?J85o2!C+6Z#9GUzt;m+v8bIvgYW@L2p$aKjV_7o(TcR^M+Npf)1r^5wG-+pky{$uW+M z8Qy!co<>#{BB9?@$;LrR@l160f=Fe2%OY`aT@Xjzndof`A{p@lAH)X>J}t0NCO$;L zx-+gv7i%T6i5Qn0AF4zS53uhPVzt|v>J*wk52b%nz2z|SNpCsa-0{{C=1#llXm9$3 z`BNb`f1YgT_L2t2M-s0}?pGyle%=gx{Uv)6--6hFgC$_T^=EUM}I}f8RScOldebsCxssNzu&XcL? zF7vS8{4NpIp_wOeMl(-gro>kIGk_I0tZ^Px??QiRtHY=%G|2ZW8WYSMEedcblcTRQ z-*5@os60Q@h{0ReMScUM(J)-<&-@{sbbgO#KAa{)a>!pPVZ^D^e0)8zfjjAaoWSlM z&it{rTubHLuvALO2^WpWkB{4UjBg-0j2ryM#|t2HcD}~uzsSsj<3xgN=f*D}!(6d6 z$RZ^A4^Zs3LQ55kZ|sF5ftSuvyU{}FzDU^i9Cd^rTpgVR@QmvS?F0NPaJ%;b<|uc# zWWXWc!KbYN^+oqqK&hq9aLC3d1Fg8>vaV3$6rw1mw#1yV&a<#Mo~tYPti=nDqQ|F^ zG8HB{PA8C*g+n-;t8!yTiOT(cQ_L5iNmTcuG_39u#%B@97UK}77|zCPq``j<{@O2@ z9WwL9GupEQtlDR5>4JC1+Z}m)?_=KbucdQ@@5z2}1a$DPdm*gC^sL?rX+33)Oy2XaXK<)IdE-^GPLs=h*&eSYIn?58ITyx#Pjyd|B zuYT4IGeLBNthWc)1QIi*Hu6F5>K8h?N~dO826N4~;-v*P>Y%HOlMdcWg=_Nrj0gE} zEIyBbix1YyE0|I0n}^Xru=%n{RcyRWtvt=IpQFh27TLH>alILX#?3|!)6rNUdPk}K^_Qp= zra?fB>vkL>uP=;tBLCg_PbY`zQ}1Zs%8KtRzPX}MtW$k%scf-qXtur@h?O|@FwWqoLtx0poTWigocG)9V z{UrOW9>}|OEOXfRtmSkoN>MSv?jaaKzrZSuaE46;8v<3=)zBMQB zMB^&?pOT-ors5`RxhcE)#WB9CNsOPb96u%{Q$5VrX@YR3O5R3#?-4oD!DllfhdNK0+IMJgilxj<;zMosO{XjpnR9>2KvuPu!UOL8U z7&WO&2)ROBeQ5qbh1oU`;?;2-mBZtLgD8cH?wxIhvhlSbl#O4&FPN%1RLEY7-F3t( zDYQ#{0$Ux-u=r*=epIx!lJT9I^Ov>ZkoX=FLB9_8+LXgY>Zwt?X!KW8-Q`Pb?c5EE z(O~W(zo}k{Scp|vN2{TwEiF0zl1$^nP<*t1t}vA*ZMCHN6|NKuLySdv49W3zxM$9d zbsg^3PPbbBWXV<*Fcu8rvm12KCFvBqv2Wj}DZKrf&k zYeVHJfY6k;Q=GU045v9RZD{){wQGM7XoK$ZqKAUWT#Gg#4$|o95BQjM}G7c zs~sZPoHgj3`W#1}d2VIf#5sUIWF4LL8=s<{a&iK=Hb4%S5V!<}{S82Cd{Vh|*ZXGp z{{-3-)W5AEiW#Odm4IcxB!QLyF~ev+pvjfJv$=Oj*lL5<(R9G&C9DdonXt4auf4cj z_Vz3G`+C^ku%Hcgkl-J-P?7xXFdSkms?&L_^VN0lmrAa0JHB1}C z|Hg0hD}K=a{|S!M#TdCk95T;o4P>EA94OdM%=9MqD+tAP{*IkDy_HaC+(gCsuzoHz z*6XUaNksio`KIw@8a!-}Z_Myx=Mnp>E5rCj%JR)LOTT5YRKNb49ypCza-JE~=NE}} zVEi+zpbG>^pp>2g%rDhZJPzZP-1$E{j5p=hRvGu+1?}+btH`JK8aR4UUoSuA0Q7PtGGao*x5&m2HadK8Eb`;Y!!JThHH}Ou=oUkiwmh-)^8J|id za<32fWXjI`3teO+;5gk&$WbeV_49<1D9g!WeuH+x_B0`|giJf(>NFu^3A$U~gVYU5 zXAKKdGe4omh^=4Uj{XMBg=v%p7x=t|0pNg~fF_tZP{Q_4)-CIQQ-%e&LceCt)6 zxO{IK6}YIz-+*`dVZYOq_-~1c5hK8Dx33eab1=JL{h**GSpRGx*5c8?`w}>dj(+{~ zDYEr1;p^hlc5Mz_4(Iv&3?lCe7A{ek)! z9}C9$eeJf@ACecVN@c3Q{_Ql{HxW4VbNDuXx%wr<)X<5uF+b@9=FBh1v^*VNze-Va zLQ})bFC^F|!)tP)K0#C$lULIm^`r3x^$Qe!1=V(%x6=mYU^X+eU$30|2g$ix$U8Z! zln6V7J6O(%JSQR4$L?Go{ak3=s^%o)VJNI?JoLx65t$B!;jpgJ!zi%WBrCBRAWK|c zu1;|*U2LpzOr6O%?v~T6$gb6`e#DkhE=VaknuNQl7?$tt6?&J52I4*jO?%oh$>-$v zjnt{X`ZO6kIc6o27fe#K5}Ng!d-F*sE||7vC8p|k^yU)_)bH+%Q;%!>rth|}mSY{~ z-t-8|uV4%8H8oV_f)rYc*&S=4c+$*6A% z%cF&5Q2(L)m(M^diA?+-)q$yiI-)nJ4nKY~&LP;Sy_vV*qg8|K5{+-C zmRzMA#&;8`LtmZ9aaSh3j?TAZxQ(}xN4pwt!>z5YuNcw22*GuEc95~YmPnIvgYG2B zo(jL6JQL?>y|EKt{n|9o%0#?|wP36=k|L3r;`W~zq!6=~!~}`F&+nX^;0VO>`t_9G zIl02s9bqBHmWa;(4q)HeT4k5W*A8F@eRo+(~v%Y-H_2r>yU;1{& z^K7f{2^C=3D&G0N{3bn(yU2Vd1Z^j`d0Dpoi!p5u6TQj6w@SHn^IONB#Gu(Sd~ zIJEvBqsXqHbHX-*?SD;SJC~W|3v7WD-wU;>5pUJF^ocaNr_kCo7ID)0y@qGMAN>b- zwf)C(A-4F64EOW9Q1s+Ly|#8Fpi32Hvoq|v$03s>f@bW=W}x9z%$x1 zL&%g7*6U|}r`CWLJ7n&NALb!l&j6y@@i(;NT(x5%{w!6jMZ&+^uwgW)W!QT>&2Re9 zh23d$VJes%7AGuSw7mGi6CrnTP5SEg+m@h-Y9ZBz4) zw8SL7d63%bD4Ib#0*`%5?>U`z7$dNC(og-h=lq`==kgExeyQfblS^1=mJM4-+PC*=HWE{F7KePxOjG` zbHWbBYkYu?YANL6Gyx6>v}RNDT;@k?4TK!SHaGqt1$5)5$VIDUXsM9Kj^3Bk=+H_3 zv9e7LX18XoVt-v+nwGyi=FqWxm14Q&%vsN zvgNT5a1cKN#Ahy~syc;?SFI3_p0#;@A=cCXORJ-g0$T?VE7)8Timccs5^?|IjqMh; zlTwM}bkg0S47LF~Cn@2T4|N=SSvaw6Vtqbbv2BIDI7FMtr@7)8@^9?P&n>UE@Urn8 z*tr8Xx&QCuyZI;D#{t4($-Q-^pl^}!g=`5t;{XQVbPQLLyFxy%B^~o@$Aem5oJSu1 z6&nA~<`BR2SIihpCC`;JtzUbC$d67F1CII8>A1FmGnl?~;~L3a@_WrC?}L?!jt65b z!(sW27(CxdWNHUp;z!u2SZNxlGI|?!3tLxOmafC zxbbNBj}p1MuebWNR4%OZ4&37Uf3+x|xx>6&Bg%}UJWZ2zj}zL2!cpId%`fdA3>C7R zWlf%6WJ@<&8a@~m)8p8$&hl~)WK)JIY33A3jRzogwP60N-7xKsUknrUSMwY$XK8x` zS)aD*evU$!s4%Jc1Cdsu$i-#j2Z23R8qHNsOeFmNPAGM9OJcYYQ)2Fyyb_t1#5;qxRbB!chEN09D5eLnFh{Pvy-QhW+><@>e&LjjPuj?V`}eVSXYu zfWwyJ3PY0yf*l+|BBzFWbvT#!;?DwsiuYhFZEF7MPk)+QQ5d9W2HkYs+fTXbKDqc| zp}2%|0!yOL;f3s33 zc7^Vq+vc{u!JYNj5P<3t|5oykMO6DNv*OQz>t2rg6z&kN{uKWX{+&qNFBimvznzs{ ziMvFZ`BVN&_)#6VE{Go?j<+McH+RKP>FtzHLGto`!F3rSk2QuRM3AviM2Hu|h{qoH zPF%^Ap#CXIr%P#e!s{J1G>uuP#yPc>TQH`9Vp^brMT_XwR)Siv!goo^g=0-K^1TNEvXFJ&AZ_)M<(fSzo#wO1`>Tb!c;>4 zOF1^xm-&dDU;6gl$Cg(N4&d8=SrawPgE zRZy^{u*7&<-XK1>^u?iI`ZoWhUOw2|9*bF?wXwSVn8`Er#zwQ1^Ze`x*F4ywV^c*! zEf*h&G@q&*RT!uqZj(ed`UWsJd)|HJdcDvEG8Jq$6p1f>Qa;Yg?us%{5Vl$43FGc zsseYko6*6ML3_w=Zpb<^w2pkTeAFdQhTOvV&|cIh_}49qnuJk$z0dQnTjuJKqvx+JrT_XGZ=a5VnjN7@DAtwfvEjNiu$j|>bCK~AzD7d!beY7aeaO7LSe zR9e~BaPt+e5l4^XW2hl8LqcCCRQtK(^lK!_)~V;+s!8vOXmu6;lCkGjPKweJ$3>aI zpC7-Ha#+!{#Aq+;S9jFu#9nrYxAGjj-*|tysT$4UY%7* z1~q1Tw42aY8wgj~Aw*aGu@%#X!K-_0oe@kPL3X11l@2UPXYR56eOO=7p#uC>rs{8xV9C*av0N_w%Bo}`Zk4(3-#Bv*WEa zequ)(a*iAN&v3Q~XZO6$TYaaKeZv2p@aRR>c9UcsG4ynknsIA&3GG^3^m+Ko=vs}G zNe0z|Fkae!hACPOt+`E@_(dusU$REwc|wkVg_S;$^XaGe0lP0I`LdROS3>Dm@Gp;F ze~Oo`!_?!whJUG?lH8$x-P$M_GQ2vm{+xu#|9pq1(ke(L!qcP3pm1x`nz!ntbbejq z?SHmIXMN*)5M@@@GP7T>AK_gL@1^I#&w+$G5B_X(gBIr`2#>eUHh0=3M`tmtIA^C& zv>gJl4PwW+gZjHP>M+2X9dij(=2e(Hj_fE3${my|BaC@4H{J~Cm5^kd9#V!M2lbB& zm=kL{;u<<@rDb2gtmu+2W$KE)Pn*!`Bp#;9=XMv=9Sn(S$%@p*0LI7}RT?|_Qp$ct7AIa=9TS!X6> zkLQ8*r`dLu`qJh0j;pXhi%_R!Z;KL+uX4qbINSnRUj z?r>4fJ!)oK@^Mgl1sbDdpNUkv7M06#>WyB|VPLJNYER7-wX`L;j^L9W`)@X;SMs+u zkl>@cD2WB$`(q*Db5miji`?|Bmuyc=zDpom%Z``2w!l4is)zI+FJ%tHIXpdR7-^nW zIHsLliGG9};dPB9kq)(I@7^FNnos(@JY)AV(WcAHjVNBw3-;RG8!6>$W5=$AMR&`i zhp8Y_K6;Bn*#UxxRJS|MyJztaJArT}hAnLQaSfjNa4DK!<40teoK;GM>An3fTEDE0 z?jb!L#^M_6o4dl{%(cCsmUTcWr31>0CH59t{p$>{^zE~!HCXG}vqYv8z3=^7%1^`I zuYT|PK66!UB>}#RP0^)`Djm4*E?jl z1DCY~^ZOUc5;1IehwR4?iS0SG@cdw93)&e9uI;k16v;=BFf^;ea3vaWHiZlq^+x*R zpODP^K+Jg95SSh8G)T;(!9@XM*~e`iGvF8&xIZVU_ExuriG?fC?!+r@j2+}@ z<=&+;=@<*W`@#Ei!}~wmcn9@A$Vk(1!S8wc!`kK3q9uApRvD&h;^pekGrt zKTF#1bmv*R8}*sR8g=_3jdE=|$~*4nv`v%V^>0es)bD+pHlc6R7uF`k7?OVG1--0S z5bOOKG$&`3qLp){@vjQ&WM97V@BFZMi~j?6s1nnT-{2e8R_=h#{eMv=+sxdJJh;-@ybX8>|NRyaDgPZjMUDmCH=Oj2EguKs3)PwbO_|ZKvWpT*7-)nBX@_Pa)-X5<<0Zv~1wP^H%*SYwV6F**>+;1*$SuEf7r#^jLH>#<#N zvYnt4zA+8i6$!?`Ga&Kmg-GPPkr*rtrbrBh_=o;163Kwt^w>OxHaiy3JEo30)#*{p zy&iT8@5B5{*Kg9VzLLZr48^2eRq%g4%2P=hM^xH4x8G$ zf`hDm?Nz~{Fz4PB%sN@XF*7bnWgY#J2L*pGtpF2FCH@1nMhql!V70e0c^gey;Kt)T zdnZuy$wA;mTMCUoQUGJh2$NFRbYA4*u%hDsA$c@&@IM2RZTbIIsGrL>!*=q(rj>2# zZfW6M4JWz&4cf$v!n9-07^nOHMEyZn?jaCi{padKcZR@5PyM%@2rL)ktp%s_f{FIH z(M9L&R9h_;a_w;?p`9F>Bl&!iZ)HQ?5E^g1@mIt%(v7VT+iTealSQb(VQ&Kx5muNsp5RAC~w4JWIgp* zABJ2}R`Dgpm#%D0SUQIxP)qHx2}9-{@L;vVdM}J~%08}a%>O*rJSc4MGeo7I!Klez z$_nz-PJL!w#BW+I?Y2J*h?YW6zeI4k)4lc8-s;0rSwHS=INl8(wDFYyF*V&hJcCRfz?x)qsa-uOCNQ+;UmNO3#BC^Jbbm-l1uYvx$=^={8d7#?!$T^lE zT9IB&@AL5Qou^ z@fJ9HQ>8V!Y(6k|A~JX>IVrFVhu4_*AIZ)aU)tvPxjnm$h8;Dz_n1VnT(EbW_Lq#j z$~)pcuCIJ=vv=bIsh(W(UjInipL=@uC-)I`Hg7bceM%!PJ?V;yzH)Y2P%nsyF}q?z zYWz~M>)5aVTY2h!^d8(QGn)E5*#fUCX^eg0Qv5l*$pujHE~3D@mcHQqKEbpFTz3cT zDgvDV4B`UBsc%rBn;1IXS3?4mGHy$5Z`TdO#i0REI$49v`i1-Bl%HFH@ECB`S7w-= zvlsBZtt-}fYmZK8bdguQA@wi!uKJsF-gjr0IIsKvLpw&n-O)-;doq6g8Y>u8gc70&L-rv;NE z9eln}4a%0T{EmtGEF7pQfoljQnuJi2UGHy!u|ssJwlGdikf4n{-Tj>}zDz@3s>E7` zvU@BT`L~=r)ib(j$9{o?)i8J82AD7%vs+cHWmYIV6Dlj{-R73F&`$YYdhKR}gi~C` z$}FhC#nJ8rZ|(E!i6bgL+&duYN8KrVm^{~mZ>F|i{mZm9J;m)eHLbB&TeIm_l#@Qr z69%^;aQk*fYyt9kH$UZ!y|1iK-YK&Mwv@K4S+=FI8_D^Q$Nq4qmiEWR=q!$Hi#S)0YO zk#x6)4-a$4Z4wMv2o!naZc1KMx}5CEq3M{!?nP|vM~JU*zW9pvEI}u_Gf@*>X`fWy z4}0qmb^NauX=b8Y+qYi6D;G6^?goLW&g$C}m;Dy@epeG) zrHMT(|ae&hr0vpWpq+LpulT` z`avrgeivF*K^(x3LELY@S$?%A;EZW00@5dS!%lViI)@ULzvS0X5Rg-xpg)i}9eYi7 zhqfw7)3>h&OTuUbu;s`8k|II0N@dJWibCSfZSGoSm(9|T+emcJGKPR3?FO`GH0o1_ zlZ{ocbWF;ZtG#`m<@j&Eq$R6`6?gQz8XrVsiafVBlJ74l_AjH;N)@@R2aw?(L~E7u z7gBI{mEnznE?lEg#Vy3YsK_UhjESn&wzYS4>-XB-3hS4;p}RuSgyQ}pEd6MW%2+>Z z{Wh(!Q9pAf{9|^dpngTi-$1cseA_!+HD01LjeO9yl!h7`NaHNfrJ;jHo8j!Z zRzdssC&Top|JZ)r=HO_)vXaA1GLerC<~UH4qA}>u$U7s$lXDXV9Z$C1%!~dz^?%$u#qTqdh-BMow5(eN%P&WE;xh{;B(-lGX%rs@0&-Z#)5Et5BU8$_c@5&$Z>m6`G{S5+bTdbM- zC)<9>MwKkDH|VqLkQ|bjV|JsL#a-80LzgI7;bGE*541i!54`o~V~f?_gnP%SH6`(r z>@nF{`LiW_^e%t{;a*Svo{%uv!;29rk!elJ@f$y37qPXcFhPDQseGOvVWJG}EWO<` zXr{?3qHL;@gRbuJp9AO!JM!B8GO#7@mq5`1iLsT0v`h+$jlD&Mo=85>Y>^z#ERIEX zjuUSt@j|3xbP)|JpBu3*4tX$iEEBOkSBVd#dgcL2QI55+>A4*FvKEHsV-&ph9MyaQt`XH@T$)6{SM@Kq3Wvq;SX&&Z{wwO*+l zW35+NMg^*T(^h1wp6T4Mso3~cWUd{dZ=)Vh748h{Skb{YTzS>-bn?Up(Y)$0N#Okq zgCSOSAHc1w=goDi&JcT4AO?vov$V#J7UX zf1;!vVF}y`mhyQW%J&tKHF7eoyW}(#a22vF;_Ly( z1!(?>Y4altw0ysytJND8X?5AbnGX+!E{#L@37Z0+;K(d)9b+}PCh2xd#d*=hHi=sf z?A}{k5Hgv21nrrXjOYx6>fTA9dvXn8Y+K=+UYqG!RdB9D(I_|WOv4&)AWHSkjQ0&- zL$7r0d?_-pyBcgT#!U}G4L##Gb0`=OjSW}M2|1{K7=d9urr<|x6}Tg7D}WGQeV)BN z#iIpQAUd3k)zIv4ER-;*g|$(;5N6N|8MNw$0KlDJ!HJJh_Pevi4SX?B)epo+65|r1 z&3JP<3>wa@nwnd_7`C4zQQr_=MdNs#`=uZA0=j@vypQ*a2kb~BbPc@MlKK+bZc6}6 zQCbIv@dXst`FA@|Y>n^Gc+h4unqct@7kqriTqdR5% z{CTqm4t~3&{UBO%?mrxNJq9H{cC$ z076-P{Cn-|=!ClBZ9dn_ZpJ;nej{!5yFP!hpRa>fd_z|Rvw7`s^1%lM->&SXhBS8! zUG`08<&q8|ybJtB`oh+0>CkNBL|RbR)xuZOa&5yJEH*&(wpfAdb|;ZR&p984|7844 zm9zVZd}whyg$6jL?Ch#`4RNqE#10Jm)%o0fAHGv4v#mY<|FH`NL|G=V~6*y z+Z$jYpgHepX#0U^1=u*#3#j=*+D5W9~4DYCrlB?XISJ$0&@xD(Hn)b9t}^Id%lnkkP9T3rK29Lhy({fojpdUAYij1Y zQKBNYjx<-gvmY-ro{OFZ#;w!%(K(sZ%?(;-m^MXTmmzEwK5YuM_G#HlUGfw{r5evscj)VtCaHb{`6J?5nC6P#(By{zx)-h zHe6Qr255hv@8#%BH{b7Wm*Xa5^jwMzxwu>yolj^m%x?U?==!u}E_k{!vh`{Xd4K%CT>%3vKYS8+)`j}*}v{JioX4d z(iY1wm@UQ^QCF6?drDhfCJY6VX)u9ztJ>&lSsyUEc^u#Bs``EcO5|k+g1esBApA1V zE=+734YO5yLFgT-+YnMhX{%MqZeupOggQg!tXwvC`xV)(5$BomITqZ}{x)S^MzFkM zrYt7-Ls0*vgzB|wbmw8V>TZEPOr4LgRaf*e2Hs{wq=x+ws{x+uN9DUxP}Vp0LRill zs5=w*4di#eRRKE3v8r++R!E_HGwjMFQ_xh3OAcB!pl!L(Y$HMoJel zTrMx#M=^)NLYf+^-E-W#Y~LXs^k?2_Qkf4Zz5~yEc(x|)1_dT(l@f4^ra{w8ZOhuX z%i3vn@M)xCm+owCnx&dGQ7ar+vva6TYiXJZ>tXR)~l$a@ls0WSwFoDm-WEQar|)l z6*x@g)3+#g`c{Q}hr`;isYKQVx8c~bNC!8<;p~9Zv2rBc-cG_MUy1G@ILi7$(0VZs zn}Ur|<5f6Q3oy?B=}zM9bvGl^S{j>NX1N|pw|VP&Z}}@-+wN_=ni9N`@ESQy{no92 zF_2fL=EJ)L@3s7tAI1c$F6Ml7Q$2eoAFog+axU3#s*}!KLX0}@%)lLhmJELcy4|V1 zX}*q>9g@RnAm<_&{pRb5*}xqO^EfGdF!PH?;#yQzZ(qGy~iE(8zNaqQMmCYeNGX`C1g*jAhWw*5CIGL8Q za|O(4w8^ULL!5Ls?lNBZ*%D?u(?BvcZcd?XHE29&qT>57ZzQd;5{5?-A#G5TNzP4U zTJ0pI_IqnmX#!gh?Fk2tI~%4iaVWVe8gEoeZwBcAr$TEwByC4%ACU&GAlRgp?`jw) z=9i|3+C;`<6x>l&r5*aox@d+Qy@Hu>Qs7V|sSk_DHT!jIlVXC#PwDB_VfeXk9iyDm zXod82kCS!BfS>*{*et}zl8WxswKP6`9; ze@fj&dvz`Lg8jd($FLVp7T zUT`hJD;Xhbn?{IQ3qQ)yxrw=;ew3Kct&uDjPdM6ACiRG>#i5PH_0jjLR0*i=rNrJrK0={0sz z?@idSz9ayRcMxiQ8L#0_hYSCnjWID+AdbA%FG)w{`?ZGN7J=skEV1()igjQpv%bt)(JR4bRTs}F=#wT#5>DxD!&G>GP_hZ^NvGu zl;1aVB5}3V^(I7p{3s~lUUa@65RLcpGplsVgaUpNer&?C=ANsiS6Kfl1uY@|J5`&+ z?zVcd*z*^S{otapKUg$&aLru z@Dup1^#Sq9H7*dN2H7)a7U|-!)Ykg_HJi7W{WYK2#*SKPMe^KJa4Q-or!PvGTQ7oL zIfl`n#4KNualYt-g8twBMEXS3|Dnv}iX{mgSNbLX^7MJkg{57FoBcI|yXJ^Irm3AS z2dEG6r9$B{<*ylzKAiZLI3EC({#gLa5&-M{H3fE*J|Yl|-H*y$-$2(7XHU_fbZbiK z`)@EA`M>l+#MT!wGGce5G8kmzk5OnSYp;Uk+}mI>&#^YeoL?Ds3GV5z`94(9NA+FQ z!0ww0W~Od1XS-l#vO)auzYORjrSkWEcOq^-ASD(teZ^HwAUgt4G=r_cAbK%5&|#vN z$el}y$%y{U#ZIDl*)IkWiw7Ox3!*LZ^Z;O43!I*MJKxW603f#kfTps4d<^%E(7~^d z?*VO@K6x+My}o?NTS)WG(rV4vggroZL2C!s?Bh>Bq$yT{LE`~@dA?#X^B^9xVt*3P zeE2DTlka0FB`ijNj}w2I9|w5mGk7O!%co{sfrkh-KC8G{rSQUKx~@qt=|4>LRLHqR zT;mUCzk3sHzzp?yVq1^!qc!rQ<_4{QFn7H51#_oea)gz+!dh9O=u7-K`y-1@eSfmO z-u@Z0onZak+@SSKb2F`9m^jT-sqK<}YU5j`knpXTi`~cE@z&nvPP=4% zk6w5x)W*}%@$N1#ODlt;ftAZ+*?&X_p+m)WK57(GhjB6updCy2p6zdAM%{ zZddz*`jKsRbF|`pNNa%vw# zXEPbOE)zggL)rD`C)A(USbr)d=(ig)Sh0w5^vTH1;O(^fPY_WqH$Xw-TVOC&Ye z{MK@FgVqXjGp&{8j<-tYPP=RoQbxR~P#13s<~zG!{*d~_n?Eu)X#LpSOzWS_9dG@! zxzjFNgq2V*6>7r_?c3P*0JHHg#B1I06WpX@#V~&SQz9}Oj|rPfsUG6b{0!H`)z9(F zhri%A5m!nMwkZ(mB)2}8$YZM zynBV`*XRP_S%fxS44C41RM=EXl}~_WaJ#thfesfc#pUa+*+!0G`R`QT8dn8i`MAnS z8g=J2%Tm}>924}Wf zC_{(^L(j=p9&Te|$~S&PvAjRS6ZqXNdQh1CCrOjDN(m7;|3zq!QZ@xP_*hfeTjY}} zay%d>XO+UMzO10!K*9KCA9R?>_7?e+iu~4UQHoyvxI<;&#{AmO!!iF&j;YF_35;AX zjK3F*-x&<0WEU1@^m78ks&9Y)dcxcDFt;v}%(;yIf49-r&fJSN7m=U(o+jFc#OCi+ znN|A_A12WoN?C)xZu`27K{~?pqF>GFm4EOa;r2X;sF0oEz*DsW~ z!V-Zb#?C_Q39w2v7sUSy1T+J8^kbBT>pT(hpY-DeN+PNcPwZO=$dViFc{0M<@c)N8 zG6{ImkZHwxkI~R39?T6D-VVJ>4KRAn1Ylw`%ix(0`}s|1rWAyxZ=zIhg@i<`?exAI z;mLrN-Dwkbolaev&ek#Q+u_N|?76Ud^8FyGVzbXtI6?`n%xX*&omT^bi9tH*DZsf; zI6D)YUheoi5Ka#%+0~*fxU_QouuLA1(^R05=Z95EQ&C}Kkl)r2KbX^-a^qnIutO}7 zE4!_ZJ=||NW7HCeQpD$>0jKO?ye!QpUhK(N?8;|gU8Ng&0X`~Fs#fzOKK+-+s?n}F z$ubIp?YN2a68x<~`;ffT?O z-oD9w5#1Ks^F>Y;q@A};nd!VeYb z=Dl#!2J>0-VcX4(h^&3znQ*??Mzh$KPeWcgIoBsZa4D6Mv|`w~Gw zqiUH4ke8+r=2i5I^;$*%hF#bU6 zDml|v@H@guD^^*Rx%2&|Vu$@{IrHNO$-Ft96ah#LAeB6~J;KIC)Oyq0az4JeX5K+G zP~6O4Po}xi-sor_B9VR0&c4KZ>0RD(*-j612m}%B%<~bipmnvd%Cw%3qmDQC0)JZ3 zWBO`mMdy*q(PmlN*Edjl!`W+GUPoBtStGG%_W-o}fYB}{Q}aC#$ZuYYH{Op5+1Y5m zfPmjrYO#UV9X2+S5bw`VWuuFqzK>FT+J(Jd+j_duOQuFwSe^D|Ixna&B7g{P~ zp%X+$D!nskq)Wh*-iK%}l5R7pt<9)jS}z=B?s)4+bEjRjzUivw zg$mO;h8%)*thwW@9r7LwfY&yp$`oNquv@?|C1wzM&ST z?IwtGb_cMY_y73!LVELG`8UQP%50OR@q$g_Y!jt4KZ7Ef-`M}u1khZ}WQ{ih2j<5g zr<%e*C9h>aOGOYHKM<0?p1yAiLV=*<` zFXUUN66H_Brlk83P%BSy|D0_MC5)0JcYgedl*?2ONY5hHAvv%EovF`0Us-3?Jx#@i zM}~{h>GCb%Acv{8BOw?3g6?=+eT{>g9!{F^7Co8Cw`BM3S+i%SM(tA$x>B(XM$}>m1UO znwR;}PHLWep5IjL=rVs=ZkL#~YL_`NJ36ofZL@E5q%gwGf)P_i7+5A)tyxCR!f2Pg z?L?>YHob$t4{bm(_8#TmGXAB1OYj^DSDnPa<@ghstbR&l^386-3hG@ShUVlyl9E%L zta5DvyoIr96QFsJs<);Q<~d@`eB*bll{lMl3gb|^3@heP_9Z*1sDM3>Yc`wJ;PFw$ zOt51+G{>%s&ZZn;Z26uI$xNTp_&t`q*g097cFCDtCZFqwq8T4lJ6|mmZG65 zTr6s`*85d1j4Zqe>fPi*MwGim49NrE&YpbSI7Ng*W%p=NNj8S33;jZ;KH%{074EYkD3!$q2Ik$dlAVz&~$C5sPXKs~l z_iYBQQ*Wj0s+LsQ-Mzailxm(v;;;?tKF)aa@CMbn``CKzbLrLI$R!#y_;*j<(D8Yx z_M}_WHLmX+Mk7B#n~~Sg0j1VyCZGKmP>zF`78q|m%iL*~7GYwNpj9Z^N*Vix$rj)+ zpEJ*?;nfqn2=^D!YHqBz#kvreZ|lDsy`@Jx+~?3nUQ10ZW#n}DqV+n(HubBo3$zo* z;yvLStzZS^0vI9V)d}|mWna$)jj{qTpl}} z>~e|0dDZY~QaB;=G$|9L+_?)h)yWAE)n6>dbXNE@nfOxmpU=bwba$rncByVmJk*Zn zOr~qoGDUO3LFDNEGP;2A$beF{2HyidU}Um(HlAd@o*!rJ${COZ4ok+cfu+MllM1_Y zk4$U!mkP8sS@gJf!f9BwTW=&AYUi8e^tbMo!{;~NBDY5*d;PZO2A>vf#@V3LHCb?!=v}Wl=`ok)#MK<#?A|Emq7!gg_}l=*m^& zwbs4|mv1bX8%w`f3GWn@!_Yn=!3Y6pTxxp*EP_KFLM&=IY-er)?-#TU5y_e6w*fIa z3rK#%+B~eC=G^TYIKE4r1~5uraHm2sLzc`mI)PZ;amxqHMWbTGPQhkAs$3JpKrw!H9vk8E#YH{ z(M3cLa>_;gTPtuJ!ANtTctSk_n}|oT^USND3QVB985CCCN91eNqZxX91Iv? z6AT8EG1=GzCrr*@a^?;j+vH@EF&y9ftDc#iJtV>Z`Sy8sy1P16cUMioxn?T%AL(j1w00dJ00w5 zW=F82nFB6Z;VQ7_1bA2JK*d!~Zc|_7qJpY%>ly+~KRr=porw#=og7>o&`>D7b1jmY z`z0c*Vs=-@DeHiKS*e!ql^ooRL=(F2iQL6`mY{U++kP{>4HuQ(eNp^xO~0)4`%25x zDuXwufYCgAN@{$o6V|aU8{1~bwzk+dF}BTdwq;T_f8e$I;s;89#Z>?ImO}y<%Uo{y z+RoE@yo9n75^l|{*?n#^7Fpdpv8!+m4*0dZ$8bngE;a!z3>u+-OPI>>mLN-l8J%hB zws%z>R(|<*%3D}cIB9G+oY~7gMz41OrzP&epnEQ#=~`pi8fdkA7l6d%$1mS4z}_mE zo!)E@?gs#O-NJcQ4S$PJ6Ru-Zcjbth@Ie^^ck-2*@EY(P`j_P_4>W}`5>r^k3N?kp zO=t&OYYl;66c=|w0M)Onu)i=Oiq08R7`|1S0-Yz*Gq!;4BvTp>{mmQ01+{fWbo;P< zFAT-4KYt@`wg^TH)lN5&c$$S#^Z^p%@MhmyC@B`M4_(KU1dA@{{~&L_{9OuK@3+=l zhQma-myC7)AS)Z0g%-O#!rqnGFW*Out^zHcSx8CBYQY|!5|OEW%j_}WQ2>%@a zxxh8yX2|ij<3Ev5NqxgC-1`E*2(t-O=_vfYxW${_85Lgoi3tSg<1c@OM`tW*4D}OC zjW&=(nF<~P819CC1go}u+u9>I@n(a@C51rh$%rP{NY>$^lph70>_Walg2w=N_cFf9 zKX{lA8(EbE!g(0gFDsC74GZqvy$@60@-Sgp5vPYk9C~-B=rF4m6MY%a$KjPh{;L8N}~DL;S{gjff8%*?%_!m%`>_BA}f!X zUdJhvC!FGG83Rx76{mpsyNA9bEE@;cG^D0Bc-{dM841Ak`ncP$Y%9(s5EXw?%RMnMAm1B?{b`^o_j+~>sQxS z=d^yaP3z|{s0&^ojSvIGi|d8KY{NhvW9s|?nF+3G7}S~KZ}?ccZ&^t6Hu|MQ!O1Xk zAZ{Bu49L)KY{PaCo+h!trNe>G3(<%3Hu|lNR)sL60o7>X2m(lD`VB?t5@BQbtxds; zgbWc!QHtKEd*~!;z%R=~ic*;gMX4d~6s3MyEjEVBWqZ0>8^crDsn*7M71k8Bsv$Je zaX1ZtN;5A;WHo1P)|yYKG%MgprRmN7p4x=_g{aUXX2d(h8w7uz{|s!Li!dIed6wYf zC078uiGM=ZDSAz;KOIRep$M3V!8+xDoCQ%lC#JBL%7R~*)P|<}-%w}yEmb8&!TDEAIP4@|h*wIh)tN>4Eg`?N7Z%St5l6U4y)<7LYa#6@EFdx{H+)A< z7C*~!bMEnIImI7qI1A%>&^mLKV*pBSXG;rwW#N9GEyj;6C>Af}U8oA@=a-Hp&EPmb ze*4(c@p7CXhcWF`|0k+C=I2&*C(6Sg$()2)I$1$a2_Zj?A*Y6r(*!x4Pw=x4az+eU z5JJw3AwLfxzlb4cVWa%g$?gK4%=$T}k(mrOC|JOzEM$t(e$pAuK58;bHKoM?JF%p& zNJFDyriy3tt(u;akDEhH@uqF*=A@bnUqrsFz?1J-U|iYzVr502FB%P`yyr+PeD5T&;{$X`@nC;nzSf!S^D}-WS-` zKtYD$f^aswYi72t^E|FvoG8Z(4vbC)AKY!GKnfr7b2{MUeT%zz-N!pUu#a)s?_7DA zP^yuO7xMvA8^<@oe37-eqQ{g3HZJ2UnQc5nO5JfD2Z*iDpODEmz?x zKI}Gk%{l*ST&7{U2Fpn1TE3<01RIo3fhCge!Y%q-j}v6HSMN}8d1T?VEc#8fOX&t; zF?NV@Qgs8r#VFp$2hw+-k<9OKmVVF2?RT^qFWiK?d^4ZoEqs!7sQPepKF-@Jd?Q!= zYc=4H8cr*T&JiKmpH;k-*u2V=DgFTqs=mS>F~b|s-x@Y4%@JdGhIfoNt~a8&wD)s( zI5K8y=}$_AeUpDyY(MymjItcx?98eFC-rPBJS5#@YI_l%jWo~1*R(HP!EKg^zP+ij z-8Ef}?L1^;ptc#rx)W!vJ`>!9Szlk4QMN>R-brk% zn?%Lng1Z$U;osC&JJRt(I!SA7cfXJ6yd=+3%+AA4#c}ZYM?;) zV80im$;1zJ4yEfVwsfE3a5-8gxL+Yz?R~(^vYcfr&4bvoGskiqtO83hId$9rcuOeq zi3%p(tAdFuTXNk9vW(SA0eyFORnxo5QinkK>-gpS-a36X5;@SF zP4w5<%Qw5$EH?%A7-b0w?^Ifr%XIf)>~uHsIJot;;v*!ftz3^{YGnQ!X8(l|`2u(h z03A|3mue|3msSBK(cGdKpQz=d{;PP5-tWgizuzrn=*BJQ)cl4=zIDpoQx~INQr`vfyGnykK{-P zpI}Hv{ZOV7G7A9t%R`Z5Mgc#K0-6Pn&mw?XG#2`Hm*P`u%Y^LY7Y;>MYv5W5r}(DK zhXL>l%$`{P;1&(cr1(P@+eXvl=s5}cnj7QN-tsfuc+{s!L1yrChojqtwoIz?1D7*9sEL-%qOylFc*X0HQRfXC6muJY%$K(aMTt zvr`2VVH#iXP5)ArMyl|Ve8r2@q@(;^j{Me%{K`t-RsfftIgxix<LEts2Z(maBx^@2UY_sURr@smNH*T3H3`;TWL36Hy!@ z2YRU@*qMxxn#>-(<3qqOo-bBO~obu_Hh(2@b{3FrEo78m#78W`x z>kIOUt{b$KF}K&Ar6FbSR>nYgF=@}MPJ4VMZTX}MuYf6g8+U}@7M8Z#KTxY$Y2dmk zUZ})6Kg}oQt`1xXh;{b)Wh==<<)#(7LB+6cmXQUKR%VGI*JY3ulng{48&aO z@$@IEaOg|w7Y3$O;qO?c&kv%K4Om{2DnAl{J7q<8z_@HaH{hd^{#GHh*0C}E`lb5+ z)Jk^i8a-Rs`GXOvM`0PsOcSc^WSD#wahNT_o3-(7`o*g%G>sv%^iMfP1^8DOK;~$? zPc*#EhXo|V`|8Ext+4a|&BuuSH7p~U*ZG#-5NuFB-@yA#fK!YvR;3=NL7BZR?Sn0t z7AU-R0%jae+rqg)oi}YpG&k@))|b5(Nw>YhA|cM?nLVEe>D=bhWiuVGjh)H9$_1XC%E|j@Rkn2E9qZVbN|fhhoY*>6yGO!aXw9w zDSm*pfMPsjyS#_C$3N$w^~L|-H?$rQ7>Sc38@!*CUD-TtP@8a#*R~Q~JJ>rogQ~gG ze~B|F{23wL=)(?$R@^+#Vc#+KZRcC~+6JXC*xoz~V_uzniysQZkN8Ys`7!k9lE=pe z)0mnz{rpQtYh&?ZmbSlNVq%&Jma>H0cO3RWY4WIyeU}tKX*obye*L8>bRza7Na>+q zrBBEwFoYanBy$}pmp&DEX#$`+IGUzSq|sIU49^6B`_2hi{Ja`k`~r6m+uD>(STeJY zDmN2vfd?v>j%1iyXWagi{|S#}43D185@{8`#G|wL6<vhS3i1#MWCj&?x&6?%?-o+!PKd!%tk6 zu=u=I(D1U8?kwwe*E;Q1iw*g*0KNOW(?L+xv?DT>d{nM()Ja zPjKlRbmos2;Ow1x!S&1XKOfj7{HJ0U-LiJ03P=@dm9nF$FY$lbXlepp(A0*0>1xr` z6r5b=Y~P7|14q;jFi8N>cjZPs^sGNXAe9n)Djw+M;N=S4S;~-IpdJ7b{Tp1OWS0XJ zsDJ1+j7-m#5nQp#f=?iD%bpg*`Gq~p0=VuKhYbV79j%*5qC7`3XmA`ANzriyjv}}A z8=2GzF=3mCj94`pNZ}Gt>MYh1!Zz+VU=fA!ph`qpsxTH_3Ni+k<*S94+eKM$e+nrN zmS|;+bbJv}mST}k6X{GDo(K&soyc74iB=*NBUA@=8ugWhroH)88^Wi$(;tRKyK632 z^$wZnEQl>ME-H|lUPLsuFKBBHrhV}fvFj%q+nWETz(h|G?a5Cx#!fnqOX`v|rm6_% zB~BjON`d+LDNfwyD0q07wEtLfp?UCS=!yh1m!EObNm^S=1W$&R4 z6FzN;p~`xhRk`FVGMVxakiyEev9mU2%ELgKxD!b}7;+Btz+e2V3=b>S73j6$jJju= z&M~#!bM)qGo|@3L`Nf+-$4(9)23b8cG3nz56;Q;lXPep-1UByvZDOVP1*LuUL}eQX_^+29Rl{Q~+eyW^V) zt?#vRRKr+<#XAe$@b@@gcq%}QgS}1OkNI~t43#ig)VG|=vq--Gy*6rKBcmG!7_X9l zkFs#qE=!bkiBi`;Q_#(T=IVQwtm~g0Ih*QwnyP&jr-?X^Q=S^Tvr6|&H}r2$lp^mC zz~p(tNugc?w^o+Mc~+1W4_;0e5Y3j?T6^dZh^!vl6ZrH+$fF@xQ`I&8D?`4UDWKd% zh|P4nhwes%$-Qk;TC@E}MaUUY$AY;3zqKw{O$l^a{H_L0euZg;DNQ1!-m6><(_55! z_nKf5CtN!^VfuB?IPHhAgvUk+w}lnl*`NkPahZ8pTQt1cOK~qCrhcbVLHetC^i#iC z8uK4&zo>nLf}M@2tP+UrD!0T&3v(*I<|?no?eF$kh^{L8EUejWp9T6=+h?%`{(LW$K?dxKP?{xXmFb^GN7CNTKF|@-q{xEsw515p36qEF@t;`xmG^MUh;~&wQex|6%~qty3;c5rM6t zh=iujo8{`M{==Z_OD1#JK)Dq*Cbpi1X*iV`Q_UrMMu&iIF z%~0IN5Ldzy3&UsDe|eAAcG;++5{++8(2LstUvay*_E)=A+TYs4+8^z%wf}7V12u!S z|B%{$f4{(6KMkq=_f_o(6sFBuPx&@& z#!1PgC>$*`x-q*C+k!CAEUgUu;+lkUbL2xP1L`33f4pMEOh?)AY-bu3+%kJC)3>98 z6yai-#0zL)KnK1Czr-9ki~(=YEc&U@aLsp)*Ri9Ud+M!(75DPOHH?&LajQ5G@Gw;c+K>)!ch z9fbAwzB+B3&RE556G)qTg@eBo}P3=?!ddOe0b>&dft2om7*!d%jKJGv|S$x2+) z?9KmKRAZ-Gjjdi0FXaRI+-sCipAGMs*+qT$VWmG22CRbW6#E81shch3q*At#Dc!kQ zBuhR_-7u6Odv1lFWTFS?-LuXE?3Wd-xDWWxI;G+sMMh}wEtr8tMoC3_RieFpi4=R6 zg@wftL+f9NUgCADhCs*+FY=MPWIF8hRN(2_mwg~I0DZ#gL^k&}J}aWjS>6wS9nodl z_9MS;W!{>Yy({|#6fb(Z(aPR48OwuIg6_|VF{Cr1_{r!Qs!X70qi_(27gM+Jd-ACg z>MM>h7SaCb71a%WtHa)`ZyrFXOx68+m~R*!+Y%cZVdH*zd#uHyl*^9TAS$}A!L|fe z*p`o9-T|M&PoW}nn>t_G1gY~?3R`D#r}&kypAB}BF|Zxqwi>^1AEYyUxL+2u(I1eJ zSY%QZ5|LVdI6uW75E_NAD9XsV;Ym5E0xVI3+g^9yrCje8hQ=>CM6^hx_Tg1$?JRLV!)`OmmUD3B-XCWRdK@dkjhjM%xmzTj!3}dk^YT1RpFFmSCgF6V1^a*iw6vK^&Myn0;@%`> z*AClW$@8gc+bekimhkMq%A(ELKa@GJ7vDDaO5QK}VLy(b+9)Y=q~mA`YC0)JVh7QM zBs1)k0t3o^r1O`Aa7qE+K{^CsjWH{lvAisg)@)*pu>y|B$D6$m(WqCZq26-*>Grli z4a4B8W3JCX;NQkyKZXAlf9a-LXse`tKm*nkU>w*^?)g)36Z(Oawx`w|XvyjJ!6W5sDNUWeW7p=aqpr<2FGH)e_`%{eoZk{pjTmUTB{1wSInbbmmG zdwf9K_mrj-Q!Ys=0O8)@;MjM^s4^u$9-mCXdM!dHjx@L|yA1jUV#q>O?|Xok)>2i!4r8t^P9hUw5_HmgAFm?l zS;hL0wWNxak>hCz&REy8d|mM_;*4qH$)u(N`@9>9KZ5&VzXyBo+w9?K8tL2*dX7>l zp|Q{C)sL!IwvaBEqJ{h?OI@ywdjrfSO#Q@XHsRk2Y#08G0`e355ZuxOos4Nj8p2n@ z+z;5r3Aol#J_e4A0NpKuMn+QwcN(Z=8xy3FkjAps+N+;Ls?M5fOS>jMqBYH7@bsQN zyU}i(zTiBHC?QqsrA4N2Wi5n2TNc-pmp%I0vq838A_zLdiKqx?tBEMCy&uohDTO{o z#A6*iOgr)7aBr9>dF?!T44V)LQq{?;UZ7JwyZ*h7cfre%95>zj%WJOcr0Y4AFl?Zx z>X)hhYt@GyG~R4o0e&o$`Eyk-nvxAz4bXgwDi`{#Z+}xZk|3^HCtRB{F=Hu zkgI44)2YwEOj#cWxFU|;SD_Ea+jLDtH=*8fS8t-WF!0+y`Ko5RbGwuer-svIwsvP- zH742IE%ErKZ}S>Ad#H4I8duXD2bP$SoUb|L)goN}%PC{{9M^oRMS6IyU1sGv9~-s9Bya!IqIO7mcTk28Mzuq_{|>bSDtXw z$D(zmb=W7-4X`LCodv4|-hWl^))gDN*UwmgW309Q_HPSXpi z#wz>&O2K9y*o7%-p>^0<$ItOd5ZB3VEi6hS<7VltUMe+QQ zy)meH=XA!IPYu6{Jd^5QsU0Mo#%j^BO~g^5DC>sHh8(pErBwhq36ahj_38Act+hLC zr`c~fB)Q?Dse3tBp{beeb(4#8z)X7TuAPeOVQrrt*X0ZCIUY@n5@iE%m}r(nbE(qW zgr4k@EUv3W(ghS}4cyOaB<4n%o{gMojA2Y&_jpcWi8GARxvY>iSmia;_oiCm@O6$c zJWr3UOEUF(`h(lg_ny}?uEzMf^h%mz=$DiWQ&oJNJ(|hq(_$Isvo80MNf+k0l zZs&L}BCXG?T|VrjEgp5ev+^jj-6K+KoEyF)F3w2*6eQTx-CSo+QK!Uq#C__VZ1kpG zfKcaTnk<8M*n`$g_e{$a{zeAjxWHpcS4Bja;?i}!@yt9%0|U!;$|~EJ<+6PPxVl); zTXJ(Z9!OT<2(I_}H)zW4s|{&N!)pW6AlI`xbE{oQaYJfY_hi`}L3Hh`H4Y<))^z8L zF&tiHL=cPW<&cKK>x^=G$9LtjJ$c@N6@?oeaA%Wq85yK|*RSv8>2T%jq?YE|t$J3d z-O3FxQ@SVDZq=KuwU?~77F6TU6zZ}uqQhA_LRZhmUgN#o@M)$as9N4btaSvXtB)K( z)jHl^>nKU@A=V}-DY_@&ZEtc*L`QDT>I>?w6SaYQcw={?9>~o)Zl3M^FH)!WZcC3T zeq6;%EJj0jJCcl;U8fEGF}Hh@*9KGRe7dW)fc(v~^{M_LwR5Ceohyc%4i1%(uMG~9 zSsNT~&UA1Dri}%)+*0Cs|5N*x6~$eHa1k`DYi2BwvZYa0RCb#vp_1iDJnf@g1@p^M z@h@IPe7~%W!$c54C3LI&D8TKEI|C;5{I-xz=44PLYCLchlu;ZqD3Ie_^i-^{Etf$;^jQ|4Sw%wK6y8CbCoFdXZa2mb#Y7X#*z% z`lVC8A3wHrsU)kPK_PTQNDsU#8NVV>a;`@qlaogW8CZ+@D6Gv#DhP#fkad7CG76x> zCrY`swzRG)PcepZVn`H{k8|d_`8{%!$sJFRV^SU7ZqLnKA_>x9UGt{F>~;vaNn8Rp;{7 zmKv5@=g%WdckTQmG3;vBth+$Pj-V<2XjvVtm{n8tMFz>bRPFYTage%79d`TNz}wWC zxT3(ZkafYxadD=)h;FJ)6lZn)Q@g!GTI=k2;^F#CPi9r7qbM-ymqo3Q|ci#2$&$h*e4dEm1-WC-&1a1@qRT;=zDGwRP zW3M3m=pL|eJSClcVmcKZLsG%mE>RmLpw2B+EcS=Ci$PRI_XDaf#xDDN6%bxsBy%)sGtoQ^85Z(%o*SV2Vww=ojcd znZjcd^=A1c1pmzBR3LB1_t&GI|1G-iucVVc6e{%_Qu9v`4rn?Xdh!{LQ)J3Yex~?x zGNH-o;HOHD>yNdz*vn4BQ*oyX>r+t1h|slxT)K$yd$cweF`f@SO#hQ#KAEunFRKuL zS2yko1n?~@o0NvuwDgjWza0e5X!hBTXvMUreyP4){Q~@gh7gw4uI`o9#>}B>5FRPN zuFiJAa+%@W14W-@;cbtLF@KO9Ly_IIYTdYB=o%?y*&@0xcr$mc@P$(a2baWsHZ5l7 z5_-mh;xVE~tAWCXR6s*_8+>&mQNa9-`4-t}o&mB6_TGP!FN%uBcsl1Qr-z}zisZ;l z)&!t3P%ttTYgJ1Tp5r%icwRsM9P4|Vs+-vcd^Kzc+)O~-Uo?0kK(^38o|(bZWRG;4 zE2g4H=%J_xNVz4aZi=ZNz3vR+xQFPi*ZmA9P&3MB%8!XgCRiY_L5;lpvH)GSR_e~c zMj2ef;XB2$B~Ycvg_aigtWgncjYK*wUo=tPnzA%xx>nJG*Ou7bg4d>0FoWA(9HU~1 zLFWBTM|P3L3g|Ar~NU^ExZoeKogk# z=@J;Whh`~kllV`@tuX<1pnOt=t(3?Ph+A7@;g*eUWE6Pe*zIZCPzms3T^UeEAC)G{ z_^)P0SD88YNFNu&DG7U)+XcE5VRlKFpum@#9X7ZJxt?kc)3a)fIgIof*P)p(={6Uq z$8N6?Ot&DK-^fgp)MW3NSs$V+-#F_K!Oj&YyC}RfyZksv(308770(=ajHF>G`{JqC z_Kt0Ddi+=2H60d=K1ig@;HA)c+}$(}lAMc5i8GT;um~O~)>7D$5JEjmb&ajHP2Bji z8pW(@FK$o5+`*C2zRBI8CA-L5d_h{`mT6v-+CuYn_S1N^RtJ}p9fi0OqcJmuzOr@J z-p1BRwQfQ)Z`y%WJBvH=wZ*)hu&9shj2Z4US0d~O{*4Uxa5VdYIRnR)O=Qi*jd-vh zSjI>P+uz(ybHyT^T}X$uN(S+U(yrKpKJngBVHGlahA$FFAF%^%*VH%E_ z14tErKu`{*B#zF6<7vIuHNnmGBWyQ?(_5TT`iJQMB#b@_Dr zmLaRDgk63!`n2F(J30Ike)M_gXZuDonU21WZZ1JoG!zkHw-%9C_(F^05W=d8LnxFT z)!ZKo)p3B_)R;NTa+MAgXcubiFHizOZj(_P{1t=SZOek%4r0G-K4p0n4^kxNl7~q(H4>;K7#=EhMWcHG{HXo14gYx0(a5{-ztSub{ zFt}r3^}uKmx8WB=Qhoo=%vA7|nd#t5GdqIM%^YyS3NJXE)yw%%dD?T&Ra`!XF6xYAw>NGB$LG)F=6VJ18yDqNQ(#&W=OjNSt6i3* z+aQvVgM8cj$@&p^K0rvWN95~9f3%z#dzpI}hW@a?yCVFcvM~J)#q-9D@fxD>cIl;^ z{^G@OFZIu;&uHVzk}AjVI-RVLbu_j{10 zINW&-K{Ca2`4)f4r>7-TJP*?tzBr2Mdv#krZ+;Lj9mPAJK)rRD;;&>jXNnhKYQvwj zL9B2oK`nclN^r{j3vn9N38RtBula_T;L0Z*-hN9Sdh=eg39?Rzqoqv0u#|^WT&PL& zm@I(db#!op3k1`y|T){UyaV4KRdu=JW5-W1?j~L{YcJLcMW9_~u zR$C0j9``zXZSRu8Rd{w5ujXsA@-?#P*_vyygin(QW4(TJoy>vj`RetXVK5&0oT~84 z^3dc?CJ!@3;JB3AkUmL0m*}}3)sTpmM6WYl$oBn`7LhY?e5rz3!1bOGx}w*oD1yN{1dXTkPGLQqP?`ovWwSg^zk~~E2NKu0s7@P z0l3!y2i}r(A@tD*eaLVA^L&gx)JaD&aP;Uzo_w;7KHk9!ee4f?DDB`~J{9^9NM|4t z^x>D^2Iz=Hv>_tVgvw~d-E1kWnNYna!@UH|gzE1i5mrnngglr~$w*L$Vv&w01V$)4 z>Wo5Ub0xAJqY;G&@oEY&NJt?e^ja&%qa{dV# z5oY21X#bRZSo?>t2DtSH_`u!&gCUXHoMpL6us>9;)uI3ELVu{x42yEQTM;BXvwckX zz?UpoS)r=#MuE46*Ps|5|8C)5rrJ5}vxCp6IK7V>eB^NWSU7;OIm>dDV9D+-lTTcb zPZeZEe?ZQ{jSz-gk5ay4g{OJ=Wd*Yrjl`k1B0IzLcmK!mzgPGW&zrCZH}j!pZxI|k z%~_VKbgMwRo#qcN$RFhfPdN*Jk|VC4B@9msS5~mXpZN&SzhD}kxBVZ(|5f2beNfuw z=o+WoW6@fILLq;bZP{m8&#FK3p z(yayp(Sh&AC|SxIhOc(!NO|xcMV#ZOYYX>cV}s*;0+90kG9^!#rLRQIWd>`Id*iW@ z>%`M@rRFvb_jES0Gg8;2iVrB}hEAABOGDfSV2Z2LakTw7>NGXC+sO_O;+H8t#Md3W zWnh+`Y+1soUea@W2sgR-Fag?&k0_zyqkN;mT)F<9T%8{>%ir)Ee2hEBzlHIFRV0r^jn7|6d&fWaX?$+}A!e_KYflq;%s-%6>O zDWG5Lj)Pu;ggs1Ls|mmS3f6GOFKF>K70DCs3!DI@Hf4%&A7V0UtR*+>M#?AC0UDqCoitF3YNmbL6N0pbOy^{tacm8a9M;P zWdY8c+XkSC(Q^w{&&L^jNxnt)!SFhVjXN44HSVYZY}j!lr1EEk952JY^Gye%gxy1b zwoK%~2q_~m?kE=N*h!ShT2d8~EM1K){R6BW$_8Vj>0xBbCB_a@R69c0Ib0D=-*252 zP$W`PS0E*&TajhPw<61dCefZHG?Wcj^zD60-4s9-up8kb{rZ-a<1qgB@{jcBSWUlP zpt_gmpBUftx_NxIAZn{+tgT+9Y_6^Ti7jj^S>v|)7Y^F$-!eLb*D%7iGDul~^X9Vk zXvwIpURTKS8+?mz@>zUaDSz7PEg1uE^VM|`uUFbi9<-H=L|Z9VRa*(kN?RGqWqp%v zB}{268NQ+ImsNyHTe$)$n%YWc+*Wc#ZDlAMu2pSS0snusmFghTR%!1%+LHZF^s8w! zqt>z5kI{`aA*hu0M_dVd0n%T}%y-_07$DCcAbweJyI`R34v7bSI4eS^QbGvj8Ua}n zlN8PEBz`iCCdE%70XZx$V_-U8o$-1@4fc`pEX#vqUNREmr(%(g#7~zKi#BUO=B!s4 zc5GJ1L%1yJT?BW*pygg4tU$mpcgW>Uavwg@FAEB-$VkwNW$pSk{ZXYH9*c&b-4M!I zcLEv)6XAd_6F?4H+TM`0+^mq%y&={sE8x*`=Txd-GVS#}{?g+|Kgpf@0y~I*qF<`| z5^bH*n^fKeYwLHZDf;Cm$n#cb@AEC3fl6eN_b=)hUBzM{@&g$I|KY1^ecn>_{0QL{ zH>;2`64j$9w6t4=R9?las0ka&uEx?B)rBQ(X;K$k5YEliD&T0Q=GK(5-U+A0cQOi- za1M4gSMOxwK>9Bg|6`=;RL;E4*c?r)aS2 z-oPJF{BOK7{V~9XjA`t-ZHYN)Rj5z!)hmz_$>I97AjZ_*l74W1JH`Owu@}z@zapOU;s@|K`Bb_1_A(u8=p}UH{E{ zrK98itISh{X7jeP^}@&CbCeAMS?cHYG1x{rMXSVXGyYsi;j`smN~)a0Mh$kfuZ!6Td8|bZIh2I_S4<=~ce-jLnwMBER`CbgxGvrw;r0}c@g95Cwn$Lgy!W54<9c3?tV2GzZ=`k( zHm34Jb@ZlK?cLEOiJ4KqEX#M)y)!VEMcq3iA$y9oo8mF_ZHCd5?P<(*^&QELF2BZ~ zJ54Oh$M?YQE`{l&E{a`zg6|Ptm$4{BH&>I%Z5O*-uF$!K8sUeZ;f&nr06)mAdx%d<#V z{|)=Rpoms75`A7#NJM=;%tUWx40qY#c}vd{sxK@-1G;HN1zH#f(Crh~?BUP>uS>di z?a3k8RAEVZ_m$wQnL)j(DCW5V?ZZ=L3EhI#|0a}Kzf^xqFXP~cAkCP_9lMnmO}8Zl zlqB29D9cgxgq;A1ckCEyEnT!0_H!|M*5RdU1=P!3?mWwy%Hr=J_i;x-f+Z^HK71O7MN+IL5i zA)}o!^h6;uq}{N>1vkt(L?#e(5i*;btttg%w(rYuFYY0;Axn1;v4b6MC=bLo840mX zu|lyexj#lF%-X|$iS36SZu?<*7vd!LAa)t5zJa;VK%UwwWD79ElVN-lvi1sL&)96D zox)=62dkR$GA}uE2LdsBC%NYa>D6*BB2jIeu^Yav%vM-#edHG4kS;6W!X$vxJ?)#( z5B}@T=Fe)sCyk6~)W;NjL;f%E*E~4-u|BH3Cmvd?IK2EM2QgdFzCf=J^AM-pfeYJM z?VH?Nj0YmS~Vz5Ad3ZDW>vA$&>JzG%x42WhY6?D~iGv1L71*q8GMYuy@g*ofASVQP-SbM?5f;ddf zx+qNIa1IlDm0d_djEpbCKwep;i7P95C}+^ihhDoY zvJ0D0kX=qR1TVKQ*JCym`v_6^f^=-TV|iRAcW~MyTD?=+y1!xuAm2Tv!g9y|h%$sA zNF~TaD;_f0y9S%FD=ZX`eS2K$D0u{VWhHD5gCZ2pEr^|*Y0q+EY*V-#SJ24cp34dC zJRwUGo%ZrfE_|)8jzj89$%ycBy%RHa)?Gu6ok$C>-OzSYhjx9iGO31W*ZT#SPxtU4 zep%2l_5Og&#HeF9*Sk^2@M#)e9+ttXfogK3^BF4M9Urey>k(@oA($Z+HI5wH@_g&9Ue5S3eKOu}i6$RADux z-B*I8X9jhPdfct5#<40#Uuju|E-x~4UkT2T85~$-fKkcO$uomTRfSF}==(}syVNkq z{Zf@)RHebEOge`?0~6l%jXSFS^0B0i609qbr9jp4Y(R2%9n227$>$yBWu{c`uanHO zfOdbb{cx{1mq773@@Qh63 z@H7TV)fnex)F>n4+!ZvIyd_IVolST*BddV31&*w$OT>3T?0{W;U?={Oeo5}t_-o3g z@v)hI^kWib=Wn^l$@&m|2bm^^|E}X+@FiDL~@B;^eV*;xqq4 zPC6N6kd1ifhqKdcBh^R-o5&2FnvBK$C#y;@?kmv=GlQom{UY52t3IT+zLUGwC;v=w z1HLAYO#f5zv~aqAyUNMoRDk+L66FFJwZWM#?XsX?T^3lT!8wc~$(1FuUnq2!%4t{D z{9K`IYfczk{)%>1u##I(=di(&e;zY_Pwvy+i4h)+<%1#)XTZrZn}?-Tyy_g|9kY);Flx~gHjI6{N{$4F}>T5yF&{bLPJG#s13od z6pneO0(K)C$X#3xAG%I!)+IAGO2#IT3K@o*M7Z9E{emim38dn>3FPLgB`xmGUaE4x zCx>!$UdK%&sepq+q+DXs4_oFFNmN9k5+tUN=CpZ==8tS`3hUX;AJu%7`J|PVaJ|q{0_(gV3^!r6xz>R^;EvyKhvWxm_r&8!3F&^<(7L{yOnvkn;}9Tx*J zNky?pX9nqX|HvLN>5_oRv3hoZoCqH3d^WH=Gn>~b0^a1sZ$eav{5M(X~x32UAEa^<4U$%6NC6}8&3p< zjs|2VL>enx)M-sZ@ zrJ@<;9PyshRoI}Z{h_Ox*%7R4=70lB=GXpvxe9waa&(jNnEqzEv^J-%0=N&$@P4qV znH>Sgx^NFTuqGZ#ORmDU1Q*?rf;2p(VT|Z- z3oPL_K2@G>F}_)*+x^ayyBVSkJwVp%cELkW?#dkL*f^3M6pxhPTOprQ{j4UW7mi+6 zaVrIFY-=oREsG@lZ5$dB>>U~n!7Zc`qQP!f_U}h8|H^}tECVt}IyS391G1<>W4H$a zZmK_^nk;OG7xyVU$My=xMOW2V?kSvW3MMHcn32p*P*CZ5>aoCqugsWyTi$hEJpgQ- z*F9M5(9Q+75-CJG=NFijbq}3FRrqCjj6wM=Gtqyo_HwTO+S}`XS@l=o!RO4&!#!h~ z)uS!(c1Onv@^ksLHoHzfyOZqAiR7X^+)B0{A~SE^l$x9cdjJ*qbg6AfB!({z&?E2nBgKA zMg378n&iq%^hd=bCF_rM>d>m6s{UAwUf3UX>6`UOb<9M6bZ9gN`;tnC2G?XaR{Enn zm@W^%euswU(9Xb$U-^r`CpD6hCb3hj~1kNK7^P=9O!hcV4<&4pG# z)-i1r#q~#rc0Sk-zYy)bU&sk<*B|A;2 z?#MVneJ-2UmcssoAD;THA?peU5D(dX`7NPoN+*i+U0QIwJ@aIi%4A&5LP zcsD&Xmi~87X>*%9o0FcqCG67<=*0e&F`n%)@fg2eIL5CZj`4Hc81KM^Jk`p$EY~8& z_*D~Q{6V0mG5%mPJA$H_0}fnhc4^5KkMXtMIgIfvr8CAqL1Ew?Phr4Q*1G{lk6 zOzTf~qlEP2$n&%HZN9cudDdD>qso}vmzs}$x*%MqU9I8f14bKy5 zG?!Ya)S#Tps*+f05F{ZrD8Fx$8q^$OGB3z<=gyECTGY>8GpRuyk{V zDlS!x-nU2%4vmK3MN$dTKx#mv-aVvc55FuANewa+T*}Z$N)19I;!>)~m`j;s;ZlRV zVlE}LM>6o_?;f`qtgH9;tCG6lDetCgc8Zj_sAoH>4DK#r$7TVUD3)Q6k}`v@!x3T`1sUchamPE* zW2Wb#CtlJH*T()88HSxtu?(|iD8pIVNb#Y{Sp#SCKv(4W5D*6ckpHc z@TCB6B>-Ou@Lmik%eoL5M#*KZvg|-|@OCAJtUc_+Q;@P8#gjm~cf1Sk;A2ZC1Do7r z@z7{U2{-UHVI4bjfjWbCfjE16@D6qU&K z?_<9D4cTX*ywA$3s*HJ`APL?lB)*OJsTsxlSfFC`{sNbHA14R8hYqqr%R{_RW`g%A zUKQ_CWmfUNYV^K^_c=5g1HXa>yl)Ai;Y2Wbi1*1%@IFH$$@_#x#QRi}G4C_S!g-&( z9PjH!^E#R;{IVdWQ=lKC31-47+DHc3KPew+7H29^saFzO6<4%;kRq3`hT)InR5WIw zkd-{dA7v)wBP&|ov?@cV)4MXAYo4G^=IC6M%JJ6<(KmIDX{l>#v6bosxcF1>4&9>Y zzKPkcKWAA$S<5qz|vZ1`R0XBPPFK$KwHOlE8DIj90QhGr&Y5zoab-2{JDdgApqg`bD}Fw74yBYltH z?2q@j1;r}?S0zS2$!s43OTo_)dLYq%LS{>QJK|5BFdCgk^-z(gV^sLv&u|52@ZsFK zedQf2NC3_h;O7azF9bL%29#x8h|H$slKk%MN(@=W?-Zmg$0&X$c*yT^f&9@J8NWLR zd&KV)s53a1uS=*s_$7AnySebYov1Pg&$iXFCo@t8H*xdO39&Z#yf}7eaDHsBp!5xf zmvOzUHB+UM`jur|ts<^vS>YQhDJ!t*(lIIMzaDB$1(G>g|P>4p8Us$Tb@Z>QDb|f>w@C=P6r;>`%h!~z~GG=(@Fop+1s#ZzK ztHSU`lZ9Uv#4$V(1q@F`8_8TGa7As^0=F@>l{jA;eiTh>K(1)b!Nq{WqOnPv6KWB| zlLt!S0htMb(2CaV)K)`(qJzd9&uUh*DvoCkku`fCTI<_dLyi}NLyl)|q5ps2c&(L3 zc0xV2Y9i!#W7@>;tZ?nF&krPO&M2w1EulACY{*#V)WRD@-7DmG7vV_qyK~`D;&?j#xYbT~=u zUy)JSxf#o-yOM84CB_OD@E;X|wxXjD} z2QG|vX~~t4QPc43b&Y2)OD6EQNf_eU4^v@&iP<90Ndw|-WBbZGXiWfg(M-^m0O$sq zpfd)PWnGAjs^qej%VB~sl^C*$XDdiqj^gDYEg99W!!h{S(iOmvQRQD}HSHn{v;&A3 zw^HZ~I`~Gyspcdu;9`W+E+V)90%c(vkHgj1_r)O)JM)lOU_ zj^84oI$RoqX`~Y3f`q!Pa5-C5SC)q)RGA5eZMeh|Y7&=-YpYIUu5FHmi>dMoxi<2M zsxv_tFlj+XGU$Z9i&W~0lMkj7DJ%|B=|mOhesz;e@mPdtK!n1fKlx_|34Oue`rN#=CeG{CdX&CdexKc7&h@{JL;>+LgbrR+5 zeJBg%*_kHVg#RTtlKk};_@wqPvpuYezy1T*(S+R__z$s1Kgo^kl=U9uKLLBVemD`N zs^rExc+hO)LBFA-@Sv+ODm>_F75^GOe%XEH9bB6LTqnTw3BU~k{5A%ZWnGBesN|A7 z=*CJ6S;d1Cq%6lM9wd0kgK~lV>q8zSkAdIuiFl9zox$(UiNRE^`eNR1Acrr?jH65@i?$R6kJpT$imo`#!Ji2p76(a@ z^KIQj57D{&vOFXy%1lU#R-8yuJf4t_5m{A=D#eJ*Au6sG69rCqI!2^M2^mpE1PnvT zFH}030BAV3yUuIW5D9%tiVc0kHx%?DKC}z1BtCTMC_cm%F5^SjVn+K&38HgV-U(QK z1bj3f`YW(U_)j2A$cIFop**L(iz%;;xO0pTX-5+!*9Ir{v%#LcJ^A0xU;0k%LC%)7 zr>Ko1V{YojS|u=T`RUo8TU%{!&WB9?Y^#}ew%Hap+uAnUw(Tkl?V?{zrrSHkcFHMg z&SOc7SGn=f!9SUa&25UuB-1vxecv{>=@^dN+m_hU=913@t5=fe?ki4?MZ5gvq3f?? zCbqO$@|kc;+m$NLUWK2q+1oY`^~<77Y-k9g35?4q8_cR?#3nYXDZ0l(9@@ty(|BTy zZPK%hvW2;%l(j8aiKC`s1*6XZEWu>S50uw~@V0I*@s zw)tB+R_AQp7%8Tiy#x*6k*-y^-3rXcVNIwi6VjOtkU)FEZVZ zId&~_;H!Ix9iC8-JhW?3W`cqgkCcpp4m1jKdAdE4+9XB?<2VQHoFFKdTQ<0@k{j*Z zt=#Scf9_;eZnU$^1VLGD*^r=i$FKNT1*D0)>>ecB7p9AlY@gcg__42DGh>%weQ*b$ zuy`~!d;jhBHbK?cGDkX~Yj;S+a;q=g3ABmUZW5cZgsgsAn-X^dRKU^6*W~`lGBtQI z|3rIlLZVf7v^{}8yTOq!=RgXyw>C?RYHywY$d>R^791UEbPT z&Ac#LY7ds}W115vqcFGaSibQje(c}$&cs6eU+X!5LW!uXbs zFIsTO)CU_?kbxH1FK!)QP|DW>g})s*Ej{s~%G zkE{}XKkYq_{{}`2+T8*z9E>rF7JfjOZ22%eM)&;ynDzbnSh8-7cCme5nW*pIEz|9! zq3_e}yN9+W7Y@?lp}sFOK?{mEy6-E`#rJ)eTQ<0dkYR50{Ta&bpGFJvP~VrCpash< z>ia5pH7(Q!Wner~>S#d=@{T#6jtrTD6oJMZG$bULgTtsHxR*E~M#!0LQa0uwsDwL*|g=4V)YBqyb3K!$IVf;0-D7bNn|ndeEvP^q@t^ zQS^Xv7<$lx-)P>T)iL7@T9wL{ZQW|Iyg`|WH*77_)-=T%*l687#6eH!K_21_G86P* zOQNAP5%C7)xp>~-a?1qURC0qitfbu7u}yCB5O0u~pa;t>;teXd?YYX@s^6Hp&N20^ zb!Z|sWv`!uWy@NHDc(orvJj(HobcG7-nI>wTe7wYn&2VQWt;FIl1c2gcStt`+g6Z< zWZ1WAJVa2DjLZZNF^n6c-S#$|SUOh43?~)gp#rY(5Cl!hr8=uH2~#~YT5rK=yydUJ z9^s#$C9Oy&cnd-+iEL!Fq*Z5VNsG{EBk!h`Xa^RZ;hwj{7v-l9yz zTke+#xNUt>E>YW8f>azoR9=xaUKGLRyl3Jfx)ty_4*g?zlEXVN5`Q^MpJ| zs}jb8L|F+Q*;`m4-`Zf(IGejWG|(OF*%Ntmv)z1P`i!BOde} z=;=*en&IvxzFc+(g7Z*24=Z8P*Fa#-`U1;InCVNPs7 zG3F$wn3K!|b25~xnUkesbzH@qD&UAY>5e|}CR8)t@|fFTj^<6b1Jk@G!JD)aQN^2d z!2xr0WMHi}KuecmjH0DeNh4d9!frHgl8(!GlXOd2r+r#1Z&D`WO%Ka-D;w}8HraF! z%_A2sPsc;NNoInU6mK+dQl5+FO)j@=@CYHp+~7?tad!`~7oFVXA>Jf2K}(if#G9m6 z8O@Lc%a)}riD*fhm~28jv@qr*E#`M+P7d|P;8Eg)sKcCCc{1iCsF;(?1amUHM=>W$ z$ZEQZIaR>X>N$GX`}5oSs%ac za6ipj>7+Ra7WYSMcMC%X9)&CGi+buNJx;rHx)QJFK|QMc51 z_xFNQc9;)%qw^WWLhO>2& z%KP^#+}FT%Gv7~ci)sBx6w>eQ8O7U5jnY1Fv0?S58-A8+P(kG!wkYQKzN zyiXfqdSP7h4dZ%w5?ox_I4U3F!sX4Ot?kArk27csm)lD3M7AptY#r=1y0NqE0QM?T z-rF$7^u0HuIz5nl<-2N4RLVB*rLg4d)GQU2yv=+4?kEP&y@vShcuiCrBQf@$A?7&j zhr!vkF~!ojs_nwD`m@BMgGr{~d& z9qdU4X=nQ+hTR*(mhOn^K8WMC#rgJ*iF~h(W9%Q|m+^ic*8OuecRuIJmiKlHVHqzC zUv#zB8Ru~{={eYDamri8wi3O}(K9;&!*I)lb^p(}{xaSK+R~M1S-61epws*FSJX2( zc6w{!yY%1HGDpNIPx~l}vDtqj+n%(Hqq@5;k6=$hFB7c49RxpczJsLa=-`|f`zHzK z%5gEGwBu%jvF+rT>ei(Hx;A?FrpWegOzk&>sjTW(DB?l5s>`?T0%yB5K`$?o$0?7h zY-2xjwpINRda`~Q@8R2`JQ}G9SCcc~@-Dr#s8eU-C`D*H>uX1yZQdc^B06pJP6&J1 z&;3e|8b=J5-t_-Pb=4b}=v?UKeEMa^`vdqLYWN-hTGR($hbv!hobcW&B3lo&>tH{F zV>;W^-$b@kXaNViDo!O8xA_$@C9WTjDc=j}rIe`2O=wkD-Ye;it`%O7TeXee<9vH! zdR_)faZ-8k=;P}iAntGu6|71hS;al4%iS8(AL#Nl=hu^;EX z2%WmP2Y(sm*7!tZ8AHRpR1;aqul zfHSyqT>EfjyCLr9OM#W^Deb`A=yDV>TqU4QbBxMJCjTD^iqOvP_ zgZFD_SFi@}s(YhS=E%d1u-HMiW<@k3@L!Z+g4t7vTLmBU~m?CbCukR_y#B9>N*6y^fxz864?w;LSv3Hm|co!{gjpF(dA z^6RFV7UqBtBFM!}D;wma|3#2Xn`YTPCA-3Z6|1A>+NSjkvKlQAK{m2jvl$;<%GWk+ zW{@6A=^)oNZDkOR@eXox({2XYFvjqfracTYB@Xkaru_}_-knj(w>KT_9Zk7*g1al7 zeY_`{p0+SgT^EIUvgvj2XlivHRORw|vFRhL`E!0%fe?vwn&E#g%*#!FjbcrYWBs!! zTcbME!|4k1fcMX)`Wm(A3eb^@^{=LUjau-Mw;W`F_jc1ngP>QjFoI07bl!qeU99(; zrq^5yO-ODM#PdFETFD@9zf^&&TyqgVMYd7|dSrnRgTZ$VKm=m~AwcgZRo3DD-`3HyL)Z9|O>iJ#9J3$tB({jsLtUW$;VYaWCo}22|5aw+pMTObE zraRYd>1_Ubl+FsdnHG!3cfyoc$gONCzY)^&0&msaI=*OZo9m-kvvTW^vgiFiOy>e` zt=v|Y&RKC=%n2b=K96#rliS*_2cIb+h6}v)b2?1Z;+^=9DCLcFyBK6UE#vq>~EHv=Zi9D!@*o_?2tRbAWOxxxh*V+7RPZD%wG(0C?jMdi6Oh^Za2v0 zaXP!_?l8!kahN@F+)zR8`@~`P%yAwb$op}ay>ky5GbFRZV-qr40CwyRf8fT&zQz1l$*c)tiC z8^t9(EBA?oS)H*$zXjgexi9=CVm%edIyd(v`j{5)-_N@+f%nT?L#mcA>R3>q}L)#SMZGX1TalZ_lk`kO!e&{T6t4)^MZ_ zyoYk@8RRoGIxfuPxy@45weeDJ^OVYdBYf3`c_oCr7?=GYxh*YBUkv$YZaXW*1#v0< zo!iCo+9b?~g znfV7Sue;+Ow@UsIgFGM7PvEVZ|C>QFA=L%mTKVUU5)S;M%WIamUj7w>Oo?fJ{rqe6 z0&X#k``||TcdQhDe!#^Fye$QR4r>-fIB%Q(a1@3+=RdYE2gF=r*ZgM&*;h(Me(>k~ z7gqL3H$>^|p8wLqlw1(nYtQ_Mg<0Rt5 z<-z$}ItR`thTLX>*Pm}ot2g~5rm?yCX$HACrm-XQz3E26JbG7@`!V^I(&7o{z7*wk zLVlG|d7YM@lUDs8(uNrREWd$4zG4*9FYtbz-^lWMJgilCRDKf+Gkivr*Ev9hVKgIO z;9Z#CY*b#C=C`(32QbX(x4^qRznwv}uTa0hyDGnfK`MOy`ur|d8I=yrJI*-W~aa z46<$vxhvmq^?VePo_-6wyYq)xD<5~Qg9P4v`NORgFU5TIfqXfA4E6INvX*{<_eef4 z$nnDwKROF{H8iPJ_&gA-U#z4DxaeX>PvXAe9Vc?Bve$*hvxLjH20=B8Rv_>V)#5#HW{ESr=Vf6&}w>9Ehueu4MH<}n6&BOX)sZSF8gQ`}w$ zG0m#tB(gPO-0L|$3&C{)1Uxa)k z@Q!Wntrdk==DR@}etZQk1;`M94x+`NxLK5TPsy1;v)d0&J4 zFi!d9<{ytr`Ss@gEzFAXDD!6XK?a!|r~IGhqCvilY5w!(pBUu0IOTLpX;jM1Er(i| z-^Mt%wj5!Q3eHQk%ri&@=Ve<43{t_lyJfyXCdc)>a?9W-$eJz3jDpN*Ic^kWu;H=XI=o8n$jyY1jx^bMK6Krg58H-zc^ zniim~F(wXnhcK%mx;N1JSICK6n4nF%hXAZ6I;4Aky z_d6FmbJlcc4xH%xZ+zRiC+zLq&u#0>GsE;dx#C&)d@l^Y?4!PtFvlhFNcmviqCrvJw2E}iQ(aOShSIrGJCXD)fGGv{6J%!6mS_&?m#ng5Tpvw*Vd z*tT}nKF~Cl;Mzz-Sf+}+)wahGmdpp|wkI0V<=5L|=11b2eF!@p|Jd2UX)xp&+* z{=6~XykFHSU$v_CK8HSInjt-FI&cK}PCam)8OX0E=Y;8R67e^qvulF$g+i<3M0$SC z*TTBsmuzpp{F7-@E~WUX(G;w|)M}&;qQsaOtnmN{674Y%h-f zbe?|syfx~5_7m*h_k?45A4Q;LYvT^D^c&# zpW?Sc{ula3{@&mVRiTrcL7Uw`KdKc6tLESVxuKN{K^JF6etoX1-%_MMIu8xV18q|d zIxraaS?FikxnFj0Kg`IA{NvAHf4MQZ8`EO~kZzrWdQ#`6{&jt7S2%X0DJs1dH+8y;Jmgmw74WUz7L9O=CuTP;4&c}GJySoR{ zJIX6OQ{Py|(NpWd<6A?U(cjzjKz{~Qggy#@1~Jag?f@Rs4?5`$$}eVIAI|kG#khI6 z3G8;Vo)7Hr_;)DRo%`=R{pQ^@r0-Y_EzbUo<9r|MhWZY2AI;4MK359*6XVs;Ur@eS zZ|DzSpx3)X%T9on@`G09y#2v=I&db^V@jgln+2hF5<*vZL;e=}@q-~qPgx6k>;dxM zR|9vDpC&Q$|3e&fJo~Y^3-~hQ!D-G@yUj?S&h_pmj|QfEICW)y;;1;wl z*DoIX-%XU=oA3gG;+pa~P9{~k<#%K2N!e#O3rUDiIZtHAv~h;jT%C*(Kee2(O~ z>r(;tYg-o`<~s`=Jq7wxUufdmuz$vN-oW|V!TETb7x`H@u2DSq-5#QR6W(i|Hvs$5 zkE>9-Qvd9Ude*#xo%!>jX1|@=0Da8$9WoGn!w2@)8NW6#{x1(fdfxodwrtn?KFU4m zi}b7<&u03^KKfZN-uGT|p7v2=sN3?Pe8rm3Al`Sc(9bh-{)dt0lEcP>L~GLCFbit;tNJ{=k(e=5g!dJOX4@w~~*_^>?# z(rgCu8W}O&_7&v%F7TU|gGf9qEg6vmM5<6TE+Va9SizmrjA}w*!aMZY$%{{TfK0k{xzkTY(cc0#D}s zRhI;J>4bd0g*RZ1Erw7c)rx6-O$k}mzn$U75(o4_vdkH8Sdkcj3c{veooGX zdf&2N-*|prErWE=R?rywdw%+16z|P-ZzI17?-vP&gHJO~ZSe$$Ooz5u553HLX%?Oz zUAbN(c@O_k1$OQDoY0AW+=ctK2K87%*lkY+UB~r&&U;u!`tK;#pNjr7jQ;*4!>`KcU>1 zgh(&+8~6nG(Qf+n4Bj_Z@!a0UdAYC|_Gf&dpL3y}CPC1Qg`kxfZx1qFj%f<}3tZ2V zT%R*sujYG^pJXdEjQgx#64ZB%>AMPm571v*a-Y25Ir>9Il>c)S^d8su8{1#Z{j@s} z^~~Wue;oz;<9wc~m>&7xY9syn9_XWb(Dgjey3GSuXZ+Yq|F1kB>HD)nH`G9VgUNx^ zKT;q)6Z?^s<4VK(P1D>c|8NI%YYS*5`pNXkC?A@U^-O}^<31V6``W_xD7T$@XC3(J z1!$p<(AA6!J2|c_JfFgJqESO|7$xsLwa2OUlz{dx`Pk|xk3oR{l8z?tts$8(=| zp&u^bxYm_IJ8wV0u5e=LZ^@w%si2=zLa!x&-XXWxBI04WXBILc@MSI};dZ zf_o$V4CgVp3OGL3X9wfKwnIq&Jr;U}_raE&rvmhwJ=}+{nxUPVd0_9w@}Bhf)R~ZO zev8`7Z@P)FFXInA*@oq)-RYmXIj?gV9|Gw=MT)|HBG31k)G+%0{qm@{YhBningcBu z3GKvqUXSDUp`Tx1y`^{#-Qs&XPujht_VPvj<*7e#e%7=`{UdqKo#H;uGZ*Pu+d_Y3 z952D=y-!@9fxH*@V!C{#&YmyLb-T3yoQv~Qm%4!CKEnR4rY@i#XQV&mqrVrbh5jE8 zf&NCjhig%POP)8K>Ay?eV7H5LIZI3MEuN#*0>Ihxp?oa;F&X_}I`^L+<3l>$M-uUz zsuqWGt!RIS>o;OG(kBmwrjCJD`T{-Z0bM|Un#%Mko=Bg<`V!U$m*#WC@Jiq;i=n03 zLkEUK8-8Uv^NaEx(B~4;vvK|EkHWaKvb`hRA9XLo&aD^nM-~C!qQ5L1iu9qZr^#{T z_iKUl))C-ge13@Gd>!DtM!iD*?DEjb=b>Zh4`~mAW9y;559h#XIL;OHH^utyEknK+ z`#X6X_^LO`KVU!oPau6L`*%1UxNJM<6><}DFZ%m|t;pa15Sq9)^bPGRQcveb`exoI zYx2I)&K>A!2JkES5~6SZ?N?0+f;y*(0o${%*gJi!lmju+;8g%qWcU#KGV z9OGjt`sos$J3n%spLRw)w>X}{EWd=$r!Dw?;S%HIkBqx{s1EM)_S|0?xvsSW(0-dT zsJ{#2Gi0kx(PEbVLDYYVMbFQQ$US=!f+i zcxPttXvX8-9RHo{$Une%(xwEsXkX}6`qR*yDDQZI^n4qjRa!x_aUJF|zV&zRGuD5C z{k$3n`%&kisaW5Dn&9bmpu>8hz0`itmZ3=RufY}Wf`6gkC&`5LY~0rcCxbgwgKmxo zwWgxni80WyRnVqf=cAlA2f3dI%EeHZQIjg9S7pDFQ`gY{&T$d+uQ&y=Z; zc72LL2XNfgdVw?bhGt`2oAVs}BmJo<*K;k?m+*czmGxC*xfxz4x0&(2_DgWirsz*? z-a9&OMEdyVNYBXo?xX!kFH7ygbAQV>q@U$;%2vjOf%NNI1yPR=$JMME*uj1IfaN@5 zQBQN$Ux@2Fl>I5c7x@AEpzpRptJ6PxxE|NJZsw0mn|t(~-LMNT20lsMN`1)nO~Lbi zTOHUGz+wzppTU4{C(`2b}*i)cdq+!2IPAuv^&=^)BxZElPi0$$e3Q{@1cB z>|2b1U6%e}H^!Mm3&5?YPxyR!hFXc~pXt}L>2K}1-&fQ_`Dcw$|2y8FCN~9t8VAk6 zdWwt(Z<~N}TdRU^a(^{teX}@Ub7?n<`@7Nv*r)0M-8CNdB*_IXm=)YD1nTw#dcGa< zFI5BQWqoHnz)h+kzck0?#rgV?+MVZD)bFsLR0!IxE6UBF-S1d^WCAU_bD2#(@vKf0 zI{DH6lzeV#&*$+*U69_A`@)O;ImLY)N&idk4ZE2Ojr8=tfp@cCPeYOZ8~1NXj=MxR+EdqB;Bs8|BlO1y^ydzJ zP;c+cP+cC{htEGd*uNlZbZ6xEU_W=aVma1-w<0+8T&Uk|=)LvOuce?H=0MN0zUs}v zH_JgAu>B#-?-&o`*tib)uh{Pny#LIcjP!-pOWWsk9XkF zobOe=(O&tKP|f;I=7-%?#@*d+$REq}vI)TF`#@top+BcXxvXu$Z5U@aa~_M+&(>~- zUFlBHuRPC6^IraEb)@Iu{V{EB)VHq)boDRDZ_RV6=}Pc#j87}Zf@g6(O46Sq*`F=c zo7CtYs5b-K4`RF-;)i;UO@wNH=wR+suhrnE^!qH_e{-)P{c$_!37$`bcz^Jog!Db5 z(C#4KhmUexp5&?pV3(=^bhsC^2{j+pm;Mw=`$t@-Q!Mv@_lh!H&x4Gkbr|njbwRyn zx+ErdSde9Yy(dwLe>Q>H+ZaGqL*gFhFB7X1XxKz(=%e2e?E1*>(gzm>Un6&AKhkAI{$s9J@*3bW)D|rFk>$Se-t@3B>>4(K ze&%{rsts<#c}~xA(Y{Du&vI3{U!UbddIHw7p8i~RCeqI|gC5Kao!A1pgYPxn8SgqD zK>BUIFImj_d+CL7Kj-s70{YVvcch>F1Le|`0+-=>#4s+sk4C;b*Lg^F*j=Q5{9G6L z6Zn2=Q#Noqjw?eUaBBAdP8yVt&p3PK67t_M{&@8R&+v!#$pgLf40^aC%ID?!_s$3& zO?}0EdWZEaWWRdx{;xewq#W3m<|vFdi-sM0&#aNFQ+%x^@lp%v$Je#&&=~-(K|W$ z8sovmn#fPV^%=?iQEwp9L+L+D_*~L~`}RKTb=-#Ck}J@TKIn%J^-~X|XYC1%>H@9U z6?%R&G&lY4GoKR*^g}%fsGqpsI~In0@^;V+j1xaN+v9i|@jXQfj^kq!)HlxqSL?@y7gP?vqH{H44YO>$YINqt`B_&|ro8$eR^LFYd z^s6k-qqNky^^yLZad!yqt8@P9a-JS$h28a3(4d)U$BXHQYa_k)6Qs|}1m3d?yn*Lg z1pVXvGo){#-5SnYBRVTvk9s4`F6Vfa2 zevq2`+2T1<-w*lQxPMko1n*#6Sj~B8b`$A^xV}9ZcasIsp6l3)_un@&kbazTs1D0z z;e7AwgnpLe{&!0cp2_{cn&;b>yQt@AJ!s{4up6)vJhwOWbXjOIo_|v<*uA1%ifZ88 zwPDxjIy5{8>B+c08Eb;8CZm>srXL4;U#9P4oJh_4W4l_gdrW_Lo)Px5J)v_BL60)M zVQbiL;d<8OIxna0<9nFtd~VG18s(#sqFnOoV1N31825WD?=@$5jwKimyGA?*dUHM9 z=`T0AFCSHcUD-mYzg94`+)bc+=m*OWf?qNImKllqzGZ=yV4Ty`ye(iqpZDDYwZNY$LI-DuPVWxY z^PxBS9Jhh-Y%}jMMc8i@1iL+cXm=amSB$Cyo=!i%IumvsxSn~bAsvxE#~1cXd7qe0 zoy++?OuK>f>(RX5dGo&7pX(FAdP<)|y&G9is$$?Hy#K7+2`-)+?N(R>?oDmR{I`ja zU$qkQv(ayV{0#0o40><`v{@bK8?H~bY2YU8Ujo{N^Sn*&K>gi@!mj9G==uRjug3e% zHJ$Oz-~ZkXeFMzrH6pCQiJHH@5&%Og!k^W zjH|;KcRYSTdz*Pr8O-}@mtH7WurqWQ*P%Q8egXaH+fT?p$oIw18lk?U6_DO80NQ}> zPa3fP9K5HfNyxv;{gIX2e;v}lD%2OjbLeV)q)%l3`d$Yg=nfsnefr=YxL0qK&-DPj zI1f1SJn$#R(S;m;2l`E2#_{xrVON#+m^2*cZH_A+$8(GGxuZMkzsKji;dfE~KK;ly z1GslP=r3QOH~E~lpZzP78|h7X-v3H}+su7hE)eZ>4~6y`3T?I+<#utNhWAJMX0G!` zK35K;A3Qk(`yTA~7(UNzOo4J&S+2)d*wv)J-s3s4l+QH@*zc~iKgRiQ!uK-wo}m0< z#^<^`ze8xBB@FGk(Y_?pFL0ffalNl|pKlI9eQA841)Lhhe$#JuoJao0Gtd*fAH^*N zC(aN1bUX*D@g7w1SLCl|eaWVPtK?%p>A$7;KF*!zYrYuRjb(gGR}{R9>k>K&CB7qlGLDd%i(f5yduT=#;PkzQsh^h7Rbb=EViA$Te4 zYjp-|+l#C0hj-b8<<6s~76Sz=)@EFclTHgD6 zGA^Dfj{FbVp@Vpij!OWpcN+B!;W_fLI?~T^9XqnVZ4;0_ZZho8^WImE``nXyh~tUn zI4b9WeLL#;oZw+R*TxL z#ifVcbdJB)Rpbw#|L>q*H_3wZ?(Lx)(?c(MLErK@EQaYrs8z-z|L$w(W8OcT@!rsc z;|kq?{JagIUX7twhNFMo_&nO5&%>p7Z}IAh{6y3fJeLZOK>9eY&j`+Q^Gm3=8`Dp7 zU1k@9eS#`bPsZ7;{;*HZc`3nl`;+zqsov{hH>3}A3CFoMFY4=`3!0wi!s$BTFve5s z1InGRi}ZLmz!|A6ct1SJb??c3fAfa@hk>x4whUUXE7D7G-R?W@gFFX%j)h$tuG@yk z;ES|x!gl`PI$h;HotqZ*HfLOo9{>)fF5&)f%Ke&RFzRi>c(8)&FfS|H<8#tv?(@Ao zXQM_Vf9fdckyX$ihoHTnd*CSU)8o`XsjI0YUct^U6UwzCr{Ovl=J}nP+LLy3ilbbE zywJFV(E4Mb@5Z9Obo8^W9B+~t$bUq?UdeIAaNN5hkpG$I`z!9Vu2+!$k^cUi_QScK zEAaW_Hv1LA{;y!%jJk>PVf4F?nZZZdkCa^RdVc74NG9ap{so$`B(w+p{6S^#cD9#l z3-}bDGoNNaJ!$!zR<#1SIQc#6S2>a1kLT-j&c{9W?>G8Ie#R-E4zQnJ5$*M7Tp0KP zT#34x`+Pmm`HfM?@4@|+Gaa~WK4=EU@rgCSi;FOgz;*FP2d z_oN;4TUzArW`9?69d^@yi(W^55uQ&e=$HF1BRxC!%?$EP=Y5CqPF;ZAkBo;)xDT?k zookGT_aDQ~{|>a*ZRnM!&?mHi&HbH~?{Bs>!#JM*1U<&~H*(+SVLZ&p`PjY(^-Vbj z&BM6x$OGl`P=7d!{3y0piu>p80i;*l4sDYF<<4^7k7oNBc%M1d2X^PuL!a>dP^*RD zWgDS4ze1CKgMP`3dKdF~--~*h+JO3rb%0JuQB`EEC=%IGQTY2TQ1fUnhyC_c`x`#J;`-7zsqF4 zH&K)4=U&G9ejMKlj;kJZEZhH;>rLQlk4y!@5?(%AU~AxHYK$)<6h1@$R9|*t2YYV zl{$v%&p5H85Bjs966}sKJ`U&j`f^^PXFp^~CFqa=D73KaJi& zm$Ba&W`gJQ{2k13>77W=*aqbfQ2R$CJ%AiD3HfW6Aw5M#=s?a}D#inE?uRp>u%FF1 zR)p)`hviFg|N4?AGES7_b698I&nHsryheLzrbFkQhZf8P{gwOSG@l>6Ip5WIo)=_4 zQx8MG;_-exgy(N}uG@3Y=LW8me?ip0lKy?GAyvKAh`N zfjnUd(q}Y=-ES6OOmK2ij@R^?%29QqDrU;(hTJ>pjQ%CbK?YwiCjB zzUR7EC2yoI<9rO`ye(wbLzZk-KFTwde7KHqRyP@fr9>DZvOb={; z{%)8Ay9MNPuE_FN4mzmU1#^;V1P<|XWnCIay|i-+|}cM#kwA^w(5>!u}oaI}0|06MLXs&;aNl zYLolOKQanhm-CSFJb3I$XmfIL>TjHx=45PuRxQ~N)??}h_E>#x!?-&;@e*`aLeJ`q_{dVJ!e&Pi*U^}!l z<3>g9hswO?deMK{aXsg5h5Z2PvB{|SEx9=BZ_fE|#P$nkK)JN^gTif4t`xZ%+lfzI z&i!@i5&Jg?_H|kAKqaJaDUI}%eZeoQK@*indX+$MYx>2nJYQ=CBfW7E*p1E)U0V$4 zg_)nO71G1FPhWDqp0-DNUHVgrizwHdO%WvlWF$MSegXge&!29xs zGvEk0t zK%~dxI#p$RjcNq_k^n(_qzvuD*=jZ1y>p1RT7^fx|LVtdl0lTg#z(wAH zOVokJwL^MhK8L>@3_i9V`R9s)>odMQ`Hb`dY^T@}a69Tm#`A6CQErnj@_i>jV|l)9 zqHfNE^!AK94{2Y2EYf@MynD;}2w^RIzjY=eJz^0w znCnz~IoO+i(u()MlZ>w`87F(vZbl^R2e5oD#yg!2<6cI;8@C5`G1UFH!ERi~ltHl1 z#B!x?AiwP9ik$#vui@Ll4(tWAxIBz4kzFXsvAI|-@lIQ)|cNsyBHQg(4(V%4 zLl-nedy#I?DNOIx5&8SKLtis)e&BsE^=_nJ>xXiUIB$+pNKejlW-#kL$o;*G_92&8 zKif+bihAC!LHbA9Jxh%AbF6Jn_oAIJB_xXG7kDy@GGnnVr(ps>8 zUKZMypOap43R{7?w-IdOPPt`C`-yT(5ZK@Sl;du0YLiXqnFiW)_F0nvC>8?C%u% z{ie4_|J(p}J%Yd~J41tOBYhFquP^su$B9S}=J}T=BkT+D-mqdMII<6PLON(e`gin1 z@Qy{$)pejlTB6=gt-;M|g2RSD7c@h9Zy#uVzW+_i`*XDeNOz--ZVY}?4&_r72H)Qa zZ8HS=k@Ikh>X?J{)3c%5=@*mf7r!<{`aIsd%do#US|NQL_h~_%^YIzCTjxYSYUhXD zkp0kv`JnN`kY9Eh_!*!7TJZf-@-axC!1H<%`Q>P&r>~0g^K*kYu>S4ji~Ep%WiQm5 z>ro~x%BAr@`n6-wRV9($l>T+t6TGk@^l^OX4~$2<7L3FE_fj_)An>-ab1Pv!G=BkrR@j0^tR(C<>5 zueWbtpPczwR)KF_hi<2~ZH#i8`JOD5AM(34LV5*0=U&Q&^eP>pigD&g&c}-uNMAW0 z`k42oKyp`VS>Tb446^E$@?Unxmdw zuc6app~pI4T&;Mop8Nsn{_~)3>9-GguI9gu^y<~2BiJ9GN~k9}*Leijvh<2b#@WjL=9@YH-Fq&}*5XZw5if4uzJ^g?jJNpKov;-q%2W6zAKcGVEGW z3-Vr2o9FkUaM)ij4c*1K)#WGf!YU~5T^>5A8`9r!yp@|Gy@rDRR1^6jDZtt8gM0Rb zW@rD0aDU|H_)BrTl}5nMpZz?~=Yl%dkY1GQIi2O#@%)}f|GPB|c2lX}c7rc+{_3#( zU4xO{doA?TC+Jh^Oy}QS>D7TaS?aO{@&SQc!$WOEc`ZLoD*2DaS z)PjaiMSjVr&}rysM*58=&?;P?)a<_(xiI}<-YM8EWPP=0=dljyB_2V?aeTfU zPa@9SUba)O7VM^#Mn7xuKK&c*n)N{bhtAMO)FOm-CbAE;v2+^^i2Ew}}P) z^A7TJlCN+dJ=}uyCcJ0PJ_+8!`qTul|1Iblrk~sdF1Hz)kL5a1uLUA~5a+2m<4$h& zV_I9}$MX5UK@#-y%X*}L;CVNU^Syx2C1>U!f5QOiX8OtgHQ>*TS05IE7iWZSW4|6# z8@)k#Q=Y^7ihxJCqaV%k8TC}L_qDnyIzcotzNhMcPOA|awJH+_p7+Z9zKN&$S@Iu= zUB~BIeUx_;dtRFK#y%w{LW9MB4X0{mw1^saKz@T>?5m&G%Hi*+a%|DcT{Q7$`CV{- ztv;aZ#^ZT2&A&PVGxgCH4L!=^yVw z7m}w*e;P~r>zi7&7Crw-t6tK-=~vLd$n9G77f#3iT#V7cmqgD5* zrhH?cIlw4`%O@5z5{PK5M-#m{n4l}Q2ADD5Q@~w_*l_R~Zi*N!*Q=i<6&3Y73 z$7Q}-NxNphn*D7pg8f{XzxLA4n_u8pePo{ciQOC-#~{&$C$$rDNZ;6}pwwsl2<>Y1hVjg4x6KclE~CC(ZiNS;7GOg=|mOWr~Dw6&yaAoZ{C zFR5OO-xz%%yeOcgx@xPZn)y|$rdd4I0a?FPS+vR~<1&7>a}MTlKK0u?iHp+T?>V*P zo4Ad1@n4AtOXJC!i~Zw5CDoj?O05k@qf$DQoF{JTt?Z9?@!V9Ovs%3r{q?5oUs>P1 ziRG7ivuS&OZk2X=ia$oiNBJEAu-hscY5S9#S|R&pudr)tckjz&dFRccPzH#wCQ{P9i>-VeCzuHMIe*R6;-^zYA zI#}|*$-KS1XzKY(r%F5V0{>#<7g6hv$zI6lshs(_7oz+v>5nOodGJ){Bu;*mdJjmx zd!VfEQM0aEWqd5LP1qTC=gT-v{9PvdvPLe6kG8+b{CqP0FXu=Y;#MB z`3;d~e>?k;Mt$9>l}BJ2by?zfK~WFka)I!J%EH^kk4*ZOM9>z=pun(H|tiNA$gLi0GGO;6zeyNT8c4aZsyiqTl-k z=F?4$m-%1e4?l`0b`PZgk@4MB1xYvOSmzYVp06EJpP4tOzoR~_c0R-Uf0g+#amrcm z6MH@7x8|gL9j||H-|U}wQeRc+?=049&Z|}8pGFJGe3<$g$vkW=3csB%cJN!R9!P$* z@BDXhApFhfPB~{5%X-Bw(<+Pj1@0Yx`ID0y$$skXl7DldR&5eVTwEh(tE9hJ4P7Ff zAcve=)D+Z3l5f(li$6z-{goS9ZTb)6ZIj43f1aw4l=BOa^GxE!I_c+P**|^(o+?~) zyRb7Je8r#2iT(8bxX(O$XV&fCd7tgyp2~j#@=yPb zizu(PatD=q&PsU`_nq}Pb*Stcb6;{*bH6p5O5%Ka` z&h^3m&O1rgA-+rVwtaCi5pAhzG}{sGGf=n4g0v7tY5`RNN*_V z0m98hTgZBLmj2fHtnGW1>pnC0Fy}r?D)F_S*ty$^eKbh=>uPWAWlsA)#9tH2_|Ds^ zRdyLyKk4T&iEk#Z;d#VU-L~%mTHUhK|BBlto)4eY!l&X_Xu=ri=^4aUJV~q4Kft*w3+}$VhlJ$pwUzb@cjQwBha8CL;qJVSXV7~lhp2Ur0 zz7es{9$;3wO$X2$OMq zl={p#n$43jNPOBdAMq}U?904qF;GZ-_3KR z*_UpU(~-jLo+;r{Jr-^;fob>scsjrV#tW$yW}ajiV+0}D<9kZ)qGB54L&g|PRqEojbPS3La!MQ$eD&~~A zMUXZk72&V49!_p6<<0t-_-)Sn8JQ3d{6!5nmVIyHf#L7>W8V96uF5_fA$p$Ud4I%x^`Gl$D)qb8W8UNZU+Z!D1D@~X{hsv0ymwk5 z^R`0N)t}^f>u=+6^+#uU^cU}wIuz6D!!vodD(0y&FTuWPDRJ?naD_)&9hH3Z-pSbY zl=EmyQal$YEAFX&mHk_+_}|-G?u=iuuT48Yl>B?X>5qwTA)d%LankIAX~qB3y#n@I zr9QKd27PzV?qqwty`1gAfA)z#m6HAIyl);BzuzqJEM6e;k4wHeC-W5kd;iX`zQdw_ zk4JJ=h`*ZW6|T4a`_ksUPo>jZWhx=hn=+3^_ewm=RKimYko}OU1ln`tOrxGldw=GT z`_VeBhU9cpmn4pw`{}D+*c2E%lMm#o#6yh&lZ_C z!>;~&MAFUtntC$I`C!fs=Q&nV{N_Rld3Py(QzjS2@lx2#{|_b6&x`+>7u+}V6h``0 z?#o+}Z}zo`hnPR)-)Ff-9^iGkkv}V=^Sx>sl~4NfSmxEWzb}N%`v>!U?2!IB=l2ua ziywshjWZ4;5;pt##~`$mo^0+Zy(KQ0d*+3C&?~$@WnX~%5AwB|Zl|MsX4aEE=)e1) zrvK#*`g{MK??1*A#C%>YiTQjcYMvvF|C{x=S-`df8Ceg z*XNwKKg#|0`lfw%UOVH5i4!I+d>_Be`!Mq!>_463CJy{lxxE$sIZm4W_D}ZzseZGM z{>lD7)o=XqpX~or{l?G!$^JjpZ`SLd?Eh2!W&DbcF@1Fbd(B{g8zXZT=HGBw1`_p`@yCMcB}3w!rZ z2jp!)P-+#0eD`<c;k3cI)hQSIGeLRO6`P~&`OFlYSG`0&=QFR;+0A%SUpC24NH*ii9h^@kC!6sU z49>5-$YwkRgA1y{He);`gA1$bHao{tMD-(MJVn(co1Ok!R7JS3hbpSJgVmY{`6h%_ zOdWOM+Ubj_ZeFIpfvTYNPd+17&u#Wq!`{f-G`HfaQ4Txb_NVyrCl<$o)qJtvW0h2u zbGqi2RD-~5uaxp3|2f6jms0!4oA#UbN~!nc#diNnslvJbsxO)3F9N#R zR4w^7mfU~2U*)UV@}Gn8;gojr0eyane6kcQUkSGJ59m|EgM%yniw_F>1Xm?veNO4> z|H?PzPZh2CFE-_ag5|47@}EN;&?sL|b+Y?|@^Qfp)Kakf@#$v&Hc}hO9$&$i!K%_W zd1}noNIfL`$^6$&-&nl^+v_>k(L@!>Yg!C+Uq8*1Z>HLjU)l9HQ(@$W%%2BV!=%2{ zRx`E6g?BreslxK@Tr=M-Bz}!n%~fR=-r{Jk){`H~+c~XTsL$lCQr{k{g{oY@ls};U z*lyOlg^IJ;xgIUlMw^}f-a;J)yRVe`MoWF?$(w|e>K5vbi~XYDmddN3-9Pse^67=Q zYOQ*K>94KT8W*mezO~v#o^AVQ8&$ZFU7q`;jVe!`WbdCgDu(>l9#0z;uQ2RqNc@%0 zn^aQr&llxQV7xXegU!Awa*jNUAU9Y z`}7YI4-Ky4+(%s@J9cSx zBe<`6Y_rp!`>D4s?4kN8WrrB#KMn4$W`f;M&NBY%tu~NXkWY~NkpCbzBHt$$CBGsk zC4VDNBPXt4#uMm1j+~YZ|MFH|Hv7BRm;E$B`jekrRQ%y>u(zsC?kjKmOn>WY@jZ*_F8+*wYf2$BO zPK_W>Vg7isyYxq^amt76y-KTUVn5ere`UB{$arN)wR_wuPg$V64kKEixeY5CMxKDSoS$$Mq}dWZO_&DBhOzRFAd zxl70-6=5H7zV`TshfG#UY9K$2tY?>yVAYSjU;N1@Bt%^yUzhVDG-QfuW*>>ZDxUaH zY)F)9MGlbip&`+#nSDh1s>Twpeh!IKC&@d+{}zQzRjM}HODFN;*N|zdF!{LLzkd#y zuIiGHZZ`GLP$S8iOuP!2sm!m0nDML-J`yrZ-5{I!>k=|gm9B^U^wR#NkooE?S;UscRaiTxT?(`J93PivI<^$YQDn>{4o+l8M7uT=pyW552I z>sK|MZ1!uy(DiDS3;!zrv~&;I?AKp&ZBpl5IAN%K#o7LEU;N#&9|m}BRgdg^e>GC} zL*Yc*)dv?Yndmp=-pmy6SDV+F@$OVP$Ywv*DzQ@)uz8<;BbzN$__CHr~5im@5-JHFblZh+l)zcT0d0cHOB zmH3B|8eL& z)!ODb)#9^!;u89&>TR=ge2Ldt*bCLG132+i`L;mVYxUmdI8|8of03{^s&q$_53UgQPW|4=F!oQKun+2) z&HGhf*{^rfe^g({-y~inPV-46>1^!xt7Y=mx^dVSm4Q4(xK-F!mEY!QHD$F{ox+rU zPM&vNJ`oO!r|Wew<)fA1F=1|cGC93Ge@qT@*N@3PW&I<=lIV0@VIL&%cvjdCdXNh* z3QMNvlLI6_GAxBYNxm!nUmKQ6{~}i~(_X?S@(sc;551S1R^sKXuuS?axtQ#~{b5;j z*6y%xBkQv$%u}~=;qzhH^?I`D|Lw4xx_A%R50~e|r(wBu`JR7q{P6sGn$3~wh413+netsyem)VSXQ8v7^KI6hw z!prGDRnqU6KS=gVWk+Rge$~#z7hmCIsr+~%?guW zMJKb_*FC3jGF3&VXMX5Ixj%$g)t=0sE!@)l=`;Jk1M%}tG5ewVzZm!9e{s^=a)0O= z{ueiu^^)7*zwG_PB!2vrAHUfb@lO|yXLF5z+0T>b^MT7akKIojPr=KD~12c3~zLGFj?vUkw= zZT54&CiCU3I_Qh!ZBqWY*xw+Z6uuPRQ9mSqmUwVCypw)SelGsMF}RaXH^}tI&)rwv zS3HvZ;^aXxKW~N0lVgPSl+L;ad6TfW>Y_W6AIW_vsr-qD-sIl*WWNg!B2Sa^D7~;h zd5p}bDgOsKyZCn&$xk*I{i#H*K~669;7E!?;fkGHvf9gocH?AUItWV}D|yVp?%JDtRQzRNcn=*!?rraz$hWFADHp{*Kkckhyb>U&A zeLvOYiB=`#Cjc9gZ`kAMt%s5~zL9T1Oa88r#(uA(#4jfP_0zwTy9=N7>ZdP|^92gRNSnVRW%|=p{Lio&55Brj{uRlT zLApA*fIR=#oibP-wRxhNBlo>#Q-*2x3C2EB4HN%tBYenadEY5KV9F@H!q?>csuE)F zKV_UQJ<+!3`@r$Ky3Nt*Vto15^_1~?ip|dFb057H?0!W2yKDGFy@gy=_IG8+M7^8b zL^zq6sDHQFxgY)XX)^YspS}#{`ugcxD6hK9d^8U8(;59t{{oeg{nI$iUl%7E|7kWQ zKzAk|5&zj^1?Yh;TswV$-cDYBN8;0zKwaM7)OSyJljo(`QzmKm0K+$R4dECyNt<6m zGYtQlq*IXLUz2qzGW;t@7a_yHf^`Ej-miq{RyI4|uY~AO8H!n-Y_fm$1c&GcWRGj| z?b<0}dhR6TkCo@KopK2uIvJc#_UDZ$5xQ3p*h9wic1oo73IQkECEo^%h|)`J_Env3 z%eUzwqIK3VlaKY&Dq0tJ;XIOm1?-Oa6{|ai+xG6W#s7;%#Ohu)`?{|bE+agM`JLoG z=B?ti4|%xwx8V?*{oEImr;#^&F!3->&$Zdt{jzZ7h&a8J`K={>Pf%0!dU8|o?-Em{ z>Z|0g!i~eG>bEvK-)BwJ))c$HD#arCSA7xFbQ1DW@gHwBO&5+p{ta?Nn-A!m-?XYP z_Fb9ZhSITpNE>_t9;r6MQ>&Z6b{@*?I zN*(2rzanC_UIV88twD{;bi~G}AxldalvQYz|ad&$T)e8UC?W z=Ox2G*6LC=W4?ZkSgYHUF<+Gj#e_Y zYM1b8axXcr4n}O&cgXF3Gx=L}zv-s_Xw}N*ZF&@WrJQG{BDU*r@;2eC5j*rka({^z z4ev3S=J$^?0z7mhRM4r^c$(@An}F%*LePZ zr?byB<@akme}B+L$awz#s4J84{Qg=0Z1X<-n>>HrN&iJpnR)K*GsBv_gI z=x#?!>p0omH?}xZS?|f_e!4MUYRhAhU7s@dx6vw%Rn_Lb7Vd{>ta@bJ57St!$+#b; zwffl{t$vd6d`pww+5~oQE$=teWzT3`vDvwQGFs1U4pip;vg*f-mj1=Ge^Z~iB;U7C z8Lc14xX)y?JZuiM?^8*2MynCo+^3Ri56hoy?nh;;Ox6vX{nQ;fZ&v-7*?Mhrq&g_~ zIlr`-tzL^wdveH0dB3z-t?M>B&x35%6Px4QU(54;X7_B?YnuR$ZH;)zxDXAEOIc4ao5&9(YCpU0NAJY2YT z`qGw<&HHp}8BbDO#%j01l#f)U&dK}rbY-nTn|;+R*>C;Qm$Nq8?8o)3Y=y2g_I~#I zB-K@{VynPrJu@e(YBeL{^T?{!3Y#a|^W7o3s&&)mK)%1NZoRfS&VJw4Bf7d}YLoem zUrOe0Nc2yCWB=&dR`u0(zBcFW?C5${8=IZ?r+QXzo1OQKde$g%Q@Kycjm#QrbEKO0 zNvnm?^{pi~W4z0w8(4eENu>Qv(T%K6F1$awu~lr1Y2WFOO|8n`aR-~>Uss}=TA?;O z{im7rm<<1EVcl43k4M3OT3HWl4pcs}A8tptvR6UuZH7PY4Nw0(QU09 zHao}P-YRP|;*b3M6sxMu(e5#FfBPKW-WovmmHX#~1nsS1=obm(SZwdn3q0<^E+jjC_vcSzt5Pvrl}PZ!pi3 z&ek6`%k#KAZ~u{@v-QyCKxO_lQNoz6R;G=nzk#ZR#D|nIJ*~Fn&St;H^s~m2(@Fl; zYy+&>;ory&?ec@H>*UdP`61Sy^^fyjf;@>%AhFhInxKzwYYXiB<5qZBFGsb%C!kuHrSzen_9{Xd0 zRlw$GW$gRM_*%Wl4TVR?_*?n682d=&E%BgU%p_~13-^x+vX0surv`18&rf4Qt=wBt z{~Pi5=$J5Ts0+`DnPTlE_m%t5`j|-Ts0$yAiMA@64^m`&-JfW6J|@;Ozxw3l2QhKh zH1c9OFJ8nJ9XsDzNbW4>V`$7G z>lYWU8~cm3#)X^2F1EIlmBhaeu}iFEzo9+DePWke-N-fM{xdpum6c=%@(oACuCvyV zYs>S(tk?}!l3gZ0TABG+8N1mUPyRMq?mw~HtN?N!xnCuXzs-uUIZ`#U=Wo09+J%qC z?ywr|R`Oq@YI9zmS7LWt+rd2V_geAxn0&))A`}dF>MO z`Q%Y6-9D6mZts_)Rt~bcUp32m)GA=}P2EfGR|(>dT4l+&Umde*+3cr$Wj}bUW7Z0r zqgAl%w{&sGtW_@D#&O(QW3%&oI%#eGj(2^>hrsS$G9GVr(mLsq?;(8Mh2@FSx=(v| z+y0dG%q8DL^1m|wp1e=W6nENk+yB>kBvYrY%r3k_ov{jl-BI6Js{|S4&sr5+>_1v( zt#&S)E$+NE*oEaAy4GlxKeF7sU%6;abjeR9`H{>=dzY-~F8LnnlC{KU#M?Y^m#s5k z_vCUvf0g*E^@q*A?z!yu%U7*C%vVR{`znR6S&x~YTsSV{HS3Md&iHoSl8>zAKj->f zx02ZGr#u`=zAt*+Ds1yjZ9dwtw4d1AE5b+g2Bw{nSM_^ZkU|R=4l+`!THly|7-msKT46Kl z_m6vN-LctO{+0F3B|kRgmF0fYF7N(9?l0czwUv_m*xui-ty1K7yO7_QyocPE+)eIx zrhEX|jl7I}h4v@NLz(}YoJsC41wvk1iBF+FWy8$-+SgV#ay8+}Zm+G%xHnd+)2I)hXMV6+*zD)NLCQ~$`(Sk-uUsh46T;@#k>&Zuy|$dc z3x!9LO?wT6eaPtF2Wv7J{rg}=k`XUHTGPo1rT%4cAFX-h_7WcpgnYD?k}HdUc&m@r zUh)(<4@*q>XdSWH*F9S9b0+@}o1LG(ezfkA@%if~>$%N=_UE;JUZ1UGXYKLW{;?+R zvo(~g<$U#4U#yqpM{++nkmif^+2%+!{;c`F%U5gYIaA(OMSU>Ox8JNgWb^s&rnqm` zzVjyE8DF&HqRsMox;#&KEA5DX!Q?xim$f4a8PC%Whquj6|BUY#YqP`)`MhgqTztoB za>z#$58WI$Z1z>t<@`^a#?6uIqN(2*Z`>W_Yt$!0(GLp-I9$0c#pChtjPIH{v4xnpv} zKRDWx`=v7cqoXHzW@^L99D~UD(-=6^!%B!_mZMl$U?6;^@cx_N&c$ zW_AoDoAbn5_&GRX>St!ZWp=!0KEB_P+3}6}_XLDP%IauF z#(CxGh`8z6KTpSOo8d266J>L(vKjGsPcARV0hj!OUS5u;$mjP1ayk;;GW9w4V@^j7 zGWKIGM-`i~ACKqC?dWMU+H38V`~NZbHt=1~`~Uyz{eHdP@6Y>lxzE*V)gra7SS*Ic zP%MgJV^|p$Lor&%P+3Q5SXs3+ZDX+*6+@V#GE^pEhdLHvD0V1@rA2A@JziIKagOgf z|L^U8``vzZ+x_)^zOJvY-tW)rMQ@j~a|Xtv`3XnUJC%L;ecsWuOvt)@B+@!1%l;#(jHMfuNL9ySpa%eIo-$;4gVSMi} z{A8M~KkW%;&}t#;`Z7;J~fVhEM%Eq;fgcqmqOP0eHJ~~%{;E+EIQyj?jGX< z-oG4GF`f=l@er^JeLXtI)5qdy%DIaSGWd^m@u33;9~Sj->Kq3Oyz zP0Sz9p_eH0AF*vpz52c=lkS(Y@ISL6lg9ke75=1(i|Jq~EAxwKvXoW$m(UU+ z>+mk2txA^RT}n@Dm;TA`nJ%MeNLlzdw(K%GLCVU%YC{!gY0rMd7wo=m38lzqOxe^tfhw5Eso<#dgdRrooyPRKg^97^`__9dT#&$*7~Dme-J)m)y?A zHYq#5qkS)|$fsW@S@s9{v`xtO5c&JOeCqmz`={$uK8*-jr!Swz3wb`NwFtfk%BNX} zx&8U%GK1iK+0Asikfr@471L>1H@RtW0j-g;^9=TH_Iqd0)k0qG@ZVQ1ub4rfS2F*7 zUIixklmA@4Tid}R(TP_mq_%%MrYbNBPe6+vFV=Fmw(-tAuU zJzqb}p;M%+zE7P)rz&$fe}R9>+>80kI~9MWFDO~gU+$zY3t7i!F5RKbWqjt*ol2JR znMW@*Q1JLZ@qL6pmd>MBN?C|41Yd-S;(^f;`=E2 zfsh*=`TMuK=||F>%)|cutcttoZfQ>V@6A51xR>(VV34zf|K6Tge>2uWG-4tFO%lZeC+3prT5dTl)Mb`*A@5EsY)J?_5KeP%V>_p{nNj%Tt;6O z@-i|O?dKrO-&68MnBSO{%W12Sb^lRGJ8kY>_aBwi_z4>#BDYv?c`%lOAv*3k2$>})`PcXppzda;n_IqyJzaA_^g zQRe;k^ZnAtX`V7qf^3n;=}pS~DCGaql~2%Hm3boMB*=eN=DD@}`_xtR9%Wtt`Q*w~ zbcv8jDOw<9XW=Too~fgyLS9DX_c3*Jmy+f8H&0U*;Nj!<6?p&iY1y+hAx6sb`UG@Wdu4NB(U=M*g7NRuPdJ^vo4V#y|&t7QH?&^?u#X@iiL zlBUOS%46m0G$+dKFD3WF{$rJI(ArojKL+`^%C~5TlKY|kG*mXxwSBtGn=0RzEX()n%4T}GG#B;zK;=$aCgghve_z6?KBe1~%;!TM z$Wgv9R{hI?%1>#LkoEW9U(mOOtmj)_&}Jp`{$%cmFX=96U(NqoY4QLWKe<2BN@vD% zS-0=6XswWCe1lbA(I*CSb6p?z(6@xF`=>p$Rmk(5Z1kVg$zJ+{lH1?l{ncLDDP;M3 zmHt(GsqYBxpOlAHeM>JFGUhk0;d{%f@97LB=L-1;dZ&_ecJckqcDh8#m+$5MaXa0p z7YT~)7wrHg{<3CJ53hyd~zn%dlgIC>9`)|`)Il{ zzgqNX`{<*+%%4=|eKB5dHuuqHA?yBXADugxhp+qBeRQ#qWqy~~Khjzu>))H~r$0&i z>h~u5DILPy>+;x79VN^0bw6FGWchpb{j^rdI{o|US|RK7?x*X7JfBp+*Aja_^(Dyo z$@yXj-8Hm(d^_m(Le}mN(1SvrPdp;M2k5E8xc&L$G0aaln+Ir?lD`V``Q8CqEoANf zCt9n_-#~ua{ePk_Nm;ayv-SE|xNq`!C%WFLSd}CCl$eeC$IZ>+pQ6t(*N@mIc_@qr1Bg zvT`L$_YwBFkQ<5oz9hna5VH0!!q_og?r&KZ%d)%4#moA#Iwed0`m>*fEZv`1)t?0t zxqG~C*udN0Ko+Oug^=SR7YlhlITia2Ez6EzYoxg-U+mzrb-m<`%Klxb4<+`I7`6Dn zE!K<6d3zqjqN8|tD*giovGb&?-hT~Y7b`jb3B3PI8p1AD@=Ww6e#qA-S?*^HVK*vS z?q>{Pg-RY>!PAq#ij;gF;C8%)~00H{u3EFp}Tn^3kX^Ie^$jPHd4xBeSK-waV)im z`El$rDXaDMXqG2ry`CP;%9Skl3yx>6OZ#fPI)S|*Wl>*ps!m{^D04nO=2e}@zVBgv zBKu9sD!h}KFPX<*hj%hdRk92(h21D*y+1LA-6UlZUTEMLHeZ?Z@NTF&l`ZdKp30t( zvI_5XRxe~7-s!AW$uhh%SmZ<=A06IU7AIs`pPz~!%T5xq9AAq@pUEakbLXgc`1*G| zo1)|wU*+#}$FpflzU2-6{pNU9BxTYB^UnD3tW3zdew@P|mF6OSe~&+hy`bE)=lOoe zx$I>nM)7jTb&c%8+Fa82{ zK*`@hF09I6&PhB!=99BUeZGh#Df!|kA+xJ4W>+YA4eI~hRhO_Eg{;$a8M|G`IzE@N zxypV&_+MgQ#-8Y5Kbt+@!+ti~pzK#88g&D*+14KRC$r`r_9wFzW&d8Jw{E~>_Dv7_ zIqat%_H!6HS*FiH`>z|2!&V7d$Nx(9f{=CmuVf9%{w%cDy!b2GXFbew*;mTE0^{oj zZ!U{T;r?s)Q&?XiV?2j>YriQhO~|^vU(I%n;r4ZVznZlxS+@6USm~+V&97nAN|xq% zZ02d*>4^lBM~zEcf*8=GU^Dg)Hm$j3cjORYI2I`M06#*-B|&jptL@T4^r6FPKiI zvi@gC|K$6Xsq82r>+yIhOA@m5zw*ebY_XJ`|R3Yo%2Tx}+ zrG1s2>1?w!SNk2)*;~q7?x#&>9|&28H=XTM_C25Q@0$zQAtlTGj{;_ld2wPpqu!FDymLJiU)p-NLejtn0_EY|xo9zvcU}TUnBlW%=I5 zO3vzTej8gZWLf_#aywhA%;o;iOtweK-2HSilQpKv_{#mLne00u>;0ga?0}S2{>)^Z z%3SUT&17u63}5aC&0^;$S?0%VmZ4-B-#b|J?C$ZsgAEq4ZhuAWSRw27Q^ZaZ@_aH5 z`;{ej5lfS@=r7k-&0*C-*7fgB)-Gi2-<_;e$lAX<89RrEKcBpdnM{d&Crc8t&hNP_ zZesWN&1J)cEX!}iiSyXWQg-<7U#AT(W@Cjc*H0zGirH<_oE+bXQ%i?0V0Q^w$ETDn z7P5{{DO;}W|AP1ghLy5MdYCU_tCaa7%)ch~Tf`cBm@j5cz2s(P{{Z^8iTxI{3(n=~ z(cvv&*+QOA($F7G?6-vN60%Nz8EZ-Jp8hiSjgWQxm$ILPto>WceiQP1k}dLcDf6B$ z^LL>rulre?khS||EJ4WH{W6xQ>@O4Zv1M#b5Bue8d=LBO?0jXvQGEYY&L%54Uxfbv zyS|6};jp8 zvc5maoQ&@I`5@~fWSt)mvB5&t`SB1-6!Lt2ybbE-LoB_A{c4uo!+tf(RraT1eA--9 z&8GISzk(I^u)l&8Df^d;`R59@Qp%z|y;b!v+a_h_7S!Jpm#kzvmAvdTDeqEp_I|#< zvXbrT=00=LO7@#FuSNgTT=gikGev!Ho`(D}-?%^snR}qUevc*cCM0lVt!I$KhCmyxPOA>^>F_L%UAaIpp}%^Pq5iq z#`?L$Ud2kf*|*4QRx4z^zrTjHC|UNWYgq7No?gAbzlJ3WS@)-FShAE=f4YX9s?247 zx`w4GbJ?Fh$?jFM>`$L!WlEOytB&Pf(!GAwv73dg^XF+cQ^@m45dFty^J(^SFZ0H3 z=CLq$E|vaC|DRzcle+u=469VKG=G-GUD4hASvE|_y1dr1_H*x_-tU03R&mx2DYJxc>`-y<}!a9m}^G& z^fa)bkY##e%?6ewWF6mE*w$OS$LAHcQ^_*EudiJ zvNYew=Ki(2`9@ZzWNE&MmCo&MzKK;US(mZ1U+PP9s?6CR=KSVM9PReqBXm-F^W)i3f3 z?>*|I%x@0i=32c^ z62YJ;ZcqvaWjeLW}Z8aFAqQ>yohc8&L38>RWZ${$|OczE5@!PA+G z{4mj8?PXkLWabOfA8n7{z{$hWvR1i1PY0KSK}yEMPB6&GNaRCTewpO&qCBN}m%fgN zN%HZIh`YaD#24SQekk3`aB+UNs^>b~?kW#|s;r{6M!f&wQ`WI}J`no^S`cmy}-z1YneWHK(qx+ri^_Kg~`yE|h|DCMs zrw*6jkjL$r?@RR`BEI+?@!>9+`&ay!ly!aPH$rv~=S_@PT;?}P^7_GVaOCw%r~A=0 z+`TDo=;Gn=n<~5hX&K+kzajnMH(hdj{ANh*j{D2&3HO)R6YcMxne!VgxqIFJ@SB~v zKZ8X*!|&P}dHq58B0TOdze%XOzucVLm-=1#9#P}xtHPa0^mw7=A*y~pEy9!O;qj35 z)D$j2j1sCv-V*(#O)6gI;k!sk#2dd4 zMSOU=yT^~qI-E0A{>k{6A&vuhkmSznSEa>i<4jE6taSaY?t6uJE)zzuC0w zAI51he=|v?XqVaq`=-L4DQ-&T;qn^`c|Ke&#zRUTLw(@wtLiJRT7=(Z-}Ucb!`JEM zs_tL4%Kg{r*Q!pxR{4!&Jbc;DQE`(hcb6gRyFrc@?GNK~4_WKucTb{y>lor33CuIN ze}((GieD*;{5Q#6?&qJDJs_ot%Y z<^AYTj5|CWoew?xi>`T?*8iXCMelxv``fuk`hVz4u9_rMlnc&V6*9gPQs&QoBJ=-y zq=&~#j|)0py;Yy;r)0m{)&FT(_d7b?vR=p=X?Z+)%6Q-0B;$9s$ahLk7VWxAU(0%2 z)9$sZ+k;e1a*XOvt zRLei09rOO^Mb%IDbZ3%pRlU;ocZvF?{nM&RBD=cc!N<2((ZBHdVyUXPJ^jV++r+%t zBx6;%^KiJk!)iS!!$mt0`9aA=Dqm##Hi*tI-QKm_z1{Ns<@1N`^Mx$YKG9DI72~j~ zfB!puU2ia6{#X9|t9?C>)N0RoQPQdUiJs$lSHIFz|KE@AJRfvB&?>*_m+R~B{#}0= z3|fDL|3BI5?hn7Yn9BjR&XDt2x$fcmUu;$3{ulkU?sv5ckJZ0F?@xR8YrXpkEq|`Y zr9YF;+Qs8(lKL%NrDV=eGTysY`$|>m(C)R`v;RjwtLm8?54z$n*KJ*L-^J2@eq%7t zr=F@@CwJ+0$vRv;FV!-4FZy512YI_P(av~#%)va8j|UeD*&=d&+ST7{_i~<(_K5We z&wnoSb|hs=PFOAD$!|*QYF}OH>8anfKIJ#Ob&uE6YTel;>O+@%DdTrQDxZ7iWAA)L zeyRBmzqy{5+tLmhKQ8n5X<4W5%YRCJxo)C=%#XRu-E(uE-=~Xy-&E^Md=mU4*JtFH zegED(SD8zD)}Pqx8h36{{VBg0orkwkg~xAT?~-v|sqh!$rBHF+=G)xdBoC-^(DLcu zaeexSzHIMZ<9u(qcm8N|xen@Df5`cY^oNfZOJ9@m)An`!({gY3QeXE&C=b=1wEf;P zzX6!1Uz_)owZ2wOu@A!ICCihMM^G=h`*JbPn&cEwPbnFu)=}JFUN87f%Q~Dc8Cv3> z^uJ4Ahxe~4zmb@ihumkQf9$jUdwu17xAe(=ysIASbobWh>tIozk$*hBz4Kk>6D37z zKBW8MoY!Ui^t`jDjGNY#ed*pL^F{t(zKeFr!yAmW@qGF~^?y?B+BfU2&-)wQ&ZK@< zdRx`_AXSs-dD6*heGsSA!)iYAqZ(JGKKdV}uVroiDe{HKPrKLi0@;qc@=3=_t9m~| zt|RcBIL0lW-Z>T0zuxN*ZBOpwm}InykM>WidcRrk_vn2#xlbkQsb2Tmzzqrc#Z@vGe>w`|Wv}clGYCig(`dNNMGY_Y?J-u&s82vjp@2$R~ z%Kg7ppHlN$t@3p{_qVtEohsgcrfT=P-1rT;fBsLeC$YcyB)4ahS}`u^a_Ew~=P!>J zAJ@9u=lgHG9_jYETg^N5ep~N-xIf#k+o9&e-S_8syZ`0~nIF0wwK_rdcmG>i=hJb| zO8<2`lIhSn*HzDSebee`s(;n0?#J}LT5q{`KJtApo^N{JkM9e1mwVfn<9*kDgErUU zX;tfMRqg|J?f>=E?@Fh(r_J?#yG$SU#b1{Br1MRyr=i{P`k>4IY*j8gU!;uh3?7&6 zwY}c&g?h`nU(x%2EoIXE7S#{Qc8U9HR5?7L;`g8G{eLq5yK2AsJ(5nhEcbtXU!vD( za=nfDl$y`bs~qII+En{HUHaO-&iCH=JpLatf81i8WRe47|D>y(r>cDW z_v>p$=Bjq9>-V3jdVfKeYj5=vHP3Ans!8-Zyr4U+foQ zpHir}H$kl5yVlV$-^%>xy-)Cj$`|dQUgxh9`q)3mI=bs0&f`<*ko#4X7!A^2t3^5LwlDhyyoVI^mXS+T{AIWXam2p1N#y!cj^}*;RQD6T&80pgw_x7K z_x*JH`fu&&_TE$N8YkaV@zLvOz3!E&oR9KxLCd}8aY-M^{L-qfFS;IYQtySfM0l=u z)mLp#*F$L!^?JYbPwIEc@2P(1+Gn_V*Zi{k`i}eGbG^pH%XJ{{*Yvvn|5bNA z`xQ#g68&%2xTW{qbU&%rH*#I`=krBvU#lsiU&MD3s=w9crDa{7TGiuU_jL!)Pc8SX zZ+e~4W!~HU|7>5DA}`1P$nc zsiNM9`4@gKtHOItjVn^$By9&|J=XSg{{ES)^?UoLWnB(h?rp!PxsF#?d(-9CTYcy^ z9#8!b_l1al)g=EA>m^ER-j?a;Jzh(9UHQ}7pD)#XbGMrR_8$Lx$KyYZ+uFWPx85Jo z^LU+pZSSCnH@>G4<%Ipmsjyjmrtp2R+cC3ixTf;x>Oy$j;B_2 z{Isl9T`#nGZ&~}N&Gr09%W~W@)%z9t$NLo-|E}`U{j3i6&(!~}9J=a@j-OU_{gmCSQ7}J=oQc0hxJCP1Tx+|RjK$yCt_ZQf^1@bL$dn@#A!}DzD&xU>x z)FP;Jpw5AMC)7Kk&cok){M`%tCHT7!Ztf#TlO>4l5`?n^_oy#HI7^^kM*8D#kx@qa zKwSWJFL?lNs-Qjy^&zM$@V63vuY{kE;(0an*C3zP!2TM@PeFbL@-vX1f&3i)HbQR` z{$7W>*WvCBsBb`h6Y85#--lT<{`mh7@b@8d>O;8y5N>xO$3B98A3^>I^2f;Mj}gaD z$kn6;c0a}6XNdP_(EAMW{tWg$gT2q8zZ>e8P`}0BK0NP-dKh*O!|q|&Jq){tq2CGp z-|Tt4N zsH2eYG9GU!b+=GYK&rX^aO8_L?`Lo|NJb0QAoGMe895~NtAsj*tWl?*u2H9+zNPH% zGr7IVWV^b(K1BIfnz%EW$lC)$RQ?J%M7ew?Nfy7_SxEX(e%fw1+KjZ9ru6qx?q405 z#JGy@29RjlL!OjBiFC)oV8B`ce#Df_|jj`9_r}C_U%71NCV;oXy zv-1CtQd@+&-I!z?|1?f{hiW{;^C{D~5+l_QhGF|Kvp#5K8s}oi^LL|_v_d~%HWPVk zc>=yZr{?H^&*^+!`1Bu6X}RGN7^;m!JSO^8DAgf;dGD<@MkvJZSwNH z4)#BQ%=P7|rEVsFz2>%KFypz6`jmfBq1Mo-vA>F!Z`8PT3ICO9rtu}-EWZH#OA!uk z6%qQIXuQGSZ0(>4!X0`7W8OxCd1H9D@tq|WZ}1U53iXmL zT+K9OyyBI=iORo3;{|+algSc{r$s#(WAAy#Kd$CiT%My)mumgB4n`E>;$kUf- zB#Uqp4SD)+vPxIHaUH_p@q7vX;1&^s?~oL+RF!|pB7bI+R72jP60g#krs9#N;*nbd8%-{abYFTzj)&s~gX^<$s>RXEZ;vbYmpy;CTa>%kg%2jyfDxZpt zC(!=ze&2Wq`8dWbHm>*@r?6YqhHS^xs{K~~;r|YpbNljir&8gcMM@3XFBBX6RHvBVTtrti~edlDK}*QQ!H*H#r@;R3Wlk9s$Kk<Ss&&BQqB9v&bPL`~6I74R$I%bRDv|f1kQKL^$|vNU2Qu>r-lns&~7MQ;`oo zXSdOcdK-4un0!1u!tt51d}i6_zRdgk^``7^I#s=xWqkIeLC$h!8T?nR>98;B=@fe$ zR-%)fk@lzPucknK0PS`X>lC*iE_9;8|JfvJ%5i$6=)YDuhWT|1`X^_-`5@fAJ}{Gy-|OAUD*nkT{#Bx1-)^iI?*HL7%ukSxf4bMG zd`=bWPwq66zY+0z(uF+8lWNXH|B|HClRRVWHuQ^=X{sqtQOz=CzmjG0{&TV?%ar{} zswq!l%~Ag6Db+At7*Ac)5aY!v&mACbE90SNOe!8iywt=^|gNRsN)_{-(Z% zyNi73YF;&wJ&Jz%FYt$}kNdU@duTCi1Jd)dZwhybkg8Z?btgj-?HvoEDNsRZbJ_AJFe!>6i1N z>-|kCzRfB=%_2Q3{4FLQ@7F_}i+1n|)Ya&ZmRc?5d++h_u1%GHtMa!+sjaHtX#JzT zhcRDS<#ecW?@;ZqL$$NF?1gCWeFMAA8!wRyAI*x2KL&A@rHC-U>@W1 zq5{Zk(H@EeKGm)>?J&Zr3Ph@pzxT1^IJFOtSJfRfL06C)N5PO{`;PlLRXJr&Q%% zs#wp2z3Iw4U9E$%g#I%zIZ8iA>F3e2k>2SzZB^!DA>p?JV#fI2_hYs>8pHApwA&c9t%d5 zzT2Mo9bYe$E4f^yt6Zh4mh#(K(n7TqQ+SdQs#9vc@~=U;s}=U&4>gMLzYR6f(qDN! z!6}1CFAX<|a`c58l>dz?{>>`hEh^r1RNns5s{C&g>K40Al}nwFv96KsoQ^--@$y~a z?@<1Bs(3Lb*MB}H*PDim_h*A6ohlyv>;rgHbbh2(*-w=1)QKwlV~iE3FZaM)`X6O- z{ES!qR-$UJ2|~6=qS8-R>LzBPo;O4`F+M-o9NBHmSjzj|DfSMiM+f4Wtl#lWl|Pg9 zIzhzyKqOVg1LLEp7pW@zMA1KtF%y{Vw-ZJG&Sg0tOklDfPh>paW6WfsuJF5EtI%KP zM?bRNjuBgE}Ac zu=Vgqj`NxJvlyTDM$<+7!`>_v|11@6x9e)SOO8!raz2&DK7oIku`AVlNvc62)hm?# zwXt%2cWbQ7?=5zY%HJF&=Sw+E&M$IQ{u$=INard~9+S5Qu{5Hcgpr4O3#A=_yx9_Lxn1Sh3sC8-&^_=GC2<@68e6lh{=ASh{=9{seU2Vkhen?Gd1oq zJ|8)`Zz> zm6z*gsLPQbO-lW+?;7(}tT(ZN42uG_`+c#WO-|&oCn|AuS41IV0>QrB4jzPcc}0?RCpcAzYZo(8SG&4bV0dK z^J>3IE+6`V4-md=*BwlrHrT2B?-c3U->;L&QwEvX$J%cAELq+@i@$mOnT@kAM|q9t z9~I_j^`GM6=?jv0i?J)2kNi@{4G#aXR)NqHLOVemmy-{iWKbREtRYy1vs?yc0!wEMKxv69*JBIUi0H z=2s3#vku{Oi`$_-(wC4sp~}xBt%%=`tk&XRie3zve_^wO)>{0R+Uxzb zDxP)1J=(p+za%Igm}wk%j?XLWt^2XPw_-rOh{w`__1KZ%r-jM*m)La{|DyB3fpwNV z^{YYnqw{&~z;ZE8l-O=ogMMP~z;w0WxKi2MXJ3!`%J%~smE5Gtr@4omd_;>i2d8AL z7|_yQWIf^gv_rPxSKCJ%MK^tguk4N}WPCkVb3~RU_n8WrTu-%G zzoA@K3}_SnwH(oA$y3mZEP0w;hsF0>$&sDb7W8*fsQe4npBWSDjFCtBgnAD2`5V@Y zAknZ{b=$6JG*6Z?AG2CY~7W}A%CD)euV9z7$I#r9(NMy zzEkZBb`p6?SfMT3ccCrYZ=tQmbz8RgBAfT`_Z?MatMOUIt5}6oto%HqntQV~DT z;BpneJmYno9u*H+#&41-Z#$1( zA5y2h$@$CPfg>r8ch%sLRK|NGOgkA?pjxkUfnG&ocB=jAFN<@mE_ z@KQBSjIkDDJ`^`(jCJ*4>|PIUzi|D)+0J)Vx;O$4XD>PotYK{?r)L=$VL5 zjj=$)>%1WgRJ^8%a4nK)^Yz5w&)=f{^r zo})59o})4!s#SfiR`vNP;V(;APkDX@6Vgro#q5z#<^E8uuzzeqtbj=@~svXg4=L%wiX-m=s5hrQLX=Ng)7%G-8Q%{!DVZ`(;V!%CL7?WCHI z!ynhsdXfGyW`k&tS%aEYdu&ndvDN0|ed2&-)h_E*zf&*lFLc^;yEo;nL2X_3M7!@$ z?V(fD|96IViu&*MblUt2;r0GbTaJ63sy%e5cGIES4Rf{Q9G7o~G8Z3z=`iM!r?vUi zJR#LgcpmfEVNumSqplAi-!iO0^>0y^JiV<}?VrSpbxg^y1Xn6jEA~PgrBC|rMb>W zI9bEfT-S?oOmoT8;SyY{(JsdfPgnNRUF#udLFV>cL*rfYl)HGBJk2iMB~Oh@Gap9% zd|`OHXy==U*Q$P@R`dt&4$pF>AiUWm%T){ieBm_nwlcg28J?r`bCiCLYbg4G;Um(_ z3t^rJ^;~gkb(YEdmrDkxn(~&Ze35Ur#jh9p_H#$9SGU>hHtt=<$Av>;KdIE*XKxhy zBhOKJ+WK=;p7NUK;$Iv`S-wc;25-KS3tbnYTvrSz6y^H-h(Z@X6|QbTk+8SjNEiEg z?+z#yn%E8NT9yN6ic2k~pEks+1@bvlvrz40TfRrs}{pZWQyIv4L>JcH|9vVSQx z<@izWlKpdt4Ho{CnsU4-HRXGxQd5o>V??;|q(S)eH`b`!HCenL`}wFQ<$tsCzgd~f zdCf(%+T`Q?7bE5V<#bZ5_V3b(oQI^V_ePV%`+$Ji;*#TRi;M3o_`?0{i!nd#9J$we z2jLxibgRn$Hl=3TUmd`E(W491JgQLK7P8eU6t{%M~AX6_oX6sp6E~g#wO!2 zF<#^JFPJ`UX#`&Z17^Ch{@Wsy`BpHzphqx{(1lJ8g3 zgg$n>oEexGt@o!pa(9)uzh7)ZzC1M!6&7SMJF5X1OEdS?fgk?zbC_%AY3XPm}Ox`f*Ll zpC;uGWZ_Sv@~2Vx)2!ULDEBSG{rcltl=~Lt9lK+*T=OwLs#Nfcc^1wzSL?{;k7w(UEAu&Q{r3I>GATtZNO}GM5dNN&)T!dz>Bx0%r%FeM!`G>|59n~@Y3!ZO znHaa)j_Y)uLA~BVGmSY|=iHve+_GN!+_GLq-D;lh@b<70{>yoF)Gh02rz6|N0yY1g zXUg$to+-zpc(?0izD`YW^Z1M!o#5tQDlfGX-Mrm~1|}-~M5Q0E!iyL2xNvl`h{x5V zQ{B?vRJZguO}H-_o#y6W8h6k%_verB{7!T47UhuUmg~H9w_HEgs{M*Aw_HzWx$lPk z_5N|(w7T8$%VZh5MDwX$C=>|Y*V>z3>BTDM%s?>1Lp zyeK(d&aW*}=a%)g&Mo%?>fC=rf41THIyW!pMySVO9`ZA*bIW~#I=9>>sCV;zVmr)b zzgOp${Y$2C9p?S)ga+krgD9^kYjDebkOpPHLD)aJZ<@{Di(Pp_ntkX8yw`)u$B%DA z@iu>tHGD*tc>m@LH;Qzv@Tc2yebVec4dzWJY!dqdC3ds>GQ1Dmc0!Arzt{itgl6{< zh~Lj_lO^AWZL;J#x!KL%yYD+euCGXPt6QFi-RhR{XmwxzC@<$$b!v9h=Ii-ja#YNx z2f#kBhck|BbH9LnfD@9N-7=mn!r#>7LR*ffg|?he6xy=iFSKR9Uu5(A+ClTgykT*2 zzM3}_*}Pp;CKog5K3~lv#uz^Im#-v`6XBPWkyM(Gq|*P9RIaN>QtAIRwSU*4>RE@X zXB}=ipPWYd{^n+L0hQy_0_D#F<1C#I=&R;Or}i<6m0^$#K+emt>5 z)AYx{Jj*>lc zevvA|U!0t#!cSA-rmOg6srcn6^BiTK?2+@8WRKj($W#92iEwrwn=kyw_XD2OP>&K% z&R6<*9yyNYD;4g<_?oZOJkKhW$CQ+O54PaYpXPhYu>M|Z<#~8Jzb+-u!|P=MRGzM# z#};~IJ8`hnk6g=X3Zc(^;<4S+3Gq zs?u4i(pjp~S*p@kuF_Si(p9VCUn|0&a7wL;XSGMJYpO*&(SNG)uJ*|Hb@KiBSEtk~ z`}M;8^y3;-y6Q!`CY;is^y^i68k7omB3%uCsAp`%`<_$lRk|8HZ(zQ=)N1hjg8t{$ zQyWw|8&o>$RXXccI_p(B>s2}%R66TbI-68Fn?!s*Ikic}yHTaHQKhp{rLS3;Hw*ii z|EP2|i*$W*YKziuR_SR`D%^>5wfv#-bbXrI;^F%;Q&L(~x>{6vT2y+PJ$&AAT}rb` zPqRu-vr12kN>8&&Pol8*DcUEmw?CZJ>fz%QzHe0XghXNQ_0v+-e56Q~U$JsmtlSkV zd(|HKezsPb*DCW`W!|XFo0NHzGH+7m0lbr0JvKn1n7>soHRGdAn9Nh$po{>rC<)Z9Ly)VV1ZyE zxfahe1&hcHc%Dn9gTPlTw{kKI`jx`ZYVub+*O2*OEhzz4i%{ywB0R4p z_k;DM0$fL`!3MGt+(@1P8_84PRPyaw(hjbICT3*1HC1zXAc;2yFQ zY$Kn7?c@uvgM1AhByC_P*#{EiCy*J3K?mD7ZsId6Flczds1XCk8Bs9a=m!omjsO#k zA>asO1ej=y0+Wp6!DQoPFvUm(Q;l)s!{juB=iXT3Y&?$>&uPYacpfjFCm0#9nQmMH zo%4lGhA|mBS;kdhwvh+s7}Lg^8Bc=c#%ki1Rj}509b9c} z1?!BzgKLd{fc3_Q;5wrP@mVk8(_rj|&PL-aguY3H-e`P_=QqUjR-+xJO~wJ}{9Wj5 zGk(GIcJbV7{0`Hd20J@UJ`y@DhWl)krV#*JjR?5Mhy&Y1G+2VLkw6 znGeGB5@DKcJ_4N_vlh%X*MNEEGvHM71u)-S2NsyG!2S$jztG$aotfsFV3FAb&Na7# z#pVZKiTMdwYVHEd%zuLA<~Lxa`2$#Oc7QeJA+Xl`4P0%~b5NS51FkjwV7(az*O`66 z1~VSqXdVSNn!~`Y<}qNCnRE`yPUOZmlehh5^F-+E5IQ@}Q}Fzecy2Mz!1Jf#d6$_6 zx2@(x==@XY>@hEZPMdi#*luQn9p)9_LGx;`)4U!eG#_Mi2I$b+Kp(vW4AQw^l->=- z(S=|_s6QeMh~XgPEeXccsZ3Y`)3Vdx~%$DlJx=p@nA&`G9GgDLcRFqOUp;yXMr zjcx)b&@Es(edipLoKJZvXV7iX$)Y>JZ2B>LnWcU@aX3uBNAhb@VK7Eu8??)APY~^dhi+RtGZn9O$sW zO$ZP-^UO!tv6m-=iJ$Q@3bKtbjj}huIQBLe&)x$Ev1TxVeFU3Bh0PJ{GdzzJ&x!0y zJdYC3No)^nCbRFr6!s&S%60%m&k$7tCNmFpI^4*{uIWl%4P=haHLM zE5vgyOThCK@tns-;`v(fJe3_g(InFtuLJq)1U%m)o(otCd@E$9fiu~eus=)KFJk9F zXD&+zi&-XE!Y&0%+2vpv%LU8XwO}Q?0jy@z!5UTw*0NdPYW7#Kj?JGKAWyRa$i20! z1UmI>5x9=s5B>E*zkyXC+*d@n8(B4;H;Ly)wi3^8i07^B3Ak!vPl4OmTCkbD2<~JX zz!vrzxC^)2pp@BL;2!oa*v8%m+u2UAgMA7fWM6=t>}!x%Z6LGufsXYP=(7%kIQj=K z5~7v`##tUP-iiSSSy3>->IaUnjsO#_Az+d<0!+3>fhpGUV5)U8IMzx9)2wme1nX=t z-8v7k=^AnhfSxSAn@!9++oM1E*RygZb7iV1YFgEVSl;Gp)P8BI{ldztjMW zt)*azwHz$99y&Kn7FoQ0mRU7;UMil;t;b)={z zD_C#+9b9Mq18lH91UFhOV57Ag+-iLVHd)_-+pKo5**XC3w0;3wtlz<17CR4RVY$IQ zRsd|XB4E1}2X@!6+>L3=D1wa0^T_PJoZ zeIYo=&H@wcN#F?kN-)vB228T2g30zxV2b@0Fx9>t9BUVWY4$vDf_)E|Zr^tvW-K<( zu?)Km&za&m%YFc++4h5Aj{OLjYuAE#_8M@i{S26IzW^54>%c<$6>z4#87#8j1n1gK zV6nX&EU`ZTOYKjz&870u-(oE zJM1gKgZ9;6r+qz0T>0tv^|*_d1+Mvkj^nxw^ttW;gRZ$?)O9x)=UNEjtt2?eRSqV& zs=yJhhrvYGV_=eNHJI#r8ccCL52m_a0>`=c2*U@0L>o~B+l?>Lp#(=9`r-OB_v%s~k31GeJd~luXBCx@A z8Mx7v12(#*fLmSHflaO(!ELSru-SDhxYIQoY;oNQ?s64_t*!;&9@k>9&9w|{cU6KN zt`*=x*P~#kYZXYGI*>WffsXSx(C55-KE@+Qj7QE!=tP}2z&Ph^Fy46&9ON{E3C>60 z29u@xBw;M*kHQjy#Q@Qgp%O|@ti51vz%C% zW;^}C9OpTjZQV#=&S^{ zI!}O2&QstvXD!(5ya?`eHh?Y8Yv3-Y5o~qd0{1xYf^E+GV7s#u>~KB>4?16fozB-F zakqiYy$^KUKY>2?VKC?>7dj;5=Bv@D+qy7JV%@xq;@lqS_Y=?Y?wAWvI_@Y;j}kfw z?tai2;XVRPbPs|4D50O^9s!+X_b4#MeLR@zJ{cVAP6gB4V+1I%(? z0%p4>gE{W2z+878nCG4bPIcc5=DTkJ3*0j=#QfaNXMKh4InbHuz6&gJ-;3DJ5pkI7 zE=7FiiRWVXQka&wmxHD5hrlv-4Os4e9ISLd30AwG1#8^(V6A&SxZ3?Hh`n%dt$Qn2 z@BTZu&ixOt!Tlk)(cJ?cr8J;pQ%ku!3?RgN)@jL?NdTPNu&zcO(x<$BCJJja0BJV{`) z=R|O)=afu`eB|N#DlMKfGO?Z#G2i7$gK4X0BDlwM0odlb7;N`sgB_kLz=NKv!A{Th zAo1pd%sT^gytjcq?;Y^X?-jkDcP>H+dHLQ;)O$Bf-aZ$ZWPz8Dv!&hv&?)l{ z0?WNa!AkGZV72!+u*RDV)_TW)tG%a#b>6eUwcZI}z4v@@o%bTJ!Fw6F(VGLGH+gw& zZ}d)q&Q|YrV3YSoaGSRPZ1&y??)1(ETfBFIyS&9V1pAb-w$-244lZ(N_&N`c{Hl zeNTW*zNf%#zO`Vp??rH@Z^OkV`N+rXLyPY<=OUDA>rVyK{Nun0{E>c1Jx_um2*_-BHJ{yE@G|6O2_|6XvezZ5L?F9l2d%fV9rLtvS| z1}yhK4p#b~1grhef;Iknu-3mGT-~QR*ZKbeHuygTH~L$^M*nVb ztN$yo$^R|5&EF0-`wxIS{l9=M{@=k}es&4U!tVz6_yb^@KLWP<F8K=7b{FxcrI z4w673$O5B5CvXzz3!DlD17pExU_2NXI2Vi$TnG*dWPu5RN#KaUm0)7v8Zap^6-*A? z1f~T30;UFT2ge4Az_h?Ta6;f7Fg3oH-(6RZq;16Buq0BZsr zU~S+KxH|9~SQns|BL4#pSRe3%>jGi0AEZO14n^d1H-_kz%k&qKoZy-I1$_# zI0bA8oB{3%q=Bu0iQt~V1z=m?Vz51s4R!>s01pPP20H`SgCr&&WHB>9C+0TL7jp*~ zjF}5YW9|myVitn&F-yQfG38)FOcgjH=3y`~=CMmnGAf4G@T8d4&`FMY8cd0K9!!mS z2^<^K0H(!k0w=_50n=mN0W)H@fmty-!0ech!JL@S;oB9$x7?Uk=;X!h1*gV*59Y`0 z2Mb~jf`u`^f-_^x%TN|EE^uy)4=j!efh940z|xojU|Gx{usmicSQ&FPSRHd5SQC>B z*2athSI3+V*2SC!u8o-h*2kO=u8X+{Y>2rG+!&JsHpWZ=x5iutHpScsZi^`Zn`3ST zcgD;HTVn16cf}NgtuYJ0Ju!>HwwPsLdrT$R5wik381pFD8M6u`!8(uypSvtftRU|v zo#5Y~;|snF27?=+9}@b};2Y413%(7;2j2q+1)E`dlrT*QegvHn!Oy_N;Fr)JCG?Ym zd!UmX{0>YB{s^W9e}?I4!gOq~6FO-@BO7HDw6nuxqR>wddZCjM41!s~STH--AEuLp zX-@D+=;Q_yz`Wo{=wB=Jrv{IOPJZwNuppQM76wlPX9mv%i-PBXbA#z%aWE4s30?}8 z1}_K8g1KOM@LI4kcmr4+oDS9m3&GmpEO2%3uV7tpKDahm0@eo?f$M_zgAKt7aAU9< zYz(dhw+5d8n}Sb)+k$Js=HQFq&fo^HCHNY+E7%CO2Hyhr1m6YQg71Uv!JS}7@Kf+$ z@C&dr_%%pEZ6FKn1D()Mpf7Y742H-gw4IOz#)Uj!d?*GS6pBtl8HISsCWQJ;a>!8e zJR)=iOcO&xz@*R!FgY{|ObHziriM-i$A(hDw9q(kLg;KTJ#-$J5y}9wLYIKqp~+xQ z=qfNbln3U8rh!vKH-q`1TflwY3oHuV3(gIdg2kbwU`c2>SQ>f=EDP0u z<)O#H%FvTwb?8~JCR7jBhSr0tL$6N4IY=Si1Js3HhtAs2RhrJroCaga(2K zLxaK2&~T816G0Xp4LaeIKwtP&Fc=;SM#JO5xbV4PeE33eP&f-r2u}h>gs%h>!`FaG z;i+J9_$DwV{1-4ad^+%tEC{ay3&XE~GsBy~qVSvG+;9_E9NrF=gg*dF!=Hd<;ay;P_@7{9_#3b~ z`~z4M?f`4Uhrre0-@v*sy&U-;cEI|uA6yp>gAL)n;Kpz~*cd(v+!`JRHieG?w}q3y z=J1K&&hRN;cT!Ydeq=vb5IG1IMt%in zM$8=Kf5ZjOjrhRgNC+&6^Z`pF1HiJ#Ah0|#6s(LK4OT~v18XA5U~Oa!xH@t=SQj}9 zTpO7H)<@0<*F`P@8zPs18zVVjV`K`rHF6!;6uA-H7AXLmBe#M(BeTJl$erM>NHN$N zSpe>dEC$;m%fR+XCD;*J0UnGz3U)?Tfh1Z7vgmW56a5?Li@pp7qZ`3!^bIgB`ZgFJ zeGeQIZ3YvfAAuvHpMi0og*6D)~d z3YJDM2g{I%Tt^~J6p8%VpPl4N_Yr*E|i{Q@a2Cyai8n`Rk2)0Jw0{2AU1>2(UgYD6sU`O;* z@L=={urvBKNMhSS7P}90Vt)dCv4_E6EV&Z-A8Ubeu^uo!HU=CN8wC?$`+*~3j{p;6 zhk!}3Bf#X?QD92!@nCA~$>7-7R4^@e95^BNY%o3cJTN0R1I&uO1k8?|4CcgM1?I-) zfqAjhz^Sn}gZZ(yfCaHL!NS-%;LO;&z@pfD!MU-eU~%kHuq1XlSQ`5fSQc9Ymd8F0 zR>nRFR>wXI*2LC>wXy5L)v>RFb+NDiAG+=azRI}|{P^!W=d4z(TH3?ecD9|z?QA>S zIa{limd>;YAr?Z|v~ER+h7dL_8etTo=uC^$5ItB4n-)DG3Q^d!2%($YhVcLVuJi5n zzyJ5^^}k=Q`~A6ozw6;#*LBX$&Uz58N!*6(65qwv#1CGusG>jEJ?Z%OOtNF zaMBzsPpZRlN%!FRr2BC~QX@`GdK4!mJ&BW(mSJU5Ggc=(kJFM~#2HCzab{90)+D`- zvy& zCHFrm7S|>9$JV5iaC1^Jwk0{RBguu^lCp4DQXcM33gOPr3?K@(i>k-+-~nH)CA#?HHe2iwVi|(4KrBI+7nk zXYwNSCO?7x3{m*JF2b10GI(5RW7;#G}cJ@mTUx*pvJW9#4J_ zmAwUR_Lni%z5(OxuVK8s4HN8J(Qe;?4*UD)wC_c){ZsVYzrcX~AcpLRvDp3tme_yB zQu}WhwjalGyKyD=-`)$y+xy`Jdpu6GC*mY~Do(a%Vx`@S)%F~mW-q`Q_8~aaUV=6D zQ8?RvD$cQ=j{D^E{c2olzaAs@8f>=TiYx7RVvBt) zuCdR@b@m6a)&2->wm*(-_NCZiZ^CW%XK|N(HSV^r!M*nNxX-=`57^(tPJ0J-+qdIk z`+IoAz6X!m_u(=7=h$Qa3Xj{rL6vd@Z7Ki8*p&ZZT*{vqpQ5I4|5IYnp3)Z`DFe}& zl7QZn6!fQLU?9bVp%gzBr{rTvN)eW(499RvDVC>{;kcC3aD2*HI3Z;MPE5G~C#771 zlT)t1%9LuXPMMC=Qm(@pDYI~9%51DjxdUgX+>LWm?#0@a1z4Z*FwReT3>TywKC)k#906S8;a9hgP zxGUv*+?{e1_on=c`%?bE11bMtXNs+w`=8PW52p;kBPoONXo?+=rKDp|iW`roWTQ$A zpe>cZI-z1yhhbdmNQ_SnV?yd!w5Ohlj?{C}nK}`@sTZR^^>PfPPQg&>G%QZN7E4lZ z#M0DTFq}FE%Tw!cTF>r+3#`Kce{g4F%knA(YpQV-$c)bDU<>Q5L+J%-JxzvIf( zzp*9NI+gpM8jI^v`(tbBNw_&R8QW4F*pceOZK+wfD>V;yr-pEE>QLO5dNLkJ9gUr- z<=CBi1|Cj52alvy;L+4ccr5iY>`A>6kEdRRDs2YZ(r&=mw3{(5?RJb$tHp%0d1z0& z4;^U_p)+j}defdjf7;U+NL!Afw3S$#_5zlqy@I7_uVOfDGnS{dvQU`wM5MS^mZSPwS1fX>nMeHVEgZ zCE6qErD;Koq!nXx+6Y{kb_%wnjlnf(<8WQt+1Q$PK5kCC2;0&o zV@FyQZcFu$K-yi{nO2Y8X$^Qd?Lj<}wh)h|EyiPMPhn5m zGk84hIaH1ov^ieJSjPs8bG(M}jy6niY(=|c2Ra<@qtme$y^c@O@Av`(j)NF-9L8eD z4_M;(8A~0%Vc2mT%N@p5+i5EnQu#YRUZE^ez?J9G_#4<10Mw_y$$_5wxZM8)MV|gK_D9VthKkp{x?pW6+-7 z7ai#X(V3or-t-jor)OXw-GiZYKNhFwV@Y}umZlHKaC#}0rbw!x`zbaAx{!tVzEEXQ$tdbJFj{+VlljpZ+k;Pk#&- zq%Xn7^aw6WUxAC$SK-q1moSpP4x7_A;>z?luqAy9u1Vj9>(bxF*7Of?bNVOPmVN*` z(z|e5`q#KC{d?SEvAAm>F2jkInJ043<$DVXI z9#79kl@UN&Mj^0ypLkrcA8OyLTqZz9+p2uk!FXD`h zwKy}Q6>BnH$JrTg;hcsdf zV>EVVlw)_s8F)D396XXyfk!hY;jxU%uqWe6Jf3kCs>~T^%e(<&GjGPY%-bMc#*WM?+?M$-+?9C^?#`TvdoypseVMo6fy}$GGqWDMGaK-5=7V@7b0HqhT#Uyu zpTeHZXYhFDbEupxXmh@dvCa(`=X?$0oo$%l+=_PR4smOG6Z+<#{;9PjLh6P)ol(V2*ooT)h3nTeH7FIGEqaGJ9K zXE=x8OlJw!I7i`Z=czcyc{m5EnQv#YSf(E^fDFNoS$Ql^D8{={05cl2-;l###q;XFwXTS#=F$D+<#XL z+FgCo;TnieR|0xnDd=})V8G?Ukjsz7u6!(U6=A7sIEG!NSnevrajw&Fyz4BS;F^FF zT^Haa*CjaFbp=+sstUSldJGr1 zmSCeRf{R=$aItF@E_Jw&6P0yV&ab5I4I%!8X?c>~MAA zHrLm<%k@3(b{)mNu3vGV>kmBO`Ug8*w(Ge6u0D9!H2{ye2IEne9gn%vvB%}ctZ81D{af_p65-Djf1eJ(oP6VdCw82#?cG2otpA@?*ac3+Dn?i;bx zeG7)&bFkc9hvVG$;CT1_IKkbB6Wx#EB=?gz*}V)a-OX6-ejcZ}U&I;iwK&t=iZ$-n zakl#{oa256Yu&rB-u(g2cYllv-21W7-HD6bhj6j`J6!7i2_x=f*zEotSGxbk7Ps|! z?!P-0*SY&+tNSF}>`uluw*x!eF5KqM!d>n>-0cqGUiVPk=RO$^xJP5ByBxdSXW(J? zIe5fffk)kw@R<8D>~UX-$K6+<^2|V+=LU@R+>CLa+cDl#iwT~2X!qQQ4$njA^ejTJ z=Lz(Cp2mP@IfgtdvDothmUv#lQqQXx_UPX`D>s+Nc{VdM-qVf~Ja6Mf&rY1=*^QGu zA7Q2EGpzP}iPJpYIK%TT&h-3=}n`p0lyTb3ShKT!gzklX17F z3io>ch5J0$-~rD}?DX7(-JaXmzj5ZH=x)18v4C$81Qbzkaq_bd*8`Ur{W^->A2WC9+!I0!-)4nZ1!G?E4`K2;+=|XyjSBo z@AcT~t-;OSTd~c1Cw6$};x_Mm+~s`$cY7bfz23)hpLZ!9@HSzm_gU=ruExXOHF(6k z9*=rA;W6)<*yHWMgcE(kagwhTC;Q5<(svqG z`_95?z6m(PcLC1yU4k{fD{!{28t3??W3BHxtoO~r`M%k>z;_2W`tHU>zI$=8Zvig# zJ&Y0GW7zClf-8LyZ1JtYHNI82&i4|w`qtrQ-$rcny@4IREx66M4R`t8#ofLSaj)+a z+~+%h2Yg-F>H8YHec$6@-%&i``xTG+{=j3tf3U}Ao5lV2^+A<20Qt}6U~HBhS=ngM3ZNsa5S>}W(3>?9{aIlQWR1m8)|ptGbuN}kzKV`VQA+{e-Pq z$8dAj@7R|0H+E!MYq=JnIZp+2^1wy8>ggCt+OnWf-4*B_?EFh4$}$&7WY_D-CZy&Gp_e}pr$Kf{{rFL8EuH_pla7HhMA#QN-CaDH|VF3A218?!ApasRV> z7!9ob`WTlP5Im3=nu z&ORUaW?zK+vM1w#>?-Wc{ug#wgXX{x%Hww_?b@1B?CdV~Kw+mij-%u>T7z z_aDS@{=+!l{{v3&|BMs;zu_eRah&WoZsz{`dttS|A5Qbf;|zZy&h)2ZjXx7-`@J~F zpM$mj0<8BB!TJ6YT;Lytjs8<{k^gjD>>rOy{pVrCe<3#eFU6JqN^J2@#Wnt`ah?Bq zZ1vaRX8*0&=D!m={Bv=ee?IQ=KY+XakKkVa1KIbb;$oU5CIY-cu^KW$K{0F@`f1*D} z-NOCPiNR1#Uo6fUh$T4*Selc9;hYRC&+*{696yfF$;SyfML02MI8Mqb#mPBkSebJg zR_C0B({d)@jGPN_X3iy8lXC^m&Z)*ZIn%K==Q^yHr$o-F7D3x z5clSMg8Om~;DMYj?9BNZyK}zB!#PLsNY1Z#H0KXImh%tx_G9u_kvJ&dzPd zIl0ecZSIR$pSu?4=eFX4+}E)&_bptM`wlM7-GxhYKfp-t$Jm^^A6MpfVoUBJT$B49 zuFL%iTXT=$=G@=0E%$Hi$hF?e{m+fXUAg^nckW5JH#Zsg{t_wSJv#>ii4-e;t z@JQ}ZJeqql9?Kn#J-Ow0JogM#dFP-luL5K9CShFOWf-4#B_`xuh4#D|=*YVPoq0E- zH}7`z=hb2$Zytv7?!)4|hp;4X5timXf#JNTu{>`%j>}t#2q zoY#((d2eHN-cFpBw;N~VeS|afKEs;4FL8EWH_plX7Hji<#QMBnaDHA7F39@}8}lr; zasTsrKoR@|x^PJd{=fgF5xwtMbh^=|WxH)eGw&k6I9eHDLTi!U_ zm3KDo&O0CX=3RvQ@+RYfyejO>`xkcSU4w`7X5x{&oA7AfZFns2F6_yx$K!bor~(h7 zEwB({1B)>(@D#=ep238`b7&8=pd;`yIs+Tf8+Z- zaNr9p4;;jCfx|dH@B>Z={EQO=zu~07ahx15Zs-07dSP{-A5IIz0;~@V!TEs_To4$Aje%2fQQ&l392k#F1Lt8Ra3MAaF2$9BN^A*C#WjJe zab4hgYz@@l=D@Ak7Pu2T0&{U&U_R~&Jb=3ckKo?GUH(hhn!gS==WoQe{5P;8e+zEQ--f&L z-^JbeAL8EpPjFxU0X&f3g`N3dV|V`dcsTzk9?Aa|kLLe@$MXNdo_yOK-2ePO$Ui=W zwt~SJTVThyf^>{8aAQJ2HrfjU=qM;eXTdP^7K}uHK^OxCV=+{4CKeZ*izNjUv9#b~ z3>RFED7XkHQ6{DM|oQ1Ci77QBUv3f{rR1-o!*!3P*A_!yfD_T$QePHZVS zglh`E!*vBeVQaxL++6TGwiW!19R=1qx&H;RxT~N)?k+e9_ZB4Mz5)jxC~#qCK^Arw zB8B_;%~LVIuqI)XQ# zGk7z4gSVqUSc`$+JPZZz!{XpWSQ1=>rNJjK9DEwfgUfMTa3zipzJL>gui(Vst2imR z87BwZu`>8JRtI5&Q^e20z1^;FmZ%*o||7-(qd>N30M2g7bqtxFGl!HU=$s zasPw8ad9vXmj(x6B$$NF!8BYMbYe@;hiihlxGosP)?hJi4vxUK;3?P<9E00}<8W8- zY}_3@ANK|?!hONXcpzAXoxy)$ckmiK9Gr+yK70afThw1pO8 zY-lmYg`UFr&@-42dJgTO7IcJOMrUXPdPA?FKh%bS&{hnEc3^SneJly>#nRBH7!G}b z<)MQ(E_4{jhkn2bp`USL=r^1cI*yY=MlJV0)C;Ra{cu_+9%qCSab_qLYeJbgJLJVV zp&YCY6<~d62+j|c;DXR7Yz&=>i$bU4;?Q_p8afXnp$oA&bSbV3RboqMDy|7#jq5_! zV{51eH-~P;w$Po}5t@tJLi2G~=mFdvdIa}|9>;y5rFbCJgq@*hu{*RH4~N#^kk41O*1~nTxo{)46~2KTg$HRq3@krsXc(m{jJXZJ*_7vLg=KdG=eY_t~z&{0%~&Z1%HEgFgbqA&)E#$u@GOe`)s7fXsJVrkLE7%sXT z%ZsMqxT0w|zUW$0J70toPMRizNbPrY+-H+3X8t;x(3yLbsV^w3(>A0w9 zJpX03#vza1JwWXna+tNH#cP*>WwGi&@xNKy!%VC?UOXPv(DTqX z^g;{`)$_$e^?b?DTd{QL;}{;g6w8M;;kcpC;`pJfal%mjC=-XS$M|9Tu@Z*qBiM)O zBRGcXBRhxbZM?(O*jVKsR*fa*mZj#F<>vA@b9ubE*UaJiI5ordab^$y4`&-H`4gQZ z^t^Y3p7)Q?#}ACq#}AFrXI?x)KT636{V20fu3>r3$!acl;N%$GY|gZqGacqk=gInL z-6!j#9X?qf?a0acdP5`iOz}wb4vc(*qm_=_g5ibSM4ahP5r3x<=IN9<@~qn zbc@tC&*oCMI=@N!_AFJ=p!cg# zf1Be=Rqv&GJVl*r_8N7$*;(ouv$v~dX6LFWp3>XhFI}kKG{+0o@u!9`pQ?5&8$(xf ze!6{Wh0ITpd0jm}%bf37GFRqx^}Oy{)w5xqxxS)dq1heFmQ#IPUA>*|T9x_g3Uhr$ z!&7dM2d-hT|;!*;rQ{aC7xQ(<<;vP!DA zn?m*RboKFc_4ZS#-hP(Z9n0oYy`8S!PFHWYP}WDNKHhSf-$HYF-gWhHba$#%uWps` z98_*X!!_F;rjYU~|mS&!hVI3(YalzpU5Q>sLtEn&tY;^*sMFzm@9!_n2d@&s@*-$$H(L zs^ir|GXBLZ*JqXMr2296c&FO`YK)8ro8@|`K3`q)dZ}AgHw-byJxj*Qe1+K^%cfAh zy{_JVs&tlFu3OgY>h-$%>wKX(=K5v5u3o=Fy4Eb$FY9&n`mNGEX1RWNcNdzScQJcjD?)796btFLFQj4RA?9n`!I znb+f;D!z59jHgrm{yWPYb3IgVud9!%yHnlRx=_|Hm-V`O{aTsdV$SnAmH9m~f6$!g z^(phe$h?*RI=z1X@KF7Dy5@Drc#Mq4N~h58)$*sO%6Ph2&X=0!EAx7+uWz1=S4g)| zy`8RpoUPLBRDV5n(*3IRY2AZrzFGZv2N~=AboG9Rq}JZid0jo<$Lx+}y0;st8$7aJ zSFax;>&M8vuAUz&J%j4!L09izNmp}!rpo&1GC#{4bKTUuZdtF#JJpM=^|F4R%r7+C zvt&8d_j`rRx6%Eo<>?M{ykpsR=^p7pYF@WFu4w2s+q2|bs?X2L$Dmx^?{xKb=<2Vd z7#a7Wdb`2qn6E$jn);wsccH=aPWAQq%=HxwIaF^yhU&-F)z1qb8#q4iJ7y~y&Y*g` z3Ukcsn=Ua1Z=5RYr_1_T=D24`Ej91ce^sCFT*mtAWuCcRMMDGC$6aWSd0(P>KV7}O zuHJryjGw1^`?cnn*FDwS>+0=wR~zAt9kPC_%xt^`&${}49Fq0lQhnTC%rW1u z`CzS&Yoq%6ON?3G*Ua*DL)WS^H|px+>FVQoWxdZV_t)%>WkaN6sNPRk@29Kx8*8rT z`?y)&*XdeSssECJxt*@wj^D~O&u6Z={^pIk`Z&6JeZ9H9XUROXeBP1qa=KP6*r=?=&Gk2L)Ya>C_4+;LdhQ$5_d{3TXWg~xnT@)7dtJSKx4C}DvO{Jo8h(+n zm48K2@2{)(*VX&$>iu=~{xPzCuvzXi)#t6Nx6{?z`ONj)U$fj_=@_aXM^`_N?pn2d zqpsdxSMNVo)>oM2e$%z;=8d{~J6*k9wYi?p7gT>;OqcO2>0Fx2*K^weLYUPU;X*CN9KJpKSsu9m}9;^ zWjs~ZPnY?*GG9;oCUM@fe!0xAkn!_oIbWIYpnChQvi=~|=c}vV->h-b^RrRCormi6 zy5{Fq8J|JF=jVz_dQhFVOjp0(PoetyboKk$R2fe<*T1r4F4f1=H9xP?o$BbudaB>Q z=TW`?a;mq})!Q{weLgE>{aUj-mbKA?>TOub z)7`0Tn+{R^dF>Z-p7)Rb(d)8Oz1?85ydTSWh>XWj{rrxlZgoRLh0ITp`Kjjo#SOD$ zey+^VGsj$~j918bi;TBY{W>}*<3qCk7qfi-7!ZA4VyJ#x57pP}qxyV@nC0g$nb+0# zd#tRlko8k!y)NJXH%*oGvt<2Ts=pp}^>OD(7s~qO)ciV;`L!~?h3e-~*L)si{Xyv= z=`Uuvo`KQh45s@1+GCd2A2qK_#zSQN7#Zv8^*K%XukW9(ULPZ4&wo|V`(!-C zEYF{eb@lqOGOm#IQ)H~G*H4x4ELlHS#`B~LWqvs|pEsFbEAv}qeyhyyk@78!4q@j)3M zlChP4<-kCE~pbvM^fq5ApM)$eapWqz(X&*wxLFQ@vrTcii2*1^$v z57oyRBjYJD*45WH*Bo;^s?V#zEZ<+udA>fVKK?;jZ{=TsF<&QC@9&YZt{#t(v92CZ zk+JShmA`2&)yG>d-6HLv`h8aS>Lk98^RJlb?L1UJ-WVBAkKH`z+P_ z9i;j^R8n-_YL?f*e^sx~VXVKd!?N9&|EfOD6mxw=L#@oum2pJI%Vpdq<1PPHy}uso z$2n-uS2QU8)hT_RR;sTvEaO_~T&nk5F6*1ATMgK-MaG@f{5~OLt6lDwG)(ua-OI*M zeH>l$`H=Ax8CT1AF4eCSUA^6M8SCnC8{Mz6BU@x%*SsDXAC$35k?W%RajjHu=P~Cw z52|1HQ>eb~xzgp*Ez<2&|9o&z#@1B1KIs@~rF4pPI@QnPTp2Hywo&tSA>)JQnDa}M z^QGqbQuBOeJVrW&>ibh`wr5F1+GdvT>r`J)2i4cN-R#2~4$AzuR9}zP5#7#7_4h3g z)sL&IA2%%XW2in}rHrS@xK_rx`_-e7x#pPHiL_1D>+1b=t$fbhBIAQnl^$Jhl{%#! z=@{u5RNv1jGM+14F5M#Spn5x9{q@^P&DW=_w`N2i&qK}kBN<4zeLr278p>iefM^?ms#qN|T*rFy-MPT@W{W!^*e{Rzu>jEpN~JVnN}GLA@> z%X}N%uf{iRk#VQ=pw#M=>y?g?R!XNxtEu^VmGN?EGu7w2MaG>}U(Z1qcguR^ioT9? z&FiK5x@=Ux-aIlMBb_3hD_t(#BJHH+aXK+YF>woouTM{wRFFl_>8W3-=&?hUKK{S<2QrYZuK*^VtHJu z&##v1{UTE5(CECbo)61dSC4CD9Ff)zi*6qoF2^g;t!Riyog?&^^QZdyyeG?jp!&LO zBct=(rO`HzinfjF^Xrs`Pl=AJsXk7#)EkbDtEC;%wzBB?c2a#Db!xOWYVJ?<^He!T z-xterUGx4?ef}NPJl}F%UguQLx0&U6rTY1>jg7XP>h0^L5vq^ZY_9)peVdHC&GEUL z!l&uSy<~Yk)%$fwt51*KmwIWlSss__>*%2Radofe=iN?ozGq3djMX^3UC)xRw9+j1 zi|WVel(F}W==GPIy>wHAn#ZU5dFhsV&x~%@O!fZV(#~_D+lSBP_ZyAZmsgtI*<5S( z(-jf3-#pu9_UN;nW`BQ{f1r!)=RM~%J7{It>{BZ%&E`B`Pxbv)=S9CxozgJX=cn6` z`&ucjm3dt~AEEoz`sdrs_Fko{=R2k9e7*jnRl0iKX^x*-rK`tbX{EGQ8j-e1`OUKE z{?aft&rimcGS=0{t(8V(URTdIQ~i9l(f#VsDqTI_X^sP{b@iBk(#$-*t{yw3VQD!v zU(YhGmT|Y#c0u&{^Gd^1pKmqQk6$nI9cFp{rPUWk_p7D)^y(D2)l`3fh){jroz%*>TjtfJa^6&bUU5==JlkY_z5Mzc)!SFn{i=3#wanL3x2o9` zG3UQr-7NFY%Vc}1k5em+NZX{Hw4ZTGOZamA`26~mSzhl~=*Nk)IH~#dD=n{#-v4@O zxGK87R@!!@+=nT0J<>{PJ=NC}k#U=}L*_eW+%02O9X*bX>ixXZYU);&4b4(DRiAGU zemR3q@r4ebHv{S0ClKrJ&X{EGQ8j-e1)wJk-VQM~a(pqUV zHNVbe+#%ym8LR2h{hZRUv{u?l&DZ(W(T1gMQs*_%`C7BQ&(i&B`U~YV^y6OKP)qfF ziBSFeXp?qI)wS~aqvq>R#$FkRWn4@3^+l*YA9Y=HKc_S-t(4YEBhof$C)KY%UGwYc z`si3u^Yv?vIbUfr)#ueA?Us6HM(4|=)zXd|^!$!xwi~0Zrk5n$wW--0^Z8BYJE?gc zv!b<8^KqnYHTpij_d?_*y`G=fZ;oDnSQ?@Fe4D9$Jm)RZ?ZVPZvwS|LdOPQAy`Jxf zRBzvAj(LBOhHs7TUnz}9+o-iKdRSIW3n8j&_r^YLWdDOI;e_xDo0 zJ}l!(X{|IOZIgCTy?yN+`h2-QYTgHGK8}pNcj|FPLzwFAYNSf$4?UZ@l{mS`LH+8FrH>d~ncQ;@LA~N4*&aYb2DP!IJD&}R|gL*s52Cv!Q)`zJ+Zn-&b+*C>Tt1DlwmT|4D z*WIt$Uapt)jN^K8C$4;uBPp^#2rM2cfUw2f$j#Oi`HmZ-~r20H`^?I*4&wZ3} zrL_dsrWj?`KrMu66b2+*+BBNZX{gM`S;$_p7A(d5%bJ z3-#mh`{&d={-Wr0hNbG!=-4UsQoUWdv|3s(jZpLJm+H?KZ8GkV_1#kMW6|?3r+T|e zYJMG>^L&1ialMQ?%<^?i^>uVpy`OqKI<`^s{AKKwaahKc(rR;__Zu14Q}c6>jGN8% ze1DL3OZjJW&BwJ-{WxA}xwKN&SIf9w+AM98^&K*HJ`p`$t+Y+5o{Y|iseYbnrEOBR zBs%Y;`t?{T?Uc4Hjo!yjY3^NzK<2 z)z4p>InVo^H2jQgw_MJH>is*V;buABifC)4>RCBIYChg`(NqEwB zrQV*Om#N;~DGf_2PmG_J<4S9(c|B6KDmr#b!_rD=t+Y+bgYme0o}s+oy%ILN(q<7cdQFjy}nlJd`Zv$yspyhwDl3H*LO;t zYog;yX++v7b-pa?r4ebTw2FUyT;Dg>V+LOzo$Je}e!rk;4w>Uaq_Jp4QZGAh{$1$Fa)v@>gw}0o|f~MmQj5?UA?}F>f_c)yUg{!tv8k#=I?L1q-E5+ZmJ)r zO6Hqn+%D^N_3w*z$yis94gNr?eq3EWc1g>qd0jHDlCiGdu1?w{^SXMzUB2^Db$bv`ShhZIZTA{e7WJ zTJ}P8TxWL2vLiy)V%MTbuAlQ)Vx13 zu9G&suGc@cq3jL4p4T}wU%ym8-*wU^X}h#bYP=cUPgig6GRGASWzs6C@m6#@m)VMj zI%$)%UFzDRw_|^4owP~Xbz*%-bh~zGm()VF(fwS~ zGHI2xPTC}GmzKQ~-LFboCpEUo@uX$acC$S0cDyGH-H&K1vuAR}ANvotyR6n2X z=9vAZRlB0wx0~hr(z|-RW0{NU>nf90N$aFdRBzXAmaluM@m}vG z$CtYHM$eZZr3Djml|J2??;)miR$xgmv&KoKa9@kyo;LmS6U^llQv1)rCm~^ zOU_eTCasdzNt>kY(k`j-mFzDqlU7OVq)pVVS~s-I*mY3OS6U^lqvq>NTGk!iu1Z=b zZKCGuMOt+zx?PjBUD_or`&y18ZKwSFyrIi1-zUF`j_as-pUp9!_YOz*b4lx@P11I0 zm$d5J==OC|*LTrznY2mTE_Hn`>!npE#z&&(QAPFhS|@Fic1evNqU&AKGHDgn-~a1m z++>bF+|Vv#<44&~S|+WddcP(aw@ZzmWP53uv`X3~HIB-5(lY8+Uv8+Aal5oj>iTzd z`!Z>jv`*SY&F5LhT~gy`dEHCPq*c`XJ}cuoX_K_wT+jQlwCb1WKQDu%VZm5%S zyNq3b%X+HMr%uN0C+7c&u5Y5|`O4U(Eaq{`q)pOxsbNIdyQFo}CTY90OKMmwO5aZx zHP2VtZq8ra;IhiRwEe``7M*XR=K0Ckh>^#a)=8VBT~ec0bh|QXm9$RUC2i^*-L75g zij9uzq^>@49BGr(=o_7HlD11-{bYZsD^B*8Hc4YuFXiRelnteSz3Uodp3!W)WUMt> zjm^gAhSxIMa+!IlV6EwV}5?)*Bm$Es4D<_S)E|V&9H^FZQF@gR$Sm{t+9~r?k(wJ`?#z;i~#P z)n`|q1AWT-KG65WzP^4X{m$rD*>6U_t^Gde7mS-8cW2!CxbNbQ$7S{(-T$=y_xE4j z|3Lpk{VfA78F15pbpzfW@cw}0f$0PN1BVZMXW*fM{o>2xC&XVIe{cMY@on+D;*CKM z3>tJ&nD|5D z?}>wxQj#Vm-Iw%A(z{7Vk_IQIC*P6$NOE&>YjU~0*1pGne#)aMDXB%NXQZB=T9ew4 zx+L}I)S+qLrww$ZIkFvN95WnuIOaQsrkABpP2ZXRLHgv3mW)FgcV<4DxjM7bxzYKD zbC9drb*t-X*H!Kt-M70Jx>vZ@x!c@(++Vu?a9ce6JOR&W&sfh?&mzy0o;$pWKDTeK z?*-qbS=+LH%z8Tev+TdJ!~SZ2jsG_Pz5e_Ci~QUDU--Q_*XL}^c{At799wQmZf348 z_ln%9xwq#wZF_fy`ld2xZvz}Uddz+-_|18)R6 z0{a4g2b}rC^ULxt$$v6Gl7BFNdcn$qbp?HbiNRsP^MaQJ?+h*pJ{Q~;+!OpgI5;#q z^j@f6VM5_4g{up{E-Wazv1oD8H$~Y)?j7>{kb^_Yiz|y?DSo?nSMlLu+t5`*-NWV% zYZ$g{*t%hxh7A~=I(+o-Z-;Ly*<12^$;~5jPabyir6>P%^6MkFkNk1uHKmSGQ%8M1 z%6ZECQ}&!PW^}{o67!XL?ruY!#$RPJRGhN%N3LU30TY$en#&*Ss8{E!dsKzGmp`H~pFbXOAA8)d{-qvLSMiIl)6{e7 zI(|{{Mzu=K;*-QJszu$VUQu(@I*ztp-K92gv{yM&t7=di+4D8_+^iba8|q=zrXEr4 zYLR+NEma+AncAkB)ONL8?NHCFUHnqtd+fQJtv}%J^n9YWs(tDm^(k9@#ulG5^93`V z%zVXCw>qT0R==rlRFC>j{i%N7EBhpVdis`MNsgsIQa%3pzs5JW80t61A3hOX@8sQC zZ`Zmw+TUcpLdG|2GSr`}-@~UFz1J!IlecwabdYqZRR8Lpd46*I^EeNE{9$hyDuLc}Ai7?EmriB;SbKDQ z9p5GOejm$uPV9)DU!N6*aJD!9|8@WV>pr&+E1=(XN)p$n$*} z&yT*ZS8-n+qbFVm|G(p$c>EJRaX$>6_oeJ#A(Ti~ACLA_?x)^v zCtn}BBbG$_h|Di*i;ib;pY{5u`8v@3n%A-Ja@p^o^gKDQVY2;Ivi(6`=X(3u$D{pJ z9_Pe$pZNManeEzlZi2s+)1v9z%UcSMa($N*6v7-TyDn-+X<_+##tY4Y{hSK2A_vt@jH zm!W>=c&i?WzFt0NUVmMmc-#|TUmKbKhxwPAdA;&GU1z_`_Ec}L&+o+kC$7W8cJZv= z$o1>vmvg`Mc`f91s$Y*gxSx7Fh}Vbi@BGxHk8|Sv;KbvO;q{foaZ*+q%0bWh*ihND zh1XYro_M@*a^Lzr%hx;eC-&FZG3vj@C+7cuE#$h!{MT_?<$1ZC^V8RR;{0A?tlzIr zj8DAZzAMkijueofBff6woK@0Wf*oz3?B<^Ab#-mmrRVzS(yO}yXK z|JVA`pQHEf|2Wi+X@hJr?yKpLr~N-UwnNe`MOiXO1EG2%mi{Y9XI~EPVPHfsb-t7WJ4K zg^#PzJo;j^s3(;EN$g2A2A8O@cvzjz+HcXq?=YT$ZsRQU8E0dbaV`do^VlXIEvmq% zU^$2u6*4YhxezU?$he5*A!t#Ew7Z}%aoD0#SE;6piNyZI$u`vrTF>Ye*rD#!;ja%?C<5s-fxE-%B?!ZdpF03-@ z@JeGYPBG?TwQ(=|PDP9Qm(hS%8TaEf;{lv*JcRcc597VYLbjZb7S&)piuW0h<8tE( zY&Mp#b_H70v&K{SoUsg78cq1Tv7EK5(8AyRUx6*gbIiPe7WJa>Jnl4B<1XU`eAjph z-!opuAB?s5qp==;GG4`_#zyx2H(J!s#%nm(@;W*!Z=&DQj^&muc&TM8PPV+m_Lm{| z#IhZ)u zm$i_i^+t<|wGP2P)}h$XIvnGyBe1`9Bo45S!hzP&7;i0OuR&;0Ct1hfVCz^+u%3>I z)-y24dKM;I&qlZPTs+Ns9*(nC-~{Uhc!BjIoN2w7quqeqZR@2t%X%5sSg*jFtW~VN z87=A->lBt}Bkw2Hsd%^bDr~S$#|N#~;A7Tn@hR)|xZHXJuCva<_12s4b?Ytoq4ieW zYrP#mv)+LRtao9jwGIzk=i(36c|6vS$bGini&k3$GdASz+3sh#7g|(r+XF1eB6rXB z5X*g$J7aqo3v3Hq(w5Ypm%dytB0_$wg z;oY|9Svwaks@}Gm<$1{0xa|de!uAqIY%k+;wzc?zZ9Tqddlg@@ZN#;<*VtzMs`e$3~FT^&__#HJ{laka&x##_$j`@{K`v-oZhvCOdKsb?(L z;b)eac))TaeqpJ>PRq^sm1VXi!0T-WCRne-BU?VyjZaRM>W&I$7Olo5D}hSI1n7Gh)tD7pj(+QTSraXmyEdWBC&G7R#5b z-7H_OK4ke?b$72(Sl??j-`nQ*8jJV!Ivp4Es=x<(orR6P&c;W2U4V;voyYgT$Jpz7 zwV1tbQXjK?liJ7fz3TGbqp-5~XntzHlI8iTn&pSo)4j)Hr1$CA-1|~|w)a`MviI4z zs`q8s()&EVU#?-xM)e9?HmY^K&%h0A*{E9CvQcg7eJ*Zh%SYAM9RE>unBzaGjXFz{xF~isKhHlId$wAwRx-0%tzzaywV9bV=cxngYqme24zvB|>N}P{S4UX>LLKch7Ju$@I{v568Q8in& z#)mBTF}`BCkI~I?U*l_*`x=K?9$@saJiz#a<$=a=mIoStvm9@zexuORZ?qa@*jOH9 z^kVrWBbMcpjJ_-nHsV+wYz$yI!H8!$!8nQKL?eOaL?emiB*V^fl99@Cvf*Gk*~nmd zGoO;T^ZyZib~=MkceD7_pC|cMomcqvpSSomlRezE@6|D`HpUoiq!}Kg$S5<;Hy$$D zjU7geWwPaS%SqO9>wVV6*7vOYtY_G+w#~CO*s+XS2nm#du<7#Wch$i+L^P z@0iniJ<#j1ULW-Oy4OX$XY{_K_anW#dmrijYwy2%FN(dX&s}{M_1V(rNFPhzq`njS z&g^?@-#7aH)YsC_(eK87uk`z_-|zk6;?9W6??0^nb^Rah|8oDg`@h%!xBmb1_Y8Pw z!0Q7(8PGZ4j{$QBE*Q9I;8O!v3~U|v#Xx`j$oQM$?~H#k{-^k!_>w`B2TdEaW6+m_ zej9YoNf({eaMJRVT2A`sr1-%pgYOu;aByVs^MhX*{LkQ<6aGxFC2mhVlsF^ljiiG~ z*~!7=Ym;wEZb|+&Inh4MezSe4eXD(!{Y(3>lowLIPZ^NvOdXjzDRpXUY??Fe!nEtt zTGQT6`!(&av_i)?$8yITj!ztY(mm;CrO!!kNMD}bCnGZ>D`Q5+9T|HwdNTTEre_vs zUX{5Z^FNu1PQP=6^GxSL=d;dO*HG6O*VV4Mt{+_%cY^y*kJo#yx54|Qcfa=!??t|8 zzFU1y_%{05eVsl}*7U49vo>UXk@a;}F#F8xE3&`I9_)Y8|BQc?|26;n{{Q&na?*3o z$+;kBa?S%ekL4`Oc{b-*&XC-3x!2@=mHT7vh`dwt&dO`ddou5%ywbpqz^{RV{PFpl z@?8a?g3$%D3LY$Ytl;T_Hwtza{9TY4938wW_+aqm;FrOF2Ma>ihwceI6j~fgFZ2}- zE4-v|Mqy3iBZW^EZZ6ze_(kDAg-JyjMOj4^MOPMGUGz%Pj-pXR?ilj=khUQo4e3>! zUHn_|S3|!WddaXU!)6S7beMPegTo&m9vS}X@V4RGho4$9d0E!8b+N0Z~ATXma47+ z`?=| z8oulJZs5C#@12nKp2qhse9vsW3i{+%ZTt;<@5c8Z%Uytt_@cm7E--z#<@ck`( z-;D1+!S^lr{!@J43a$9J;rn*TjNh^GTF8ZOfK>PfoN;f!>GcN4gKva1_(sTrZ-gZH zMx0`AgcSHj$bfHz1o%eCe_saL^<|L#z8pI0FW>mD@qIVG?}0S=z0jn8AHKhj?;qg% zZ}7br-}mGDZy{&?LulFG2cF=++qe&B-hI%FzjfmW@Vy_h=0C>wgV4PH5WXMA_fPQs z2)+;C`%y@q{{y}c;`<*VdHxu_AK&Of58m7O5Wb(p_bk5u3ExlQ`=23~{xrV-1>gUQ z?`QD+Q+z**@8|G+7~e-hc!zTd$2FR==K6RY5V$ISm0X8X4>%fEwJ{#|^(hwo#U!QaRC2l)OF-yh-oIKDr| z_kZB~KQV*<3N!exF?)Z4nfo`GwdXNw{}$i>h3^xXt$&9Z`M)tE{|`p^llcA=BmD0% zx_^cbr{l(_Fk1fs-~WqmWAlfxLm>g;+roDO->vvgZvM!|ZTL>%`z(C7<9pHO2R1$% z-;43xf$vUyFWLMQPQL$u6YmzBLtC3K+q`Y_b2m?Ie%|J1Z+`yfi)E91$;Nm7j_#H> zY`pky@Ye~f2K|N5<>}X58=v#fNGDEU&VS|mHOEeZKA!SkPH8t%+B;L)-%4rUvGFZJ zfi|#ezaLs{{`bLz_haeTPo!VJom%kQsRh5A(tbCkeJrJYET#QHO8bM9_D3o0k5bwn zr?fv#X(u*)G)|^pQ~PxS`U;1hPrn{c(636r{#t^*EB$(R`t^0`*EghJ-?8~xXu0{{ zf1ZB*7YX{e)35K^{MZk1W;QmyE8+cD3Homm%k(Bl$DeXs7+K;AEel)e}$I`E#-SqYM zvzxyDKAh4%oYHDL?5uQ%DR6C2;2(*9)2 z>wP}``qT95&(g0?rC+Z&;W@q_{d%?iI-Fi^o71nmZ}r{twv_gcTYY7B z5_C5~2kF9z?~mc%pLxl1o9}+<*5*&( z`zxP=GCt?GHvjJDJim4JFKlgo;*KBR9N=G;HGJ9N#PDUS6Kvx*e(t~7`hgd{`~>U2 z_4Cf&^6-nk`NV@SdF6?p0^WCh-Yb#*Dtupz@qX`#zw-I7mbN{8;-8-2xPR>Pf91rT zFJGN_;^iMd@xhlryYcHU-`f1_SNz3WfB6+#n}7a_v&i#F^y`x-e{1u~E73=MfBwo> zBW)%1ea;uW55He|E8)X0_&c}W`l@F)J{R9>U-frxz5i7^NFU?-VtmhU{n4wY`1je3 zx4rt=jjw$5^IM<7_j#{*{?_xa86y2jlyml$Z+^|$TZUh7_7>Lv)35o!=1<-Efz9); zdGy5ej>D6`^Or83{C9upYfnD(+HX2}{k88s@m;SyJo&mWJUqFF@8K`}p_AY9g_!eG z7f*il#j6t!qkSKJ@yAcx{YB56eCUgQ{;8jQ z!(&^V-*0~7V_T>1{Bg|nk8j@dWm}uy{$*!x`I?v9ed_Vs-gD~RU;ds`-}>e6JN3br zAD$e)=~=wO^X$g^-}LcQpTNI&zWL*)zU8~FG8@b6E)`RpyPKJlJY|NUFu zbLvBHIXw9Ze7Bq)VxFe>#`1BjzVpoC$$x?GC1(#$zUJ(EPW8`jZO-t$AKyPY`-yzSYIpMKkWPkiic{Zl({KRmg3d;io|za9DCj{NxdMPG4vvV-qIeDkm9 zpZcn=c+aW7hwpv(ejaJJK5%&QjtBauKL3IDocgQyz6RgZNc$kZpF;YF@%PK$@t#w! z!*}K#hbOP#d-@&yQ{RBUe-7VA@%iFu7OOHPDZbg36#fvwtUSpAGq=LH0vzp2VoIcGK zEUrB>xbn`cPaJhFU+x_}h4vg>xiLGs@W|1%>w`x-Pd#<*>QmP)q1Vz(%_HrX-0UOj z?_Ria@#ym93txTtXmR2C6WUpJOOQ|qitSvyap~$6Erk`ckTcqZtDUEwlqSoc1l%vb z=0`UUu3bRxM_4K`G+pXv8E^8=3VLH=wYYjvz4Fs%_-p6t<;z!})(&|47gxJipM2`_ zQEISYN`vLs!KE9I&u=_)S;pjyBrQ@O6t}8Wk)#Axik8Y4&5mx|ymn=N?icQOr>={X$-^2<%x_*6jbouC=T!k!DAnXh$>gvrK zgDaOWUAc7Su>@UEhY`J>+An#dh~51WcjgsqJ+zk2i9#iQ$stII1-T)Fx* zSDkHYL90vA%v@7<2^@4{e(~|6M{Zs|>R!EaYz-=SpMW_u^22Gk z{&DfbJCAU1aH&Z`W5r7<7iKt099ffK1U8$scT&18)?@!;~I!c;~ww{q+FGTM4 zjxIlSq~}MH|9@Yx^eOG#nsUToc@nvR|~BI+?R>`ykVQr zo0c{spxzEEmn+_I zyQ{&tI~h$oi^2A=zd9H!_Et&^P}`Kmh^?+gds z1saq01Na~O&1RC*!Ozc_)A8)g+&D3$NS1!az_OIq9Oz!sS>l!p>a?UuLGr6OyDcC1 z)|M7XYVI%Sp`puxmXH6^{DIny%YUpmCHkC@>;4C4Cj1d#2CHs%?tE+Z712FZzS z!tczGRVS@qir$| z*T|&EUtbG$!2SSx@aUz-ZeG*uou_eXG$2A)L{tdi@l_Dat53JWY`i1uK}rbxD_3t` zzx+(Bh8>waI(hWQ(Ur*+HV@~(BbP3M-NEm+15oH5V6ufDBK5={Y+XH8oQA+p0t;C$ zK7oHD$A&*sAMjgB9bUb7;WGZvBf)ZC}26@d=!@ zMdHBo7OB%~S05ugEbAr7Ff5w;g;H^_DIX|t5wR&~QLB3@xysP-Vcj5ZuU~}9G^Y2ad7F% zBUhik{wDm3zeblXUb}kz>Z3R8@4=NDNL_o}IjDydaJCwZrjz+x&ez3cwci;IdYwgo zwSNZfvqKO+KjTBtvO|z$?kHFqw><%kik6z$B$xua)< z$V@L>x`uSp3ncX}3H-vfXOQN5jqR|#cBa~E0QDfcK6VWivWC39-g4IWSCSHB!QA8N z{#V)zXa9d}2IMhLjk)7yFvwji{Ak$>NDWK6XcIub%s7kqlS>SzjEGj6LOJ{5<(t>B zc-d`RG@=zNRva>$Ix>w6lIn$kBu?~Mo#?Y03z^KbX#xnh31IH5Y9b$YmyPpIXE0n1 z&fK-J1eLnyu8qZ2{a2|KNYbd&-5ZSit4_B&Sz=#yLH8CA-lj9`(z|pZ?^@wU%Wxqz z3>W?~6_qo6NNGr6XdIH+G5muveI=%mIDNM@eSb0>?ao%yVgLMUJXx$}ok8zzZxDX8 zGzh7oLHMiOnMklfo?Pjb8$4AHoQl_D%7x3ih+B8$>3h6Y_|eiTq~h3lBr-)kBYmQt z23$$t_R*tPuN}z_4eQ4U)AiKE({H)gE5whM3XwW#Uy8Ym`@9JJXek1z6$gL%e&%RF z)-*O)xGWx{NTSGUS_(~A#~TB8bd~z52W;N4D0?%Ao0H|N+g}alt7&Jp7<7hmdRgWJ%jtA7tAWe$tlypNjt37{ zxdvl7%Zrlwz5d9@1!F$zjaR)%e-0Wj>MXi@s~UkLO`QG?=tU1r zX<&2~3)!haX#;mViN0Wbd;M8iz+fsGh;x0=o=KMq12la#?kpyumEBy>5VlezM8E z{&;}F=}e~qmUC`*dfmOwEWo;*;c&Zy8RvQ%GOy3EAm#Zjl66vLrM9G_af{Ufm&kS> z#J#twibDUC%&)qj{(S{&k)z41_}fbd>(-gg3()>v4_j}Jov=EXEQh_-VupbsGaI`% zT+XplQ4!|8*PnCI4w+4{u=e&b?J=Rhzer=%-zQI5brZ{JGVXO|hcVZ* zvx@}`ru3oZBuy>XQ-3^J?(P-I2b0-3?xlHuQKZig(WenAU-Wk|%7>&t%LTM%lksZ0 z^!0+d?rj^fLJ4}j0t4x*VFFBt>=sZToOqfqf9$YkBAaS}yf&DKbu>A^@<9!=Nw1r! zBxifC-#s^-puwutn@0EuGql8g{ zBM#oEBMTrw>{thpJ-6x|5-H>%;ot3#u}Zodv;HnO`e5g9wb-LHw(9JTv9c4sl{D&) zwz0xUj}FIP7B=Xzw~~pr5evZB1S%y5yUUr*-dbGYLdq)aoHBiPtQ-&wy6L?|@?lP) zx2x1b%g)sh(_}P3VSB6o`6=|~n9&ICpC4cZFs#T1#tpkJLdRWZ=67W1P+i&-E0wm<9xv$IWsE+R-dMpn?>F}B`h)Zs6m6CIZB4D#;` zC&Uhn0VNEJc)8e{U`q{9IN@B331_Z*WxfDE(3^OvPN6W@BsAPSw)W5UXXE}5wAd4t zAV1;H?#uzbZ5)`B@nSX^u3{QaP3-aW-TqYeb^^^ot+!=3Y=Ls!jJvBntWw{2C=%_# z79d5`1#FEhG8MkJ6@!!CpS9uW0gk>pr9lHY2&ll$_T?Z`!~)`TI-f#4gDt*03)#vO z6J)8|@8?3nmSQE_aasd~$jd=nLooQDRNSzwVDzFEOk43}#*HL_{Q$LSMZ?*+64YaG zrfACx;qZ)IkRlVD1h)Cd*%PB!SSp9G?f;qMcW8JMVFs;HVp#$wXl`O0Q_xI5&Oa(=*)&f8s zKncMK$@wJ*l?=l%$fU_QLNFSi7P^-W8EJ`{$Yvf}I90J=l2e;rD4$F)=4J+Aw6$P6 z@!DZ?P#PQu?KzDm%^^dOi)=3e1ZD_2+FOpM?HI#}o?|*@t%Z;V?GI*)CHi2DCTMXh z>Igh7&Y)J9kTQ@#FxT56u*&}_k6SIdP8Y|yvRAEeJ!Em#>luO5N#*u&Bs0Cf9C@?; zV2o3fB7`w)5s9KXh~ptnMjXcxVk`Hc!;^bHg5?T5ia)wG1wh#SG+yVFF zlvHF9a4X$&af4fuE>x22`FvVSwF&kr83gyGTlfQIjQ4Au*=gDkZs#APQv6Ho$o> zLtQ1bLgWSe3iZzvNAC>B48z^p@dv!${(S-@8z6w$$f+5w;1ndb(R8V1Id z6@$GV1dKUkIV?I*nI7bCJ1p7p392GK*3@7pgZe$tNzi%I$p~u!`Du=}%>x?9Y5zQY zDlmIJtXb@8mQ`czPB95M@J#?w{eiUs%WMs#-=V@bD;#p8DM7V?D6Qkr6{ZqD+fahc z)CR`rFTuEqc+i@EzL?A)U4y?N8`xIFxWAxG-3k-Jv;e!_(y#8~JS}lNK{$?WC~avN zzqVxAIZ!b6A+2DU7DG-^pQjGCRS94da6*%JE;5*u$EoF3oQ=UFfF@!D@={VM7v=W) zN-Yy;ycmwEq&Yam-6dFgFmJo)tdQ4~0gFn;VK~Hc4V1OSIydqyQl?j=wglRyDifVo zrXa+D8ABu$VpF22DC&xf3dZ3??lSeD-#NEB*xT7Y*S8}i^|9NTlDU6a_6w*21%)u2 zB;qM4>p<*K^MgV5e34IeUF2plvY|X@G%YcgNM_tobE>l5MG4B+PjSFQc~(GNRHJ5U zy8|}4fXaxMNd=reEfOeVBqE6Qo2W{G#kE)@Q2z+EDfA>*ngNk9X zS-?k(C|rtA+dyd-k@ja{c)B}Kl0c0D@>*dj9TQ>h70AelCSpmOuk`Ba0Jb1)jDVfMNe zGVjio+sfyI^@+om7HgTD7>Nqq$*9_CDj<&=`pgJnZV zf|VxL0QfATmBKk!psZII_jjR8)ETRgAcfBkRmD?7z|u^Y+e5MoWDgqS)l5YPW`iCr zmlZnxJcrFP?FNb`)oN@;^H)cT06=bI&;Ut zxM@l_1!PE-NC*4Yg-+884NMRjXP(0q1}C@=HBZ;{EUMJX9N69f%-pQI2embK7g%Cw z4Z5cL%4n9m1;|}N9z>-$lFBl3Ueh9M7xm9)-PL@yzv@Bb(S$-g?;N(Io5~%vjz*-J zMUhH+RsJdfi7*tY7#8p=cw6qiW=Is zV!7K|5PZGjh!Ig*R7OP|rVlRCd|`{GxPaIQTc7s9#lhl%sV+okgWr6TpghXOn}RA#c*KKS@Po48&Y-MQ2Q*5e>NVT-4`~AB9Fi zjr~Q#Y^m^ANoHgyHLy<$H0__56b`{#t$~xvR-<$a3VHadPzu#JD~g&pM3C5w+<-pL z`Uef9Fx=o|i~Jch?PFJVYq%(F66u$7pv-TL@;%hVQ1Z)(Yr@J6-Gnz&*dos4Oyp@2{z>CWCo*~frM(ptfRJ*j6Y619LP4nxX7741M{ z>4YQJ+<9l@uE?Rid2Nq*hzntE1&g3ugLUPDcN@>i8)6us9>Af{(v<0VN-1GHr+Tj* zF9HX%ht?wqA;mlymsoVN(4ZBN1^qV)RdNBw=x}^NnN87LL#b!W`jB#pk(prVgT`xd zcHk@1?5rz(lfJ-?U({qe#IhYwVVU4kq#xkcRS;?l*t&GMTfnsdWE%o=k%8PfG@eBo zdT5%VWX_*dC`tr+lljz+<>6#JIxI8b)9t!@&kS z7Y4PgaRjFV@EpUmFd?47%q60Ajk^a5&CaB4HQB_d6@G=*tpZveh-*z$g?}Q&m~Oq6NPLA3Ad( zH#{tn2jQBUS|3?PHmm?P5`6B3MSW-qw<3`9T$qhhx&X5a0~j8&A+jobQ}otdV6v6~c`~pa0o2(xB zKc80`(Y+=pW`{UdV9_ySPXuz!MUBmVe=$ipr^DqgcGDqTxu``bU|F(6Kmw>PrYRSl z4NDXZ4&{tb-V|pN{42zDJS6L;!G;Nri7}hl)y$2vEHH1k(Fg}=%#=Y7)u5#1QX@;5 zFH(2&ohT99`c$U!IHpfVnF<=E*9&kN2%{%{PCgib?RM+LMO5%|zQh%6=tqt_fl& z7DzLvds6ZcPT8~#GL7nES%VVEF%S7FC*@aU5$E{|LM*}exdb`OV zPP)7X;VH0-%u&<~n-u;_o(i`Xni9;}2mEsesb}zf&Rq$%1g@nexYjsP;agy6p%{HF z6_W-51bikeRH#3%?=EgjV&{Tx!mW^krYg8n8zE;x7}!M@(OXK+3F2cVhckT5GQ@rG zi$n|tTsDd%*(gOyQ6|T}fO2h7fnbTb6EkrN1TBw^z*>SRQ6^$7n(ti&@S;m}Qz3BC zgpxToSOdI5f~H`CNCPl(+fXFI)SJga5#^eU4U%|{?oK4V=Y)oWY*XRokWCao@BiKq(X0)42WPpDm|Ks9LE|<~( zU3YDLo5U0lU=kZau!2l1mT%t{v-2=@n7UgP%?@#5ERBH@rwdP{)Dn(109jhredB`w z?xDo@!qy^0YOGd{Tv;ZELab|W(pSMPFWieJ|j%*p!0DDR-1{?tnLIX zsa%8e!N`Xx`Q=OAo)zqgq<{sxlqNw%%?H9IfF&e64S@HxW{wg4xiQTW~fw@GyW|qz0e_JaOB3cyq6s9RZ$20ME3goc$qw$w!LtVik%wb6f=2!|$udQvYpM{6 zf(wFC6fbCcB>`mB@KWXbT@u?ml|~@Z;k3Y7ubbokh5CB8WPp~eC3QN05~8jb&NHw` z?KILwZz|5DdYi7!7ZfKoNb2F#*8pGDXq&33YlQYpX~Ft-th42|s9^pIz-YQ7_8tqTDNA=mMmHWRj`l?sWQQAHrB{96~O5V z4jcR|x}BwB2&8HsbTWedAeY$6)TFEvL%icE$tf}2L=$WfB?1*3Wy*u#9?407O@bn= zgz?maoyty2kT=jh+=cTNI0-W=FZx-+p^@lQWdV5{XL8Qx>7uP<)fF5=j*%99BiAI> z8RUAe)VRtfKy$_Pnu8)tRJ*+9lnUf!T%qz!kZhvG1h#J6St&BvwzJSMrfrjr!b-?w zPIC=%hWf^@U>IV$0l;spKMGlr4x+aW3Lxse+~BD0t6;_0&dG6j1787{buIlAQ^`k6hVo9$7T)E-5%P zQM3rs3z!#L;7(DJp{!Yit#AqSB`r=dn0y!Nj$&t8K%(%12jSjC`&*;XxiBrs8kpQw z+X{DPO?|QH2-t>2R|-fXkc{%$uB%B~WIak)B5k$6bVUXI+KzZz)m?Kf+FAg5AUcor zH5h?xYn*Q&6q0CsJp{&@?I6w^^bD;dsj7H)=$cLFXf491-k55ydBCf2W@_=+UAAua za3Qp{BEJXGR-)5eySD-%kK92Qo;#61wIRy* ziNFYT0O&n;l zT(aoG533Di6fg!?p!Q( zG^X>Oj2*moaMuNX2dV-GMap1w)xA<#Nh5oJgOp8iyIu)ZAJ;sNDJOw5dkW7<*3b^| z^EyFQ4L_Mpp?T7n7ya{lP*CQkYlrGo6A5!bkSY^&XL9|P@d8Q^FP4cyP;Wy?fRr>& zs?Wl?2G7de1d;){U1=Ou4UZe%dsyQ*DWNfIs(Rwg;;B;*R{FpM&lA5k@6-6l=s(ld1|Wp|aNz3J^>@C2n5n@Y3u&=fRWiE?_dK zP((1c%(mEVFEi~mFq}E^W3DctWUd<7_j{sIDQgYXz1QD6geW3(wUL?1ZNFYvG+VlD zcW$S+(hj2|$FrdoCf8<3#pPx?fl#-AeSlN$1(2Iy zztgRkwIe*QB2zjvQFIfEvtnXm$_^n&Q@R>lK`^`sqbc{4r_y|eAd3yq(r0!rxXc}P z4tQws9d2gz*kB%BtuZAo*Cnzo%56VW%Nl(jmg*wvk7a{3YtI(%ZCIhf2`2}S<8Vhf zV+M4*ie_>>0?YQ~;!_sy&JIEa!sOGI%T-(KBQA%-zf2A_cO_`HEGSW$K&pkj_VZ~I zQ>X?VG@}ygpqc$JfxDDF$?ND{XO^1o7bK+pxpH(Z5R{In4MO>L7=+6SXA^ZjBx|1- z{S`(K`lCsJG+BZ4BGJgTMwi+I!)$X;txghK@`FvngWr)j1{Zdf4u?j@*{)O^gWif} z3V)7{-fbfH0aYKQS@uz5oU)T2$q+EnyK6v$ zlrF2wBFkdF#TPG}6Rk^n+}*h*rRJa)~Z3vz|YYB z*M`6aq7i>uQH){4KVtB%OQ0c{B8gS7!ip|CVfneA*8)L4TY%)j8Q2mwPB@U^CP-B> zdnYWj94%$7rD~&u`LXLHri98WFOyOi{N^jfTu`+&Na&|Dy9Ae4^V=}I7Dhgo6R0de z=2EQU&2*@v?B2NA%}b1MqDS{jN6Kg8eB$cs_P(XN9vWrM3(&L8nlDpnK9>@Ut;BLq z!$oJey$%$^bvEpecVQwcGg}oxF5#E}Mf7oKy5for#W56)xV>OqhK(E;T3$zqJ5z*g zb47rS5dKxlW|dgFK)I{hph1UNX0vYMIuaw?;=%^oMO!48O$&OfZOJodRL-=IO@eZb*D@9cPQE$ogdRQ#jPq;0 zk0qE52iL}cR3*R)PAjAbD$YOkHFm3N%Kh#hnXqNl|eXQJh^4ytVKm5hucYw#W%YoaLCdED6XA1&=cT zLQ$<>t4T`6fd#gpOn}>@$UZO#$*npOeN&E-ljshigf*_fOV25AS%-`vtaO>^3~x^5 z$q7}+9RGq?rZTO4ZRrwmg4m4qj~gI$9+PBoy3-$^YNG|Q$?3^SJ!t!J_**u)+pF6# zCt}-pmrYhr_?g=YvoV6ooqR{aLWi*jlt;0OXu9@7>##&A9|k2cNATmvy*6*B4_BR- z&|#4x+hVmDdYR~KJJlLEKDlgDhS24B7I=99EOu4d60Mm*;#8xOplAyw(PIK*apzj| zXu7Qm=XVCjT6y&oMNThYxPd21p2W|5;t0#EiUWqKmOw!8EIa3|$8xt&F2vl!&97?F zAZB7pTMQ2@3OUvp0=?uBmFkPiwFa{VmF7@A zs@SGuDh6C66~sY}V6+YxNvX>XP$FLhNk zMj}K#UfF4+SD`xVvgnEhj|-eZjht|ZZ%f8_;Am=KC!emm1_|VvsA?l0`4OmKIq!8& zYR9)H;3}G+CbzT=r$CqjT5w&B7$<}L&a_!9lMh;w?QR@=0%T)~PNi?Ov?x!}7Dn*3kSclRItcBe= zGu!5*w1&w>bhk>o3RC06Ra3)YPcb!a9Kx7Gde!U^HcnDD#jMbzA&@=%2d{!`RBI`GL?lhzox{vjl!g0^>{081#YDdH_$!C8nN>*gY zfeP)@^_EoH5i2daRw(C5!d1gt7FJ#O#x_t90RD%50#Ia`(rlccBmj@WT-leLS1pZ4vQuVP%U^f<9Zbs#JUs`THJ`Pli}$* zoeH57FT@(`9l~0W=*TtPTmeKatDauD6%z5mz$;8jUeXBYgulgYy7&p z0FpvT0F8c;wwpmWmZ>avT}Xetzu!@-YD7*~r!ft%DS(BkGx}x(6AGTN2@hRghZ5Xx zT_KdBnAX*qBxy6xxY9L-ZjQxLRvD-u8QpdqY@B1^(sT(Vvj)xi=(>0zz;1%AfmpXf z5mo(ILrn!)C!4*uPPXA%2bGucpbKLBt~#qM1Ky~q0c~k&@)uW@8r|uE8nJA8K>Wcd zH;Oh~>RP&c_QY3Rp5EoIQ)NWO%+gv7R{i3oWLaFkYxuCoUPRjj97$A_YI_?n6+3w<$9rJOcgA+ zM|flnCQ;OOc{Mpeti@nd5%sSV9Tv53hO3)IL-F86i}`8~W01unc7A+xy6p5aZz06k;RZCYOc1GKH zNpS+jQz1E9tLFVa-iD*wD8*(=ggZs?H&!%X`b9hHWRbN^H!Wl$Mb$~s%To8V8-@w# z2Fby~p~ovh?A*MwqZimqkhTOHQJhzxuA*e0>%z?$G+M-cOC%djU4K$m%0ghKtTgol zkK7=l(t3o0glU`IOzLvOPOhMUh|lSPn44f~u9dB_Id2+gs9L`{uVuO(-}UpjRJnQA zMC5l?)Otp~*yH8N94U)}m|Elh5=)ksmQ`hD8BBDkQvI}3zFDJ%FR(P$pshttL}IfoGI~PDq@fGqRf8(DTf6q9l_k-NSyRTw$$wf`2VZr%-E5#8gYT!o+jTk`ncn`U&@2y7%5>#z;^6a zGy>O#5SS>yd}QS;!lLNx!?{9i4dzIcdMsC0!I*PsOPG(*a2pO0Vg*ctC~R+)n$;4^ zF<)+@8%0|#teWi!)z}p{*;u?@GJ{JRAFW!^8`uNvPT~E^RBBmRlXlS1BCIB|)Mq`1 z>vSw2P&nBd#+s`!)3R|lm`i|0NymJ0Pl$#nHB$6QMLy?eb&VGwV{-yuCE3kkp+F5s ziaO*K(E8G#4`H9j8Xadu8!LKZ>kYXT73=ZF2NdR1AsdM7nimk$LA*fya7OYXi#!5p zr(#5+2FSDzEl@9(YrCk^0U$yW#T}mDp+&*jI+>GbZX8lo;L}sYHqcgL=WXNQDiMWG z%ZY(&kmz38vkW(0K`%*5Ah8;Tb;EP1JsH9ePeTdwS7U%^!g$K-Aw^HP&Z9wJ8_Xbr z5Yw=0a-W?Sk{7KJzzQ2(-r=$#aj-hoBjgJh%;OL!aK`+3&H3~o+Qhj*8gUK0HtL-7 zl$=5QCCLnvs#sW^(PSGek+m(LnkoPT4Ml^2xs1SS!GNWMM?1vOf%uJQ=5cXN9scnL zYVqS+7-@aZ0|%28m&jpSzz7g7-tVM|@v!#G4=iSin^*$ZH4wFD;?W&oq#YCrmSd=r zaQx(|jlo@x;goV+ zE$~vaA0{@sAPj!run7dGE0H8fRhm%h`J1U>zvp47Yn5$bvQWk7H%p{$Sx!*CjGapg zo1X#uGr)HJX#2FBpfx~8LY7)J7FY-fjJF12elP35=F-v**1%$I1*gT`29(v+29P;k z3*})42LyS1x-GX)O9>0Zsp|cD+_EmehR`2_tx@T@h8D`-8YsHfbSp$|(wJMCJ;--_ z2GRif9fUJPEk zvAr=H-}5*#hf|FU0KDLy+r@om_jFanqp%Uk^*OwM!0~DYQtw7vqHC`Ml5X$4{&EI! zA9tsE9l7s|NDXtTLE(1&4D68wTdLqn1!8zEn-JOtM}yrxiAvf6C#xUL>n$igW_XKM zT{*32+<_O<8X8rk!_!H$gGHhjQY89m(8cO(Mesz7+xCQVMUkEF!hup^9>}+tI9#Hz zdtL}*WC$y_9>wGUy@_}nT6hq1>?fJ|kR%G)gik-NCSfCemc)&WL=B9tpUb4p9bXeZ9;B{b4C-)^< zXQ);nNbtn9We7=`(q>4(!RJ(pVl>2WcMJqq3J>Cd>dI+7yaRv)1S=|}crVLTXkxhQ zr*QwoARu9~FXfai{?6mPcKg3Q>ioxFi+RD6ac&g(MWV`VVMK6Q^t_wsMML^9SQ`YXv_xq{FYR4S8Gd$A8$P= z7>ykWL{&0Y=?r{VC<8-?k+LvqHNLmBDyA~)#?sP-Qr7}jSy>{VI;|u}Il^G3(FTAJ zaIZ1ohH499gCpT~|H?dojhB183lTLhUWfWI8!I9)6|GNNAzYQ~hA6+O*wW)68P6`x z%~(E-7+${wC!#+CbV2qyNf_0LnS4Kv&k{$8*VJJbg$2nTY79kt0~UC*JT}hL?NG<@ zHJH+dnMaz9%D05YEiVH-y9D$MnRr;`OyZ4}GjU%9TjvhzxbRnHfYyfW}zVwMI^<6EAR6Wo(>-y`qt zZdw_tt{?89#q{P9_IrgIIXVttJK;ZxyA~*s1QK&DI#vXd45LR} z)Tyr*Lj+C@c}+*pbVJ5H87Pd|1yz*bSb-!4@0xL0s5Ap%f`JbgXyFR11VV8A7)ppD zIdhsgy)aP{8n(bNKieYBd!1BJIDb9prBPPsI>0-PeP}-&yI7e+rEG>}%B3hT%c~qp zm(kt=E(Eena^XbVU*RJ$yy;YC#7pF&?QPFOwKI7!1dKcep)Aq3Tsj|Vzy%B$)G=b1 zE-`(4UESs`ZY7qy+YDi?Or>pE9@E7pgCZLwEDT_pFx3{7OR?xvYc4LLB4<|Y70GLy zX$zdSeT+3bp#a^2V!H?3WLi<+8pN@?ho^?DAL>pY5=aWv%PH8}c#EWm=ou+n#`5YK zDCE?l?I8aI1epwVs?qtWKnG0Es1TrA903_@hggadD zr;~jEw|Y=YK~Sz(_)o-xw$Z|6FGieWl3^Mr!i3I{xKmZ1WGj{%{#;5;Et;Ap^JX2>i05VRGPBCHsj z8tSO!c~gwUR@Y5mx-5-g7z%S_*nsHSktdcrPI(H-sS;o)12HbC5TbR0^WN=Pz%H%sp1dSI*8LQ{_8 zu<~uavPb0d5k08U)9h}rz8&N%ND?RwmZkdG(*a zQ$%X?dw-nD%gjqc`3MvI9IS_n+O(4vF;kNK(sQmZ2Aiy!K0O!JjaE#pqs*nRf$+k1 zOF2Tsv#QgI$1d zC;KUGt_(g7_Bw*t2YEn{6_dLk-W9tfAx(qiM-6o4bc2NMQ63Ht3=5VQ&Jge(^T@^|>Qkl55nrY05!6=e4B+e1S*3%?CJY}r*xIM77wj0_TU zK*9&#WzTts^0IV*WdLCU7rVTw(kvwG66@_I1ndHFOoXl<%CD51w?Pk%b<}@)cdQR( z!D$6)$fgR{LVj7!;1uCzY8u82n!WCGn!7hu7ttYGWSpQSDAOSpncl~}Mhdug)Gz)P zAn^d8dl%!@6?LJ^IXp;7%u9fI4?_`%NBBxu)rlgXz#zTp1KuS_FY}P$EPBh>z=(no z^*I%ejI*+*{%}-L27II3?IISz;*w_4!sROT+BxV%TNSOfqVV%;xb)L(<>eMlLs z8R2>XB8|enf^C)C7@{;4>FLctFE&C!WUynfFwGVi3UtMdg_k4y(}vcTrrbyyBy_=u zRBVmsP=AM_dm$rTYe-2cK@~V|0@uFq78qC`4d~-D8H(9oAP7+CuUBq1-3TIMpgg!! ztOyNdX1;X|0^{f@Ia!0SKW%N46TXlTn&9((jv$VP5rImZD#Pmn&2s1qGNdRl?gm5=y73h=bBCFy#ZsK?Dt`nflkO5N{I258Yuz~PC%SHjq7-7M^Mc8`K zr3l8sBKIq4ZMV{Va6sqj%)`wd*=Y?3U*Uq^pf7NGf&r9-ucH`N<^oe}F)&5E|JR0N zo=)w+bT}qkYp5exRTEY=$woAz%gMTx^0gJ}j#n>?jjME*o zut?FdG-3$qS~MgYfSqt*e}|he){}^sEyb;<&bE+KK@hFfCAwEuN!6du$TY5_VS!7` zI4oe9DeyJp0VdEI$4a+GmcwES znb^Yt9$F0*^Lg`FYXOJ6Fb^M-wS<~8H}0unF<{Z88hy!$9AvG~3*US|+!ACT!0dws zs=6CX&z`X;1}=8oDX}0tO;aXdAbYqlYdi(V8Ej*&$D&}IMm>7t(TAnKz1(H^nkrpZ zdVz_SCQD!ez_Ri;kBf9_TGlwDwNZqfcp!I&5RljsX%s8 z&Q>)tG{fIDP%tu*W`-0*14EoDdA3G;fXbG;l*AamIK8TVO(#<*B3!>B%A0e;|Wu ze>j4x*9F`~ef7id^Ts{A!FjfwkC-YS^UODk zlp->y#2UPIglH`bnIt8F*P4VU z9^sOJ`x{gl(lo(hJ;PhvWO^AHYfTn!nCR?7QJ}iZogF;6MZa0d78>r24B#Abi+MCb zlvF)|o3cXgbVDQZ6(VO7nT6zuPExq*pqeOT*woGy@_EaLJ$QYxxJ z1zecnl8PJijg0`8i?l!KmrLma)fbRF-g&D&%v-yWIv~Zi3#;72^-U|F z3B%RucCg0>UyGn+WBzB0Tteoab6V;!Q7ICL>bUQ13Sc}kmy-F2Q)eh*l-?;uIF`_h z6t9Pud^0HWun^I4=E70PvPIX(8Q*UbSlG2}7c|#BSOqLglYq9ta864&49cDv?t~B_ zM&w%5@Z9=Rg)F1DYpazokH;a{g5i)^Av6$SrTU+K2FipfAa^|n`odO{YYtWj*RV`9 z0&YPKkxElxx=Ivl3SO`&G1Vo5UTPI24=$oSgZ)wKWSLuWNCwpxg~~|N1qx%bHe-&C zkS!in(crs^mQvp0MZhW<=bp-DEiiR_DvQZ`%vLt02AehwU4*;v&i!8FxP7bwG0yT} z)?MN*K8YWE8e-WwjITIRwLbhPMpNy$A-MOEaZny4OVV#_iz6zzGV@WxO84#JnQK2u95h zij`AeFBj%Mkk96e?YS%us;4IjF4Mv{Qum(aa!GCnH}?*}?5cSv8za|rW}z3=Fuv8;tER|_qN+p*ZY$Xiz2jV}B zxo{#z7>^Q|m~q@nC?UuOy*R}Xjo03Q>UoYK!oxaMUMtm%X=P5zPqHIHW-v~SIWKIh z4PcZ^O9)qNQtXu=Cyrw0%1gm@tp_ByJ+PwAduEhuuV})`UO=%XR(^6+Ep08pVhxbT zDkzh2x#mnxF3QxF9W7oiIbYfqxSfb&ki-iXUlWJ#2zqrwH~K0Y`T={ChcaITC3-DzTAzqPT^v>TqV-O|MthKp6spfJQm1 zE8+Qoag^;>70YE(s0M9~`1q0)h94pn#XuBqA18?7FY)ejQ%!OQXhgk zG=NoU>;ZzmA{-Nr8pM0V`$5NG7H94{#2KRS2sNv!g5-jAfWTbI3AsWrRk(D{{gf*d zvVx;7JigYz*`4iyc&Ao58&gHz4>SX@Vk*qE!u++r8Ub0b`po8EWwsSfH(8o2%&p0+ zyXE9_eL6b;N~)LpT8blsj|(+r=FDk|gT6>r&iYlTxOkt8i!}&QN9+}P4TS|;Ne{G! zms=}Th;DJA8DFFC9NH~8djS)anqg2GT?;Ie?WEjZ<3J;@Jh><&GI|iXd^95z;?lK* zl(mAh3}VcUhV<}i&Gd`qLfN{2VXDlcN?;b+ZSY{wVe8D0~tF1zayo(s!#L^CP z)MS|o$sKp*i|lpPJf%btkUU~-rHPM3K%g@X{Pf9aSXmf0UL2+V9B=4iuB#@^f%NXZW(#CU83lIX3%5Okr%SoH|76O!0geMi-M z1p`2m<_bvafGIV2Ot&JaiNruz5=xiPsHV#^4x>^~vjkY4NMDA%$-weC$$-Av4IJ1Y zxW5l+W9mp+0DA}{zGdX<^^Wi`;7KU4xL1g}lp7`5cL`wFn@fP-3S^qSc3|-1foCA* zlBxm_rd$S$`m{uF&w>zT&~9%)r6b>1hX&}JXE5tKAK-$0BBdKiU@0K=5*ddwmF1Ft z(}C6gX3ssMiC70!lL(5OP?AX&wnVa~37{OJoIh5YkD<)9rC}cN)E}IosgZI#*;l;@ zLSn^aXQc2i8a2X#EWpW?vWFuwl!j?xZxIL?>=^}cHI-^?A*<1FWS|g?C*&3l1l43k zs`te8Mj-<0Q9F*0n^a;C z#gv#zAYx^vx-T9*PkZbBVNX4W^ zQ>J0+6@-wGY@eJ#H_`?;ld)=f%hAiQ+PJSoln_vEG;`2A&I^&4_=i(IOgedP=TI0C zRgQe@HftR(xk3WW2_(|iD;66;DDB`J4s5-XPxesedXyWewMuT=CH)>LdMTNg3aWpVTZ5#-&rhYqglO%@R)4G=YJmQCiRuztlHgqmR?CSw7R3ti!?!B50& zu)^>M9W(0W+&jqZv;^{|mu1N?JQoGFqZKsAoABL-T0!dWCl|}S5iqy5qS`goM#W+U z4LQ&YOd1T7aLXlcU4lAG+Af?DZ>P6+}! zuT+3>-Ow;-#F7=<4nRpn=NIve+LOq`sCP)CMN(g4w5n3614V0i1qx`8xOsu2M#4mh ze?_XXXqc~N#0v5$^R9cfOG-g?5 zDVD)m3x9(>9xon>DY%vgJ-o8OaCz4op1IrsG(i~hP=tt{b)uN9@`GvtT_6bHNwbnX zyvQ&pj88~2ZYtsu~B3-rWF`<-)YMt=}@?M5fIJ zn-x!r%_b0JMqV5w*A(51{=e!dP{3&rgk}MJ4Ku@L6f!fS#|SjG2@yMDGg)4)(Pye) z^0QWON5&YyMSv*WU~oL)mrMv&VIjlZuE!C`_HL|I&WAcoSZxOg(r*t(dHu5;GB{Y! zj3tKx=x`umeT$4DiE_=$6dNeh|LD&MSDy)F@I7xiZrI^nZdKo%m&fqnO*I@iIIZwe zN=cd_B~^YY_IQLAs29x#Ga-aNW6G{a`y>uCp9a0!d8jwGzG2v96=Pw}Vj`ULssxLb z6Oklmdh9Dfpw3{#Opl;Nj)*s(x-uDkst&WO-eJ%}v?Ae1aW`X9CT9$5Ty&O4Pmzo?eLir4!^cMrw;F62 zaI(?IB1>L)(63R=xInz5ZFo6&cD>us11Yk>6WumsP5x_1s@pEpjOLh$#HzN{PcMqe zI8X@nzJ@s#3|R@0P`yyFG$CWiduP>nn!(CiVJ+}L6&*wk6L&TDIi!PFjS$wQTZIyr z&{`t6V2~}p)ms-QEM+_c-9Tt#=j!w-SU0+E!lB% z%c4~00{nq!hA|fYIhO82Up!q-&Ic0A{EVn!L_$r?!Rdf_0uVI(c_x=(n;7RMXhI8K zUTW-utKCh)gFH{WO)3tX3@(ThsJ=s@d2aKOXDX9L-VES%>F_g`sBt=>xej{9VuA5x zni_=iLBzQYY6!1pwWZ_KKi5FUan9#L>M}IKds0m`;HW)Yl$DdHivS83ZE&d=rAB@a z&kyw;B4szgP-~DShm5&9mPOi9I7D>}57>id_U3s~=eK#vOtq;ZYCKG`c!$YZs!;-L z`2&LczH)7)2^2+{>HMkehUyMT8i9kPj|WJeWgLevJ;H;T^t}f9MsQN5&eGX^HLXWC zeo|`*k|;c^J4Ppm)`acFCS|87MUQ=^HmJ8U5#S>XA-J9a_(qabi2j%%@MDjSr_$4m z5f^})eQ2x*?~wOg+~XQpoI>1)2WJdfM2;S)8hn0__Ab{) z@^xh)(d=g;fIc)$NLrbq>dMR-Sl%YGIbBA6p%pJMc~Y!17p=&=fBC{Cs)Cu9VR$uM z)?aIBIH~9j5>KF(j)3X_ae7X?eqcyM5Ft7&8a9Ti`k>^<}5CjF(Sp49rc>`-&mh3T-n-Gf8$3TO8C=2lSQpI zs80hMh1!{MY~49pUjt1z6NF;omcZE`I%tNZ4sMlW<@G=p(ssq#Y)dviP9l4e2nwGi zo{lMJh@>PvjiolTYopHV28pOR6;Q!!0VlGUOsy+4_)zd+X_1xn8Lse3EfP&NL%dkA z>ThEXc{Mw9H4qsTDsR%sQ*j!m#1ERQ?E>2+JvavFTex`!d8jlJTj+ddU#!#vI!k!0V@t~_ z7Sj~X`y(*pxNc+!S)<_-@*tuZdhWgD0@pkxNac(NF2c*uy~@CBRGmhq%$BF<&ZyBu z00l3QUX5<^=j6h`WFTau3U6*zTB?k0m1c`ErDobHj3ixe%R-#G$P;7ij}=~|GmjW@ z143pH+Mu4j4Tj#dC5Hkh2uTc;985)2(55yqqlR(~iNeu`zrAMZkUQrEI0})$mkTAv z{^ns850x^Nibf&Z^p6ykkzXh-@gnn9@)&YEpwnLMqA5tN`6T}cy62rped7< z8Bw6oRW3ix`Su4U*1Z_zf-EbJQ7Do$A|kf2YOF&#lXGHZ$N zx3Dk;29_00%HsLbjHdEr+EwbZD?QdXOi08~nxWwZu01-{c>?clKA8V3?2Cyjp2X&= z^@FCZ&`xwHAza9Rqbq6yrc*;{$?2M1ug*?b`+kEQZEnqDDo% zz5*00Ou`PO^`fe`oSiPHLL|V*FmMpWVlP;j=lnPK5;hNc8b`?_o{L*po_Pks{g@Dcrss!~{*Y*CL$&kO!VCSRz0{(X@=*~JK-3IpF#!b1v*n3hVCSwSpzA0bg@ z+ygrh3n+Tv@=QeVZu^~%2-Dhe0NH(y2rCQ5*ebVMq2$1XyktQOhmAY3!=Wt2G_0UL z<8t7qJVmOr0STHHV%$06Wq_4$)n@(>OPM?aw6L=_nDF!oAs?AOT*7aJ%$^?fUWnbB zJ8O0lFgsw7Rr4FC4kskkTIvj)vT?WRjRa_c7+Kwl^RDmk!DdVI`gO`I(bry)h>^FO zAF?+XEYegdYSQNUIp%gw2>&`j;Hz8T?)j1Bvx-s!d3=5oQ(7p~Nj zyc6CSXM8F&d)83RncYKZg}~Ta5wcOEZBinBz~eb#M7h)}!Zjh7n@H=$-#N4}D!dAy zXAMrvmaSkXi#)=Q241rO27f=Cvl=VZO61*Kr`jo8Zh(1P63N#)Gz`9LSX2-3aFjdf zQ<$9SK!_zhn*|(OSGzcrx!h=IO9jyP(QThFl*lzaFWjq75_SdG(~-Im+)|)bCk>SH z=5jQqR92n%G9Dv135Bi3wRg`cyP=tk$#;(naHjDo*17;-l7QKbBvfKjYmN6HE~|5( z{6dknob}gfJ_?YPQaeR5Oj|NdPeegWJSU$VUo~Jbe1<4G^QivHnjpn5r&OC`4za^2Q$Y@=X$04G;$RWg2_{Ja1I83( z`TT;_hgpPoJ$)k-C!#31eFPd0nLzq1YVDlg@lqtT3Syse-}7QY>H@AS(mT6I6Y)yq zOWeUTOop)$~U$5gL(Ri$(05g$>n)#B!CkqJeKgF}@p{*nxS9V-BbEEj$y z9CHL@vKH*!5doSyFdA5@F>${)Y9^BVS(JDx{`qLc63}?_+krO=JYFI!uMbVlf|kW^ zpzS+m@C$WlCZ7&1Ve~7;w)Oj9MLtYMTY3v07qgY2OF&w|=S4VfHBsqTrBZ5wfujY& z^#_&ZV27^R&5Q)Q6|GS!fjYHNx;FD-nAJNg`G&-XnlQ%uM!3YSZ*@mFI>H#c*10?l zVX1Vn#bXw(Z)h1A>a7zw~OeFQPU7?rSJ+Zu(X$BhHPQt2_(1iB6vpUnl=C`TANN@ zqG;8Eu5-OUbxZ#EYOF*kyNoeoLKP5G4{;6nGA-a#vSE#9*Q_GDAJ&O))um((F@~B~ zkLan}P^3y6Gs5*}kD5jSVfjg)>`>?CDq0*sMJHp6jg+l zK;Mj@rt6?%yoxKz{4tINTyYQWX=l}hby%;%FT%$hYg9rM0S8QCIBEE4GiE2oRwLJSpwliLn=>H{*j19J@mJ}Y|y!&Q_cmdKPu$S`2qQQ#RRxr=UM+?CI%8OsAQ16K&rPa{D40aef z957g^at|C&Q;9MS9LrWPLQ>LQB7^h73Ckj86^lT|r=4xJ*MlgNYQV^evJW~V+~^U* zj}_q3YfJ++IzR>#x@^3t6=AAkqlD0sN;a^9pe#YesS0AvoAgCSf^i?e3rO~Bn|J2c zI)Guoz}0OivUtG@a*Ts$`@=zg2-DoQr-d8535+oVONj#;*DDfYQ%J}l99J+?FgB#g zvS4xtU9TdQt9oHiW<${)-jByV^VEb4FTzF|sIu6t2+AZeXF1oBWt7rGLdu7xko^OS4IqdXtFPy3@#!L4s1Yiq5tCbjPlx2&T5R4 z>~buFRHToLvW{MnUUy0TmFO*CTlx-X4f{NH{iw@;F)h##==53S8h$JgrLM`AuCO&K zgi-<7>S_uR&|OgFG1wY2EXyKOjprg$o1=J*OM)53PL)_bLcTaW6Ud|l)(|sXaZ^d; zecNoFD-|1oDvE<~Lp(BagQ7}h7`)vyVOg090=y5ehYT_mm&)K|Z;~mr!+U=?@2U*q zsssKC1Fyy!@0zbA30s(|wkah$xQpB0APP<$WKF`yI?>BH95Uu2nx#-D8Jx9zs`{Zo zhFAVFg3@A%Z$@4PgwaAr8QN0errM3YkU{Q6f7^su`-KWzLzBML$xl_OwS* ztDf|p|$_1n&Cs<%*PP&(?K z%MmI(yE8$mTuuQjYOwgMHlT9L6AKE83Iy`A-d7t6M>QN@~{>0%&{k3=s6-g{X1jSzfATpdcoP`F`8c1jbR-;bxpUSl15!-^A$20;)- z#-yk6i7x4mmv&A}bbAHgKH-FJIFfQ42~3(!45Yw8HU>ed^sR)IE$ub!R(&awvHGF3Kkcy0>e0UY^P_qC5Me8Ps`Dp68p8rkV6He#O-=2hRyd9;&40p zWx+R+&S#+rY=E69pI9dG=W489f|?P>XL% z16NXgPD^OL>2#P=lTb;TPqWxNjI0_dbAQa>(9UC^uhvHE4!AaXbuk!P$tqP?7>_jw zfFO2H4}JzgLiF6JZKLIRUZ%+9W^$8oz(WND=N(Z#{rf1x2dL@Mc%FE>yiO5Sm3nv* z%D`wq&!Ws^JX8RpFxLVgr$O4)217&u2=N&E8O_FUQ3U@|mYT-hLjW)&OV*Hh%Tni? zAnXMl5!$r5^T1kzAwsLjNO%E$8fyRWLSlj-f4fV*^{a#B1e)gPrwH=C%3 z3oN1DynJA@@9?8Y?ZHYhn-3%vTG4a}B8tB~tPyxx5J=QKqGmIDIFa!xSHF+vW|~MI zXVqf!w_sQpK#ic?EWmpzPCwAU0%JXrgzjmAF&0yJoj@Sei@Pl)90#Mgnd4jX&GC`l zN^L2~+ncP7ahRG-vvc8iB#_PI0?{l&sp+v8?myAYEPb1+uS>mzyesBz*38WHAs*d! z7#72k*FLp*)Tk6-UHu}IVb$WyX)oTFU*5!V1$zr+-j7FVosae`#%h~5*V3?joOUPX z!c5CO#J{is(_usA*NB9-w}@WCuqDpJ?o)dNGm&TD%*!iLo)Ajq<58ZB6|TBH6ZoJ8 z-rY;kiU*Y1J*PLxtx%%p?(=dcv`db(jTfg<%|?+Dj8f(dK8}K)XFVQc;@iR?xbfH~ z<-?UszB5T@JWy%Hu$3WCutWPkoTO$nS!QPQhF}bY(4~fw<#r%AJHK!$_lKwfgbm)o zDG&4`;Bg9=Z&BCjVbLT}rN%`Y$OcGk5S1pYna41T)mR=LEHJo@#q@d}L*ngnB_Y*$ ze#axi)9lfisVGi1c9CLjvp^v-R0Z7p$C?0SOxhH>>*2&-RDN60}aT~}b zV#AM3*GHaYsd;2)5f=A(Hns>ng%LquZ#Uos*V~ZuLZbXR8?dcLYQ;2NZd@T%s9n7Z%&mirHCPh3&NpZh7q>M%0Z~ zcsjOle=46D)Qa**?bABMMYTw_ik# z0u}KnFC#8aMsX6JjxDp;aq;9DBnB8c4lFA;_FaaJDtAd+I@)?7bNys2w+m??WzI0P85>c3PjhJ^bVLau* z=eg3j!1cC@Wus9H`P3z%ycb!d6I9rg$;#8>0W7e(&=NJXm=36fFc(x>fJxW_;j?n5 zb-d6;cB3efM2mbTFMB{lH%8k=1u>+$u=wH4kQyS{;QHDQu=2{nJWHACSH6wA1JLg5 zIM1Ia7InE54{j%JY|U_q4cvpbMOqDFd=uK9(=Ze~E$pRK)VG6e9hMJ)4AO*qN^6jK zXHq#_yyZyEn`(C;+~Da7`be*RbN6 zLR!yNmwS7Nb!tkVx&V{-Gj~|!RX=N?DiwqhyB#oo8WL(qi(F!E=QCXD(Z>(4_Y)8X)n=@D>zVW!+bhToY{l@>pLLs!zd#wNxCVF(nmjU8ZFjjyN#>4%oC1qBCAj6i?5C_C!)=%dlQ(+*}{pZ>AYb9JuVbis6#MtHc5jz@Sa`BrQ%K%p2Gl_4Omi z!=>btTQr~q2`A-A*dWX)(I23P#E{6nyiMi|}&W8@t} z7fExQ4_o45A=u0=OlcsF5k=*C3rNxqfLvby7=n!&Jw5s(i1npfMyMEA@VB5xd_?1d z5+*(-Vj8g1s0xBjIszDN%-#eklijp$-HX7YA?HRsmBgb}2O?tT{^MCfgbv2? zu068&3?ZKz{>I_|N8P)}$9bLioiD%(KvKL6AX<_I%2Xo9R$@`4?s6nq;7vqK5;Osd zaw?Y|0s{gPFaym1q!8N)E=+TC8s}O&ppOX?=)@3b9bhMixYH^>9l>3m~>n>)SWoU zm8fu6v8-XNHhw1dtx3g_UcSyOL->Z?Zz}aO#yTU#k-h|Fb`cmPUxr7X$@u_m|HBdw zc)cT{VLR;m!YJ{bdYARnw*LDkNgiwu`&ie`N$}!URTvU=AhP9(D)N*v9AnFxtFm;f zh@D<6B?iV9)rV4=Zb*xV#tw-^a0-w;p(td_-4IEHZ{axEnwN{CP;&m6UH;9SS;YrA zr*51=p9949VmWhev6_Rcos%pD_WUq=2^92|c$P$(7?K7BB}cjB;F;4{Oq$tp(g|)n z{$8$N=#n(9D?>U8;3qlO1?)dAE_h7FT1JwwEw=20?DRhhkCNb=p z6lGYDZY*jfuyZgM3TUCT3h|o2_1Ny|$RH*uL)1SPLU)D>$c70O`tMQmmaJPaGi67(l!y~0iC8Kn?4|am7M`?qR4&opvt~_!4 z9KDve!@tSbAj|3Tl8rJnx18WLZ3Rd&65yZ_duZ*&++Sc8Q;8J1=S%JjkEfzaoj=Jz z!r}y0Tb5$|Mhy5b4e7vGILDLVA?EQb0a6TUD#IQ*__g(?g9Ky8Mk5Z{cL=+{-1XtV zer1Di%T_1=GzP})_%7SNVJ32>9EeS~H|Qs^L$Z`MNLweKpzqUZQlU5miKFe}P|OL@ z9ZP(6h`+5!OWaM$=0EgNWGWCCmYaQYghp!{N~L=IVkxr-A_ue$b}sTx@+D3wB1-&fUDM)PLUZv?VbWRGa>+GHmY8Oc`%6Cni{t1~ zhT>WW^jcKWmIDqQ>kap|L8bxB|V~7@N3Ns&WIB_rQ zHBED^#cmqXk}v)GWm`^811O7*Cb!oDAGTc~&5QpSbm%IGjCUjZb_07h{*_V4pr3?@ zTNa5x4yoNFYrbm`n_!9MIpF$ERTw*UQ$&|Fgt4QXmm+3!@NvbyXZ;rIpPlj2d- zM!qwzFkdj>f>ze0BKt`_bBgIGO}C~(+2mwZw_JRo6@DZhH_v)CF@*R-;;~jVlrFu} z;9*Sch(!!0{$-HKCwDQy)&nXx^C$+*DeF8bVQp~&!s)nx@aTrRdaB>t+dWTdha?=m z?B0gmy=Sw^crhf|*ULNVd%i+M0*npvy)C~@s6si*NOI|NaA7L}fsy!QuJXC%t>pd! z@f8!j;#X$i`<_-f0~U~@Lk(vRmcLyJ^>yfw`ER78?M2h1EwL!vrbU@}*9Psn1&jvQ zO*IAfs;Ta?UpGtFWOoNhH8Zi@R@hV94?=a#BsT?9=pSsYKSmB0buI4afZCD@T*8Os z>|8g!v{SZzwy;&uR!zXc5qG7ea~$0g9p5wRD_V0E>Xd};rYv||bf7s;bNj9{RjY{a zwe1s@&eZ%)5SDzAYQo;XF6o48rNpL-)I{vimf3*^^D4vWv~QOmG_s3{__=z11(C0h zL)-dcI5@TaV2b&Hr3>hqM-&#nlSl=wlK&ga-L+1g;J}5%C|TBiscX5>$nA8m412Vv zhH?AbK#G1PDp#q$?H@vvD-O~O?CVz-%W2w4DMNIa**CQCB$&3wuZWkkn4yjaR)&_} zFqrI)ye=0$gh^@dH10DTBIQ~lj|x1yEj1A!>trZ46n*;3wYz}BNC65Jy3 z9tb5A3prTjswgc}sIBcOITIHqYyfGwWTW8NTXEG}rje77bHI{xK&X#>J2{ECQaXB3 zY(FYwigz6PS$rvc9G?qmk*v`6>^wj?W0B;L?B;x)PMk3&eZ-t3UhPodVeN>X)=x;P zxkJ_ZL~XV)Evng>V_URbk8M2ynE)R=4hZk66-5)wAk6kDstezWt z^O3XRU44$KsTAImd5Rp7Ck~JJPPR7@%9z%Yv>d?5V;wtSn(fGvZdV9h3mMpD8b5{) z0S!jBFG!BPaG8PI*ZrJrsVp9RByGU_^6EDD5q_AU4HT?`HmJJm$I;XA7kwfpJsPRS!Bzpsi@kLFMg9Nq=Aw9m&2^r5gaCe9N0wtpPdTC{-Jq(-+kk3|vDL zFccF~m`EhT?K%YW*QGh4Uz#gEWrwFpv7jy*C?zCpgI~)`izF$JmQ&(MDjYj}tB+`5 z*~lZq9TB1bi4xzL$P__3Itc;Wl=~vhlJLjV#qZVeedArGOOHI3a?o;)dtwgPVgggJ zwK{s@;ON28*gNwe>97NGLaY#hn$+5Mh$26NWQ+qZ+u`B2hEbYLz+oD`T}R^^<)leW z33s5BU>_jkXK8W@W3I@ zMc*TakS=+L&*)4|dqrBgxvR3&1XXrVFy+)g6ir;_><$*|CJ@k}k<*9H93SSQlKcdH zNMViGk25EGY&mh^6}3+x z4i5S`7L<_ORTYO6PULr{fX`fKi8_vN!*(R`oM#W7LnPg4bHYYN~EsBQkIDS z(ub6>{`_~kLVe;&rbmin$$r#Db@5zA$ipy_lQiMigjwT;mE#eGN4dJo80)CcTiMT4 zk|%tpt}kI@#`x(ELJ5uJWDd7(X!=v2e#EUE7FE*dR%lPBzdm8!YmLa?lg32qV#e$U zAywH0MSUr{5>uJ1?y2ss^6P$Fn@LJD=eFPG7lNUio=WRZwEnQg1e%ykBrUU^R6{3p z-UkOFyA5fAb({~^wbjB=Zha|`Bhg#{&??6VBfd4Wh9WyPlO#}&(h>+wYI9aU3e9bW zqvNaqE=L+YMP0>;G)IUEGETq!D$t4bD}3t6&s4EdsvlVkiTb7_G#E}Iu&2(irLmK4 zClC(ey1QEDF1aF2A0Ih*x+r`4F@&oqkVA8fL>#+Fl!_3GnQ9b!2R!u7PEY8Tt&>=r zkWQM7-)Z#oUXcff;;~8{FMfnA+5ko;A3X{Y7LbC^NMEP+QmT*|E=dXS0_$+C_43Nf zgmg;Drbi{e{vxBwKSH{CzN=QEz1MPaoAMwJ&^CI%v-z5_{W@5(<+SAs97wFc9v}n8E>*lAr!+mbXSPquRAiCIF#gua zH&LCRb;KuX-)BQs<8l5XBfx436xWf2z2qf24`)YZA@tkLDb`H92%s%JS7pZzaR&hm zLQU#eQPCeiSY?iv0;n?&vBSYbA8%4gli~z~{cvMWX-QVPj*LN?;yO^0jqwfbbOzOe6++CtX^t9>$Nv$x?()tQA_^F(c-I;plN&SyuSu1zd1 z)V`;2K5Ja6(~M%(x$`qrt>_c{J@C*(Hn!ASsLky=)R>*EO)Shb>Ma_s*P1gE*>LOR z;_R$CHr%{$bg@2>O(_U9kJb;@CTAw93%JQ_D8sEKQpYaMEKE#~H%?S%>M4A*ey}#x zXx5H5CZ0TvZ>`#@O?ru#a^&fW*~Qk(#jaVdl6b0Fo3A!&r)#aoVsoPAm4du7;4BzA z+Grk{uGTMvJOOmNc44Nq&|FHBM(P(EPljw^yocz#*B!d=FNbGZ^Nm(HtEZf5HYRGV z)>{^9iy`@N?WyF&3qC5k$@`qVjnrorW~#F@-xpHP%wK3$Cu^FH(-4mE7<$0`T2cWz z+k_m7SCP@l#)5k_Z9+w9UV3ciLcKa0db~KxNM^&EN;&-WVu*}4myXmSGzUA9d|LAs z19Fa4>yxv!W-C-&o+9QUpU>e5A!)sAhZ^;X#by(lP4kV_7Q8^{e0@?=>7X#FN1l!V z4P$&}cJ|2J{KAswdEkM3Y!6*HcTO*3vyDrZ_|7}e?SE)8yK0tu?+tkZX;{IB&YufV zXs?*Z0({%VLZex{p03R|nhWt=Y~w_=UcC@k)5v5tmoK6AlqxIrVyzw8s?AmBryH+S3aGzTlZv?vZ9=ah`%?4a_Y4JOxbBcF<8}wMsvxMomaGmC!SiIY1Sss&MZvN)Z3O=wpd6+X4tnm*cW%$;pE>K79DNXuVNH5#)C zxZtlg0m-Y-HwG)7rlQ7TYj)|N=ELYAvgGVUb?JP~;7P#=1QOjFttYUtg=(`M)~vM_ z=W3;FqxGakt*0o?#v9DZ{A_KZoL_w$X_cy&DZe(-UX0eqo7H*?hS(6DCc-64lNe(u z?X*)t=d@%8xI>$tSb@-5D`uS|(1cg(F4;&IS-Y2WxRxEfbmNFE5J$$D++`W45(#B#JQ+15#~f zN=gXveWUffQjGxFAv$g5KqtEV6=8-T$zLbJo*#T7?<;E;0+UEl^O|$ZBye>WiBY_& zZW<)tqIG6WGq9+PVvpTZd>uK0Mq0z?5t$SG1V_52QiX1HkF}m!50}q`$7ZtE<3RoN0I}Ymd^wD;n*p}K|_{SmT)i~x&C$zHBEQwztct&pa-9PLM|i?b@g zGHzTNnToI8r}#D%GL>->gpW<*32K=^kfckg#gvLF(4%OeJj%fPfolPdwBle2c<4}A z!?tRR#88o(|S(^`JY#rkk~kGbX5wKty}NP*C(p zowAFesA?Z+we&iXFdLihB<(bUpw={%yqSPCrd&@SU0jd?@>e5)P8%^yW@XG^Ni;5n zp38S+R^lNTXRXP^rK!X7^RqLx$*4oje4k-F=W%)7gN>)DFKDJ%Mw3~bRuoLLl_oQ) zK3$t=T&P>R#$1TM;i)MrtdfP$PoX~Vtb!S8s$F_yk*C8>Ra-JnyKu{6wb_{I>Zzd$ zO^>D}Dc1!QGUpSP~;T_-(?vf8B9<9VjFvyPO>t)FW+x|9l?zq6{5x@<@0qcbV4c^F{#3^vD|<S=t21BdOlQKW#sWCSFLkDlE;TVNJ1;6b z3tcLbUR9fPUq_eZU=Ve-6V_5^0>(EwF30l@H5Tg&o$0Xu+#*;nOYKq{0@leGdbdvM zN%Zf|_Jh#sOgMvAw>i56+9S!A#au^;>g=WJQtPe8gXb1o3m$V(>nKm^3d_eVtLYiI z_7fQ4hb)G9xL$UwbIUSeAyhVZq%I|#0FkVR1jn0k-emZhYvQ@~A}L}Kq`{<&>DmSS zHAG$4l9&hpv6c|6ws1-~JGW{R_HO0UcW5lK{tS+b1jy>Oh1LQlQniUD-e?$`#nhds zS!F?U6Go)Y<1Qef>GppaI5s;&QmfXysAulX4)u)G)d(+#Yo?Rt@6q~@O>@z5oUUE0 zHPJQVJA(7nOx=v$oJg~?wJO$BAld9v=`B_Ni#%YH<|l%oJ?YXdbIV1`w*)voQ^!&_ z-V@*yJdbw_zOEyz7&EA$rSx^+n&@_!YSYpIw47aJYtqL;0}j1f=$0RZX+TD^K3w`5 z3dnxVO_%~4&{6<$=fIJR&`c;S%4O11(0DW}v*Qiydq@OjNcv6=$FwwYn;GrRvwRjt znc(KkWKCX3xaRaBbOk3}Y#@8VlRZ&8%OYr8YTbK6$){267jRZhEZM7&B^AR^X%Upu zrHR>^#pQOih)-`|+XkUYd#VE3KItnpXSJ4w&$3m9OvY^?OV_pt`iPpJaKEp`Q@RW6 z%JYZ|#QG+dk}BGO)8Jx4wHk&;=Pf=bKwZK4vvNRV~^%6|MFyo6t zJ51RaZV?nKMFUky#SV}|vuw?UxLH1)k+r2vVmu-7u!sl|)*>m^7Q8)d4$y1>s$sR5 zfIxt4A3_EplQINNFoLGNVcb*lFG2Fz_#(~>wpiJ;IX}BJKC{4^*umJs60yf*L>Q~F zh{UQzrZnpo)9SQ{6|k6ufko6yd3W-c+#E0nY@sk?u$L!mErVN49#vHyL%hw2iNyYB zp5nW@mA+3TY3hS0f3~`0WtBI5pG?vs7A#|3E%|1MVpHmCu6@8><k zPuEuHbwFC}lEvXK5{8*CL^Oj1HqB6W0BJ|c7GViGR$C~&Kk(3<=gy%K6y+GNFJYrg zNX{9E&lT?5%-0U&mGR|>9)=0CsF6tqdBo{2V{e7TJX1iWy(g%(_kdc9kF+8~3ahax zu_Jff*=clRLr&B&&99`bYewqap1OEj`&=+uJtk$Nc;v`i=Ml-N=-*?gI#@8>t*iVt30=@ z=7|J5c}g29i+b`L=6{~3ws4LG^lOP}@R)%)EGWLUktsM*voQ}@GEvN`s~)hbHV+}& z*z0C>2ktuQEM7Sc@ffV1A*yW)-E$hJvz1oF3YO>zg$K%(p)1&)9bS2+{$!nV0g(b7 zezyP4HU5ki&c(Y zR&_pvanloyN)x)&Xg*maKz*z#)NW32<+*J?Unlnp5VZ<0G8H04iaYu`z@{3M>p(vc^WsY~fF zeo&q5$Th}^NY>ZVsakVx2BFxkdN6A0oz>CV`r%q@qB-N1PTsZBycK1F2gxy9fbsOm zKv-Bh&GCR%0XKu-NTF>fNk?a^7n0Xd@nI%(PJ5qYwQ6%>`c!pcI?3d#-i86ksy=P8 zBt7DjQ;L&|6AMK@V#1-u{1R^G=_HA-XpIp{*D4Aa6DeLrAI>98G!_YwJc1QaB%twB z=Z2fj>QVt4X-Q^{)@Kt~(X+YvYCTB^hM)SzFwf7-GRbLGY?uz$Cxf9WX&j>mm*Azv zMxgD#237jR%%r~tAB4XkGh|1G6rBt@%YyXR1=AdLOv~RnP{0iNu79Bd;C7PnBDo!s zyfaXv7n4S74xhT6SacwL4tv7Zecuz##?96+LG3YV${wq^M*?o|?{wUD?fmULr*AzL z6i zi#iNz6-%)~hYiYqe3^)m@g_;<(bS*hpvFv-lYZJ2w~}lrYGWJEZa7Y?t@0LLJn`XS zJ2;8buUQN)8Y6`~#d@IgdNQXn#IGF1Uhx9?F@I>`#&i3hm8vaWG zM)I?}S@avn4Qg4io@J6_Wm9x+eu+nJH{h*@L)b{4kuAVT1nlK z${17I+=_wos~iqmmpICt>buB7pBbs2vJorGI^}_ba;pL%F&`3 zgpz#e+RK?bYrx#=Zo}Ib551qfMLv1t^eBo@D~orv19?f&Gk- z<)H;`TuvJxW*NFHa2PtGHc*tQHQcNnT+$&}PqNj@CW!1R>Vu1#9eHTF#+$KNkG7ti zDX|pQ^-mf(6x zu6d+6#T4v)gyH43S}5-+)|#Ka%S$qk_1xf-ZB(2l&-0A5jMwDv^s4|sjwaUfRB8-v zt>C3%v%=+8o`nMe@GEBBJ0o03uz5LDt*gh zQm8BfMY_xzttax=lEN^cAbXubgGD-4XF~I1o>~NIiz_%bk5|vvX2tQNSJMF)b%1@5WL>@* z96kR8$E3CCO+VsCh1jQc6gP*)X-5>nhRDWdgEM(&H4&^+#CaYY`tjODvTJVuMa92S z%gkdiJFDGhKJ_AUDLnbLwBb`DciypY65yMUoaWp8@bYp>u$2%hWW$EVWzpcI2!8m( z7v?~OA#uFM_Yfe{K$C*2ctSA6*Ei0xWgcdd!g5Vs{Xh_sJ+~-rW8KOcztVAdam*%_ zRp-2?e8p)R8eXTl%=gjFc9cs_MykO@J{G|Ooy$h&<)E?^qK`m1_!B-LI(7Y_^zEp8pGZ~|Feg1Zf9IXwVWle&nAuC>3pbwDKqq(PlT;}tty9rP(B027ox3G z2TkQMHQ}_M9I5f0sYEl26|HjwN2hwaAI{N7C*|Whj-hIPg3;Q-+-8w@E7;n3+_$hW zqdjTChOIGYGZT$Eg47PE+!yR3t9o=SeT(tvVoAJgxv#mKb1hGd6-09vtv||Ov-HC^ zI@!8k?_}{nCIn~7B2vnVJlnxkE(RjcLUSuHx$MmmlD`->^N7N;Z*z64m%_Yv_ECMUAg zRxah8NT?+qdq}1y8$+)S!Z{JhxfT%CJwp^rE#4Z=4}go@U95>g0FbmQ0lF@TQVtbK zdu_B?%8?GEGZn16mnhKAxX%9$4hLh7#b5Y+ZTQl57V+zA^l=y% z&stS!5+b%8#468AsykA0i}Q)%+i`bRuBqZBNXFxBgRYPPNV7=i3cY-QjneUuH(d&7IIB8YKui>xq1?8rXnS35+EV} z9;`?mVPY?^WgN8|+h{D3@vd>Ch|`{n3!_tZ(y&O2Y@udEf==Ig;w_8ir70FAr2!Rh zzJsSj04}47lwc$0=qOU)EMur%IW8xvi|ob}@ACU#Ru_Qs@-UZRk(hs8YTq*#aIr=| zp0BC4?PZaG8lUh_SOt#^D|oEP;I32ACTDM2D&f8%i6hicI~R~&2BPy>$+w2mx!_QU z%JGILQ|a01BU`4~k>a)lbS#6S(=8*~vEx8yd+?(6PTbY{C|Z}##=%9-3P-T!vkN%)E|k-pa$*G!JhX7` z-1$&j3u#8Bsl0JXCaC6~H&YJ%{tAcj*@BLnaAM!jon(y#j=^DEY6~ZyZbbKpuGQfL z1Br-zK2*m!4Tmj(LGQsThrY?f>|$ESxA7B=`plDno3RVw-JGQ|ut<|bNX8$FO1Gbs z1`=Urz?nf6A&q)@!1SpV4xBc#=}=W}Qcu9fbg3aXgyO>5R;eDc7%CdWQT(kI*=(Lv71;`Ri; zK;&hmA}(dLQ1^JW!i$z=h-!I+=(Oi_$6GT)hY#P^I8&mMCu=4uF_fAavJ|Cip#Vrr zvy}W8qAcZbX+rc&g&EWrOzx_pnF)zR|Eej#B30&@gbf#>AxAS7R|+n+V33VAkINI2 zEi{*gFMv)H#D>eDlo*?d@o9v2j29b75yISrv*jX#;_y1eL%q?_(&n8Gslk2|(MI_d z3)r#PSc@GCtcF69mt2#=0#*yiLF5gQ;npeCOvT*XAfiv;{6+xGcQ;n?Xw}%X2<%ed zz!zJ=&{lJ%(agUc;ABwb$Az|;-@dgk`NZIXeDOyWwa6Ct&QDcmnh%Wg_69!{@X$lL zKrHh3SKie4H(4%pG5QR@wOU+6e3NyoWB$7{4aT?6IB>i0-503gn`~5=e+5O8No|`R z$|sXm3&%H@w|%;cfzTdf^naGGE$nVLWV1{UQd`}@5?M-y5bThIj5UeG*{RXyF#e{N z5=Rh2?HVB9iNwW_8rY{6C{kb0qgk6W-#KPRjgMx|x8$!^?I;vFC?#QzT5T6&gba~N ziX#ig?ZWBok%oa5>Am>eds{n?fnRbb9KW@d{vq@b{4q_+^hc8`%|jrg&z zNLyO9=+Tq%@sd&B_oR|P3Z_=Bz$czjT2h((@S9VcsW;YAh+UM!#?$ObW){yn`kT0) zD)KjtC1pVlorM{BEVb5Sd4100@hKho3`TY<8#j9aM?)*CD#-VO&#M-09-C=#nde>S z&gqNL$RQFQiMha;Y-V<;MS4NOCGdH>pVQ2OpvdNDURqhrL=I~=o)&3w*^4fsksK9= zjqk}Rha!o^$&R$&1>l)EBWxE`#$x&IeXGMOs9A)s(6-b;V>@;tARlNU*_DABjvLd=yjAw8WCJ1TR4 z^H5`p*x7-fd6Mc2V+9v*e@>ZRRj49uv30>vsG8jj99iD6G6p;Ygt>m=f?+TnOk@hJ z%(jZ-{HX7?G2G%jqFs{3Rzi#8f6Nund``yM%4=aYn1#BF5Uy3tVb66@m*BW*1i79?^`L856cnT5=<_L6Gy@ z$0c7gM3QpK9D#{d;#yk15Yv=0DW{Z^=93(|8S%yfJ%dgpK(}%;>V=J37mKV-m+lrRDvgqtEL^XLdopQC1f;3cK z^(MHltQ}4fG27xLo`xMOu~kPS4TrD2CA^|e3AU*nqLE((l5y)cq)mrs!_F1qRum7_ z(J}f*#6FI|vf;c2=FCJqyCFg}Vl-3NWCH+on!}sKIH4Ner5V_y=oU>*jVz!Tre=@U zxxPOsrI^S`Q@k6YN~dh>6)qyt;e_yxUQe&W%K{1<*;ycZbaCuN7Xh~UKAd%AnypPO z6iQoWALWFjUQn@cCxjH-nAU+7Br1!IhQh~omF80Vze=`Ogp&)b z`){s}h?j4ohHn)&FVkd-pEN6+A|LAm58ZL@+=OpBb|VOAIi^l&(=bT<1Z*|CICEEA zh);y)E4%d8BpbV8C@dbG_Q#wZE%dliiun<_M5*pDnLU1Ic$hsGrrPiH3}Sk&h!xaT zq;~9~7KKXoU{ONDH4!ckP0($;km&{;(Dt_NoW9w?HjKlCjcS}{ zMp#7U*#YrD632yvADd8T01imlL#V<13^xA`naE2@U|JO-9eZ&z%KQ;s7be{?#lI_w z+JR@^w7>u}s!kFkUG#zK4$k1*CUSx?86@aX z<4RSh0)-@>db3@X7yy<@XO!@l*cs1K;zE85zpd05?wjC1?5OOL7%!ha&EiD0tB2AY zCmUhupW>`gnt+_sCFvZyjMtjGIG&Tntb}-7bur zbg9@?dR(|2E1X~j>1%6IpmnxL@%NY!wWwB|Gwx|?&VL4hewd}@eNIySJL|A868Oui zNZk#9eP!P4J@{tp5?yqwPwOon*Nnrq<7*ls2Q~4{M6eqgK11u>Ud~3UV^mWi7FRy2 zV3fyqip7MllaEDzWNJ$8LUwT1uj=JKDzU}#vYEt4Uj74>(g(#?=~D-_cR|A#A8vFX z)sZT<=GrGg-O~d@TBo$_3b`CyCr8I3>e9Pb_ok=tdgNj)62*i|qikXU<}=@{U1S#r z>4?;a>uSfH{h`LC;$8r~w0{hsU!xLbNMejP+`Z!7miQ7*$Ho&!;ebsRe$NPfzV@_v zO6*h6QGH27jcnG&&&te#rbBi<$qs3`UU~?pG&h!+Q_sP3y5+(XlMOpsn3{Q7qKMJu zx8oI8Oz^?{BA4wyowfXd%&bjveZM>vc7$y5;1aR~cCOEaWP{sEFsFlWNG_euZ&KA| zbuhfqDeIlDx47{#u~d8|sL$DhXiJj6Sq32;LsD{5H1tu2!94LR1hs%x(FB*4KS>5py2=;7d z_#rlq!*L;HII%1FT$4|o3v(y|@AEQT2N+DW$+1QI1vh;v6-qh57Yxx3TSe6oDG(Q; z!#gY#|FW-6kD*S!DCDY_d{1y5^vu|n3BoN_$!%*V@f>kgEHGPaLBDp}Fsdq2CAe*^ z$QriODdV3j`c{kKB#@xKSBTMiBmX8hf^6d=exaU!b(zwzpYf0R(fK%1n_NZ_6M`29 z+@umIrlt}p!WQ5RF>WU?6?526A-@>GdRISge4 zRp+^3WMN5S%_H(JhO?FCcdWC!VJ9tJXV+v0)+mx;Gso}eF*GNMw$C3gt>BI_|D}$6 zZsK;A6*EiSJgj>3TasDKypW z>Fl`% z|CejKdYNoHzcWfNW*AK!q+O&>vkaN5Rf#F3LEk}i-#fDX*}JlAut3>ya(tiCb{C}% zF+T381~1w039D06pgQ)^OLm`g{0VQbCoSS*EKI~{ayNkAnq|vBqye60a6Z5{GPEfg zouP{=E_5~s)zPQu^o*f-FR(>odS0Trz4=t_C5PUpNa2V)x%lvwIt0A{Ja%TU)iZCo z7U+2PnkrK}Pi|3}mk_#cXPW1LX504Bn+qPl@u-y({TvQG5*pRt?7D-bE%1MXyyJxW zo6oYHXKhrmC)x6gB4lCljWlvQ@ovq(5&F>ow?m}rm=kb=;i=P)0%OabvV6%6WRVVN zmiGk$=QbWXB@*|!-v26|i~ zb(a5y_;aKSRR@R(&73YLbssr}>}TlEf_Z#{B}6X(d^#rF8=OeSs%@^*PVeHghJ&MYR*F` z+=6WJ&ax_hkiY%>pADX+oOnyEqm4tfaDR5E{bf6=(4ts|ayBV9N}G}2wOC(!fyG{G zo%p)Tmj6-Y2Ky*nkZNbMV&;W(i7fa46~B}J_hvU!X=HMb(1`_B{Suv!Sh$t4M~ruA znYN4}dYYE;>p@eLPZ22^MA3(4KKNV3FgHm~Wqq@b@;y;RsdrkIV$5;q*^zIIJ;#2G zGD%N_nrLyUj9zir7Gtg(Z=LOm11Ol4-qm&pdw3%LQ7; zLCTWJ7w0Ik`q#G=Q$_RStz{Q!Mq+}qj+A_h@ge6$q6l$5y(xbS?k2_J6z}So3yWe3 zVq1meOKYH`?<)E!y+D)TD#a+R9HWP-Rg-hb;u0L1tU}Cm8-=t7iNRS$T~GS2wk0A( zOf{3CpB%Al+AWifI&exUAI>U0UN34DBeF7-Q_2*LFav$2Ul^QK4v~*bBvU_-Y(xq(Y`f z87Fg$_ySZ}rn-G-olc!vw_1^N;7jG&b29C3S+8v55V5UT=f3Rf>@a(C(esz*NH5d7 zN5p>$a#n6?kJj&L%%8Q&^;~@f;$5$#_N&*Djg;Fgmf|a`y~v;KOhp4W!}3aj z;%|1X#$^&!It|+S$oeZb@*BuzqMdBk;|fw8Wqs5^saWcI`7~8hj*DfO4RWx}^z=#K z;ylR3+aiOX=1mM@2Hn2kK@uTi6k-euXm8V`MZT3?*93ln5?biu#KAb*?Z%imo|eC} zn(R8sSaH=h3uC)fV_6S;36o`Kr>IXc>9RhygQTUSbe8fR*>}J)#JrrbxizMiyXAMY zP+DxWz5N^8)%8Lj&c>$c2adp?k4OB?*+}-m20Ha`^=1y;_#%C~9koze%l*W1Lt(q@ zrzLVp8f1Hl*3y0iyKLJ@@(F`rX4`REtAjt{l{hcbaHNZ86@Kvp%t|tT}*N)+opc0kC-VK&fbe`J0~ZB@qrP!vhA8t*Y8CeW2Ln5 zG;NF6y!xJPno&#iKkbEV$%86_i5El(eEt#0{V^q#F z3L02KjJ+=F+4MT}hMw!nBRWZbbD3<3l$dRabf_6$fRcp)(P#0N?Tq*ec)20I3!}14 z^L}n~9_8~^_!GqCgv%&svpp(#5vX|IVgA&rR2z*W+q9Q4WE${VxCsP$daq_*tE1@sVUJ-fXgS8`(A z*`7J9qIJh-sp4kd(-SDT|lEW~5!@8wdg^N&`%Aoddb9aZ) z>7{Q>x&I#Ush&g&Of)AB?erwfitF#gj}V<@sWga+3^>|W%$%saP~&o{x$Y8pc7KLe zS!^l0(%(&EY^c<-#@tUqRE{MuBr%-5R!d5F8E08(DQi(51cUB?aExWQwnO$>X{EYN5=&;mVR00p?T!l^ z7B_0FTq$ORD3(_kj@fHG?KWE0JSlZ=P`t#{dh+_*fniRJTg#ekBx1QqQ*k1u8p)Hm z388j-9{3HyRy%xe_U)ADmI53lptD4FbJ5l?qn+&RP2~hwF2+txm2nnB34%iDIM+xd zgbKsgJ?x^A=wQxviz$~Gs@O@y2rX=naT^gr-j{2(K|*e#+c>twab))vjAA{E?}On; z2)JkvBcOfGPesp-#^PdC#|w8o6`Wd2|2^9iORF(1d7YwV zmt*L4Maxo}Mj36l{%51#m|%(65uFw0Ln1J4^f@oYvjpw|9E8~WeICmmDf%WgUn*>z zgH(hFr>Uw?%%qeqW^<<$JB?V56V^*5j()^A)?AkTz$+V_Q(i2!FMFlj>t(U=3dMGN z`(;DQy^#gBUxC=ZE>-6X8qM}deRVN7NlYs?Nv*Wtaq=WZSa!4M**U0`o2X7iOo8(~ zS52MhwvN~HDR#@-KK4lGiE32Qn8YQ|^EB6VrCly%*9pTuHVJjnpA4VusWXgE%8j7MLwojoaL*!pouGp9DS86cfTwTR1#l2cQ*h3O{RlZGnF zmeVEl;DD!;DONm1xZo-xFreILiy3-dq>+@$)Gj|LlB}(4ccFU~+G%#{81Td~qOwa)<8M>aXX{iW1 zG}=>3QPfg$$@K}RaNZkY31LpWO7kH;n%z0Uv#3MuMj5}Zf!$^m#{8MdTi@!|Y%a8uutygnjrc<0%lv4{OYP;D^wdl)7J9Itnp>| zq%->Us`)E4NN-EgJkCHRVAg9l8;pjO_>QBzfJH@{#bf)0QcEPC{pzd8e*+{*>(&63-)#eT6kBfy~4` z9@%iW^lqFnTmFSqJ(5YP!;)o_QwKXlymR1IM=_!sRBvb4t%`=MyHj=aW0*gw2i;WP zy(kZ2pIU4>1f+8|Vn1#oi(&i87Yy5-Q{@5n`LMG4i-Afpl9ZLx!IdO;E<2-bmnhkH z#nDPzQ2#|;o#WMhLiQS|Ogf0=6y2c!P53Aa7B8kPTzGzsQ!$NEs(w5$DnTG7ue`3j zP7|wIKJ6D2HPDCMGKmW&s=X2>`ervRr5wAu6vyd%DPsP@z8F;w!F|(hUnUz=A3Y^% zIoa}u#-OBhl6(Ns&(KZ;qT8|sA-;WyI>c`k6RK6CPr9a0kl1i4IYd5^=bBUzQ5AB~ z^y*FPQPMyfs1z31!Sa8U(AApPNDC%AX7eCHv(G4FDR;m{T#3qx{I9nLN9e9F>dwPB z^AbmLN61C5feA61&zSxu;-aI@lFA+Fp;LoV>dT9G35C-A>={_OqDV~< zHN0mB*_S`k(+gDXuc~444Q4U_Q!)Qj*7WKK8Q$JAu=?%*Uw%dg+9IjVD$$9 zsDZ(ZHyX&FJv%J>?#jxSdk3>YdtL0wUw2tQc30NkzCo#jy#Q7}M|uwE19w|1t1oTs z+tk}zxuvqda+ey~)yv?o7ml}X>FeED*?(kLWq;r9%JPr&RQC7p&0e$m=erC+{Tuth z^QNq~_xkHM^z~e?*EbL`xbVIFi(u!J@bXJNLz=0f>o>s%mOotS+Za=O2bMoXrv8la zeu$*a8QFIAl8<-Q@sTiRy(HRHEdM1q*qHV73|-r|iK2N;mF4G{UWNcVcJ^%~sW(sC zwAH$jZRqLUv12>nf7}!6zR@~UysJksP2E`i5rr%7+P!y^r!bfy4Py1fKsPbymB(yY zFZS*40ev@RG$t6-vizYr++m6aZAW4fQItx)mfTj0TpLKkXidUIdzz{+HQU$#LdSTD5uQRdLb`4LgXCKXdF zLv&hg_U^DAy|jhN8(4XYe|le;?cdeYdsB8(wqxs7@U!w-^%`sup~ruznScn#^&FtK zB4LmwKS9Hll>>cy=@{s_X0MmA7ieG{aPQ`!O}hsk>lxY%fX9x|id8Obf(7=5`+RO!W%F3@v|H8LeaR3eUlUv7G%(&hjTJE4ONu z8$Jz9w{D^1m6fNdKsohPMKAVl?$_WP0v#Jk3~dJs*1}D+EUvIJLIJ~}_txGw^=%mH z?d?;@wC(Bx)z0yHhgdv6ys?kxKmjF>!Ta~JD4+}RySG!VRnu=c_(kiU*0JWUckAZY ztel`9A7KK+qi-XX_G;qDWU#>ugcdJi*%XF1&|#J)tb=9ilVm8fPBQn!5FMX%ovI4x zP1*Lny_(s#0H+ok=N|FKjBxX=o@~!eP8gPhQP4A?O8Ga_PhP*XZ%bt*gW{hZSgG=l zRAb;g-wOFJ$LGNEdst09L;bsY#RrEpca~urkxx?o3YlNM%eqtRxru>O&rK2&pVac{ z>E9aiY^Ag%4ra0FvLuJn6@e#veU=HpYu2mOG88pmsTgKrvufQ~+?DHD!Jb#$3BAgb zm$v}a0G4-bwm$6GuoVesz#Sk2pdLwItFf=uylC$Y-P+K|dw2J39$1-!om5tSxUzDY zdJ(9IZIC;+gC)Gf80v=r>=;t^kK<5Oph zBcFi;23FoS)Vr;36OB6l1_)WG{Bw%p|`12Nj-f(vXaiO{f`!>hEEI-q4%{&vQ_)2f20NQ&dP%{zl z`tmdI7HGe+@`C|mjxL`%N0+n~q04euA9}Xz-AMM|9ir<(1FO6jUJMSmtJ&W(9cG)Y zmuZXBnn$+6T|)X6s{FX6?u4&YR^FYbNOKwN2`u7^8wPuZdWW_dkNvdeSIH2gIR?=<6fSEJ2n?!IjS{x1~#fG6eozvzH+~M+T_}q)TyG z`D|bSk_|(~dS6tnhIlK#yRzCNh$^%s*EW?uZ^Oy=1w$;k4Y6JdZcbS+Syaf>SOahosP~jW9pGJS-QajV@Ht@`1#5z?r20 zfDW_;$p0qEvDJQ_K4jzVR`Fh|aj&#P^vi5u?aX!)`=1mEP*oWE>MdH}%O7^i^CU)& z=9)nttGh++L)Ql#EWElJ_DKe{1IDxZTK=&(23BwJGD@cE0ls=*bG8AMbH`39_@q{} z5=pscYw{vhWnlGgQefErq(3q$)H}u^QbIATEWaD*hRqNtv}BYjnh?cG4!_9L(Dah& zL@yzU`}#J*$AZ{~eTay}_>m+~6_mXC;0`*q39IUQ!^BhKtg8qVxqt?E2pvQT9kd#kIvo)jOBVuA+%4cujagmu7_h}WNviw<+vl+WXaoTOKbfWZ+mvH@tlvicjebA{*gdU|`$ zhxQWCZv>F#wwXR`h+!tc)-#pW$z3Q7AYk=y7|fMi)GuEN>&PP->6L-Le(M@Ye!D85 zoHA(&ufXU$E}fZa8P||499TBFyE<)<>2EV6Pz;8&{EYExue_KLRb;8c9~@%&nR`rE zl^UQGZVONCo6`ECSo+t>Nv6^+zX$fo67`(hM8B&~1<6W$?Oh%Zc~oSOnppWob-;G9 z`b&U)GM-F6Rq5VaL-ock@;*hnqP+3GJUB5#A72jj!}Z9! zYY;aOC0=PCo*h`$xQagLO?_Y;FF&h@div}h4axfG>89CHa`{>DKc@+mcqXXmHdS5) zinCUb)ukmwB$OWMld)W$onoBH&>U-_Gmtv}Y?||kS}oNRM&RBeMzH$sU2ZCT%`A@G z>JYJ9BfWUeM!G`^{stJ|jy)T0?UNvl#6hw;{|wB^doQN2!Ta8#Tb(yyO+UEfwhTS)MCD<%rF_8|nrGZ}h)S-T4? zfL~=CG-jrh7vEw0GzZ7mP-}WaZl3;0SDQ;FSlutv`3Xu1}cJntoob ztj;t1(BJ39&$P%%c|I6&FCz3vmZg@Li@f0Zo8$T;d-qxxTz~%n9v~k;7~a))t{jx+}`5v^|-pQ@|=3hLuwJD-_^IdzaR1% zSY33*8^6hFRo2|bry{9{k&k???6+l<`@w4dLxBpdskIcW8(vvJFGKhK7c=niy6xc3ZDNeSP#3 z=gS8EY?9V)?%#sqNjLc00xtXU$zT!SOBq4ZYgXzG5>l zuv&Ub**Cu@p)q?;mX+vbZ-mT1J+3Z5n|h=LXz9tRXOeu^0vea2J*x%!vC#9#**i3G4*iXQ?d1nh#|3m_DBO|X|N(>96X zP(c36XN|^I-bH-X_9nElKD0%-EGAXoJnJ{~^^=>PIh=YaU^?Wh_ipOl#XEn`?i!Nl zv68z;-;SEBj+ylQ&~<(Ed-YlRNKR6rT2jr;W>9k)YFL&1Jq*E&L(0CEm7t}JFF904 z3UAi)KFGOG>*{>+C?9g418B}bPXKMm2QJz5@ z-hh>#e}?{#i<<>+wsBf`Q)TtD*1NAGHU?JTPrnUjdl0Md$2T;v`h^q@MAWeQ*&?S{ z5X%pDEB|^olhTj9rw1!%qiBf#<(JTS z6?fjGm|M+XbZRqqVvM6G4MIVKJ+BgrUHvNP=CRv3$W7Uh<5T=ds8;eW);+z~ZqmT& zSFm4|@Mp>(lEs6exd4D)cJGG5twD!-(CVMlURSIi#|EOsXPY=HFs9Hl)fy2D6?VHp z$XM9!#?96;>zt?!?3myuRY9DP9!=e za@E*?1)c>!l?WNmubCM0nE=3mF&?t^dSvI?UNYQ-i{iNuhXf5aV8f48WvrU5xwOm{ z(9Mvk8HB9urylFWet?70wbQ&zhPF;rwW@kftz1tDLvm&H$APl<2{SrE3a^aV^lBv- zW{w+{jyq;fk**r-$+(Y`%P}N~(aYLlV(qhLKv>Gk&Fb-8l0#Ub9u z5H;po0QkaDeOk#YKWPqu)m!0RFW{-9kH!{X@MTx5w?G%Ww2afKRkaVqb{?Re0qaP* zDQivtrY0$43~Lsnnd@zN3-fH@+FruitZ(ZEcbmYy10>%qN)21Sva`fmLa9L&Z%c>0 zthqB3qNBT^rR{XAs0NKWuM&PhOI~BIZR_-WPjGA|xuDF?mpf8Uq^Y9HB&rcSRW9gO z_@Fe0FSkSTk%Qij0)W~}>_l-G zco@gw=PS#fgHT|ZL~O|}e}3!!UZj;&Z0!*#&&p#sfZ+51eH-DhTzjS%t~^fhpd_w5 z{_TCp@5Ail#zdam)nnV-1x{v`1Joa3+em^OAXuNK%>X6Ibob>8`gb~eQ~ z^c30I7OFE2fkykTg{sDhS&OW(ftA}(`@J^@*anVKp7$$TW#w)jm6c%_S7qhFf#six z82WND$^-aRLRR+fyo|9ot3(i0Mu$8iM@3%$)1(O5D-Sw<9M<0XFrG|8aw%C`te+QT z`SSrH-n6nT9wg^qW#ygh!Jy>~tbCxdcA0<33)B2=t*pG)(DhCkw<|wuxO(Rfbb}

+!qgQ$$%} zLS^C%;pQHg)EFbR%HQ+?z0{lp0{wM!mHsXeL)LHH-nWxN42!O@15;V~TxI1mRQOt{ zbVWrr)y%W%v7FCK?^*dggyIAEj7hQ2sTo!Ad~EM|D9h|-@mR4Wxd&db%nw>-Na%UZ z?YpI|f5KL_c7tey%wZqNG$@Ztid|9GPvu$Ze4bS`y=Mo;v6hZ@8^E(o2SDRAC--`Y)R89mH@2*bzo*3Lw46sN9P|mI1 zdEVW9eM7z4PZWn(5pL9dEkeC)+p9hf!Zb+oC6a|j4EryL{#yqw1?#^TKj<2 zR8*;!);?&!%F561ucLO-|9(CSFV6l;kIbf(ci}jN^xvhicqKMK&n2LjbfM^jK)A~g z7DK60S8FdkH>uhUL&Ok@3oPR47(V$6=2Za zmgS@D;!^p?90AK8maDoQwh`BG?_eOsG&6@xK zN)^?zU;ey>pA*l9D|4Jpj2I3FlQOn&D+JCyr<~4$Es~f(2u2lJ`;-e= znld*0DL<@)2Y>k`lLts&S>iA3=Is|9JxP){PAM-fAw>EI8KWw`9~Dos68ruI>K|C$ zV!dCz8Qb3m_>v0zrC69{bMe_PE!zsS--|n((l7D8one33;7Yw)CnxN@nk@D&s~yYW zHF0E86_~zmk;>{`L*H}X*0*ioX}bL)y}8BrSBXFsFiO*(bxuu4v;MwTg>+(4E8Nb* z$^H7iYx}nL_74rQ{f2t+gYM@b@cn@Im_Ybje`V@PmTd$927M>bd{)`D7MIdyT z3z1%(CCVkAm4DbmHr#AOXZ787B<8sxPHE7QO+DL?{6oEXP_-$+D{{C{>w>ge9ly2@ z$LsR5mbbFHv9hXTB}!F%T0(sFnB=^Cd?oL#x*PX!=%qR4IT>W6FaOIkclT{)zshVS z;gLPGU6s{$;`^K=_x(`SA5p`ip8Oj?FO*ODaYo~b8dgoIidZ&OQ)*KsXcq%(U)ZZY zJ(D+W>MdSbO|tf2=!`Ke>kRDNHf*l+6AQ_E%)h1$1(gZOd1~tK_3Z?!d4-`}(I(v5 z7x+ilRQ(mr#M&2LWnen=l-C&&Ip&}-fCKzZ6vI*bs=m#J3tb1gAvz_VvZu*1jOmdV5WHr-WICQ(0ZM z@Uqy!k}GH|#v$gw6givMBtZ;Fm`9yoe(vVJEzr%oi2?p_M^-2dD}kYz-xkju1+@{o zdKmZX5ZPJEA|%_2)sAI|NFLmP+qPd?j(8&NCE7XFq7AK1Mh$uO1FXw^Jmvhy$?$JT>b)maF?rfCVvyJ5dSFv=7FUF z|A&jkZ5=PHa{@_bz20Axm6xRisH{FC=Ns;Aw|Bm3jJ&d@rx>}pGu__tBzMh<_x}c2 zv|i;*`l_?{uNznYx>a>KII>pX2e+}Ky2MOcSc-VC0ho)`Ps9_i?$@#QEEi(Yw%V3B z=ME`d-lYaE@A3w&rD8gASx?pSDKDp2SpuTA-ilYiewe*;63Obh#p=1m>v?^sM^DxB zdtQ%T%|ntDMkiH&fW(^avzqSnn&i|_kMvYcpZ1#c>aH{^XQ~k54bQ0#X5xsnL%yqD zky(bH%N>rY(bHu3NzTcWD>vm%V>c>AcF05eIsPMP`Xeg*brNjq6uG@`3q)?knI_aU zsKK9ihi94Y={*3KK1%~A9ev40}rd+ z+fa#ugr|8Ocbj)Ob!ZCR;25Wv(LPQssrsg6tnArkBI|3ipxkAr4-=BtAn4q0howER zx=D5Ir>^VsqR~%Ay|Tbw6{=_htK41I;{iN&>bX2>gV`-|L8W~ zWgiZ89Oj9+(=T0O;8;E(aGK2=F9sMV<2ZcJa=9xt&8f*aMLo9lB3bpqrp+n}H<8yB zCp`oL!-?G0G9wOhii#wbSE@}a`5$Csm1tu;c4wRew<$B%<{%BLD~}P)o6?J$f$mAf z6<9%Zk*#nQVjY-)#l*UZ*A(B}hnvyhrM$_DPIj9?+N(uxW-!M#q%+03dof9R#TH%! z<>si|#K{@97MT1Z6V^l0A6x{ST#~80Hfgjb+a)+BWlTgcv=u#}y|(y2M{n3@Q5oE; zD77oIDA(wT@p!<0F^7iCrs1h>50hT65Y&7wlTHhXKRunX)Jixx)6z?w^ z*D?Fa_%ShCM?9HCR!w3@3FFIO6C<`yS)8Yn(N`dmxX6fNvuW~HZ;@|fz!df8%yT1^ z{W(58>SwaU$sL&`{IkO@YhU@czO6K23Pfe~GD{atu(I;i%F0)AEND2FwK!KVGaN}Y zAS+)LWaX;?V#ykBK);KBjRFLpp$*O=-wwVOwbNN2wLST zj=pDo>?@x|j2qhh$#-#jN3i+xZarmt-WSx?Q}Wr#n_oIpNvpZXTDQOulV z$P1iWO6TeFu5>ak?+TM~d6!Sdr~dm)#|8ULw9W1bV!00E+v)QYC*S=oY3+XuhR{W*tR`B(x@+_%Gkm zAI>ZfP4x|`PY9rNXy0P5%1c7M)0%j_VQ1j7kYXRL7B+%Z7w=(tUR0z!FM^cjMF1`S z!a{h=rsOf7lE+C_<9gbZ+(pEvM4+=aC7+Jvzr}Go@psI|eWlsBFHXXJRm1(K1MZog zZ?XCAXqTD_E4pk02hWbFGM<&EjAubgcoyImB<{f4e}=QuQ^}YhV6+iaEPN9$mCFxn zoQR(g`CN#=*)KnQPv3Ut%($bLd|P#2VIVRKc*xk`A%g-cijvEOPZV1If~e$ljTc~^ zy#gPAS7q5=rvY5<@6w_huesO>V>lMaU=elw*aLk#=(_RFu3fi^Li?dVJlY2!hMNyS zFQu*ua62d(xQr&%ft+-q77C70)#b|NQ?bhyQI}60X5)-5Yu$D4a>CTa6|ataak9MY zdMR~XfbX=f?_a0u(0OOCAB(-Vh}R+mU~?}4@2AIx4`dtpAejIAUigc%AOE$_ zef96{yZkFVf9)@~fB8#)`NUU#;)nk0hKsXn$KUr;H~qu!{^Otj+-LsiH$VULzkko* z&Asp0)_ma4mw)yLKK|mRT|e>LeV0aW{n8yfe(Fy)edT}u(#;?HrT_G$uT4IF{F)&?%4Zl)*!=AtRg9jJh*0}A9U;F;Q{ttG3{O2D0j-ekNI8?iS@7%|J`mPh- z`};q=L-!yQcVxZ#06*fiFT0Pw16;$d@IZDq|L@Pfvz+u@-040^V$HJX3aI<|(^asi zvxmRc+bVYzZSAMd{n@E*jon9+caeA(S3Vrz;)y%?+s_>?_W)79@8JLYNV^AUjno?O zd+o-H{lb0E>auQwzQgKJO#k0Si5S-pN2vbvf7RtbDiNV+`MXKGo0io6o&0&8w2lai zPxa>j_Zd|wcQ1Xti*^lDgN#y zJWrlGiQU8hf~#K>l+gco&}xkwcL3GpY5M6d-2-wze|PgY!T$$%3L?1j-2>!KD=8e@ zPwm3?y_PmXd-v0ZaHf$=QT{IK)kNM)xZnEab0LU+kZj6o(dbmG=1Be0eI)y-L)X@5 z#+0t!P5>2_GstjQF_j4`uG)sh-_Os_5-5YEu0Ntk3(23zNdho&0|n{|md0Pr>&3 z6ir!ELYl}{S$yiN*~T7N#zygtjWCRCW4{9ab}7gK|4hL@SMa=ok1F^V3jU>n-&F9g z6#Q!iA6M{O3VvI`zftfB1)o&#Zx#HGg5Oo}KP&iO6#Slo7Zm)yf=?^>0|oz1!DkhG zPQf24_#*|MSMa|n`1cCFpx{LX|3SeQ75pCx{#e166nt61pD6fK1z%P0|0(!y3O4i* zY*nyL!JvX`73@~f!C?hQ6+EKgn1T@n-=pBo3XUr{q2Q!~ zQ3adXSuPJz3!P^x4bp_`Xyj?+6!FdG}3MLiQ z6ig|&pkP|TjDjZ=JgHz-!JLA+f`)>51y3nxDrhNKP_U@rqJm2bo>s7=;QJK3L%};0 zyi39NEBFBg%L-N$tSVSja9P0*D)<`;en`O&EBFxwKdRuz6ueu(k1P0_3VuStdldYn zf}c|G(+Yk@!OtrAIR$@9!Fv_FPr=VC_yq-56ue)--&XK<6nsFzFDm%E3jUsg4=VU2 z1^<(RUsmw<6?{m+uPFFc1u!3Jx@DCI`tKc~W|4_j{Qt;~v{;`68qTrt@_zeXg zQSi?c{Bs4*EBL5_f1%)CD)^X!-&F9g6#Q!iA6M{O3VvI`zftfB1)o&#Zx#HGf=?;< z0|oz1!DkhGPQf24_=18L75oPU|53poEBKOvFDv*H1%ImGD+*px@P8`!PYS-O;A;y0 zF9rX%g8!`GzbN>B6#Tym{!GE2EBFfq|5d@)6}+mK;5r4@E4V?ys}p zje@=ZKYRB9A4SzKaDR4FNg$2TNmzOyA#57G1wvCwNJ6hEOA<(9cSA2pD1y>KMFa&z z6hsB2_bx?1dKZw6RHaIL|G(MYB!E78z4yM)^LgJJ<-1eQIdkUBnKQGqbD%7ggYr-T zDnccw41Q1rs)9cRKs5-2>Y#@p2!T)tgBnm1YC&zN19hPu)Q1Mp5E?-^G=?S+0ZpM9 zG=~<@65fKhp%t`-HqaI#p&dj)G{iuA=l~s|6Lf|y&=tBtcjy5yYWI}%!00UtV42B^v6o$cY7y((34LL9pM!^_(2gbrU zco*J-@h|}AT$l%+!F>1}7Qh$qB`kzR@D(hEui+c`7M8$L zSO(w0a##T?VHK=~HLw=e!Ft#L8(|Y{hApraw!wDT0XyM)*af>`5A1~>U?1#<1Mnjp zghOx`j=)hk2FKw9oP<+w8qUC3_zBLzdAI;S!$r6Rm*EOrg==sfZon^a6K=t6xC3|L z9{dWw!F_lD58)9!h9~elJcVcQ9A3anQ0xQ^Xu%F><=Z=eBRGLG6aW`+g@RBBczuz* zJ9vO6ctK(Ch9XcDia~KG0VSanlm;L0g)*RnvQQ4nLj|Y^m7p^CK^3S9{ty7wAP}m9 z9)chkLf~h(2$$e8T!E`_9d5uca1(C9ZMXw>;U4@7zrlTY01x32JccLmJ3NJF@El%1 zDSM$b_<%2z0UeZua!?*BKt-qomBA0HKvnRE0H_9mP#yFT1i=sjp%4Z&peEFU+E54T zLOo~&t)UIHg-B=zQ4kF=&>lKKN9Y8dp$l|{ZqOZiKu_oeu@DFGkN^hg4T+Eh$g=sJy-iHri27ClF z;bWKuvtbS_fG^-nSOQC78GHxJVFj#&Rj?Y?z*<-b>tO?IgiWv+w!l`{2HRl=?1b-O z7wm>Tuor%SeXt)6z>jbc4#8nK0!QH(9ETHd5>CNsI0I+lCpZV^;R5^&7vU0IhAVIt zuEBM<0l&aaxCOW24%~%%@CY8m6ZjpT!ZUadFW@C84uS^wF^0VzaMQ!y0UW^zP!noFZKwnFpguH!hR_JYp)oXp2xtn; zpgFXFmhcw54XvOxw1Kt|3GE;Xq9F!&%bk4(=m@-I)V?!xfv(UEx3B7<9BG|`4 zJS2btdP5>4K{E7#zK{Z`kOt|H0sX)TCNM)L^oId35C*|u7y|rS%6=FOhY^qk*^mPx zVHAvpG4KwIg>mpMya(f90!)NSFd3%6RG0?S;eGf3K7<+Y5zK^-VHV7WPvBFS19M>> zd#bj9uN+Vp$SAlQ)mXwp#{jR-lUwu+t3PHLmOxdkJM z&4+aD{?U2;9K~tO?I zgiWv+w!l`{2HRl=?1b-O7wm>Tuor%SeXt*HzU^t9`H2JE*eh$oqdGHy`htFXF@NI;B z5+p+(=nE;33TcoI8PE@mU;;B_LVuVEAHyt|4L`s>*bfKbM>q(F;4mD4qi_t4!wEPE zr{FZ4fwS-voP+al0e*&ya0xEM6}Sr5;5yuZU*IO(g4=Kh?!rCz6@G*J@Bm)GOHkyC z9Q#U88T_CMR0V&~Ll6W*2!uieG=*l+99lq2cnjW!R?r&SKwF4}b`S;8&>d<;y0LX)2vMb;a90qwnNsc2p2FKw9oP<+w8qUC3_zBLzdAI;SgSMDp2Ye@K z?*NYA1kO+ZT)-6yLLqPicklpD@PfkN4Mm_R6ocYW0!l(DC=EW~3uQnDWuY9DhYC;; zDnVuNgDOxJ{2>6UK_FBIJp@58gg_{SK@F%0wV*cCfx1u+>O%u)2#p{d8bcF^fTqw4 znnMd{32(vM&&?8e*V5bbyY~2|7a;=nCDSJM@5_&=hYaWkMlgXHGNC^VfPpXw2Ez~-3d3MHjDRf2h8!3PqhK_Qfp_2v z^eHavDk1EKJ+K#kfPJtZ4#1Ca5Dvj%I08rE7#xQaa1u_zX*dIC;U_o;=ivhU3>V=N zT!t%f6|TW`xBOftn2lb%=G=xSF4vnD+L_kw$2F;-bw1l_dZI}#GU@A<5_u&Kh5N5zfFcUt8 zS?~#b3UgpC%!AKhK70-f;0yQ?7Q!O<3KqlH@C|$mOJFH1gYRHDtbmoU3Rc4!SPSc5 zJ#2uDun9K97T5~gU_0!9o$x($E+uq}k6{+fhEKp* zClmk|aD{?U2;9IOJirsYpfGqt5hx19pg5F(l28gtgAe$E4$49~C=V5&B2VHRD(dM4tfZJU6KX+ir~`GO9@K{h&=49yI5dVP5CKi088nAfNP~39 zfPP>E6PO_r`ojPi2!miS41u9A42DA%WJ3;&gi$aW#=tu;7RJH5@E(kZ2`~{R!DN^M zQ(+oRhxg$F_z-5mM=%pUhFLHhK7mhR4$Osl@EOd9&tU<40bjyGSOj0eV)z=qfp1|6 zEQMw89V~|xuo70mYFGnnVI8c84X_b5!DiS3TVWe)haIpJzK30~8}`6n_yP98emDR> z!a+C$hv5hug=26WPQXbx1*hQ*oQ0p@9Gr&>@H1S5OK=&kz*V>g*Wm{I0yp6n+=e@F z7w*BY@EhER2k;Oc!DDy=zr#~_2G8LIyac7JpaCt|fju~YBRGLG6aW`+g@RBB+`t_? zz!SWnFnB`|C!v@$0n_x3+fvvC&w!;qC3E#sm*bRGNFZh)gsz6onhXAMs zflwXv5Cp+c3u;3h7!MO*B20qGFa@T>zop$zDtEVO~P5DD!d3ZfwfIzeaX0$rgSbcY_$6M8``#6dhH zfB~`~8**SIjDpcH2Ht_OFb>{@_h39sfQc{(Cc_k%3e#XZybmA1GWZUb!wOgltKbq` zhAVItuEBM<0l&aaxCOW24%~%%@GCrkhwum!v@#_TVWe)haGSZ&cg-x87{&lxC~d|DqMr>a07mU-{3wxfQRr1 z9>Wv(9iGB7cn&Y%B`B2z4QRm*cpTi`0UW^zoS^`?fGZS)UBSX`*aLgv2iOPu;Q;&y z2jLJLh9htkj=^y_0Vm-UoQ5-S7JhWv(9iGB7cn&Y%CCKjwB*Q=pcEDru_730(PT&j$zy(~PAQS>Oa0d_Y1TQEI-cSUJ zLNO=~C7>jfg3{mvzEB2qP!`HTd8hytp%PREKd1s#!5;#k8U#Xh&_fUeLkNUI7}S88 zPz!299jFWSpguH!hR_JYp)oXp2xtn;pgFXFmhcw54XvOxw1Kt|3GE;Xq9F#_LkH*x zouD&xfv(UExHUH0>8skcm~hm1-t~M zrl0{W*nvGbfFn48GZX+9aD{?U2;9IOJirsYpfGqt5hx19pg5F(l28gtgAe#Z8JJN= z_y}gg$1n?K!>2F@=E6Mq4Cce{mct5I39Dc= ztbw(#4%Wj4*a+9)I^2L?;3nLHXYd?ez)Mi-3L4OY9q@x8dq;2rXD9$J;0gty5V(Om zcz`E(K~X3MWk3gIp&XQl3Q!R$L1plRDo_>tApojDAXEoE1VJ!_Kq!Pk4X6pVpclkK z9K=Hc7@#*K!c^D>+hGTsgi~-D&cIpt3C@9EJ)sIz1%C*DYA^xr!aevEeuMk)03O04 zcnnYAcX$fV;5od2m!Q-aG@u1L;OAZT4&Vq*;0y)81ze#Z6aqJJ2M_QBFDMM&Py~uX zF(?itpd^%n(%=KWPzH2R7Ro_+r~nnA5>y61r~*~N9|E8n1VVMtLl6W*2!uiytcEqP z7S_Rf*Z>=06KsYpuobq!cGv+s;d|HxyI~Jp0Id?5Wp57-;0R9O3KHv*wpd5HWRq%%Zs0M*h9pqQIS@!bt<1BkcCul$mc3=+< z;0R9O3>x`)rMOIKL22*-Unm1QC=2DFJXC;+Pzfr7A5?*=;12;%4dfjFo8@Q}rXa%jI4YY+wXa`Xc4KdIjIzUJ01f8J^bcJr9QEIbSYqKw9NTbwY*9vxE4-Vi6 zPT&j$zy(~PAQS>Oa0d_Y1TQEI-cSUJLNO=~C7>jfg3{mvzEB2qP!`HTd8hytp%PRE zKd1s#K@YN7Sy4%fS^mpV>L}IaKa&!#Bq;_ZRf(11K>19TDMlq-#?qDEvSgr)r_1!} zN`IMFU4G%tZ~kk`P=b;u(^KTNfJ!x`fud9Fl}2)sQ9NL>Mo#to7X7*45v^p(!pX`Y ziH4}0+en!FzCLSipeE~`=s_m4AvG}C5T9vGHV+DnG#FEpO{V1ZG*j-xylLTPvoSd? z(`*RPr5Vg7b8K2dtT7=#*TG<9mHNSfdj1R0HOWjdXBrLl(+rtrV{A%*E;2JNB{}|W z!=RY-zJ|2=@$og|f3KnoO?}6<+F=1}&v&9@ds&Z> z?rMx`FVAW)Pb8Q#xkc}s>%8O-uZeSJ^_*-8=%DO~6cT@5 z4O@M0D{FraY;JZzHBY7M9ofrnOo)+H8p*#1MtZ54wuWfr4QtumBot3N8p-Y^GxGOc zq9)k7Gvwuo5@q%%pd=&^(p-U86RVl&mAyjkWI zbwqu$rk@(+=d#z-a;W#PY?Ul+?a-OkLvuH1iNTe4%l)c9)SPnm{M#CTg*|S>u`brMqRTWfjY-o=N0pHC)Rpm}Q}?yL5}E9vAXbIWOyQzV|8F z4jY+d*)2J`nFR5pg zay9Z2T$7!}YsxwNMoP-PM%e=;WE5p)RB2#CM(G_iiu}1~6fK`JQczAa3@REKDWp*x z)Dd--yjelx;2`)oNMClIp`H~y6bH{xudLCY0iJ&9hxFOSbjCgPo&hWt;Hh_0>^wtd zpN^Am8a)FFxGMHi)w`?1gjrl7^sL~ZXo{g?B5YlcUWtDDTnrvW{6wUv@W{Wa)QB z`W7frNGF~7_%I~Bo~b>p(-DSGLCa)$_mxbQequO!)yhiVt3_8oTCEzLTlf~L& z*5pEp)HTT-a$xX}SHg0L%#wVPdS{mOgeU>2m6wdk8*Am*U9OcirB4^SZIF(2=t4tY z-6lQkjFMq>)^ux^IBEhU=`wqi+U1a}Hp;RoGHHgIjA3fej|ZjZl=n1?Zf=sF5|>1) zo*HE;qq2R}pdMQOvjjO-#$9!EI>eAx>#Vb5Nv&2^VOavErk$nct|c^C){@tAnI~hG z)X1=wj3p~20Qr=_SVH;^llZmL>zJ1AEz}JvC>x|!kj&>LzI+zb$*aYzJ&ee}X05!3 zOpcAO^Y-is8IwLUt@~MCZOUw0k3Mp=OQ#KzlN$0{t)4BZRtM$OE;~kEk0ZB_2zG}%jHF$YPV*v@xT~W6vr;xmu`@W2;Ydn^>@2P9h1H?kLTVLLl zN|zH-0C^X@WauTCrM0c@XMvmwGw%{x7IVuURbU<|YM2E$wa|wvc37DC)8hp|P9< zq(;ezk6Tg6P&GrKW&6QfWy|Y3<(Uf`&f8?4;vq zHy0__^5G*#qI!T@nq`)9U>Q~q)8&pjwMPs~_RLbJ&6i%XtR<0N*<7uMs-#(dUc}Mc zPj*uA(j3xRM`bMUSmwkkZ>}y~+D)>kw2Y8EX*G}nYtv6nfpu7oZI>l^YJ1L7mB`_l zB?q8dV%1?;PR`4iwV8Et>RT3+Jk1%OJD9aZ4R5jK2wPg3!_`?Lch+gWy78$7lTcW( zm*a4j6ljiI>5D_cD593H{8K!nfRQH>FZoW_REsTzNk-J|vGk6yxCptE)1JL+J=4=k zy^aIsjj7fJmawe48hwYTV`}-xTI{1{^##hlt!tEgfvTCGGrkbjyV|B8CaGs+EAH8< z-FucDY57pAV$YluwI;~Em9<`$rEx4DqMOv_Zmw=pElEdJQih}+p`U5O zr%GXnes<){W~cUa#DHbg5~Y+RsU34N)Htq7TFGT8r+mo&l8fpqm>E`kidCm-bIXo8 zn!EU7wZ>7)>0((S-(rl)O!l00e=U}yiVcumw%Eg2B4)($F{>o|LEX>N&kM(3Zp&=3 zyP7n$e|xnY6t#q6UECJCr;`oKlB$e4mp!M}26g$ zov0u5kn=mmq*k+jp)IFn zf2ujkyIgJi%rY!<)S6^FWlYYm(n`tgK3XF6%(3iYsWa3)WjhJV4z%uc%l199WceBO zjFjD8D`j73w^wv$Km%?T1^2oYnNpL=P%z=}^X&5sJ5m zR=O~=W{ItTWN%r@8nyL9Ho;b_NtcCkzT|u=|5J)3tF4_Q)7kIWUO6`{$I`;QHL^8- z5TxuUiO05$5)mB=yD>=uwvJkNqos#hwN;>=M2Onc(xxC8x1_6DiCHHJ$xU`%?#Uc$ zXyn*P*?9}qyc_8umn~Y-ATN!l$6)ofx4sG|W7$njU8NXG$y0Zyt7U^*(AssEXw($8 zl6B z-yybcJ2=%^S13RYFSV7tBUT;Cw6q9l`N^4ABTYxe$IVg7u-3&rQw7v3AmAJhU z)Zpf-_EQ5LD}k~j)WV!~OFpIlsZm}DYSFQ_n2Cb=M!iWP%S%Hdi`AqxBp=eE%2MaX zS_h=BE4gW5-F_KVQzNG`*`yTNTFV@@6-$y*)N$^hWuK7HBr(@5X<2BwsJLc1%!XOU z?y8A?hB6)AfxN3l>N8YmGF`am_voQhK7)K+Fr04bLCWdCqg2N9=ZQC^|1o<13twlx)qx|%v(Qjrp*E@q2@OCB{Y zHbs3wGmR^0=1T$OP1B1do2|8Mmb!gh+*xN)4ROknm~U}ZT85=h3d^=fSo(I)vD_Px z+PyT58Tzb{KI{o=WI-~YxL6Sp4)!0d_+WwR~Kx#5ao>xnNq)xsJ@T_3xr)U|_%Yd8Q zelM)ZfU|=iS5h)mnjvY-`N`osLsjD-OG~rgPbvyEqbI8iFPF&@lby5FKQhbK%qE;& zmSru?Y*w@E078?dwJ1$%Sx%bP>P*@Fl6Kpmv>XZJp6X)NB?Xu%^^D}3L@KEhb3RvH zC<$;==c|>Nqr4nn7PI%0T1(bt&*Dgs1r8crgr7j@%KV?>eI)AQeKXs|Gs*^3r zvK;!dT#7nwIrLdrdPgMqvxG5_aMc5gY0`#O6TOB+%iNrsuIg;*E0wBM@?EP=u=Xv( zBGO}?MsZee4EgfD?HFy*j>g!GHtA_i2gVyRxXB-rWK17m(#Ue^jU~lPqZA6N8CWYY zC^RrAC@f5`C?(}wV4dV2oDgIP3NjdK83LoC6va*MI~mfdwU4&ke3F|~ax+T8;+qgf zX|7R91h#1!6K(sV!uCByfBB+9Qsd^`%ov+$7?5u488H)m3yE#^lswb8>%!DL@yiE)k!el46J_ zuVhk8WGkI~>!M4DHOKZ&Ngtpy3^W_kEZ^7YVv-EHx6+f-V&hT_F|nq;&0^!t>Bd32 z*c4gPlp9rgrYU8RE-ocKzHf3`qRuR9wQngOMni0Zu6Mf88ZX%rC}Ad>bQ!VnePa_1 zIvI@3$dE5`h(Tvgm!u5Rso7}NKxuZ8Hh4uq??jSetTm|l_aw{!&Ikw^~7XzQf6FWe0pm2RND@z z-rrQsl6ZCH8nV-K_eNmHt8D@*br2+Mr=r& zrO>D)^=*yPEN}fkPGX?C@0z4%rkN%5w5I(HX=eX=(aDKvu_@}T1_?cThFVH)dy_$D znd4VQmz*YFx5ZKhq>xH6mA^I`rRCp@PYR$Z(wH7^FqvA*mv969>orX?8;rRz21%4} zX_TgaFSu5*g9r5r@~=nHPd6Dl#HM5#a)Sz%|8 zugv`Wn-e7&VK8=-uN@7>R#F!I>oqr+8IVISzArggTT$eQmU^LsMrrr=HtNklBV-39 z8YL=%&fUHseTbr@YLujZ8f?q7{_;&`V}l$o26Y<<-dZcPkRvojz7owBn>-zutWgsF z>#;={OzD}%cs2FCg8l2YrRq${G)WDSFUEwtsA?%nD~;0puVWezn`~~HTYLD|>nP*R z(v3|ACYy6ZlLFOIqeT7Vz@iL^$tJULP?MzCw8Xs96(ptWZ-v{E@+}8ddvkJ%)QSd^ zT1eF7MH%E9<}|gesI|C>5+l!x|I=`rNlnotJOHCiB*1DYL{-+;CuqRMb5YxW@U&Y@x zBR)OhfBbO>M@z8Myijw4meIdAH%P(1J2%)PlnuN8%MB@V>=9{0xXOn*P*5GndRLlG zG9-=L_L+ZGc3TQeJ6QNdjY%Qw`~vX3`};ER(C!#{bPwYOr<9G)nk?H5^N;HMgY@BpcO2 zqcr(%1{16&J@RabLqyZY?VBq~4~^3KFT+$*!9_^RG-=w!rX&wG82#%ti0|3cdNJN4 zCDvpL>ZzB8Ni{BH8^rarG(!Gs!PByNBh(sduyVnX@3O}he5^+4_V-f%#??kRjcS9j zwOn0th3;Q3(O~Y`L|T!F=|*Y2QUd;V+gHt>H)60}Vn|L|uiJ8Wrd-fuXq3MHFy()* z%_dE-7KW4zgOM$f!jqs;dj8iVeC?XX5~A9&x6R4js319D25A)YUq|xVJe;ITBRz}R*p)DiE=+l?rBKvm!6uDV&KNh z9~SgbwV-o1#c0kwfc{o1KFT1icVn!y;0>v<8A)=T>)$5b9A$`4Pn5e=hJ?Jyw!F;E zI;jo*)^_|iq6ntS>8Vk={N?`n<4EMbMf!k$xe; zi#;HfK{t)k@qZ)eP}1F9qjdTwfj2W6xMh<1FOn|#{!jPo-w0jJ^}!k?^Pi;t&&vNB zrx*30vmXAIqr!G_8LCkR{BK4b+*3}*a>o3_$OmW?<3Ei2&Ew_ujh2}IEZ)CWga6&* z==FHz&cvT@@!zV!{~+eqkFP(7^v^cdtWnbcNhbeQlv0!b`F3V%l#G88=^q?1uW#zV z*suSzJpGMW|K(nFwcZ8b(PL?Ls`p3o1~oEnU4nZCxx-B7yCL<@`uMU|o}f{b3L2#h zceJ_j6KFl5N_#-Y^4+m7uTgw+7iwlqPqkck7!vX=Bi|G`O7KKN+9WpaR^%o@ooIbl zTArt1jx`;!yrjdrEo_iABo<*o+hXckwh=WR>z1nPSJEh>`l|Pew1w0Iwzd2YCs~>Y z^37X;mTA)bk=AK~B8#>1{#%PlLb&tvFGH)YQA)Ql7!%@R)A|NBPc~b>WaAbcIcO>r z5?CWJC?q5>D7aRrG^!-^PD9jY_b^2%p;5do-;Nj(>ga};)UQws2{NasM)Axyr==;{ zV3x_D8l}4W#fz@KZiqTCOnz=;X#>fwkcsl;5Dg-OZDm<0R$BBeO}R@+MES;KeQB>J zrK>B;7b?a+8}oQX(jyhLjsH;(G4H&#Q8malA$fv+v-tx?>E*zWeXij6a*$lBIJ zOfpRl0b6CFl>^Z>%(0iZkc?Q5T^Um3;U(9MSZ;o+zjn)AP|Y&F1Ld&th%_2xAk3EqD+wcdi(d>*~r)w`IquWd9dw#%Qa(wF4YvDZcIsz%lmy^ z=->T)UR=$Zv0?FHHG*n~gc|gFZ*zTKZM_xW{dwSL^&ofsd5-wNQmAv`v z?E1UI%2avUwEqm}BE9<*Zom4f_t9%tN-AHh(wlyn5gxXCPup*^4z|tyu**P~=j%t% z>CY6&l)4gsj10Gs8kffb=)5dO?n7RYd9CH&Hkn>n{?Qi|9lpr}3Cb;5ZoG__m*skq ze)&t1=|v=*4`kRR^Pb7@BdOHegv(DiGvr5?$@1gL1c_phlBWKIlb>v+$<)E}>q@hH zGS)=ZEK3fQY5e5Utc1(DDKa!bU7x5LG?7)(0w3`#$lV~}}frJ1^1s?t$DlVv{FuzN`4PgbDrPYk|}IE*|c8* z)wPlZ2Fn5+O%R&Ok;cZrtTfTNI~g2%}0)-s#L^XCLbC0SNvC6juySSEC8klvf|F;+Y`6!O*4h$dm+~k!ebj zB==4>n#_TkfbbN8lBCGJIC&yUZuH4adG?CuwsM=aItjyU2-MV8gG`q@v}(hG1WRV| zxR*g56;tncCg@@lV~JF9t-suMw`_Evrf_)f*0UYSMtN3E6P3SFt4l~XSn^RCNz&-F zr6S()oxY?QZBkeI*L^p7kO^GCNSGYm+Wtk`9oq&8Vi{QnnUC@>a5y$NG}v3A>8z za*HT)A0&}Tj0UyznJo97S=98}etNZh>INhw%L8^v=_x!ACnZlOPx8qVKekerS6(Hl zc_m7xmNZ#fz2y}3+VfR`ni{R;o-xnyWn`viyizobnQ4}lDOB=RMWQ@Jm|{J|q-5}5 zp_FXd4U$d+51RyPLSNg0yhFow0hYjFDyfN%3C|6xPVS9A^ZmcAY_5wXlgA8Avg52rsN}WmA&yCQ4|4)FJ=(}| zDU0N-Z9P^^xrd$g`hd%MU8|PO+DbmiC6w$6DH&wTAEvF2C2^WtnsC`xvs^P}m^my= zQZ2jO}h%2ukUyp3q6 zsjKdb-aJ05?uS>7BXwt3(~ywdySE(IX=ZCp5HFQfBRQb{q`sD{%gdI0G3M=TDHjq# zjBK^7Vz4~qN@-AQYRdskwpbQW&lPf*l2lt=8>k6aAKJ6jc=FwBwG=tL)EYllj&-%D zNIEQ4V*rPv?5S6eQF(?_{Tnz%d$DwnQ>kI~FHRT})4T808bgCewsJ_Se)-|OuWCOz zv*gaVS<6lzOV)1sZgpboX3M8FJnZ|h!I_yaj~n0VcK>qcBQ+0gJ=uS3snK1Z^eJ)i zuxrAV)-_`TI=Y)mz84nWxY67R^|KjemtU54vwmsW zE#IRi@>um>t{0e*5T``92oDacp;(hM&z2lExpngM#2fGI8FA^uK<|#SS+>7^4C`!T zuYShoTTZ@ckf*gHQc_w=(N@&UWrHCwAtlAK%FBup$m?12YH0sA_Wx22Xw)51T%Ia= zHA2gyg7U!Q8`D{?h5YL@$5C<2D;qK_54B2bJX+}~HdUfzsHM_YE*g5uXB)Y$ZOf|4 z2KzfNxcB0$cq+ct+|*CGEvqzC=klT@?n}M;7a^k>^(xP(ULVtFZz=8F-qH@{uY$T( zjI|YPvR(~XuG`cFlqG5(s~SlYZDq@q16SIwhSXRZ+Zy$4P`nXJ-q zy5*{nYj;}QCYc^CT5eb9a)-E7c=N`EPA({jm$y-IRl7d9TQ7_>Lf+n!_dhUYDO001 z3BRnYV=H43vLtUNqYPw7ta)Yg&2@E?_OWPW<)c_{oc_gT%!hq`WwS zFQ8NnQo`gv%61>6qO8l&#Ko>rKFNo?t^4n$FHrK562)JZ#4X>ENIZ#Z zEF4i8l9%L4qLdc1EVEGd!JBdF)T7TROH*R@><8`+3?dMIZFq zy7s!DMnBZAIx_voCWAjd_hVCYZ*7xbeH!>TnbYik_@{6Cj&C(5$2C!(V=uAW9iL;z zySoa@Q&tX2c#x~UfTNwfW3sTeeRNP^y(c5iggxb zeP@@WahH9qana^zG|G-CYpS)nTVU(8V++qa+;6dAQBdj91A7&`sx4uhl+e}J_|v32 z>F0_!n78TljYo?k10%-%__$|}j12p@BOe^gcyHS7B)46~Dot(>eEPC}m`AGToo%Jd zUDWL^?OT4}wtlw>vq;gP7|6U^xY+uk(leA*| zv)_-Gt-tT!MRx-<>N4$*hOQp+bJZ&6#%J#@ z+q#E$y5E~>guBjyWQt$?(S)x{!WvhQzyCRd^4zA*Z2)R-LdJ8B%ArK~$RIN90heOSQFzNo$TY?qS*^rd6N=Kiqqt2pOvb*hF{DX(wJ zY)|_J`g-&0=xf;um+PPGoS>q5Zwi+~VM?zGT=3n@d)ZYE?fj*{p7v)4_o+T|gy)CFKl;G2xT#s`TVs73 z5)6-Oe`0sze3Q5Rhxv{^UbolWwI_BS+&^*Dg>iki3|#Y3ovY4yCJdr03ilgfMaYQKNM%SHuSj)*Sk;NN`T_~<4Ne9Ii( z`@-end*zOJ`dqoV>pRCzD=ywNZq&7RU8Sv(p=|1L=C@0pXAXT@ebyjtov?fFG}Y%g zW=OTy$x`LH#1@QdrJjuJUdt?f_SpZGsw7yir!?9Xu98>PMWxHF{U)++E$<38=)yDQ z0UlmpoLlKh)mKw5m7Y{~HL3K%ETdtJ{@W|%zpDPOyCp;pN?fu1;`0JZt52pce$*l9 zM#PB&J36&p_<8@KsZG}&u03`6eBUQe3^|vI9h&q!VwUqY!?gVY?MH1I=6o^G|I2Xy z;;ZJpoz}8d-y%*w9XzykoNvGB`&Nv2d-=D{Cw>@vtZ%XDb*AmF)bQq&7ojsc9`)(o z^5L?ofk#KL>)i11;Mls_TOVr_R6U+G4=5 z(an!~tl4>O(e3y8RCDOoYv=N+U1yaq-LvV%lHR`QHTRYX$?7w%^=Ey0#}Ax#RDa<8 zGPdgPqEvt9)FxVzgE z%ox3U?y>Knx05R1l^X8o!w!2VU7Ob}F6m(X>65!2-#@eX_Wy1TC*@X3trS*k4OgRD zaLE5u4fiKuoAueV*-V{%_WSzmsru|mxtSAar_avT*SA%sT20ZQKdnq7-)>nwAwAwy zy-8$r^#p_ZZCqfIIaS{%cXh2k)Hhh?lkc**r(EiBqllXhgXH!aw+Of-=2Fdab1G2h z^IA1xmm@p4r1?(AwpE5~FFJbQ>d3?8o)wtAIOoI1p)acjeE7cC|wG|~BD!+O5c9_vRJ z+f}>Kg5z%Am9295^SR06%T4>iJmc!z=1qQ$UcA{|pFHBlp^CcH^w`7aoQ|F}Dgnu3 z`qyuFdO__LyKBa#I-QL!vGi;MlwcV{U%w5%F>S%4Nyp9KUZiW^nO_*LL`nJv!ux zwtTf6;d?jvwAxkl&eB;Uo|SvM<-2J`E-o0+zw5#1K~qN0K6>bMeN)(P^}dN&7S+7Z z=0%0yKQz(v)JKUug2z9tIr`w4%+a&n+1aJz=&hU17Me8v<7&SwzkQ(c;T1iSf1h8} zUh_qTMAL!RZCC!}(BZ?ukFH0xzCXaB?dY8+T<=Z1)wsaHLj5n6?=Y}jr5YReEFGV= z$mi1NQ_Vx-Ce7bHC8TFR-$vigFzhaOt#R3k@0PCC>txMw;p3_nbw3_kZ+cR%s5{4+ ze>5kn(d{DH0~*XaA6>j;q))B)Klbe%Qn+&MVgui)vA@l>p35H8Zyvq!{N>ZGvGuDS zpBk{gW|szy8VAiUmmey0_EL?lb66vBRgfOrPj9q+-8_uN?baIkNLy`I#SN z?g+{$>7vgm=_rkSy%gJja~t|k+xht}J?3P8qnB#O+VU@87gR8}sV0{q(wfh^FmVlX zlU7IGcoBW|ycO+(%Gv8i4RowsZp`SaySLY!6Yf}TQt)SER@^S}^vrX&`+b^3hhNY) z&bNBOpiq7A9PcczH}6KxEtysP&yMK)hn+OP?Q=BBh|M|iR~$nMo_=v+W5l{vZ9dhG zEp(yOgPMnHIzGNPXJSOHE2F$umb=rz%QSk>%%wZeO|3ZKlb2<0UcB~bW9`o>Ih<&5 z_3awd-b)|m@NTVCw~f!YH5)PKbeqm&KOFK+deWoYllRWPR_~j)v!+FyyRoaGccDgu zcBEb!F#g(uBe$Qt*w$g4_s_-pOyBXaude^pN=ig_ykjl@GDW_*@!h%DYE?$waM)D5 zM!Oz|@0eH2DL2cne6je=cC9C_UB1XYc>Ul)KRT``J96|}x7vpmOV1i!r$|rd&<{;f zn>!q;_|eqL?SGjzyT;l6<&PZrWvq)wgV37m;to5N9awGJ!)^@<6n`09ag5WlsVhc| zh~6?cr`U9TPO-_knQLdK3Cby!CDVrH?jf!~i>1n>WUa>T%`4CxO_ZantrU33MQDyD zT=KTQoXBcRX|@JEsnmCo^G%CRO6F0TnCNI-)95yJ!u5J-*@rdN zSBt0}S~JKRo?ZU%__b^``7wk%q7ZF)v|>(<=M8<1lTI%$49vUo*8DiYdC{HEitRir z_W%{mkNHb9SKdSaS8|||z5<(OSJ)>n2lA!(wd?M%;IJUsOF^NQ>uxT(Eu;V6+Clmp z?VH#0TCV4{ay>66^mD--ub%txPDs|YkNMh_Kke&Yq02?58Fo*~>#sH#wasI-%ZelS7fiko-~7wL7dk&p&YAGTr>5CQz zn}2g~L#H84#+_R3kalrF&r4hHjPnVq`C*|_sX?1d>sB6{;nk+&`;AZ84{tMj=)*yM zoWH;HS;5;|R!vS*ip;p@f2FC@mfiJdEtnG0rtXO0`+~m6%FNIlbuZ9t%g5h7D0b$j z0o`|M`ue#S?9_jEv9>ciH!ZI79$Kv0oYn1{&lxar-|byX*MHk=<3g&m~Lkoj*zXJ~F)8#H@+E&)ezG*69A;pldI_9COxj)1jze zN4Z|Ud$ITq{iP%A<31SNxBt}Al{1@f3G>~z|CZ_ghN7F6Z;pTZV$-75qny4R^_$lF z!v=lYe4}qzxJtmWqV;MgDVJt6>|OHw`d|DHRc-8ie&@3NqkWcMx2R^(N4$C${(XGoXBRp~#&7d<9k!}gspco@ zm0lM!wD|{hwvBS1)hm7G-Q7=jE!+S7^Y5D%*;=mb55F~bth{9Xs1i4l5^B4QF7J8y zeD<|3sz0|i=vzuX*fd}BJ>-IB^wdLH4W|FnqV?n5tE!l%n%lk73jg$rBHfi9aotDW zzkJB>MXBhp64#CTo-}C7*mu%*(8tV)niDyu&7Ym+xX+NDVN!23uQbCrv}JAZeIn>x^? z+(G|e-%IHB?v+jt{rfEM;Mk%5u`XlYt-Z%mG}~u-|@ORCdTjK zqGMs9Gk^H}=^ovobB&+RUi;*$em^}e>$@~^ji0_%|Mp+heL8LPj9EqfcARK&?84kH zhY!2b=e>=G1GYCAacocB=qrz+=WYEqFm0Pt$kl7l>eP2^H|+H9m3lpP4c!qkxNStq zyM=q0e!Xj|IwQ2%_$jIHD~qm-dGOBN^CMgDIA81JRmI!M;lZBgziv+H*X-@~`|6zf z{q*CRr9HEzE*bOToVdG>?tb^h&8O~*3!i#4dPMt?EdnC;I5oRia@-LAlCg`|jNAKZ zhQ5vK_&#UqH{Vfv{l^{N>bk-?dQHQ|+c(&k3!2@3sr}+c1qv0aTmS1?M{CsD73EUm zy6K0V9o=;`%YW})YS@*>d&eu=_f2Uwde+X5f}YNE9ufBW9i*2ll;QaPZl-_u>!ky%rt2IBB#;gOd@9u5NvLeEp8d$m|MEOQ(BY z96b6;y)5IcL%~PS1#BCq)N8(HP_HCMP1j-iRyt)`r(;3+54&d*9Hg%uq7SMS z92^`bC(IDNWi*7*fAi`5uTF56E-Ywub-A&u>!5jik5?G9!R=_y;pew!IXN9#n9?S5 z*PgJB4>coF-a7yDhBXa}^$K~}t?l={AH5&luglNF-|F&Wb&bT)&B_;CF`@8*0l}L+ zieKwBtWVU)h*b+FHtXx;{o9WI55`2E*%GmtLyOb9;IhTy;ylIuHuZN@MlY!+K_|J-ujn zjhi)EJ@ile(yQIIO%8US9W*UyUDG_hbZCzIU5{T^H7|bai)$YZZP@Dcw>`H0cJzd) zev>v^LTa~~s9oPUDbVA_sCLbMKDePz@h-6%)1Jh6J&ybJ*Zv$*+<5#8-QBIfd$}Bs zPcOK;M#6ht=PVdmwtG*#dCK(ZC)PwhaUB=?TMfss;-i|MK2z%8^JPa$@96umTU5L5 zUZ*Rr{Wj8JaLNu(ALE?~PolPuE;em*y&|Ve*8JYNNb!aPziPVjf$uv#PEGoxs4;ox zH$zsfYS8EBz^`p5xU+JCJE`}|y~iSVtQ^#N(s0hbi>2jGebq0bULIoyms38zk6wNy<)vjXMU~vR8P9I+YftI_3H}(WfC<(6}n#d#Q65Jh3PlC zd9Q5Hrg_4^rH<1+tREDzqW1Bv{c1Ekm5?&@$IRNP>)eAbZJqQq<>1`u#mn8k-aD~Q zbnCM-)~@s&c%nw&tc5up6uTu38^>KsKEJlW?IGv-q;IUUH|<2j7MYrp#eYi8Dfl3@ ze9WbR(U}!Gt~vYZZxie9{4MF6;ovr9BC5taFFjjcZ0VoiYoeTSqq3@9+r z`}&k+3%j0c`I))k`kPa-4%NT%R)gMk+pZh)dvM8JB$n{2u(sCQGt-`yjp^H`sb}+r_f~zg>)N;;ZD$|)u~q*S z9b*bCP1ZyVA38TS#q`2u-Ocdc^^>3P-4fn%`0!~P_dc$BX;qO;%l9|6Mx95>=*MtpSZ3Ab}nKX>rh z($BGv$8w+cA)UUPo6-B%xjA;NQ?*9ibzvq>AkqXAi(ZS!%PFvEhh_Zgw zuIRh-ruRH+h@R3X;$`FEcUp~`lRZ+Ooi%^>zxh1<>KAxg2j$wLGEw?+#oetpOoD<# zg7sngF1ZtetrPTSeVx3!GxnOG0DV=xi!}hgb8r&mafE5sfx>$&bHBS3mgmbEmF1fB$&Ryur_A5V1JNbFaT2n#;yQCv^3TV+i;m1xi!&=e^epYMCr~NNZv08B{@}z9SmYV5Po^}>lv3zo0UFFGbE2x?H%n*2~0C2*Q z6P%$Y4{Uk@5B*{rXhI(PZDRB?kb(~o0>^%NQHB69hIgL_{@PLVsq%#78@`^0Tq(WR zyn+}1TL1osirtCr<)&7D3>tqS8Nj4(*!aqz@wq|c6NARRED9V`9oXWxT>fu(*X3r9 zU5)6i?|k$7Qf@v?kXyIql0D~jgT@(yAR}TAIN;c})Qp=iQ-6AVI69%QD&7V(pA_R&@1GEsjo8ze7(%q;tk0UdQ4vJOqETF z6cMwStl|Cf-R@)gX}9clpIf}3)Z>C))D?$`=cjG`eMi}I@+{AmmGO#g4(#0q2FK#{ znU3fwn;xs!m0+}tM@RP|-|db+eN93u6!vvawYcw=@Qg>6t$SAE=KF!iI0TpKezciq z`=c#x1v(D9+2hVtMDz zip-L=4d%|?v!&FZH7vcX{630V?%|opdB=_{e=H)d63n+T(}mL@yKL*FHH+5oc+9td z`!$CB^ZWgNJ3BI!xd}!7J*jiVFu+AtF_3fnOUGqA9u12^*sRv+eV*beIQ5LE;a3y=Dtoy-1eXgpU0;y9{oqxKTWtB zZKUJ=I73c+y;nwrV1Y;1^Tr;QUnf3@zLQ#9{@pNhfp~(n+V9srXP9&D&N$9{^j6LN vghv;@7y7e{?JrSJ7LvTr{FBep>gB6LLY-Y9PZ+I!Zgt(%b?OMX>&gHCq2Nnf literal 0 HcmV?d00001 diff --git a/Modules/AzBobbyTables/3.1.3/dependencies/Microsoft.VisualStudio.Validation.dll b/Modules/AzBobbyTables/3.1.3/dependencies/Microsoft.VisualStudio.Validation.dll new file mode 100644 index 0000000000000000000000000000000000000000..8c4956f420e13c59808569c3a74248ba9e8d3f5e GIT binary patch literal 37904 zcmeHw30zahxA5GXkc0%nDxd;JK}Cd^u!@QWK@>$rzsDJA zRMc8qt5sXI?o#Vg_qy*}i`BYTt=8o`XYS2{*!KT_-+RCJe&6?EbMBmF&YU@O=FHr= zm$XaY4~c*fB82bj*Mw|>D}E9v{CiLeY9Y=5Tf0IUDP)X_5G_z7 z992{fR|R}4;7f=*Ewh~6NI?7P=L$fe_nOH-zp^KwDE?=^@+gwvv#yMgZdj-wAOs3gGMTNg$-114@fGq5t?n+gRd6wyFua zlS+s)r9!_)6H*F(2`PmuPy4$|ARD3}L>g+n4&-pwcUl4=Ok*Fxf-ww?R%k1pE_f3K zyB)a@o5IkZ4NF%K)%99)UgB$R2--`fNX=lUf~xx7uLLHz7KM0&b3!}0k&s3pVgfmy zw1o`;esk6s1azNQtmz#qi}f)EQ<}h}vC=|^upwXrh&SfN$JtoW@%k#3^n)vC^k754 zy5?*#!1^+An2VUN!bqD(vc=%E`Yw_%7m2Y6RRq)k*4PxvuFl2~o^(m-942x$HUsp6 z$g~_=f?ySe5(X|Ti6buU33QeaTW1;5Mw>k~J4-8Ou*F~+b;>cDoRSR_3qk@waTDlX zn2*4BT75bi!lfY%fXcH{*f3Xt(2>%P4RaBM^tFp9*>DF<;eV|uyq2bL(A2}O3Hs!v zVu&YP!QCF-<~hKV`i8NhQRYx^2Yiw51AOpr4ZbJyst$Hi9D0BYf$(NW5f5n&^^PV( z&uA$G22f-S16l|Kv9*&BnCOVmMywzt5DPW!VBcy7OT2hHS%G;j)N(WwHNg;zLiY+x zzo5@y3CnC)9oCO`xnOByUvPUknAIfoqra{pVFf~?5*_h2ArYsR3bjC? zMXc!=wkM`-hxrJnhk0_&F{*$Mx?o~U*-$TtU(kyA65=-kXvRnYVGUSg6v~A}Bj&*x zW8m6YI$iG@DHQp963T|ggv0^~`q~mMp?i7Hhx{v^hXzHVp=_8)5W*M3t;NA?cpb-Z zL`QN$!`bk<0;|`A;5DbE)Xf~X9SiX!bRe{4!)1Jc(Kd1*QcbQ5DRL)lNF12#!-lj% z%VYTA;`F5O{SXVxt${m=4eiU0Z3Cr{cmObMtYjMb91`kSuB~7N&Jn&E%{gJte4>F# z5i$%qC@{ChwnCr$tCDO8TyL#*g^6;BpP-I4$Uf}5^0wCK6d4&gqqsCMr&^fgRfpYz;{QfW9%>Ee(xe z!zB>s5HFCs2MR(UyFpa4=Js$M1<5D{uP7w629<#g_Z3a_!m{V(aE}EbBeS1J*jHFwp3e5z3m=p+A%)7y4$vCUi8i z1;*|`ZW7v+N9jy9g2#Y{aZm|;k%I38lu-;inD91kj3>(tiG-W^-otQ2Ts&DG7dG*3 zF5`zO6BINKuh(QO+(Jm3dvb~_sL09N*aK)%q0cL!Oc(+wP3q2y=&~Vf5!^r_^KBXyb5f-pR-{EaDpGy%CCTfqj?IDZGYTkYsfW zmL1$eQAfAX`SCy9FKD%cUl9E(zaWoa)**6X`VC=gZf-Fg%^YhK8(!~i8xx+5`I6t6 z@D#dNp&67XV3rloa$}*fFKrL<64h?qop2bJ17JHsWH@(C3o-4&G={W`cP^r^rmV3a z)Th~_aX3HDQbCvmrhk7_EHV$E`Z1Tl){fH?t`>xgxmffTyiI`+6bNf7z%|C3R~l+y zeOmYk!d%%p=7FF-WDtN*HY6J_W5;??NBcB63I&#K#mySvG%iI(XuYv;qb7tK#8P_g z8=e5qu32jWwq6I?P61$}gQoyX$JD_fu%7}@G>{$5UqcjVjN7+s)kPHVITo;5($53|9nrtCQ zbug(uDzUdgQPAyQlT6VRR)C%iDS>Fmv66;%a-ax9^hjy~H-SJyMh5dIfM7IpFOIj4-k2hlR20)nKW!Gn^Ta=S(EtoMY>-sF6nSg+7pZ@O=qi zq=S*91$=)41m-b4Q-V29V2tUp9?Cd=!8KGy1Xn^D%a8}2AW`CaZXz;Bf^dj4!cwPd zxfjWELv9Cgv5SakDZC(S1>968gzrgwy+q^->7Q~DX(d4zDH2IVq`Nc9e?jH9OR#*9 zmY37=PfkdgBSg4Mh;5B^&XkGB0e6IICxjP-rJ&8-X*Y1QJ&>|gfY3)&4RoRNYJrHH zq7)%Px{7QEJKZR3OJOdBJDjAzji>tGbw$ZiAyQUQ`fb|QXRf`$l8K%OM+i}7y&J-z za)en_|9KY6&uEK-sSWp}&%m~31mO{Om^;*xBTQvbvauZfGf9T!0IK1Y>nKkVNfV*R z7PuxsTaSd;m-ne{LaN^+MR_T0Wf-mX+7opu-O*RGToK--y;vf}x?Z$=j@oIV<)<#F zp_JCuyJAm&p_*4x&CRIHWh(PKj2e#pbOaD15D9S8^p)_MTOS)X)TtiDFe=^2Y#xJf z1}qq&qz^sMM63}+P9Hc$g0=yB2y1;IoPUT(8DJCK@;nNO2gD;{ecd@sL9rAb3nELv zir?8h*erUGV5(&)&udI2hj?=Jno?{UuTw=B&^cX{=g|l1r4whsI>_@p#sJoxVv}4D z^CUfKz1via7o0DmovW!9h;rJa4`2@Tftm9z#a{E+7>b>x{i{P@nnS&_qTL|rL&_+2 zhsVk(RxRdu<0$qLA{ZsdQ*1Pq^d%E1#!^XNGKpflDbJ5grdVCdt4pR*Y#-&-Cm&Mm zGaj2su?AGqpUfhHhVCT8m5_xHadSu$ve0dxs0m@DKLY$oc0`m}8t(Fx$t?X;hVUy2 z=LoQ@r0_?eM3Oqd0GBbR08XTE52ZMkyE0E1j+?H)_?zf=NRBbsy9SnR!yZCQBW>7Iz$V!+x?D$DQ_0}SiVUdOG1N@H;c9qM_N*BE>VKjt;rA` zdj)=JLyCDU%d;KRmXzAC2yp`W#D-OglgK6;7ANjN_S>*jaVK(?#}u-7CXGC_VLyuD zXaLr69HY*%6XI^f(}rCTcPGtk*fnt`iMCLj@z&piHY2`VQnSDiCYNQg2=OjWHf1H!_p=1 zktiG1M^a9D+pt{8L^9Qe86;E4_cm;lWG1=KV;EU;$saasqGTQsHRIY-$Yx096F(li zO+J+@APacxOOH<_i^vTgJMX?sQbDppxq9c_H%ThVj}+tLa}_yBF)pL5CKqkk5y@)u zlEcUgDXewG1)gR=?jdsKjASiQ*s#lzb>t|;#*tI52gnBUJI8}8bwsj(c!zQIP|GF~ z#AB#sGihnVE=#tMYKn1Mwh@7XTu`IJ4mDrs}k=f88$3Vyq9QgSgLqG zDdw>%*QSz#6D3DT1&^^zwd5G7wqf@qCrC3TXA8@;V@{D69^2&c zL~@2?P;8c@q5Os995L~jKp4)PBPBfMCS;w@kut=XSwtaqWzUn3DQ_lV&d!&}Q(khh zr@QkNBE)Sf%|^1fR*vQY?-_B zbuyjj70c=ZwvOlR^Kf_mg>2_}S3SG|yUg>30k4|e;d#?N6oAQ9)G|q5*4_CwoO*NE z1d4_5SP9s2n?!RMnF_YtCOs)O4r0Qc+#v%g#zoz4WUvi$C%=)gHmr&BT{4ZsB=tPP zobQo2HXcLnk%cv|$E0l?@SnC&PUBG+kl>jNLK~GKn zeL)7j*l>5N06eu<03hn1)tdVA?2y4XKn{=ldesknHde2U;sXrFRQAqkx?^&%y zOE`KPpgX;#^*6b2U+ge;Tw9JZoF(W1hRz_CaFiq(UEG}d`_aT1%927M+J^dt)SukU ztw~31PP~4{_&+E`4ee8}0DsNyWsTui> z-l(mIn=d~@U$|LNb1qDy@z430tBaJHam8_WLLXV;>u&A4H8RgbK4HnvG(VgNU$JC3 z&1~Q*XweR>@!Uq7|Ni*hs|$zK)lIWSob{Gozi{)$GZ=L)4kT7{owQiVHnvV zUqv=E!#p#|WTuypA#qg0OvYcZi_B#5VLjC|8`v|Xg!zuWM54%d>?4r*k~}BP*qh)o zHT$8fD>IX+5@dq>UKbxI%e?#nhIlk#9x(M`Kj*<_ctkR(>=r>hz+AYe>dvD5eb^nY z9hp9?%&Rk_0ZJpVurb@6S;y><4}!a}MxG;?T}%hBNdRSDQ$bHtukMVV)}Og_ z7tp%y1T|DL$Cz8>3uyg{z=tUT$_5JIG=;dk?`D$0{`1UL+Q+NRODG|%X3mlb=>cfH zgV$50jE#^!XC|{Zf@lk{t#*QGWp23Md&K2^6MMn8l*cQ8U_)a3Cv(Gh8o$97eAZKtIwNpg++9 zR8Sa9Rth}fTyT#_4r91Uz!DX47P2rtGNGKbB(4D4kQu;DAZtaQ5TSbjjseKRd6Eny zX9Dzu6C9*Jrtl?&Y6dBZ6sA(xox(m8YADoGIE=y)3d<;*OyNul=To?Z!Y?V@Okpug zEdeMY`)TdEYS&^!Omhzxd||s)FT6B!K9q+=L}HT&$%gyAPme8 z8R_S&g!j9$0oEsafI)EXsU*$GOn{MO8Nk+L8^9zg*_r$Z(*-gP{c1PGF|LGq4h8I@c{C6|F@wXBj#R#HiTAi0Oi?4dGyK*r6binel{ zEF&>4*U4(IjWFve{Eqm_1WYJs7BKZlZ<&xm4PHeCegY{v~Du{5WJdA zWwNP^hRWnpnOrKP1wFlGr9c@75PMNdCCjK}89NIo<5=wVcoxTKJd0ygK_x4w3Xp4Jji+iZHDyruSmApbFuTshDz;$)K&Qfo)e?sdws3ngm zBm(MZK|P2)Mu4^n1Sl^Mpu9kU@Hl}Vy9$pRd&WC4y>Ce@rx<+BAirrCn?q!1ulrJ)*fK|?p!T&f|LYS2=v zN(I!qB ze5D`)Y}iR#*-7R1Q29Mneh-!3L*@5S`6>a<;_KAf>y&<-(r?f{-k_c#LK*s2NTXUv zqgwbWnF?<-P@fCY=L#wl1oSx9AW9FS^k9&OD5cya&@fPzL^UJ}(dXGzXExdP>33Zmzas`DuDR(C= zS5fX2S|%bIS0bFh3U~n+avG&5C?!~gIW~b(5-25`%4AbYHl>u(as`DuDXbEqRaLa^ z6-psu+6ytZB^1;6q!b0EBv6=a`h zUZIpLlyZa05D9Hvf~_lPSwYLe5*q)soGd}BvMD#4Qc5Wt5A-{t@lOE&{R|u;LtOb;!pp;-|>`|~Y_9%hU6DU2~8S`*9rD&Zo&Pyq!lv2i1JrzJ1D6629 zN=n&D%T-io71epe8CP(C*t!($7fP=Q&bTI1sFflYAaF~isBJuz8Be*DP`)Foq%r_O zri#*UPzpfQDWf`Ns8bvzDQp$KLIi5;ZP{|5P zucVRyL2@UhR8h$)ki71Cg;H(+<&NkEl>`Wq#D$Kg3ymcglvL2N!Uabm*ahW-U8tQd zD4#&N36z^m<+CY8OJx9pOexh_O6lW41Ne$cR#18crB_nTJ85~R%OmJ%6_p{b)E?Ja zKoPo9Ur~yJQi5GECnr$KcvspNN=cR@JzGx4MUM0;O1VNQLN}yn-RKJChWTeaPzK7X z+~~}5!-%>;xx^jY4R*&UN_IzitvgDVQhF7oT%qL~l&!C~)h1&Wb3Gca%uaDYp z)W-}d^hcRs3X>_+0t7BC3j?sM1qdS;fSQv75mr$+oUA9CiHPaR=$J9gHs%NB9^=I- zSsC0*d%^v;4{?RPDc-xd!SiBw5(xLx3g9$^I~xLLvu)uny|KIz;{46oRodmou1(w6P3)syP3s?;&8MH?u;n_V)N{BDOQE)E6l2W+a zVBy(&0KiG40l>-7KNg;<2LYT05Bl(Kt0}-)aL3k>bcPn@!bE2k`U;{56ul zM)TM9{Ivsr?MAOcIMd+t^3i5%lUu=8?WKv}-<3|CGNjni@bj=!#lt2^lhUoCuRkZf`ozQZ3+E_jYa zid3X)aY2D5r$CpjCaLWW#f3T(kENS*T79m@f}AXkc_<1b84C(@xfZ?AfLMl3qwQuW zD5*hhKU`<9bkrEM1v-<1PKyz-G|i|IxM)o9)S(D87%Y(yh((a12-2pDQCnP~YfG~7 zO~w)JN9O8^u%#5EsbdDb^pmHv3`*8mG$c{0rPs_7vqe{^w6|_ncF-AgCVejHptmF$ z3k&s@R4s~=RCBU!u->54QZ0b#%|%8tpk0j?TRE|)NN3PObA=j`GuW$6obo%IGSG3YF23yht{ zq$L@;q5@5>4t$3p(#_N>UvJT679k0|R*RNl1S0g?OeJuztOg9CH92~*VX)P|U36x% zCQrwWhylE2&=lAP-O2=gR47HGFUZgsKs>p`pefYnrW%GDhf+%*3Ul)@W*y^~q;kW` z(fKju5Idt=j#+0KPN^Bi1`9YLtE5QB#V+ZfvmlmYG8XcbM6(%uT~Lyxw?JdHdy=6u z8;ec3I`jfDIU?wd6mTNtAYvO-N-1)T8)9vSvaF*+_+aPlB)v>97-Rn8;l6NgeFK;9Zny z(G_7TF3!uhGqW@%2#pj>bR&$Wp>{^5F1HwhvLp!rEE@%OPLk08;|!VHk=R93lB2^U zVwZ!s)oXDO`SfDv@PyRCwK!b%t3^&MC@_wwsU3n+Q=4itqgTGpU~jO7+M2BPBP}|E z8G2)vwz@n8La`_0;j7^L*5?(QH0aUVHYDrJ zxh6ebIPJ_DLv1I+@~bly84J+o+#AyTx@{MMkj>N#)>%q2U}ZMj>9Cw?U^z=JC`c_V zGMX%zI*lneKV4(VcM#%cCp8puhGrx!Iq>NyK`ON9q4yi)~*Dyo0i{`(DY67vctXr))U(vf%0rC z2q$h^LhQ9WYRnv><;IFbhT|@SfUhBc4<;!En!Gob79}5>;0jy=ttpL*50Yi%3&7$_ zxKdaHm)j=sjJIu+9O`7k+N;mibsW%sE3NkIlTD?&T?!;^blTfKGD6npccts=&*IjC#%{7puDDe%qSjpVl+F4hU z1^XI;Z+13GsrMVyn_M^CHpw<7}FWUWXMc`H{Z;x$< z1Y~tw2l#^tx)xE2gE5|?d?=(9&NNa!_Ltg;EuzN(hlH8 z)?_l)Ak+Fd{?^9rb#&G{9h`5tGsE#E{H}|ZYdDZn^eEC-XEG9-O}+G%e2jV998EN6 zlVEdZB8Bu8fuwSg2YGb39yWx8n~Uv=^#zET>7U5hFt`%}BF=4V0CmwAU`GRjgJ5l< z8(k~qUl>2)cw0#Fx!Xf)@Zer6*@$;?+-?rilfIB2(q1MF+?JWh2>xolM}>VOx(hvu z0ScHhmxJ^ICn)Uh;1(VXQ(|f~llH?PznO_1ykyeB z=6<-|SZs#Akw%OE#8#q>51_6uMFM1>hE zVUtNlxNEkBGvsDOsT6_zh=ss8!w6h8pa_QvuuCLe;Et-R4t@j58i2HHfha75DCD~$st1k&xMmw5@6>m z;dE025 zzZmpb>^j`guJ-WPU`0TMKf0`MZ`EqE0qPXMKT@YQFN+XYGqp_%&;&1|>EI8xb@1k5 zF5swB4{aI<>5>R-nt+xI_;4z#0bdkANkK6a&`nUzr+!cXPY3@DKtatG_@d8XV~oGu z(*QM@X>Uxlr7lp*0N*^IgB7lJOX1Hvy^3hdTCgP-WKavKkC+)OGy+7eJ%PiG6&z{{ zMng~FOtfht)Xana7lI7>ZIFYnkY|Eg;I+noC)WY$>!AhG?C+#9LAwd$aFj{I+LB$t zQVX<>qfz))U0wNcYEQjtwV0@D>*CrfrXEd&{wG84218G9oFOjX((7I@E_&dh*NZ?B zN0+EmsZY@3==%b&?#*%ULTkYCL`Q}MWCCu2@yC(SkuGpG!#}>)FlFXE7DO(pd$-G+ zw%QL?-Wh#|2o!`7Di}uM1i+&X7Ud!Z%g8+%QcAcJB63QUyz z1`=@{kJ2(G5H+#_DI>mqs|*XsE8P!IT%e8p@SjLQD478HnKKc{J68VUF;xs2d_eW)Z{Ei$52${QF;~IgA4pe z`*0Jim&>6+>;+sG!gC0(_YpP43@y)voKK51G!u-5HoUcm}eOFOoAO^Bsk`@LFk(Z`VSwd0#L#` z!(U3As8{^`{hi@AKF~o>0=1r{UwV|Tll(Z^>-C}Vi``2r;29SYmck=52uFB}jv$_q znW%=hg&{LAM11Uduc|d??=Mr1|J-fOOV?Y~FNfTjG3igi@Pct^^FIpwy7e!goIQDA z*Tqkc$9OelKa`o;JS&~^Ue(nR?lbm^M|5je9U=edSEoBSsvGWHey{q0wtt$-tX-?; zhYZLG`&<_m@cdM~Wq>jK=7X^VzjCXZ8{fqL1J5L#pQ3Q*tf(%1kI#~4z|6tCiR*=q z_^IKK^_1}9BKK9pPh3R7HQC(Mu6PMc>2%4gC}c-)Q*e!ap@! zk%DxT!{J7I(Dn$RW3SNr$jgQH;14;05=VQ2o{s{(IFPZl1~(e$KcvJ0cQDn0y+f@k zkVd;O5LKW97ib;T(GsX?z|bE^$MHpNYOn}n6I((q_6;q8M}S}#*UOf`N8d!iKa36y zlyQ`}-k~><8wn6C;$+b-^esjb+K(l)3P*(N7lu66iGV9w))KgCz@mVP`qestR zT84IER73$DP1{8OMG^%!M1yHlIAm)0ha%k2Ylvs5@OLbM1hgLNXnU*gU{iU%pk-+q2_ zG|aQ~nA`=(sOu!?qKlTCXPvdNu#+|f*J~;P>k<6a0(KfvG#jqiqTF9Xoahw_lmLxW zL3fV?SOkCt?uS21Kp`xF)go&V%2qPgqI$7g=qYRiJc|Z{4c_jI5DiD`;DSq=T<+t} zIMpJ8B83oEGZuc{N=1iNq5=oPCILDCUI^p*;ZM6SVd+ragb@M%Jmbbe4k00j6;F=C z3@-J@B@rNoiyYQ$2qFb8_acM=azO}Tog^^eHz|B3kU;GakOGDr{$c@sgM{HhO{**F)c!W{~R>-|=Pn7Vu zu0T_QPd`1dio#k)0ivMa*>)Zazpnyov-N2tiDZa!_bP>rtw=J$!wv56QmKH`0tJ0Y zU{>HAtZBGT3wIUC40#96HwumTQ_V%i76m<~qvw z(8GHLJm}9iYR#ae2}2s%TK%g-VnX5>;)=JyW_;#Z(!*2`ns2cbnOn7Jkq0Mt#W_m2 z>uynKJ#20<+#GHW_34Vhe zrmzKyqofoDKDm9n9v!GV#t+4}a9BoFWb?UYoszpsg8_Psv}xPMN=bj8vK*m-VDjW6Iruj z1dNda&r$IKG=$J#c=8S7U{+{MI)wp#@!MQnghw2})Eg8Q{7G;K8+?SPFb-CfzD73g!q6xIxbKMw`}!W8_0dc1*q zRv)IY9Tw3iF7Y|Bv6|@I=ooceWRyd+#ruXjDTvveClf$0LbOAgrh@T=P`oqql2(`@zIX z5LVUJ`1fZM_@mcv@x$AWCpv+s>fb$~m;#mj|L&0D00=N4O-HN7G*uMBBWjq(28#wJ zxyGWvcV8?Dcw(r4S6c8eRmlW$lDW434}iu1c>`V^Q{=(hV@f9FFZo>lRfIHZ)J$PC z;o4)eaCyg)4><O6uEk+9kjbTICDS~K8yT=m3u`>60!QPD3QeN@ zFwP3xAHbt&Wop*Gh4=PceZ6Wy&p7Xdmrp-bzv>p)d$4?a%%G}<)pNappA z_6yhR3XhU;D+}8UhMyAi3~u!Eh^5U^nyuN_^w+CrtILlKOZ#EjvFon_MmBgV@JXuv zedL{Q*KN3ZzxeXfyJwf?pU%?dpUxk1du5jwVf81r`S7Q>r9&0#J(u=^`9hXF3tU2& zF6o$Rro;C|DSUIFz<(e*;ot_2@ZkGF8GLhj27jUZF9%XaW^(42Lk~?89V%$I;Kq;v zv&z@ZK^@7h`fK_R!gqT5tNWY#8*_&AhyMvf|9{-r^yfEV{T<#Ngq_+yS5y{hb4X^# z#E9q^!W-miH3&QX&BqwP50E)_rKWx2OeN(5cm;NTC=m7}+eZqP zqX70Knef!0C!CFEKq(dePb*ykPX(9)W&CUt-g||6G6}qsu4yBoS6KN8{N6qNph}$Y zj-O;e7|^PLMLz`&;qW{V*Sf)QM2DYXg0-^fmcRhVdIcb9J*=YwWUUZ?PlN%R?9Ux) zYdS||?8jkIa8Lt2ARm(isEf~&3T@9u;I_g>!Dl}B{Kx=L3yPry1)TZUJ~mVU%>d^o z3b4>ZE!0s-d`6&$zF42vaEFWvstNmwPa;Y{5}$G46EP#`z~@`=Tb@K}vkRY77(lKo zTu~A~wU1};e-YCN>R9`Z&qB;_2!s|mJimHt-GBF(l#o{Nw-NTXdO}<93I()8pOHZu z_H$G`(6t}tqU{Cnn}P5v2GA#b4r6`hV((q;zWuxQDZ!8QNgpYN*5Q^6+Q|d&70_`l z0$-w6^1$O3uxAyFKlMMEtKu{(tlU{ePUn-$kj) zn=m5h(1{%^i+f~$vk=z4ieY^Ch^8HGC;?wWh!Tp zpodW8#rDWld#OASk$6daY0P-*W-%Jn?kYJF#a?hws)ch-tvXQUj})m_9oydC@u*ZC zqH2PCfmZ`ZzE-EmgcpYJhA=%TQ4s;1R0aCFMntM2)G>g;r!SyUDs`lqM^%>p68m`j z1%F|`s+?)$=qMOFK{?|FW6em}a)u$_&)giIcHen-^{G`?oPO`P?Q^xi|Hy2YU)Z{) z8QOk_UAp7^uTQ^7S0=xI^p8OUi;9FfKg~T=G-cNQeEB}#CLgwqIDb<$ z#=X$v-X8x(*A@Hy1A|8H8FqJM??;~mHykiF{Ho}|Yj(nS8=2p`fAvjLQ+2`c>~Tk` zR`g=>H%@)={B*|I{w?jKT{9)-JUQY?(0nrdYp{fH2PX- zv&&P<4ma#F(7Vl;fHmutW#@i*I&Ht(Qs(}F4#r7I*9vFI%GZ=M>X*B1P^Z}=MkTyE zFnQ6`qbZ$ACp0KxEPLjh@}6rRdG(ZdNnA{xDf3g|uNGy!nM+s*RAyN@V*rl~Q8j?E z4rna&Q~B7UIbOtwBoOOPPGW&T6@UWpKN1moFO;4gq4L*6FZuDC)j5(qtwN)l1*zI2 z+e6q^)uytQs--o!WPdR@Y9Ez12A7i;Mo!C^=;qNXRYatkGb0GiDE0pN#h}sOH6p!l zn7VHKy`d#2;^%u`sCr^M4TRlPT~wVbQY$)4Y>%hsaCn|;Dp1-^&FL9>(NH~7TfqO4 z5&vMo+ydel-hPDeg~%O*ksGdx4Ohh|K}glt+Es=T;-v0m#Z~OYwtN#KMvQn{6YyT! z-|4ofT+n7OhIuVyVLx4S@?metmtZ;{KtJn{07!cGvT>Jwj7Nw_6@w>Uf zyx}ZW+57(`sU$+B!e|tDHM6HW{5wWP5{xbP$VaD0EQSX?_?Jz#qz9=lRs~59l3gq& zy=V@NM)bcuDgRUYyCv7Am*j1%y8hCcq%E5L#nYbozb2nK@_p}atCkOcx3K+|6LBAH zs0@7eOjmxx_xOyL$qOXax><+AdW_#OMsi)*{IkU7e%~(bY)DNTT1R~8*zw(y1BcB% zwDG;p8@`g9`SJZzLw#qrnsvCzJ9mD574>nilK}%#pL`vvJUQXJKJWbT;fChpEC-se zZ=G`eeoE>t-@#e?{kH{F^~mXE`Xg_1V@1@Z0V|fz8Mr#6^w7z#7u^(W%suh7_r6{G zK4>EC^Pc$5Yx!@bp3!NZE4F9!d%WV@l_|20BTh}|aMFGA-s;cqP8kyJ)IWRghR}Ws zg8T=yzh2Kf&=`BLZe;0@$z7HW8Js(E)=AZoISs7o?>eNv%PMz~Gry|WVT7>o5{G>E z);v_#R>7MUx&%t$Zn_xu;7KG=CBy0NCPXz8Rc^Mq@1zny3aF9cPCn^*a7Ojg{yF)_ z;%9%@@ATnM{Hp$MGaSS%L@fj>pW$M{BO?E^GTdM2wy4S$VmB4SvN@`% zRAptVcxy6c86WjuCe!rJsV%g|Tyu-0^vo9g@v$=BQm9I>RcBREff0%ThuhOZa7$%` zTOT|yD1qY@Jk;P`^u*glykS-<0^Ud?f^rz(dX{^=x-}bJTE4zvvzyD8=%+TC^`qtEUzT)8dYJjePB)eQ zy;sK@!~X_YbK<}e{pM@^ zWYG^P6G!>IQ~iBF!;_<*u|eVACm!4pkhag~-ns?vy=c@q^#enl>nq+H-tSmu$;=50 zPaZ!XZ;pP{W=+=D86Ae~{M>8K@#!At=I0HJnEGezgku+qCoGt>w{NcryLVi4oiX*( z@Y@^i9%*`F<3RoMN*^J!GC0qCq)WGNE;;p_H|puFj4r>AaOyT;?-|*H>A$seKIS_7 zdQi`ijhe)4Kd^49;q!nS6V7#r%$ZTSe`e&MVSx!>eXQHxsJdOl#vk~HXP=FooH#ku z$L+MH&FuW_jC-d#%&#a-xLc=eMB4>dGX3hM2eh2?Y2e^UucmRnBPYci?z(5t*N@{n zWPWqy=6RVWKJ@fQVTWV;woPcKu592g+1+!&j^F{^*@Z(&j{BZCw`=xv@#x0Gl2?m{ z{QT42%R!&aE&g6zUe8rkUe6ge`6>w8|K>gPU+(iAZapf>)~F!u@H>BJf!f8kRfAg* z*v;E-Ok`>~>^kgt9aRf^MWMQpP_bd)0GG2x{jZVjHzOK8>~*P6=;BOi*Uv&4H5WWe zu5PkY)y|>1i#kdbQQ=+cS^LyyNxf3PznamG(+;-Z!g7WTU#OYB<<7))?KgNVuHTti z{NPxNDW|?%Cx80wcg%r9$CSgS1pOYevfsKvukIu_Y}`(0e15v|tG0QmCqtE2dJLI+ zEq83@*hwGHnLXphwwC7uf6X56^6=sn$-%;R!^nU}zo+>gSbci^iT26uD$nf_p7{3D zZ+7PIUwvs)de-2BD;B5U`aQw#M7PfSoDz!9S zx9IF|Ctmqz{l+CrKXiJ%CqBxp_~PP%gpZ?4Gk%LmkhTiwf4x{3tn1)0;8s?`@np%y z%S+0A=c&qlXW5)95HRX;-*G^D&o)AM2kHwOBHsdd_qFyNXgQN1l3AkwUO}oTXA;4; z@vxA^K{WHK$M=y6n77=5`nFRJ+qNBNR*^*{S)v*sx) z(*Csn%9E~sUJ z@1fc^V~Oy`UGUIS-78v z1$|Te!Lg@jpE_J*byZc~Yw~xm-1|6f zeUtDZhc&l8Za*T^tI~=;oE&uU(bn6~Mg3+JJ=$A0 zqe|cP@cP)^Q`Zc-x+vqjXWg3j`l#Ei-B&#ddhA)+x%~IF(o~jxbd*_*&|C%`3#q}>VEgLU4Glx+tt+}OD4o0Nr)@j{eyeinO?9L^?z_CIj8-M zwDiZHO>8i0`JD0H=VyKTeA|%XlgSsA)2e^2zU`frerN5tutQ$$KI;@7ToCSGvU%^? z4>rwr`fAtWou`-k44Nk|JN>0d_B5t-%;Lpss!q52Xl6{w`zKd7G>uJ`-BD*;uF_5k z?iah(<4?=$d%ur+Z)?tp;O?hB^jf@i^xCcI`{uPQacOSIjru7xtm(qp3!ECh&iU%6 zRqDe}q8n_Su{_Wa_FDUR^wo2*(@q*!uf5i$Pp0wW?B>=DeJbR^_72W|$x z-s9NzvUzdBxO#;xTh`cxFJ4(^02!DwVBGIFkLy;}&y22n%cL5F8`=iK-m0Fetcr|^ z^od>nYL#mN=M2UoGd*gs&DX{eD*KED1m-M2JaY(9H>2C}0_&z04ji&o1L0heKWl*l zhxC7J%X;R({YCmewf5!_gb#MEF&;>`sHE0*1rmBh7~qCF42BTdiN2B4z7Ii;190@*H7t2#id=nG;sOYEf0U{ zUiU%H%Ac;yyYNB#$Gg5P`SI17O^uozx))uQG^~9)-_*#~?@r#hd-mN+-fkNM!|KKt ze4)ub|8mxZCF`pq9$y=Mb%n=<0|t+{Z)3Nltc}-KUw`NJsX)ytBCbZzqd-rA_ISdE(E8`&#d7d-3s7fi%DM z!1J#Ae@k6-re)pSfnO{1mwc`{y}EX;cw~M5TgC4;jNBF5Cf#*z_o}wd2St|MvgkZA z254rtDcgAXgH7*P&L2Nh(7(e%cgxK^?5&0F!zV@!e||8hY2%gc+Adt$ZMIA{uIZr$ z9}gZCZQMV%vT4`i`tjom(+jukJMr0+S;xoS?(^Wzn(igd7i?Dcc{2Ql!e>gR`=zzL zhn{v`c)Ho;qn5anVa*Q&o(bA;x?9KFkNSMN{bBsxbD>lF?HhlzK+&|_n5Z$Qo290` z=d&?YFZWP%TK?rFmqTH{AKzA_9?+^|o=%<@Fne=Ay@Owb7!LiCl+xU%a?0k-utpApHL{O=jU;ux|7GYR_S4k)^vtHt z8&UH=?93)Yt%{3O!ImZ>A{x$YB2^q3iRgdxa{f;X+>NU%(tg=sYA7pNdhm2`$u{}P z@)IxbE)a{4uPW$TyzfACuP4lV1)Z*3+qSu_Z+7JC{@s2U{B%y{u)f#EcIx|TQ%v53 zlpvRl)4Yz1h}h}wSDig(NXEG2Z&yrD87lUE^!@P16Vos3O5QiDe|L3kg|ww%+Ha@b z&NRtMx$eY>#fDJ@;|zE%io6ep%XY>{NIEg&D8Dsm^J9VTjw2 z0l&YRo_XZdoe4d=+`G7STIKbbGro=s>%QPtk>2${OnA|B^}gtkZPzzU3f^;N|BSI4 zvu0d)?$qPs!u-~sq-^`Ga?Pk_v0og#J+A#PDTV_PCwER%_3svTE$8b)o3BlK|Hj-e zm`>kqAGXT3Utad5KR%in7!dzbal||(@spI|Lsf&KE_zNr^>Vpl%-9!a7q!3qjj6@? zF@s9Cod0}m%$=CDC(R9?d3LYf;Urjg%)FvYtYx-;RJq%I_lMth@cV6L_563=Njv}5 zz}=5do-xNKb=?&imo}Z<+Ad$|{_FVeDc6o|8{*ej!<&$tG(a#fYN)#&q5iR#U;pI){m>`< zGrAA(Jl}ZBSLsfp3cmLUFx{K>ETd|I@2s6|>YT3^`-7y8-#a5$xBupG;G}`)W-RhC z>G!S~{q47Hhg?&BXrq3eEo54PzZadGF9D0F8rZb+PE=ro1Cb6$GTX+K~Cg9EmFyNmSca@ zogU?Q(Us?oW#@m-(%^oDKc}<2kv{37yRgTY7olHX4Qr6csDt}mU1aL~VwLgN{@&lT z?b<;*a-C?_ym)ow#<-58l! z9NcU3#l?@N$M1cVe_8jWvghYd=X?{=qv_G$Z3z`S>VD(t=`kR_>6L`JEx&mBtl8u} zTYcANO=!3Nh0CHTbtnIFUpAy{cUj$bbu)@Th}j*mM`Koo4IOQGC(L=I_pO; zb(zIw>z$dU$K!wQ)OK*|Zr@FO9#QY?+}~$BnaMmkyw~#bNt(&%zPecTebm}fXVPCu zdtXdw^FvnQ!dy$ouytKKgzxee4%?x97QEeDcwoBow)IS})GX~;^Xc~j`z15e`_`Q~ z)OB%X$c4PRA;DW(cK*chXTz+aL)v?ESoPrBHT$Y35A3$^_|dfC8+&CruhTQhW8Yl@ zzkKmZ`rVzx!SVW+2X`f=jvYH|`@uh2-}tu9jtz&~E?0LSzjX(@t98+?gf}``AUvb^^^VIpLt~UDhe$#gGjc5OCvGf~qY*E|a z##X2!$80@#YxItmMajoLe6VkIs}EX9a^5>zl$+UQ+THTP~5PN0w>e6=cL%&$` zPPc|GpH`HOQlI*U)}ZKr&A+{0E#RT8Ww z5HC?Iv6h*M6}55-JaY`V{L${Fsrg}CCyYmcNv zJYBW$dn>a42Qjpcg+F9&2w7{mFG2dtmL{-HF|kcRSBL)|BisblTWv*pNpFQBJvM z7B24diPM@3N!`8c`L&5T6gzN7uj;&vFINl@_TS!JbLCg}wjI9eSyZ}7T_8D?Uib38 zZ#x$~m_1{aShDEraZ~qulw53_JM{9qO^>eFDcc;-@BXbYmu8#0y>vUso_N-F>AW%W z_oq!+J7fAECEve3@AU3B-Gn=RQ`}3Nev%;^bW>d}g!5k^cm6x;zc-}l>F?XlnjBAm z%b8B9dbTq{IR165aSB-Lg!j;f7nN(rUlw-pez)8G_Vcgyzqt6uH=h^lgA&4D|Cw?@ zttxx&pnz?mF8ftg_KT|QhN^6vP_h2j+AWKsm9Cp7RGrPxMch7GqDy#`lH^mbYul*x zDGT`%;H>N>^wmkp<0E$ni5M@d)HgyfM^du6{d zBZTEF=@32R{-v)C@0wb-n-uD@C+dfv>K^*}@#f#Y&RW<~5cW><*OTJ=-0A!_7i#zx#a3Bkwh3gLJ*7*7+dI`H#zg9-RK|sEbql-uIh3z257Q13Wb%;je#8 z8v1$vyhF44+%--*{?&$dzcv~%|74ChYG>?j-LaeR7PxKItxfyv#;UK~pRSmkn*UwX z12Z#jd|!XdJCPn8H_jQIFurxfy^vwuw`CkSH6tSE=SKaLl~c}^jX3{Rocg0NljJ*? zj)&(wyqCOVOv#5oMT}Uaul^w0=}G@KiB$nx{l6P=N%=tK+UI~}Y^mYm?;Z9Zn|6J{ zUE%46&e7Ay?>PDX%`W1&BXQOD*BLr1h37pc4AY!D5kAaQFIu0I+g)vj6}9 literal 0 HcmV?d00001 diff --git a/Modules/AzBobbyTables/3.1.0/dependencies/Microsoft.Win32.Registry.dll b/Modules/AzBobbyTables/3.1.3/dependencies/Microsoft.Win32.Registry.dll similarity index 100% rename from Modules/AzBobbyTables/3.1.0/dependencies/Microsoft.Win32.Registry.dll rename to Modules/AzBobbyTables/3.1.3/dependencies/Microsoft.Win32.Registry.dll diff --git a/Modules/AzBobbyTables/3.1.0/dependencies/System.Buffers.dll b/Modules/AzBobbyTables/3.1.3/dependencies/System.Buffers.dll similarity index 100% rename from Modules/AzBobbyTables/3.1.0/dependencies/System.Buffers.dll rename to Modules/AzBobbyTables/3.1.3/dependencies/System.Buffers.dll diff --git a/Modules/AzBobbyTables/3.1.3/dependencies/System.Diagnostics.DiagnosticSource.dll b/Modules/AzBobbyTables/3.1.3/dependencies/System.Diagnostics.DiagnosticSource.dll new file mode 100644 index 0000000000000000000000000000000000000000..aacf2c145fa0660613ab76adde9cf1cdc2eed18f GIT binary patch literal 154288 zcmce934k0`wRX*|>Z1C44B#;fV00BZ+lCVsIl7vkYmV)W9 zrPIRz;zk09=#zkgVNqNWaYLWW^XYpoXh0D+2HbH+#qFuX|9$6HbyrUkM4#`Ur0d>$ z?m6e4d+xdWty?E;yu~mL!?5ss;RVC^C|v$6m*S}#3OidgpZGe z2ezMo)pmr34~4LZlf1$k{p*EP10&^;a{(0DAfqt#8WEQp#`1xY^Dpv&NLeYfL6o`s z;jLtJ^skkA#UEu;M$Gu{Ck^AGO-)8ZpoTI32xau53{FG-#{$@kIWv@3K%wPB_iPW3FkyR16TORqu1~ZR$Qp_vq! zHa)hUoCPrByvNq(A**HdBL-PXXWT-z)v&z*;2&q&T^lVAW?|deVb^Xoyg2|5J`G_= zgM7edjdZ&)F{RHidV=^|+q|y8+qH2w%D5>N_n?P@TL@9QHZ~`o>H5}0Yoa_496PME zv_A+o`3tDvHbdp+ z4)eKaUQA7=@3H*0$uYLd9j2pnS;1r^|H^DPycXm*$m0m$sH@ORCYecPnhPtS9hA`! z(mTOx1!9Wost23niOr(tftjsMPG5F7DTSEmJ}18U@pX3Bu$f9;F z`?Qd9qA4@cB+bWYOFE#I~w z<-|8-whgLGKATsf8WBq8<_w+S;YpQSv7u+eWDc|W2ow^8(3RH=HW^kg>rVM_B%ALZ zMG;u}9<&cLkgh{{GLWmNRKC;oX2PrdBY^3SoBiWbc1_ZTCXJSuL~UInlqN(PuTtT}SVm+7d}2)?#@pNcE6aJS-61tcz|nh;Df+iE8FY zM`5N`Un$eS4`r&nqX8}-gGb*OBk}_y0ADJl1wRV7=6`v_e|^ON@reJ)h`*_+PJ39y ze_X_mmc7RRj)?y|5&vHz{vK7wM{iT3tw#L!MEswv`C*5&$1b>NT+<^zMGR{8vB-JJ z%oLjJF|qf0pMx4`p^K`BI}3J*+GyurqQ{5D*!k;B{|#{amFc6~u}6+DA@M4tX!)=? z+syyg^sj_x^fnlt zM0R_VcM{@j88Q0{w(`D;^wlUvELIhymKvjX+;xh!?VSwt?~bBBu)I^?&9nVc#uQ`V zXgwlin)e{hB+`^*(3?2zN|I3(K&@izsT+WxvQ>s888ws^x5DHkwZd!xG#6$h1gM5u z5=wj`Qo+^W=0xdf)hVEHH(si$Ifx<1%L~-;N+U?5WP_PfJyLM$MyslmP zdEU_S$BkF`T7DQGOx2>zRmHPXd8?tazLMQPx{f&>3^{jBm@Hdmpr_*aE*(a=g`8bE z0!b8Gv}^k7L0MGUd@bqmj2@3*STKoprd?S`+BWT)R?No$w~_k0pw|7lw;%mfom0~) zpAIq~22;=Q5Az(aT^rKq@@OtUiURLb)g?$auLEY4+Um2a%tl|VN{RYftm-0hW7WlU zHAP>T?W$g`uq(?jKQG34qB z`^I{&;cZ~lfSQWp^EPUXMR4#F_IE;_nAX7j~9t;g} zse{GsP$O&6a8}VOSZd_kF?iGT&hXBn5-@^Ad4CS&jrJ04(kq}<6={e}|7Accy4uZ6 z3|*nRyS91g1>NF>ohj2l8@`c0JLpD~zX|?+)!oa!MdOqfGKjPTlIFOoP!jI~q?2M? zZ$lhK3*vTmz#muM*HIP5^ONNG+fYggg7ThVe55I)E$TMJH6DCKw;`BYZKlM^%&U>U zxN)he2QwpLRsDs8%1m@r+o=~=Jl)bS^8@AcAmkWZR*VB7Cp*Hiz^x4Ga0TOUD}OfH zCIXb%HDGoYnyf0piXA8VOWk&f2LOyKt^6ugK|6y1h|{mUOKHhq(N{|KkIaU2|39fGQYif$Em zbU!oE+9mU$RNU>o=7kqtP!*`r+Vr@c>Fq_1Wg0YXHwp~{(~$)b5yL!HK~rb#?duvj zQUFsmyS;tg0idU0jx)zUWhj{diVf@s_cvL;a57gtk!uTfR5b#GDY2_9&cBO=fqGNmi4$1Sj zPyL|l{>iA8hvSV^z(@5(djd1F{caSzTj;g@94)}a80TDgWDZnx5kft4Q{x%i$9%~x zeRJHkF|hHcBkp#f^*Ln}7wY0wz6c~bLGSd?ZbT$l_#J3Yc^?6=3Ujekg=#HL(Qq}ZWdZ!aUwY$4ZGnC9JuKw(N(0n-o? z`Q(I_jbQJ?cqrlBHH7Z}0Y*VG@7?fJ*>@=KV}erV)5qviibC4CnvF;wSL)LGD7AT@ zi|7N3L>~m8v=nW_!@`TD5uJYq`MeombkI5_494w1K@ie0vTf|JD>ETr z(kUvZ-Z1{GQ|2y=(KM!UDrlxkxv{(;hsax;ALhHD0l7nSZJtk~_&O4#wLAeAT_~x- zE=uRIypJMXqWk2Mqr3+ZM)yinFMpD8gUX{7WjAFoOTrLg3FYCWN<5b+?;*sNp!yHM zjSd3xD^>3p1U4Vv{CE{PKrT3Dd@Vp|WMO-(L8a~J>%^>zb0Q^P49uW0CrPyV%!xZ* z>K{j8&<226w}q~u&LH$AMAguxgJf#;4w50AclHs6ku!2f876ew)IGYCvSP?4?#ZL* ze5{h49iuCO{I;x`YpJezNpBXCkxpTUlK4DYVcJ@)N~JyIJYqs@oV2NiWje;>@u#@T z;pUDQ+Mb)MGX7-<%uNO!EDUFITSDmi5PHGf5LsN4b(#p@)v zRpkz^2TNdLaa;$*>$PvOuJ)!VgtizmsZoCgKvTC~*HWk~#x=Sc!sc!zMb^KMjyD38 zVO58DfSsKQ7j+DFHkSp`u6EKbqfVk%Oz1%*A(2UoRch7ProSC%{o@##5(V>Cn3~%- zThL>RLyXyL!u1ln36?AI_7jSdGK|tRQlk;~2gLbz;6X$NbZ^Yi9}%ju1+`leT?0-_V(LUwp(*R%4mbis zEq0$Tt=nc{(Bib)6H|^s0boDpYRFY=wp$%`Tdt3X-Qr^Ws#hh&&YGY+g;kHtGF?u} zINiuxsQny!oBJTf2E>sUQ361Zv``qR^v9O1TMO;PXUlrXy57sjfRF*d5-}j zg^uqDxK%dfu#+D2BR10DpW1;`E9 zniIK!fpj9bX&@CJITj>>oKo>?V9}O0isWbzBPTHG8YaF;Ctk2U$PQKMHMW%y1*M66 zdHL&F2REYvFP2%p6Bnj9u5P3CcCM4KkA5HiRGfX?k6LK`A9@sPxM}%u<=Z@RiAuV;@dmp6Sib5MX zi5a^d43Z|MD-_rnSx?xJ@G@^rTxaEcDeb)qAoSVKtkH9{Ie^ER=VC_51QMeupTiJr zNEIyR3zMi;52TT92KwqjxnBWVbVp&i&kl-RE3YTCf;WSdgM`n*m5Nwc5_HK!(Jr|k z!#s}v!mhykkI8hhm!)l8mQ2ZpsK;8hc5re%-?-@hJw zjQ}@S8J`b8xobA*Fa}bDPu+x#-T?crNOP0<_|#302Q&ktumQ_QqweO9Qr`O^SP`}8 zV{r3>5~uuEGqRiWOjqWKX!(pjl&e&~dL2R`)~nFybg-@2mua9*3r%J>I)a|D3}Q38 z3-qEzg%|CV8pD7TUQntrv>leLlaHJULoMgg(u{QjCW|y;*$v6*YK^S8W0EjU|Kdx= zSij2{^0{M(3dXU@z?uQ~iPO1>asrcAbY|6yu?{U8MAc(8BHK^Ybpv@#=i0E+lxr)$ z4vdnHYkOY?ciTf3<9eT_qTW{9$sb6LY@ob1B5sG$t57ab^k8;|Du0pqp9lUfVB~r^ zSNJMGr6^tNeghQ@W-Anoy9Xn$Kmr&bN`=X<))A&e%i6>w&~BtN3AB(PyLvLJqzcMXeN-GhTMzRy2_|wR9b6O2D5@& z5NJ0t-W%wu+*KSwxg|6Z?0_UOt^d}hTw4u2`*+bt-v~Cvfg0x^g*D!7fS=xO1RMf4 z0Ao8FB~y@MtQV9{AG301m6KVlWIqaTs4wV_`wVHX0*iE8krDK^djZ%Q^aE9ifXl zLUcRARO$#*tk;p3Lq{dhhIOQ^A@evq)7})R29JSO_*Ka|uk9LZmb7D69YC`h59Z2L zqvpC=mEQuQ>WSbJ>@&-}WDDdOfIRy}n`nZ*#HI@v?haE1=Ga!YIarlZ8M;Nc*vUa6 zeQ?l~y59GYZm#HZBx%9`i;3~)W@W3Z_rqzF%SJMNHJa-oT4g}()RBRQX=Dg zryg^i4t&-XiuXiKypY-|rNID8nVP{{NeBRzh6E7qUA~QQ4GTec5d_{`_dNwJrbQSh zlghsvQRTPeff5$LUig!RDai6Y@TF`FgQ)`lUOWK24^HX(<1L&`!fJZ-oCPh0&i`~{ z)-rBk)YC%!Ye?&UFnE!)s1E-f|6p1!ZLyvo>9>!93%{7S7wnq4KtipJo4|x@gf{ZJ$QP6^fcj?`ERme)A+-?!qdim|lZ1 zug&JI&b7f_yE4!?N*zG^KWj2Nm1*id1{|`Ic3-22Sq|=-lHY^HuQjaIR`n!0vFgcm zu&E9^h8wG%3YTkT#G*?yy2PVPJi3B+hAJh31s5!|VB-Kb4%=n^`XMK#$7zMq{Ykxa zdE$>qr6jxkU;&C9B=veOXog55b7pk*DD~e1%lj4{MKn~;!^I>IVEVlOB6vv2#2K(Z zAUJfWl9@AtoIq=3v?=dT2mnS0Mj+=N6xWMHM)UG+6lgJF-bdFhaMj56{sP>5f2(0? z-vI3BZvg4zf+Fu2=;u@3%SeYREK5(0pcTQSH#P+&V)vY54{O;mp9)qEZbAf3dFm+U zu^Gz^dV!!Jig~KxF-O=ylblH}QE18_QtYX>$uJgB7PI;u@J0c@mkvtyeRN~h_e(HV zeNbGx`T=pB>O*w7D&>~iWnG&~-l$Zzj_IsEjHuYIC1`@QnwCZaT46ZC6J~vaB6cgg z`k@-z#TY{ys!Q1A1KJDFz^CHHW%1%topyGhKaTAmQh9$S4=11qL^}>gbtq|Go`mE^@VlTB* zMb*tfQZWe=zj_YCT>6xCCB3W!#gZX6{L$GLhONy9bp_p0keeO`~A$gn<&}|e>!5mYX@i9PBMqnR$5$j9$irS*2|M=%w&X*wfLsmOl=JzA?rq{}Uu@1(`m+2eHVS zStM`0c9el6i&<8c5x}tEhvENSKGT4>uj-FVl}hQwAdO=cph>9o;Z>P{2JE={J$qdHX=g@c=HePY8hJWFj~^4 zjDwT%BWX{qFIXDY9Tsb;yAoFQJCm8_7HiRLpkNt$$}%+T zT(w?K7l(OTEM&C>3(P#~;KF=A38!l)(;mZNeT!3VR}i|qPs3}E;@EMtsAsUKKZBUQ zF~+oG5xqU;x1bS=wL7}qO9%bq>VRDYK7kga*b>0o%+5Bea46nB_$>HM#!3Zn!2-p9 z0*A2A!R1Q}#UtY-yxEW{EJ)k_FTuAXUP!mcy>pU7Oz znlAMa9GUU9#KPC1O!kvq_bON@L;fOV)wt)_CLnsQXr=aE3) z7-QO#P*c)JjVORmqCF{DZUap6lY)z(4x~x&=%CeN#iWd!c%mhalER=Dhj&pY^qirk zX-2ULDmRREIF`!V6V%rK29JKA!PZPUuRL&G9`CkBLF)w7J+Z#pirRZN2 z(HW!sFTtPRtE(xus+eH;%K&zIZO9PT5eYGcXMcV?Na0Z+pnaflmp3Lbvz`EBf&@fn zv3${j+FXHSY+2uRR}Qs$M96D@;IFAaFtHOhMg|ggmGv| z_X*r1JPACHdNH0~1D6t-)PtpvO^vr?QqgpH>?p9Igt2f%J*^dgFRia5ts>UIqdE9H z{EG`Tf6Uw{q5lLPOuq+fTo@b}XqeFUQx(ux0b?g(HD@}k1nMR-kA+u>9Z1%&#%F6R z$NvW6Q(S-=Po^z&uKGl_8Arvj{3j9VL{c5Rr=IUA#++khJ44nxFiM>y$C{TU2W+0w zzK9(DHzx~mKZMZbT$cgwB(U#CkN+(==pXe^0CmBVGZ@RMBaNcW^0$H0=T^T1$F6>t z1jJj1JT&0>Pa$f5n&7NgC;Cbz5H#9!F2khscsD^jK!R!lLk>!J~*5=&bR>;-Z>V zy!3sYY_m#8QdvYs&giBwuF>Ud87o)S)B7~i!(gRRZ#unrDa|f=2{Mc&&9Aza077+Kx6S`ETm_@6JAxFi9T4RFx&_qh3 z;WdX(aik#P#P-Wvn78+TFwC3cT>fC?f!a&s(WR(M_P}K`-P8QgPLQDdJv_LZ@O`+u zuv*g77+8nO@&iPvoj=4=OG`^-h?qYj8MBc8nW_*Gufjx7G4a=6QB;*wAwVhsDYE(Q z@{i%}uyIDZ%65OFnsknNOu*gVc^rLqd+6ioTtug5t|RY0U`Gafx82}_f$a=9#q-M; zlDJ8IWK`Z)ITvB?Sv>ro;*mSj{}~)CAfDF%mp8uzqd!#UA}GaW99%Lp5p>%6leu4JTZHw3{c=v?nx`?9&jTgP6@Om~mIjt+GD zdb+H;kW0=2n?*BLYQh2b3PvW_;-weUQS5pT#H^8{A(<_*nEo39^)^Gc(oDphg%}N! z=t47Km({S*_g)9|n74&``O43dHK8sK1oT?w1cB8Vj_&}=Qykb zW&GJDd2c#xcCO`-Xy%dc-k>kDWM@R5nVOSPjvO<<{@1giH!<*(qobEz4K7Zqkz{6w z*E>+7PM{kM7#%tEcu0-odxq0oix^ne$f!nr;I#h+jnrtD{~93*{tvNughU-yBMnXp zhFPv|%sDM>Ide|IIlb~Pp+qeDt9T-=&q8>=0%Vlt=tDkN0W)nK zFsl4Y#QV?T(I`w!ZN;HyBjvK}WfL#FVA^Z#;QgwYu^d_9pXv$U37{S0od7W|z7jyI z+S@l(EQcrVX(D^ezd@2!))3{LL%SU)Z)3fZy3;*+V^D>5(Y5m{rNzMP5W|#>#6CO# z_-8S6HmW{ce;AJ{NoqVXueQg8S@-DffagtgWvqbVl5qlTo0XEAM(wKI^sWL4t7goK zmmJANAr`5dj;@xhg3OpBH8N3*TZy0o{vBD_9&AOrtC6m(!J!?%i7{+_Uye$Q^)AbC z3%@W!ARB_UDh%yJsIS!AABNeEthLmsd|@-GPBl+OBX|#B>tZ1WTZXlb3S$0i3PMG) z$3!z{kKT-kl3U(M5d8u`wG~~_&QFBQdR(PXw8%4w9kf(?(=*K~zNUH$dBO}btXSwYh%yuJmGG~1ld2GLCYbZ@xlNlj3soUq6phqTG~uhMdzXRLHn1Y= z-cN(iHt-PvRE2ak1QOK{L>{5hY;XvL@o*Tkc~KX*=2w{(UoJOu%dHLYoVPjD2NYzi zp*}Qm&$f-zJ-obY=MvjCV&93W=hEjS5iOERI$N|hbOIV@OQ;qRS8%t4qKh&`m@QGQ zI3XL&Cs&emg%4J&IEQu7zA4H!F{KC}54-=C)$L9Qr7C>7_OS_M;BEM!4jNbD$4+W3 ze(XF7_;ukI!*AgpJiubQ_dD>o3{gGRJIJWDX<7sXEP{F>pxZU5I|6!(22G8C{!N3r zA|MRt$SWHGy-9;I5zuV_(|~#ze@mqadz%5A&QiamY>7D)XRD_^0F7kKY{pIF((2U*ULFpc)! z(}0c0-;2nM9X4j&wC;@v4ResYNz!nq;>UV48^3w@Ey6F4)l1PPT*}NaMW#!M=~7_2 zl$S2WrAukKm#E)p^=?2FkTDMil=>Wn)+J7JY3rkOH*Fp2P&?@h3y-HPaME2s8isRs z!(y{407K+4_e4$88$ry^n zl$@bROvxIG#FV_DNKDBbip0AWxzf_j(9#4}7l;^^Pa0yK44XoI`y=Gj63W8Is3hNx!*6v|#+X7*CSeKYLZQVAQ9C?4e0-B*}EN(Ko-m7U=Xxn1O6=>Mlwgq+I z@MygaU^v=hX+zX1oG}#C3ck`%FUsOJ9j(japf*Xf#UW9R6<7hzg-W9!mMMos&AH*k-|#yerFJfUufmTF8H-4_t-4(hLj;_KBGw5%OG8W+einn+ zG5plO7&rV>yjVQyC;bbV5a9nB{+ji|?;`{ME1p_h-M##yvgvFWw!9<(w7v@S4~ndn zi;5lx{JxFf z!qbtEt`?f*qGJHSnugSrFcpTWy#Qq?!2NOIc$*CdOI>9L|{ z5sGShehSxlIBLO|M{&JU{%|G}lHz!-I3A`~SmVg#0R}aWbs>VD;?x=}fcSr9JW#XX zXUg!L3{|eJKDyQEVaUK*FCCDE;3a%oZv=vO9@zp!Ab9zSwibb)zR^@7kRDyK5lApN zjXEKk( zd&G_Lln%l+PwBvQcuWUwoX2$FCU{H-uFJzKaFf*!iksr89E6*B&IYN@#tTfi1I4}v z?MNAeB-bwlkb4PfBBTUJ^?ssP_#DL{WW9B}1D*+cJ~z4)5c|d$<73E)k*Z)~rX0mw zKul9G8RK`>F)=fYVjfORv{2y57=KC~6K9^In7ARyF2@9uF@C0wc}*kcLSov2$rwLd z#~f?KTtrMqFd5^c=?rspZ6oGlV#WoNG5%CwN_m?`FADoqwB6+;z;SJ}dL0myJz*~; zO#(FDo1tQ{V-8Z+68Fde_j=&kRu$tOAvvm%MD{E=qF=|pA-Zo;p;?(e=C_R-fxr#d z*)!esb@rJD;$c?zf=P4>g0FAa=+jd)J?r1;fb&nmg6^ZeB$04Ag-7*1u@^qGK8_E$ zszU$B=P-ozTWVpyRlGD7e;&+C&Q4i=8=y>+`<2haU5|Vo!i2B_@+ntEck|RvO6y@} zfqUhmn|AW%NYY6yyb)9q=!m6bj=Wdik;Kk8Nx0*0pXIf~Yj5mu+M9650Oxnyj(9uz zY4Ih}*!1V|9k*zu6CH5`W10!uuPK11T|Wb-G*3>5S-|jdFbHe6Z-+|cv{((6j;BD> zh1f+~v3fF|?!Yl(*3fjyp9(16X4CK2;f#Nuk(3aBsWI0CSrX#MjqhS+F?8={k zh~~nPSOd(#$NL~nzZbqDW|H1pky)I!@q#pLenW0J|M(#wo&{g&k?}4bTs#|v ztWQov-v-q>@Ql?X`V6ze6z-z2(C%W!iIDjW%4~XXlVo{7#r6*YWB*V*GJBHyR=_Of zuDa~*A*ik|Lnm*n;=DPo z$HYq|`xb|cJ)DKX+mf*T`)T`mg!0Zl%-?jn_2_p*qR}Kwj(%q(`pEsGAE-s+bUOPI zQ)ch*V#xLml&7k&r1$2Dq2R4MNQ)SPT~8mkS~Ma zD-QV9V})-dR*n%i@Z}!wHIQ{!Y)mW@x8U02t*~JBL3UvH+EV-im0Va}UWO(w6<1YE zY%QE{ECO7`+KCn4$){IBIPeb8J7F(p8#xDlUxB@T5xDeGX~u$=f3c4`jatL~P0dCt z>yyHpL~FKdyBe9g`+C~RzIo(77mUhJK=WgFL&i|=SS$?c5qnwF2P!t%y*q&i)5i+{ z?2I+oGHri=HE^4p53M0vVs73YAi=SZpgs?Rk9RvkZ1a>XFK(c|qHVi(7ZA7<9xG#x zZ%;mf5w`C=xqACvfV?lp=jwkEpTtY#v+$tuKzZKX$X_uvN`;p(E3peros%*d<`FM1 zxnNb>bL2VE4}%P&rH{bjn3F-e60Vk&=-u^={d2}S{S;=-#T7BxNd zrOc}f;7H%iK6E3?3b$b~4u;Tdp zd%rvuRUA-?+?*&j<7P$b(O-c_-Y&0%(_v{=Y0DNi_Rw`{w32l+>h)^Kh2E#GSGzR5 zd^D(WXNbrVi10MBbByr5{30ZY!{_mM4N?<=M|uk(_#i^ODQ!j3kUr-`Z-%>xa_C|I z&Q(ZDA3s2MejEaDj@Ql!+F1?9tZT)!wFV2O6nxSt%{HanakS(xQwkl%&}Zrrr!CCH zTMAXClUI%;k;mZ;rjb{PDig_LL$u0df-+nL88=hL3aNB*eWsLOkUCz}7RlvAKkd=+ zrb8p>|0NyCt7&`(?iTRj5!#D^WbfkhatuFIsTc&#VBpvwfX-Nz&JF_TK~(9=g>L~9 zRiS2hYLIUEL_9jZ89G5iwzH_vQ881*qFY`gSUHVFNQlKO6N_&7B*E&{ScHUF)CaNX zmQNNe)O}`=5RHW%nznT%L_DWaU%cI=raY-#u4zxIT{>5Ny#EpJL$RLe9E1>7I8~uc zA%rzgr_U?B^0=xG068}QS>2-jXV9WC$mUSOkTGVwzX@xrkgjd-o3?herdyA-kmVSDC7@4t;h*yQ z$v@0`y4fsmA^(l;kVnmbc0p32eI61nKSD$K6mj^!XhUSG=YHqi$k<5+E1QK z{Uh{?o)~TXC5UntevS3Q_u=QwBbUO(0Ritaxc&$p%?lx(k?_m#OQyEd6XQEzBJmxN zSZ*}vuroNGeq7p4W4@ZkL3D|}9nrX*A3@6JpO0X0AEMkLBX26p{RS8hxc3eKCyo5e z%+^NkKL9OWjs$mIOKOe-Ivg|Yr0x1JK)->qcq6B<(U(x5%WXQR`WXGHLMOX{r^Pw3;rtBaQv=43Rx~J-bh{H= zc};mxfA_&j?k8u4C)KU-RN5(mMjw?9M3XFO=#UdHKZy9egC&;l z!n1*gKxzny+a2#|Ks&5VM+_KG!S6#(jCTu{VQFPHy@_-zov7T5nc8qitblJaG%!Ha zO^7PL7o_)6hD3IFvJkEoqQf0O>cFWZ1#9m8NDw`mTY5FJ8AmpQyP2MsyKOo~?2$-r9sgbcMyAxS5v8X~U_d zmUK*;&+am&%4-2iTQ}3&w>mq_-8LEo)(ONeB4?N(Ms59Y+a4jft&V@TidipsNp5JZxGR{K1l~1>^JGgcs?JDxej*&cwUG+<5L+w zgWX1tpnJb$9q2$ijzh;1Q2s22)cEP%e0Um;r`yHlw!aIq;r@B_k-OoeG5LAv2Qapb zV|4GMg1Cr96>>}8!dpyOi+c^qS+B)Od0|GQP*kNO!Z!Ovqi}^@k3;ju?6BQqe&{kk zbR|QpRfT%-ZvppCechfMETaAnM?Nt+$6TU@;ufabJKq3YZy{t<{v15}?aHly;PBrM z1I#xf7?i;s;DMP#dLO3`vdHJ!`?kQw#P7lK-D1_=_v%K-h4wz$Y6NG4y>ELXkN_B|64-@hzB<&5NL$@PW7;qk784p0tOCYC}S*J5$j_zUQWG{#19t>*F z;HniWEP6S{_-}@{G!i1;(TIFz9houyzX2JoGxcbW-r0ydT*qaMFz(0EWl=E(X4LdV z(>eea!I#hMdM&cVa;Myj1Gxj@DISPRhT_!6hmFnVP zx=mD!kz+g)X}lDEb~dIr6eE1QUWD)I{~%wxt7U(|rye8$DaV+M?=Pi2d#Kr5^2C6r zo@>j)=*phNA&=eCM!jjYR9w!fp~aJ1kxzlU62Arbp>LJ9Zd>4DU}EI$>6UCOi$3gW zmTYtDK#wKc>^jhG)%R-csaAa}*Y2|FJH2++s&53N^y>S>g{FK^sDC$GVTp!sJ)EpO z6Lkb{Q=uBWRa8%2C$f{S#r0v9z2d!y#$~jnAOiIUEu5^U==r<}}HcR>aWQtzht>u_Z3?UX4B{EAhau5emWZ@x1Ig9bVoe=nXma=kyJGkBZy zJ(D@D(scD|OkpJ9GZZdcF5e3R?>;>8!jZ8*pvW9?iwC3jPA|izEYKI$)Yx(1&Y}C6 z*!O{5@24Aj<{vW3s{RO$biEM;kA9DF{yV@Ss?pKsi3^+M*sqQKXC%i$fFbL-c9W~=dv=n`v$}SGt{s(~9Txi2+;UV~BEb%*-2f`mjxbzb}dUzx3 zE*w4R@vv(w3cjnOu&XwGyB<5>b|0o_`VW&B2M=}VLkRIql-PO|dD$*`5mEgQBQi7Z zA}L8%gFXTf_K7fU{wRE@xUdOCP1i)VG14LDP*%RLjgd}WR?vS8@uiO-0yin$R?CFg zkHtGp!^63$7mq34={yI75-HD@Bx`g1`-rHdkMB9bLYjH&)YkWlxc zNSldd3KC^A;BNbgM(&%frE{%IqHo(ZycjF5$Mbj?iMn6pzaY*_ZcqZ)sz%wvX#)y&T z&CAaO72duPDhE`bZKV27QfY%^j2I-SFe>4eiBQEs^|?l>&yz|UA7jM$Ky@0Zu(u;r z2~ho4Bh`PCN?Rji#2P`h5maoQpk5PaH7pQ*p^@;5B-9ql7_m?gVq-xjxB+1dgkNeT z{4xo3on(yENf4evLS7o7Q=~E);-wEf@Po zTYk~#k74u5|0=ka(m`M!0^T7o-3B|ci_5}Be0r^AR9<~Ph|RHZJ}52vw-JgKZxICT@XZDA3cBV2hrQt%isxR~yfS_7vc7#^Fe%Mf}t7 zm!5>$?THK~w_!)B`=7M2GV!QGIS6ipLHtBw{Rye%we@pW=r^?9f6Y#**kKjYRc1e@Mg* zE+k?siJk=!=Bz)3GsYS!n{mH|2P4eiF^ry%LAnxty{h~k;Syf>p{vT5pcCli^{m`l zBnYUqZLVyGpKZH!(r4RtEkN>kmo%n5`U7sas;LcMIy)c|Y{fB_qlWNLbx#k@M%6wB zSKBSX8>;x0XkT}W-18+DB=7C(X|ebAO>1%X>J%Gz_52HYP5a;TIzeaAP}5%uFUeXY z@5p04q%#YC%x{hFjDHc|0es{RyAnTViAO$a$Fx?5dB`RIMTsE+d_WW(prq9tcp*Yd zL&T)l&75k&TBsw7RjIU>Zx!mGPZ$+cB1e*wkrSY_gKC6-QHLwJVhk4Om6KT#y|+)8lo6rbs(YJ5w7;G%zGpBp8M#^jK zxbNV`u&dEg+v9-M{0hKe1NNUsEFFa7;n-1P0^YCj_&b6;_fiFUF~kNzB8U`(K`qGs ztI$}vK-(CTZyH|9vNydyaki%X-+&6E*`~b15wM#oOpp7&gQwZ#RSM6;2L}^T94;uJ z#}9TJzZ3lq4a!f?=emvA!FmeU=rKn!t`l3h5CcZc=cZ*gb6IAuMElv%CXVn^K1WOa6rG!PYK|bM+WFT)X6)qZee@H*4f?R+}()ZV)b% zEqr%@`8yA^7`-;o;)I2)pQ@b(Sa^SiHi}buJsCL$!2bbo1CO0!2buCW2hn=PmUM}O z-f^`4%*H&_*IzN4l_8=rR8wy;WAp{qMYw6hGD^3?aqhiw9exo9g-584E}Y!gOx zo1ptX;n&djMIf+Wc7K?svO~Zu-papCRTwnosc%C@)6FPTo>~B`*M%~?R%F18SlVm4 zl;Krc2Hl^LVbESn8d{v7KMNz-Fh^qDE?nR$LPVQgElCujyEIJEnFEJTtcsbw#p{{~ zHRY)@f?EZMVal_XH)5L=KKIKT=Ht-snL*y@GH*BPyy?D(X#{yA@1QRd2^#vM5Rcgm z5$TU$x>NJ$j))k|pq4obL3c!|29R_|2?_w)q03J)@|7f%lPNnaiZ(A%?3;*k)7GGG z!dq($+j}(J-cx%sFX)dn_TV?8{n6`1H^YH$=u$Ut)Ve``L>k>6i4Xlz0K93dtec|Q zGiHK^^h;grmuyYs>}l+hg2bPaZ3|FwYr+NdJdSZkg3x7((2>c|W5^ZTHh#6!C1WW2b5%zYY z)PW_43qRV9<6K{c$>L5(LglOP_yUH7x?>ML0Xwzi8;&5w5oGzq-QhqpD|`-NHTMV! z@#+1Aod%Xx77B<@4Z_HDDFVSK>hW!B1oU_6b(-=4d$desqCZ@(dFZd#YhqJ`luy;O z@G$k{-j5~M(x9hLkG7y&j&5J25Ka|ZOpGkqVO3m)digsDA;MS-0GSEK*TjN9HfVRywOe3thucni&nesya38wjn% z?KYV?Z?Y<#D7j+F^2PzQyzk&CvMRY)=N8CnR;B<&4u;40>X~hJRtbSaT6HQ8EUd-J zYX51_+B`+hGI|cSZ5u_Hb@4p0=8KiY;a4=2(d^Dwavd=3a!Wr_;n9Ln6WpcSogT z*40FrXBLqK*hS)Zv|0Von>h9?eROzsJT|94DA!yG zZ^TIgBR2y{qOtb8797L^VsoyJ<2Y?@Ni4e|hRf(^Cmr!jIzAU?c=d_C*qjqJhwkh) z|K-Sb5gjH)9{D{u;v{Y?9emMG2w&UDyIRp{7V#amA-h|835}xv+x=e9X50< zXA#C72EN6YgnT^WwFpZI2%nFzjC@K*J0sWE0w+2nchv&xosoa91x?8) zA%hDGqgvz%`z+|Ej2G>2X0vcn2z*%tcxDJhR%@6mL*UsFAlg}~VZz4Nehm}v@N3}a z2+-`rIsJ4(vTIkE=@RY(5FH)?AszV?qv$M%&0@@<*=z{e2(j{xK^TYKuS3Nsry_!d5yVPZf>s;;g>5>~oC;`H+OQAns?-VepKy&sF~ zc+bL(WtQCyt}u6;Lx*|U`s%}jo0kmHtT~t9t*zV=9H_KxZC$BMd@gM-=~#1c_ZB6p z85WkT7}kd6SO+sJ2c1KsRoTu!EZ(LHx8gI(re$uB@8piWg9h+sSZuc!gMz4=xPdbR z#;s^urlzJgtK4E!V_gcYVG!0sVe_G)7&tjM$FvGKu-JgAKlE%P4W3KQ&Ec1R@VW;+ z%e3qVP+B`08rzE_+9OU9hvA_eT=I@S(v{|<9?ADNa6_ChNT!pS!L99X1}|mQsNHrq zodmV3sgr1o>XEp^UBff;=BM3}4}=Qn@$gC{UKr0d7p4LJxykUZ=7N<^^DZmlnwd9f zk9=)1QWh5n+apg;26v%1$){t`GVBar1b_EWEBKZPFZv#?&f!e@B~x;*LdbXa;rRNU9F;wGUHAA@7`d&CXn zUdy-?<1j3q6!$vDH8T#w?n!a4XIu;8diRUFu@;9xeUy$bf$Bax#&sKmeYTRe!7W^F z`#(bVvzvOi60DcN>kDp^Rx17O{xKJFCF1eWCD^0FhUK&Nh<9ch@M60!T^;i4@=8L^$`x;0%n z;e>IP?Xa=OjRiLs zUw_7DHH0#zDfv1wR+%wHI}t=OYZeaxYeIl{05~ZGhzEd^Lx6Z#ZWiBTGu{Fn^YUbz zd&BB$ZmEw`Z!V4o6jsI)dnl|w1pqlO=$7y+ z!4euXcVulijY-DbO+2L>j$k){DLOOsy~pG8&m2V}hNDP~#4+389nmQ>&Y|TP^o={^ zRb?Yc$~U7>tMsV~SztRXQKiRe!;4Xa59@WjWsv6%$|E#xp$GdXwtovqu|r_`x5Crb zWLLfbI@t90H7irD=QZWsGPx}|a;$VJ6p8DJd8D;MKQ1mOr2gVPYYLV+SWEJ+57b~4 z6F8u*&BZMDfB-iERL>>~%3NH?$@SkMxOYNcjn!~(KL&KftWE-~wP-FWntEK`Nq@txC=gkXip3u)OmkLHZknJW)UYL zqK)SQp|mJkvyC+*EZ3xQ#LD{G&wQjMdY62=c;|TMOsG&^ybY`l?{Wx;g^0lhHH_xs zN$x8t?ckTrg{f+abAo(7}}$HfI{KNgrYs9@_c?@6|e?{*h7R9^?rP0Q0Qd4K(bor_f|h zYBwmlv>P?GflQEV?FM7U*Mw5A-C#Yyb<3nhU#=1u@kpj|PXl3LX(n`OCbU8t-oVpx z_ZXK4--kmTC1rUQII~(>kaX8WK^?6Jj>3C|Z$uQ{EBq?Z_4#aUI~eyKxC~SB{d9bE z+umu+y9WH$y^@WrHV;_TUyUHYVLZxdn>}JU^{9Xx6g~45zB=?B?M?n65 zmVbrv=O%`*3d8J4Mu(EP5>@i;7Mx7@vHQx!h?it!DAdY&f%jZ|GzD(eM;vT$Ctdm6 zF~6V7z%EpY9)BiqYSI13PAzaBV;XRK2^lC)1OKs0$u?Z)rQT;jZjk8vz4-o8*4hr3 z!spBV!@#%b;IbDi*@tVZ%YlEt;A5+W_-Wh;-~ln|#8%JqV$Ny#@I!Y!Ca(&^l~u)b z9LE4>1F1OyBr}#cO?1`+UhfcI!~?H3@FJSU)_{;;r*THD6hPv=FJ~l{H^(v}v zwc1HnRT#s!+4v=i$)H{6z{5 zfvs%OcV$@@#r!6A#Q!INGs09nTzu( z_kd1SUKN6H@+%~|LRDT3aOK@xmfv{;F$OSzH~k_@D8$->UI7P1aY_gGZ@L5gT=EiV zI>XB*aIu(sEkjvo4sXl4V=(SI={k^p2Fc?^D>@!-R;)*&GM|Ukd|blDiZVp%D*>n_ z++D^i#rhJNn;;uT=QqR2*W0vP2-R)ct&Gw4*}o0V?*p(~d}RVai2WuwN&8q6_Kdd9 zz^^A0qPnlpLnc+Hj1 zUL%grW1f!NEzrObun=<(Uh#bpu`dIf$h*ElUd}%=^X42t;lRK&=zGbYR(OkXu@IDkRdfGq?)}NN@$Bv_D59Pw%Rgqi)+-%=NZiG>A>Vj9fUt z?Rpk&3`qmlm{WT1Q&dBghZygA{l z|HC~4Ja{S3f${>{`{6Y3u%gv5>AOJ5R$ujDFbsQf?^5Oho#Ka>3ODw}gZekO)%Y_E z95p#zz5_^HlY9(FrjIQSx7exO+}{RJy9t3hFUHl2z$k7EAp^KhjB(ha@O<#V6^e-W zS3@gL-38_v-`~Ubq_av|jW_aBtPE@9k?GA?PCXJ#{H1KE>RHgNi_KwT%S+&B`q)-+ z7tN}9M;3q{SJrI;80T1>AorAJj8}!(!5THL&_j`xaskFkz=-d<9_f0EL#%jn zVK{Nfp4<8Nv1Rku1gIYYY7IJxqy}#;Ob^f(v>u3a@3T-<2NttL<_Cb&?r52h3Ftlt z819a(%j{sq3x@5MRt6Y}HekedVRbhmbUMZtL;{Qp4~CKJ?0}6(+D`(f-EB zNSmV{hMKefGUUeP6(EHxo%o(+ez~-YBuia^oHszuL_HsclLGi>m_e&vC$NOM19ZG& zi|q!2S0NZceKgp1p}ir>N9(OG!{YU1*E4S&a}&nN$lQA&qs5nYZN8qTFebf7UV}!h zs11<dzQ-1P3dy&s78e55Os0TeciJ@K&%` zp$$79Bz-iJ#>)6Vm2|?#KG6P2*TMTI4Iyet&qLDeyNj#-nSArkl@Cw}S3n6q@}=h( zw%nopKK36!K}*K7*+^)?!?T-NrHMg;1=$XNOtGbTDP&!l?jnkMdX{u=?$>Cgim<@<*sz$4Dp2 zvx9mCu=)tZ#0Z$Dn{alJXO4KGuR#5MD8wRmYZ&Pti{xrU3fAklLvAd2rpvEFLL3+T z2hea0JVxXgZ+;R_e3M&TyF!@1y0(9Za}qpyBYX3aNPi13I+5U~NX&buuLtY$8ss~v z(a?_GK+q}(Q$7w4$A|i`O(gtq$&;`>73AgLL3r7(;?g`B>b1LC7Etf?Udjik`wE5E z>EdWxEf6kT?S=?NE`>@A6G6-!0D8|LneaOgkX+(Fjd)ehGxmp%k1Fp9(>noS*#b2^ z41+M2;I6IrZB`n@o>-4vGbt82=RAJ}+*?F$+3w}}Cwx@Qd=llRIj^1OzwOYw-?2BZ*IoV*mY}pm+3*NBAtKPQrTtz&;l@ z3X`Zag~s?@fTYHA&7+udStG3-I0U0{6W&tRn_-yAxPdE&Wi6jyuXax`a_so(^S&>G zSupSW3Z>QGF8Cm1#1A&Yc$C#w;XpPnXboTHf?rh*_`Cg(MM~3vrQ@b0KD5mP%#*b333l>sW`&(-3Py3J#~d?ToxY1A{>V z;ilzdAasxz40NdXc>P^K;Ta`=(f*j0Bm0`VYc~B~qm^d^ulu8aF<&&t|0jIWz;P{V za@N@jqlwrL9vOBWhzc#`0lA@BdJ%4Dq@p+Id<`YXiYzYdhWopJY?5!8VQlB9@;g}C zW~BPt8&yj>}m>UMgk!dF~m2V3nOZl)tyn3cxKsXZMjeA@yeLfmwY#ay>& zr&AqHp@nCvI&k1B?IN9Tq@94pbe-bYkfNzPv_HCO3X)7avQrEfU$e5cbV zACtgEl!>n3m1!lBQ9Zhyd}+;N!D9$K1yuX4=4g&3;-7)wb_T0w!bh{DYs$s9a?z~Z zF1sItk2f-4usTcz?Dx81H9#p`avc=k;A z*KZ%$ddVv=&&BuY|Afn+rvP^PdgIRKCZi3oLykNBgk#{o2jNezMR?^!Je4GWSSM^c z^Xa{XL=M6KX&N#z0Km&R5^ULc0)Y=>PW6CgNc*=D1bFYrXaS6PTxa|cek<_%cl@w^ zDr^3qfD07Cp-a34_+jxtzVSH(7bAut@_<&1?-j;Y+Qv7FeE!~(W& zBQnN7%T3zi;d8(x9W z%e}vzVH-~!#uR^1oHO4xE{|4teG?4HRjrUdU)E#b@TcB>>{Rn=HYy97OD#t z5xzIZ=hVdct+w&1ne-n%i=1x|+W(N)*QN;nah%Viyx$Jk#zQ$i7Z&*(Sjp#WV&t&v zIQka|{HMp#|K5V|Ox&{8Ha^ow|6r2Ow;amnJtAAbL)!d8=5$z|PfJ>VI-EFH_49e{ zNqnxG$LA3u+j5b4SR`zY@W;K^SWG4qyH@( z9ff+lKi3wCL?Qd45Bl%`=Gkj3ZCU%T<88#*!sZLL2**(0|u4 zPn_-=j}2~F*Bhm&x<^lZkn? z=x1o*rL305Vzff6t*DRKw*Jy#1FJUFLhnYcWC(Q_aVAQVAvOSQ#&Hs-co989H%kbO zuQ7(ugDpqo&NnRFJk8Kk&`v${Aau@9#u!5zb#8v$oDHCYD8RfDArDj-3nH{62%#%O zXgCO=IYj7BhiOc-DhPFZI<&;N7Cg_$-L~Rwj#v1HO_4-euMjKyAf(LevkZ}kI)PWeM$0uDL!q*+`7O#A16GIl+dOa zLsuHdNa)Xy<$T=gb8J%_nD>cf6=Pi!HMsmp##N1B!F)MFcjBHTY-ItnB%vFPi!_&| zjN5ILCA4Tc>25YEBK4H@l=?Q~8j1VSqUV>NkJBt~Y+||p;Yfx)Y`m-KZdl){70)k6 zZ)3byWZ7PNetD^hA*MHoxbtz62CAm&&wtc{dA>hPjCg0Ff~KZLU9F>#Vx@UDU6c}$#P)(G1r@iCTJs(Y(gvYnt$ zA|c(ID4CEaaJfWGB~i>zg)6f#uI*>I6r)ja6j2i8zlEowv76U}qMQ`|ipIocuHR`9 z4dx^EbNx<>I7O`#)0NVFFK}BQ?5VaFGq#9}qC4B>pv@BHPhtSG^=`y|7Ddc%MN1^g z%VIdQ7l#tNB5qRDV-isWz8gH2^P7T_%>f(7>{gUzj`&?nP&Af4=DPnOZs*+J;x_w3 zOk*~anUHrgYr(Zuawg|DiA$#CY-Y>3WQMF{c0HHOMJ{IcB$v!hF6WY+45N~{%heon zT7oy`Gk3WT4BvLk^6ooD_{hy{D{4o!2#alE7A3c_&96P#;^Z!7(H47=*_&~uZ8tM% z+4eBoVX>E(z0It>e3{uvP8TotF&h<6Q4-{SW@T(kkgqcPm06;!XZA0Sk|bXP6Cw-q z^;rD6dqiOvh%nqeoFY1bY4oipCeE?=lC#N{MG)&L-((w}{sikK-&OPAnTK<%v7)y; zrfkrEg8N}pFfS1E5ruf{Y^=z&*n$#bCGs5Gy5gS3Sj-FOnJsrAc7yzu*$e%MjgUWZ zeiw%jyHQ?b=2ArLCV2%6=b^Eb-)QNksnj>(RCTNv59SU=t9qimUHWP&*|+!^_=1=$ zgSC$E5&oR}WErBV?xi?&z96Pc2eTO#Yu7BwbeYgB-Avh$^ZOoY$BKEf2eVOF+{TJZ z*^?RG0|dKQ_GT7_#cixuATv2iXJ(6J7TfS_3~cwwzRhx2BKvC()Zt6qCrp(0%Y63q zb|=qevY?sgYFXTjJtnVb){Ar4EXV4ree|51#8FbQ)QuH8h~cOT=9btcr)z)I2JeX> zzddp;vo82)#AMW)Q9LHdMs015f|q3lvkaWuj}`l66|-|(qXTk&vy#=zCFlnqQN;Nj zk`J(FHS!xPj>;9y(!C?sa>?Gph#V{4lbhH!&JABrQOD#{U_yMvy?IOaj zH^cvY#zbHpqf3t|@ZX(%7jSs)=Ptm$-vPhQtAb{3+v6^U<;x2Cg%_5`r_{Dc5s5=X zw66&9TZ+6+23U53a=rQ5i^@ct67PzJy~KfA%4{oaMxv ze(>+l_*TwCklzkp1H8HKYIk4Kt&ac^7@X1Tf8qLvRg8>9${0e$N_thYETN{m+4fVc}1V1ox2B}1uh8s7MKa4f`Ny~U44TBy&w)3Eeh1tadfBBZ$BT|1kk=>P zgzqty`~85rMC4FR8V?a7Cgf-2ND-P+{n7Db)Z$VP!jl6CM|L9|+nrjhq79XV{H4eb zzJgku2_kd}u|-Jnc#sd!qh-s86j9wL0yw>YJTxnTO*zhPP5I6%y1_1mTj$&DIKNH$ z%*90_AqVjzhIYs5KhZA}g6YdV{ z4j;D`gfDv&KHHV>xv&u3Nj%fPC(5%ixHC%fX-MYZ%D$q1YA(wBnjQ$Ob0s|GM!3#n zV1yRyTnmBw+z1zX5I*2Z=?zRXhed9U*t zU_Il}+)a?TGmiBqd3fx0;M?gh06*{}c?;u{tho?;Jv5hE5&jrb2fQov5b%YNw~=pS z>N-y;o^SDlC*rqw2J&M)KSRGi<$9~P6mPoC06yrk5O`$h!`=~MO&coP?R-rAUPxu0 z&~LGi6t@*D11{>h4ftcoaYUXPa(zT$`M9Lo7KP>M0|~XtxOQ zXffe)9SIZRnIirO-4qmsdF(Uz-w^T@&>YEUcwBXAL&x|V+}eKJ^6y1Y#xmfUbRM1s ztqI?Pm1_MN=BwBH|A@Tq&ie!Cj^n*48jVt4k=frZQi|*H{DCxEO7V2c7XeZvcAOI^ zMPNsF;GvW?z+Y2hfDfkh0scGXMqqtV8>Dgsw~vevnIQ|2?^CTd1$Dvf+8O$+?%g9@ z#Qm2NQEJleY?l4^9jy`;Qzj~h^u;Pe~t z*wG(7N`bSJCjlQxz6-c|NCogE#>gHe;TrSOeQ5vse#_8b&-qV6TCc2!fEV%z)B6zK zoJ{yp=0lu|xkjvkX6_Key=jDZc3Oi7hl(bKV~)aVi203=l-^v^O`&U$OKzJV!qKN) zABViXUkz&1fHfV*UC9<`dPY10%};$_0>09AbU5AfDnQIXprOd5e+uhegb2#2gM4?# zr(3y*!H7oI8bqiqI>`7Q@Y5lLOS_%qGWWw8anZ31c(Nx><5hLFo#N|^ZzH>i2=Ct_gTxb3MFk0|y@1<|mcS{(K`052 zu(gL$QJCk8Isnzs+7^^Hm3{gI28p3Y3^2*Q2KcnQJIS7NfG0e^2nfR6+#3UNUk|lz z!i6l~QQR%cMHqei0+(a9#QjsuT@<;pMUePF%z$Qb&%1p{v&J_FcL)~x(n@qajw1)p z8%;IMN2$!3eu;U>MSRX^^c@WSVmq})qx(?E{XET*4@b%GRyP8d7=&Z(gzKQ8ye2}v zPEg5@XsX3&SE|uicdFfK531=(PpWk>>J=n9>M8J_BBpTK^GNkAr)|`f>JL})pW{yc ze|V7p)7&z*d94X-8m05IX=H|VcnJM+sas!^b2Xnqjc?OAGDUocHLoGSfN+fryilXsPBj4yd5xqRQ2eor0B(Y9}OFM+<^^$E!PFea&vn^5K~ zxh<-&yq_aP7nY|0(X&AZZ8Q#PWR77?TJ&y|r>UKrMik{mXLPIW?{U5~Pp(0kn`Wv{ zlehU`1y9})Iyf8`+hTsp;TbLhv-CBr)X5r<$8;zA0&Ibkk!_WeWq3%jnV4K9)^$4z z+ZBs#?RGiJCW<3q!@IbVUak%|vCv{CI<$0niZ+pEx(+=Y4sX%bV!r7PM+;F*4Cz{U z#W{S$L?`R&@Dt}O&r@mr9DyP{%8YUjEJ*aTm|M4gj$kp-Vlmwc94*C*7W*Zwz|l&) zX|Z6~T8lSuJnv+KRFwF_$$F?*;Tvs6X;W~ciW5DYY@A9Ew>sGrl`N{AY_{qw-Y}VcU$>Et zG;!WyuLX_3LHEw0Ivqja{|o&vIET5JK^23X8< z7}~&_#Ti%p$GuSz1^DwS`M4I@O*?jv~k#4G+(6~Ebj(H!^O?WnA-9=zC)6r{O^!$ZtSg&UQV{tKd@znNM_GNa;N`fN2cgzrV}>}yW5d1uD95bVRIdQ#lx28 z>LGI-{l#jFy#$tr-=HXL6(5@gVgs{P_F?_!I|{_nrgUM;z*@8;&qH!`*k;E-(Z$IQ zI0lPsW^{z(&Wm`_vh|6`>RN=!xPTi}fCo5`DWkXR-UzQlh5{*95bi17W*UL|SY$Y|}+gi**K5@ac@wmQE{KjmReJf_7`-G81=~mefNHBkUHi9Lwes<)$7G11z?S*-aLEEegMMh`TKo z(Y90QGBKA~g*~C|r08X0p=En?;GNOS#WKsbdEiX2)t0TKb9wZGV!dS>(|JDFR?Ft* z<7HbRp0{kReU?VA5PL1#N*_11QjF+e*0#o%SUB$PP~CrKHq&CyWv`50iL+AEmY2IB z`XTY6#j5h2k6tA{wAi4&d%-SQ?EdhTVD!^DVhWv_tR5CiEasPbD0;QnXfi&k){4(8 z+n%H&(d)!lPWEo}V}d>qK~eT6y&GLEZn4-ig&##fAy!&!P56=M4dR%^4uU-?0{DmQ z`QoH+L-Zyw+sRHxZx-h*cHD6x`Y92B`>B+}e6Vd|lF95BiY~c6EtXlf1w-zPep*!X zFLLumeHwn76aig0oqauy@TWz(#a`&(16zNK_4BD=67>y> zc?J?YZn3Dq43B5TXBN9YN5?!XezDk;96K1@OQs$hf*hU`&oNtNZ;|00^PJdaF-JyA zuzePrmmd|gUA$+pRr&3}zF{_B+?Agc^E`f+q?pUa5}zmZ4zZcp3K3r1Ii^+&!4G>v zoR&26?Gm>$s|U;Q*d?Yhn=f_`yVdcc_{w6Nh8>FDBeLni0<7<&V|vBx6_@ZB3(aS9 zd|brqVg#PIqx?>$kB@m>lryUk$ryu&MSor*D)52yWUxmp7Cv-x%)f-WU@R8{y4@Y~ zhDhh-W4XAwa2D8fW)fwRP$!V`C^DL=nKE?_%MX5U;uwt9=r#GL%5IBu~;{uv%` ziYv_K+ehU8=JJ+s$>1pV@%a@oZ;5bbtLy^{7sR|R5-fIo;S#WPX3NDSuy;f*Go0HL zPqe)&23t1eH`?*8s4^MPOYaJwOo4wZu&d95G4F~*W|e$&yeHC_tr9&_H^dwhV=d;$ z-VC=f8X z!le(D<+PmJw?5_*5y}kfQQx)hCq%x*yu**nPsMf2Dp1aU#e6EdWKp{LA~5YeybDmk zY=!X8J`wY8v8;*p|01SAd}uM%|A&~*g-=}`3dVz0%1>2#~(q6qIto~PXc^Sj0VglA1mmY>}R?2^S+4V{H=X#Z-l#=_(H zJ<#5tJ>~6ww>o|n#ZHzVds%F?*r%AYei6GY=H9O)_7`!`V)KUvw)|Bbvshr-sMssw z6tk0ZTdzs6zl$H4%@;rRz6VU@Qhq1p`@L_$?}!1+PRl__fh~U*c}`Xm`-iyBV&5lL z#tONNS%o-Iyf{|LcbQSUJP@npWs})yj)*5)BI_dZWil?dC)F>E%s838-8DG zWwCo>X9>HEV75x+#dL;en#Bghtc~@M6PZ!pJ`w9BPcSq4)?4a)%8$mx=GYd}%VMX% zd}Syzv)}#YW@a=#KXCPz#|q4H(i+}cp0F6554M(#7NfI-*7BUi9v!#@PX=7H*mKz% zV7p>5T17*oF~E#@G&{x~BI)}*)DqM#A#y9TN}iWOtmMao;4nXMZomolT4e?8VAYnf47zZn}XU$NLJuvmH2N=L_7oTO4}K5~w$CU!`6 ziO?bOmhF&CiFiLY!O3DHzKrc4s|IoXP)-+-BA1xV{%*ieu_Yo~&C1+u`&mbV)uCpy{oc0=V#Cwsfy2wBUlLc|aI zuH9%^S42_FQcsW{GFv4+=^hX_LAEa@Tcz08JtS_TEMkT;PuOmgODx-rAv2>V$zv9K zA#G;#?XvYyN@tF&$ugOlc^_r6%r=?0-7iN^mXBC$VUa^mkwyunn=b|>IrLOnW->d? zgLlYjmhH(Fc+Ev#vDm$xXSm)i%ZG6~v~`Z2As=uu7co;l;$%5`rmSe5zfkTpo6eS#nN^74e!tsi%Wam8N_~&~&SDFTZ2og(>2Nb0=1Bi?nSQ;= zJ}J!6^W+kX{n&eiTcuph?4*qCeItJL-e@tJX)EOp(-U?0-CikQXLj0cVBr!`CEqqZ z-8vL52m92t$(M>|fwjDW@;fcP2H+V;+16roCRfEr4pudpN!xrbQV+`cfV|BvFi)32kUJz(V}N@+yk<&#ePU9Ho#)BY%6BALhK43 z1=~et<`w&c@(MF^gghwQjG#KKupbO7j(bo#m>sfHsUMUHCKFWZ2jx18QK=u2Us;Sw zy;`P?~uNquk8Q%weOfWoG8EQNCoR;~H(0^(NySHp(`oRL(=3!xoujG0Nd- zna*rE&XX6!Ju9~}GxOUa51TeV$J`;0Gov1REN+MV?i$atqXhm{h>tyLU=yQ>&BvY6 zp~gP39FUUO>qqCA1WSzw>blM&Ff}B=ndj8U>KJG>7JC@jd z9MiWt_Q-H%r*X!TAG=ou+-%wc)83AIS*DKTbdt_PUXjx+wsc5+T%Ei!-n3=sOFS!f z_EwY8(Re^!v>2V+9FWEY(>5rnB(`40TI|Q(lVT6bRA%P+%ORO<*|sJ9JMNJ5oJ8p= z?ayU@9rv0HV76R@bovpjj9G=q9ExXOrO)l;Np0=g9Q1Sbm-AIMT> z6|mjZ{v%mq*-FDEwEtK(T5Q1(7x9VgKb4|Xh}PYwwf{t3cZV61j?@#9-dQG_h@I8` zgxqYgpxArceD`;*f1ZZpayuZ`_b$ykd;;a>a~GTmZ!^-TLOWR=Ax8N`lS zte>4&z;rXpA$MXVV_e&Ah^cMH1{dsZe_Gzcp5|O|T25w0ZM_e+a+BFJBgc7sB^O%k z*92nAn9=#!!S-Lt$1U5PS#PvIBR820wqsx~TekUqPqjZQ4_a(w=5DYzoSq~7&&sb% zCQkPJ)bpHdIfF`FA?_>w)bqUT&uqRJT=0NS%gzoGGM z)psVd-vC6EWV6u`+Z6BOI&Lcv(S!`^2ZTkonU@}B0jgM5@m>oh-?`|KZ zJnyA+72=!1aq&^=4vWpsofPj-OPC!JG_IqSW4`IRvg7Rd7?p0Z2NLJSw^O5;neEbE z-N|gecrYwSC#gA3*5KPgEp)Q;zA0*jlS#i+RqbSr}7;>_cXB#J%s^OC>L$QdfyTu%~w))xd1Ny>E|)0D6n>2u!`KgHc_8Qz{>7)D?Qp`hcuS5`Q$*fY09!NQiV75XG?(rycFcy(# zr7#9Q0k+p-kLErVpRLqlvK`PRNzcdUC{JdU;{BMX;`^!sX66jmPhH2%tWiI8tI5Ro z19Eh}s&cYWzXJ8TlQsAbR4wnL9ID`X-gmH?>}1lfNF8&sM89E*{LC3_cl>ZC8(eTW z{s#5+60(^y*huv~Gdhk&`j1pDOF13J(&6|URe;5Ah}j)qs(L$FZTrz`u+wvQ`!TAT z8AWjsW7KA5G#sB2$&^qQ@1j!uqOp%c-*G$Fw-HX zkC>#&oh$^;8DB9O|7tQt84qyocDl})qC8C|UhVN){1g>zv6G!V67E!y7TemRRl*F_ z!O4;m=BRWh>z`1maxLZ_F)m@DDsi&e2}{)&CtH>9pqk9gys~*%;Wj+}Rf^()I};vO z>C9FLN8a9qM^qy-b7VcjJ>4|ZHZhuMhXk#$Y&6rpmhhO9#YTLdP@}%%C}#gXseB(a z>)zS_Ov00@mBj}5|D3Qg)!t$i0e*>_RjSFv*1V1Fw;Am*WJaT|DDim}YBKwz?l&aXDu>0^#4H!JDuG#ryo+y=Rh7MlN;Y4#f$gwbX0ZXu zQxo4-Usl#^#rQlNsG} ztV+D3Mp}%bTvoFzPrBpst9pVN#ax&8tJ-UNBIbs~-&Oi!S7ZL6MlmyE3cb)`6jSQw zEl-N6^*Lq~b8Dj3mrPH@d@j+@#gAW&Y11>9nK4~-rNtc6d(!y4=;n~*;Nl^Mk8`pVpn~OWup<9rk9#FjHR<7-SlG?`=wK{?yjG+Sa`~D znXY#*qq2mEbbY|IA?7QIz4SR|=J@QbeQT)H)bD3QGIXNFC}yV4w;09D(gT^9<;>D| zGNT-_qO+uT{q%X$#yRxY0Z*FwQ4YDfm&GWDe4WY6%pqUTVn#U} zP0ZI-CKKCI-%TvgE6sGs?_;n=D;?!GK)Y?cTBCv5-(r;CART5g%CAtjV`k=8s40~> zuFr;CWt0xP$5}Q?SFCU1bW}1QQLHC9*~!GAy2{D2qKE1APIe~odcDiZen=dlkD1Kg z811HR(kCo-DCQKw}QMj8Lr5zS~rxUS+CR-;TF-muKrVA0Hb-rawD{)h0y2xUo_@%H+ z-(a!J4q{_0rlaxxpq^;4cM9CpSUt^RCklMTSbdMh1ftxm@3ok>uaCG{-)}L$&TeX) zUS%;yXCE<6KW;MA2yfWxP1mqzuVK5cVf&mc!{ZkHrpfG^5@(6=`u%3M@%oEqwp;ai zr_D#)s;^kKK4|#~+Str(&1IROJ)JDWV}cGbnf(BAn5d(iHa!2OdpOzA#M^Y9<(b%D zB~8*poHkdmDNg2bIFK$9>v>q^Y`W%hhsD(-WDU z#Yg-H-|`eiStYWHa+2=R+n7<5K}mD6+AaaG6QZgZFiMBsSwiTi* zb!yTB`t|L^@XK=KtfUpX_<7UzZTG6ARXTKsY5OH$ani$jo5cj!YMowddX6fpN?NPy zm{kb6i?dD#>?GTKaXIS^wd*^=i3Ad%s9gPRkntT*OxGW3kuM zPbO{Eeio}Q%F$2haAuUlS4rD+7bp8Z=@~uTWVq}8d(v~d%w)KC=+)slU2Cy73cNaO z*MoOce)M|)-rqGpiv#v!@0J~QXsSTR7?9{I~ zSzPQ3`fZaT_qfuS9(~SYZxrOmzNBkjHf=xl z9@1g2-p0;A{CqnQPt{!DED$71S$@G+z`#xUBny#Ii7+pI(Y~OF$ z=-TPt4hNkqHsXm6M|3$yG0&*q(o2|`;ZGdH#@)=!n2E+*%X75&DIn3Pu-I`uKQP6pwAgp9eu15hdo6am`xAlP zj0H_LkEFn!#v+S7=9w3mY20VA8!=vTjHMP!*He;njTIJqL`+G}H&!z^fbp!wzR`Yxg~oP^x!IEfhZ;L9w$MEw=W;7DVa#dcv_k1}>! z>~60o0>>IJF{AuuC670bo6P>`z zqZX6mWYS9GYi3l=Jn@im*|gc|Dsq)!9H;zNi6g^;Q&t(S9}qi)Uidlr5yPDsrHe>e zZFDki+}3Li@@qP0SZ6UhXLu#_F(*rjh);Rk$zmhYQl2pKo5id#rZtPX(OBcOxrj~1 zhGw=+##W~-Pi!`JG_%ouTauso#`k-=`S@sYrr5{F5Yfs1q|eEwowj28lfUVilkMZ9 znx!&hO8Af``CpY4>Yfuonh`$#GtL}JK7>kq+kxajJYS~7^RCy*S{!%#D~%ymdtBB3 zkwfxb-6#UZ(N>&4YYZ#eU+ZmF%;r`z^5sa1|IawZLAld&_V}3{vWZG;bfxw@%(a+0 zjC{`%wT=?+Wl)4?(Mn1@97XY4=lxl;yX&7d|LODpy{4&D!RV1|OVwO+t__v# zC5$~KKI5J;TlM;I8vh%(gEr}Krib<1zaUw+- zkL^U1q^TC9!JYRV_@tiSAs^qu%7%97l4WF62IKE>nwP zXNHuk{&}4_7nD$nvxtMfV0kA;_>d!*k^e5Qo7rkUNi(_mNJtz+BZ0<)jmH3X<--_o<-TsJSJUi4$Jg{U8n-lBnyeGB zTB&O^X6|N5n&;bG?!zm{aO5k+d;OXa@jFtj$!hAA_!uQ`%8O$DH*!-uOmR@z+%a03 zQc+#7ZgRd?WsReN+WBp?whb-dgSSa&wEt%+jicu8Jbkbigqh=i6Q7Q<|1LgxV(kv2 zx==Z({izI8P8*I^DlOHeX%(Z~%{igz7^nVf>RIx)~E+NTEeBFa)yh~^cIxeoZVUx8frsT9ryn}q3BK)^8o6>&G`L5_dM<~Vl z?@M)Ug#UfMwDs3F_&9LW4DZ!~>T8yvH_s${aimBQ)@)wV&|{|pwwmqSd`5bM`+`OS zb^&4^b1pLd&7L(QTdnz|txUUv(x{WdY{{!fG}huI(tn97jwWp0{_#Udzl8hofH%p1SMsYdn@Ua^ zC7PG~&zh!^n|ib4*UDE*{&)F~>`E={7eHleJ|CL$-=#9^NNBEu=BRU)ob}g~{7)KZ z$p>C7p&88_jplg%n0u2(i#hT!idb&$N%fV&i_w&?ZGmPbgwM6B_SF_^x>_;U$7@$l zT7&K$Kx+_g%OVVuC)P|H7c3k0E{qOQ^)uSm@({w)J#zKTpLThW*pq~MYWn)Acod2Yn)hu>gP z23PBi$c>#0Qr&#wRM|48=#ocn*4r}^wOFOhng+SX>Z?SF3_joh23Z5p5deT09`{lAHS zbroyM-JF5x>Y({Kq`6K>@&CvEy2NL{gi0K0CclRB3e7v*U}rg;fizi7xw+Mx;lJmj zz?5@J$iE$r$>%~SK7ftuj&SJ$^VrvFz_Tl~m&Jb8*%8`6#vIl2VxLXA@*vBT$@!5rG zCA}8g*}4fWV-pSs%^R0-&&rjrKI~THKS#rEa(@{gyAJZ%AjN4am02D_W!=H}vn;JU zfq&PkW)IR`0x7DvH*>DZoz_0HUgp)YIg-zF8=5hx4VC2+oJ8}y1IO>ReP`Y`Xl^yH zt;~E)G^3fGCYqYKSc=yCK1TDEj?Vf2>YDDa_1CU+bR~%E6qHu;m7u}b?B*Gi;`>fb zvU$x&D`V3&BOTXG`I`FT04k?>kHT!L=CbK;>YK~W>tbFB&W)t&#Hd8NZYtp!^{@3; z>q6(}>FUOn$F>I$cVf}|O-Lh63G+PP9B=RND%r@Zq- zHT^NJ*Oy$c=JNlwa{gU;=)Pam++v>dm@`QO=IW;F3%W+ud`{SOb^M=Ke9f=fC*dnT zN|f@bh~wkB2i6pA&1rA(O0k|-oD{4AxPI(+6+h@(R+CZDE}Y|3U$O*C^MRD9>W>3q-Be1>~aO`7KOKrP?nBE0sF zrKzEL411_@%;piylAAf^r}$zO^Tn4G{PBmq8bz>(6s<%I{@UX&2!Cy4Ytd1(71)0e zK9Tr~##eQsp^w2=D`K#deGGI7q7VMs<1Yw*ZDfMzi~sXPir6c%@RtLhe)!81lkk@& z^Tkwrts)KIsJKfM;Qs+)rWk<#i{U#|%)?)qEWs0RCHQ}sSS*I&|Les4*x|8EPC%TA z_*LKz;f=3M_~EaOybJl>h5x66Pv`$zR@Y}zA>qtN@eRA z@kNJZm7+f==?wgLY7Zdoh)CFy0drW1PY`TdkHZk@M9VlqyeT>T}5} zpdXsQMs1g4)2e|Vlst)&P)&37FX7LsY~+4i6)+a+njT-OLOpxHH)^=3QsrgMX2QtFWWlQYYE!ws{tvt)tYwpBe|<>J!I;y zfaE^56um8}zpWKp$tPLGsZ)W&Z8fOH5>X>!$vi2u)U)X z`+sYz<@h6be2(Cj9KkJFiwM13Y9+lxUyE92L#FnumGn;kUZf&D-jsK#mvmh0Wotb@ zQFxTCM=gJP@4i;L_j4d^VA^KHp_V)*X_xq8lJ>+tCTW-ZW0H1>KPG9<_G6NEi9aT3 zm-u6n_SZTlX@~h^l6IJXN7p8KL8e`DBGg^QDXxv2*EufRMdW^5os+bq#}&vQ04c&1 zNqgQHI37Q6^#qa+?Ezva(qECZKaQaY1K4UPO4Z1vJtt{jkxp2v)ZK|TDS<`_%b+)3t<+BkXM;9pCTfRWi z-tx1#U$PbLIbWb?2a#g^TjkJ%TT|3?7i= zK1~Itb$7p@*C!2ipUu|UYG2rN$fTbQ&suoy3tR4fnD+v!;`mD#_cN{p9#`uaYZ$jN z)-vv8tYgRWz_DtIt)!WkHabTkVdBt z6Fj!aA2TNd?VZYuk5tRZyFJ{DbB=pF8oA{^Qr)q~!8yn|dcVrXZjgu7zf(bM z^p_|)(yP$UlUy!x+n#`@1Nw=6M?Eg`x^P%Lh^LlTOOL#>z@X^wJ$#LK!>&M%!A_Q| zWxFn9{h-9#^9t8u38HoPG&J>;r>0rUQ_~C=>VjT5B*Sgv7t z8_U~Ru4TEF<-L&cbwN$LWY=rj&%a*Ne*X2E_VeGX=?UGV@HwvPHSO(xLQ|g}MQf~u zJjU+>pIWTT-8~z*N6v9yoa27Es7Zf?^@c%xWEj+60S4{D9bnLo+yMqX*Bfe3{8}-_ z?~rdTua)({_kHX6J#xYZmd`UvKhlKy(J{5iMslJbwNF<+TEDPIv@t!okKb;6U+#T= z(%4wM4ERavGHBk4Sml?1yzqvfL1QxApi#7vM{>GBXDJB=?Lm}n@O)y>ypdqg47^&N z!U!zjawZtG-%x@<`wY>_h<&m7O9T$cBmIjF`VxVI$BY9l{Hf;%q{4b_(Dw++4Ei2H znL%%NU(kVR+x@4hvZ1^EX&u=IBzYp2aGF7L;B3h6`&Kb70bcYcv;`1`1gvBYp^fE` zfN3a|Lr>(|t>fCQ<9barXcnEwF{c?ci%w&o8uqDSpJ|BWBDOKs0*|Y0T+?;jKHIpy zdkxx|d@uU$JdmFL-D}V;<$Dc!_IIyAdzJ4s=*i!`2JKkB*P!Qqp~t@E(BrA!y$0=G zzSp24W5~gwqw{b7jb1xj_@*HJ-J@-g1G@rqr*Fm-(gSDsL#yxcm z^@<5PfqJC}HS(xyzK-QPerPI{zp--Awl(wdl_pPw=vc*9%Ceb7eQxMgu4oF z3o2yI6&|JM4Ek!r6};iPHRz&K{vzlKN^+wxY&6EoPzFMJN4QAq(@t(^Z87Kp4+#C<*hB#IaM}e0b?=a2w-ZfGE1f-v5eP?@kVUg*jB6M zxU5O74$Gcl(_76z3Fow`Fpl+K*lM{!`%_G`(KiUDp)MG)h(Jik&TJbUM^(`LZePOs zC9Ge<`jxDwwe`K$x$4ujk6W)c*7~$lwBxCZC_uEeKIuRmlFeAm@lUD|17btgLGGz* zY&0L%*k~r)hG-bQHkvt8^p_p;LTcfI7UrJ1$j9kk_Sp-c^8u}lyqE^s94a(F50jL-yniMk+Cz7zNgzM%q}L2&cG|s*m05G8)%m#dqVaTUM%~_ zY-qw+cCb%7X#8+3NS+fJC$oMUdrp_R&@Y4DPb_EaN{;pr%a5?nI`*lS15wUPvIuxZ z-U<|IF3?abfp)baOyg^R{{s4`H-G`^ZD33F9;~72eZ=pqs0`E9Ct+SG zrG^Wz%n+Y3^gQ7eBdM)BZsT_a8nz6e-Ifb~H(U2Gcj0Lp0@(|)UHCEvFt)T&nL};dFScCd z7!AF*XlJ_t{&DP+$Qt@)n_YB+>?d*=2QU^gj%6IrcpKxLj58STVXOdpi+d5rCYIRB z+S}@6WeNW!sSlXy`}4P zV5sYTDD4|=RJL~*KV>}0c!BXpMw>hNxG}b3Y{Qtyn8KLJn8P@faX8}^#y1!r^`_o` z*}JSQo?ik+<1W(vs95Y`-Wyx#cf>aqlJGoE?@md$3)LSOBE|uu#AIN+*aYk(o&)v} z9|5yOBO`5Bo+W}96M*@m53op#1l}N)1ILIpos;m5(r18oh*Q8>94AX$?%WCYb{1i4 z-xVlB7DhzxupDUKj4ERN7}k$r{aDslvZj(Xm13=k$=|@54XoJ!&4B#W6u(IN7uL0QnC#aNT2DOE1yMP0_Q=NQ(HVf|Q^H?V$#C37xpJ;SM_LG2J_ zP|PTUa>;_cE+dQOT;QTE;~5t*ZZRT7O5tI~Q|x()Jq_Ci#EG+!b-ayIRobYu8*KlQ z%knnZdSDLJE|hyG7s@3UxTs4J%VS)~dI!rZ7}vW{sdlhj$MSy0_gHh1yPT6*jVbhEcnbXO!Dh zLJW4ekxzyjl{U+b+NzZ0F)Wv{wSqO3tf_LNwq4Jf4XmkwrdQz>*6(Ni0oK>ErooNM zbCUIq(Bu}L0p3<9aBiB^MY>bIhC9V{1NJJ6W6Wh7#n$mGSFl{=PBmT6@&^_3TubnV_07XeQseTW>nUj5 z3(r7vTcP$MIoylN7Qqn|}i}pAoGFZ-SLC0MwG?=eg zQ_gZli#>t8!zx<*3s}ki)vVvZ@|G4f_D-??8ARApsC_6GHy>)xD3-Gr$1qkhZeTpX zsC~Kh7^4_78M7EiF^*xZU|i2w<4ZN&&+Skvf7(S$#@4`Vo^!=Lok{@lW>sbNhWYwB3j$Qnlgc~&vjGsXqcn8^*I_8HIe zB9`|DQ7#QZ6!Rp@BA8?u%F+uVdWLnv;w&gmYxf2%)r@A=HvpAzufs%h=C)8A?8*7%LdpGuF2u z9~s6G7#(5M!kH{*hf(=Qv0Tnr%~-?wI+p9tMq4U#Hp^AO zl)^@q!^6qb5l)^NEN3#7GL|z|GuDMujp|qqkDyeUjH4JU7^@;E&U%*X822;QM^Nn= zSU$-pA}K;fB*iRcxty_@HQ7-#8`MWpw1z11Y=kDIP&h~qXN+LXV9aF9c2KHPmPav` zIVj(9mMa*m8P_w`G45w7G_3K&Q z&)C2|Cs}S}t0RWipo|zwo6T|=V>xT8Sgv8LXKZ9NVkuQwEVW4$V|0p0TD2&Cm6~V^Ojz`9v@}@VU2RQDt4J z)>SOm0O1M52u!1rh&0ZN<#3iAX`G6&im?WmQdrNj>_+~hx)athHZY1F9EY*G#}V;F zMn+H4WcQ>qy=s>07#n(0zcjGih}T3=hF+u*y~sbKH??PY2Ax~hF=l6Si)C{BK7@`w zRKil0%UCXFxr*iLKHMXW^{i=Nxq*EeStGJ2j*&%ivVr@fsSj||ML%B3C8htqqV;N%&V?ARdqv*%wXLR(V9LxGqj%AQj@IgX4*Qy3C?^@k& zbl}e!HT|dzb>cF$l>j#m(bP%;<8Efhp8(D7*juguZ%YgS5Rt@F|kk=I&g`{y5k|vww8pe9oG(uih zm_3Ai%7&0n736h=*+ncDQ8{ZMFX~dy8Ur6q+#eNQOl5EsbNjGd%2>`=%~%7^EroR~ z*R$NfawFuDLSral_)v`=%~)q@ zhLL9-qqvUbQpP&Q@Zp?0WBCog1dQxUIFIoe#t(sC2grVe6M>@xKj>G@C`OD9yr;hy zL02W=BRCFYDPuWfHDeuP1EUy8p5Y@YZTLt^TgsYJXx8S|vA&M=4W&m!R$llhf6N0J zjOC2gjCG6+jAAtTl#QW&tS+OOBz!E5sIsx7sUJ(N+Q?|!Oq%lXd^_@z2 zl{3~cHZY1ixD1RLjN(p?a3{Cbos_ozZaUVgX4A;5pG|9MBjiP0jC)Aq0Adxshx9cp z*Rz~Ghx9d!^}ux*jf`b;>Da8AOEK-jMO3%NThc<{8+4K$eG<#W7P()3B)wE?6{!-` z1L{@vx%xqc>B)MN-lyNxAL`Hbm)gTfG_s5vjY-Bd<6dK#@u;!Kc+K#)#o2n=2H1*h zH`%7z?y}9cJz_g!yJAx=E-oG}ZCpCJ~m%T2BTtZ#Dy7qMK<2v7Ux$A1z zGW%5f9Q!`|$M$n}H@B{CH@iLPw$^RC+ZnfC-3)hM_iXp^?v?IsJQ6%QdgOSl_ITXm zn1{_X!gI0bF3OI6~l+P}o2A}?ZlloXz-d9Vf+~U*1T76(5wtq!)u7Pe(ZS<`?+U&r zcvVZ~|w0gYNkyf9z z`mI%)*4lPs)A=ibB4w)RXF68-;cSF7i`7WeYXt&V5p#wsT za1R{coELb@RRrQbc#!Z%Pqe}}Hd~9HxS!Vt_rvq?4B0?DLpB)q!G_}Q-Y`5vb{(D{ z8!lpTzpkAai6^RV!V_epaL;cHo@Oc&$@p?(intYb2q%cn;x^p>yB$xQO~GBi86sQE z#4}~H@l4rV{wiWFcKgV~-q!izUOZ1WAJ394KyC~1ZOcWXSS&`4_u*NxrO5RGB)`b=#{)?o$ewG8NZ!So>mx|MCy8)KG|Qa`&qWpkC-lD#IMG4!Yx$#r-uX8J z=X51aWY`3tdlbn>7(Z`28FI{^yMW_5&jN<|Q~$a|9H zzRv<*4=4TT;@!YK9ms!%?<>G>eGUK@`@If~4J5oX=P0m*t?e@2fqXRo6X3Q2vM%)} z{3*WyIHm9lV07x&z~1@a0+(f90t&|85)cTzVsuGs3;7M-c;L;EsX#NW?9463 zC48o+7xYsKDc{zE`vc$2EMU!0;D=#^rsnVDDTOz{$E>ee_vqA7(6q~$2+WDR8`wFC z@Zqdkz}0={0q0~c1-?^Et#ph>#lu-EAdgQc&)}R#fL#kV0P}im0-7a%m`BLe0aX6| z+!wD#P)n+$r{U8s=LKNrB&tit0Ma+FZ=ruZ^!En53vAKjGhkFK)wf6YMj-m}AJEL@ zH*d-%I`vy%*Ay!G|5pAgno52q>mt(bkNySt3fKKB9_L|Q$oh3S;isJl(@O}$d4#)i z+J*ws__3xP_v2HER8tfCa-7##lhR+{iFs3R%Fl9M!F=3Z$g{z^cYp`*nIa!x>Y%nj za|}!=jQdM@%b-q9eaxV4kkdHF8H~$YP)VA{p*mvU8lf@cM&K7Bg*nv~7{zn21HYzV z4<7s~sW88`0OCv1z;>9G6=vB$V0%32i)Z99M=Q*=A;3h;(RddSv$PT&5LIFRjRK}1 zlENGu3+#l{3Qq#Z1GA9=`#QiE&n5$v7!O~G`8oyi1o-0ZVa(eKPyBX;{&t|keA*2- z1#>yxVh1X52UZ9vrU4aZ+TM`w0^^y`TE35|-ps58atP8h6egUYkKHLuZMW7N5 zs4;et0xI!2YOKU5)K!T_)KZBrP(QqVf|@DuBkH8YPpA!c=|DY{xP+ArZ#>9*fl4j_ zYPkq#$oqgcxfJLk9{{?_8(JyOD7J_-zwj|1Dv^(a+1 z5Ti(LfE)?LD3VV?b^tMo{19X3A%Q{pEIGk=y|+mOFvh z$z8w^ayL?q1mf9t`4Vufd>J@V?gQQ?_XF>c2Y}P$LEtR;8n9d*23E);zP+HQYmq>b{NomExbTTtZhE8U}%%p9gN)j$sA9=ii zH&6i;5fSi$AXY>LL*a_TJ~5WTvGm@B8unKGV)Qd#`<8 zd+oK?T6>?p@dU=a)o`DWr`PKBPK7&$C-CMC!rg}_Mv%7-&r7`1@f`IY2lyDCz?F9v zo>zL02jtCo;v@s_96YbWjffuWKk@WhZ}*;n=QZ9F0eKIe7zN&w@O;1b6hJIC-L-JpYoo8 z=WX6I@x0x;2Jk!ZM1OhP;QkDr=rwOU+@He}W5>G=?$6_i(>uHy@VwXCiRXRZv+?|z zcN3ludbi;D4evR4e$(5H=g+*`k?QAoVoZ5=!2K+q7*pQY!~F|9z1Ag z*2TUY+?U`9%JdDx{Z2f=TYUTQd>?M)^IA9iF7eC)?X3i_{fTEexasxYv+=wUM;M)K z-Rx}#|E>2e2S0eJbQzw1C|wQ?SXs6b&nacg!2ze0oq^|!vNQ3VS+)kx*=22b)|a*8 zIk#*Xo*~2>u}%hL#9EBdH(9&jK4^UaX%AZ0A?-oyLuK7~UXRd&){PSS(X#Du--NX9 zwHB72f#+%EXX3fId<~urhs+m*Hp0aDoz?4g-Ts`G$Q#z`*Rqw7&S0AXptJ(^DCXk$Z z(bV@$y=&^1r#?M(UQKh&hMK{e(V81;zFG4~&C=ky;JLxw!Ax)@cp!LZa82#CwTEgS zsC}mPaP2_do9fwZ%AY~8QxTBn^mZFJgOrhQ=AlhYoa{@C>T8BH@b&iL?* zduF^e!*g8waa)gj;JDc{8)ml7ynp7mW|M%mk)L&Eo;rdV1uV}}N>^Te1M$b+>n>;0>{03G1LEW{Ut8bTYM>Pnq zN9(V|*(LnGj|ws45VjfL=Q=6r{z-j*h;RNe)>qbA)?s{GM)%#2MlQr|mOYRmQuqzx zm$qs#uhn8Uuf?2Jik+NWTCI|bCa z7}T=_v-J{d48L*wE`xk#?I{ZF}--qzyU#s<5Y<{w= zv-Eqtes9$8*Xehce)m~voYG=JGgR-Cyl0}sAZ!m7-U^G$>eeWSc_4zhl~gg481$+~7UUXTM+`F?rNv?@KSUX>a? z#iQyq1#s4DijFtKqw3M(S=7b+T0C#TH)p_)XGHw1+P^~kS7`q#&j(Ioyeqt_{9&KU zf7llUC0gK&%72OWU*%Kvd)}wo-&~^J%k+D>ey`N;GxYmR{a&NrZTcP6?>%@&t-nF$ zIpn>;^82ol-xu+oUUH3fB7V#9yQ5^0=O?90J%>vNJ;#*~dKQ;o;rXKP3cRne&ho$D ziBv|dNagO5$MO3)euqnUm%N1c-|?%g+Ff#7)!Tf3o^p}*KdS%3ds^Tc>(5iJvF^nC z0sJ1r@43Jyythrg)B8AnGivVio`&D*nhM|Jl^1yjYA^CeDu0Fa7nU$x|BR^hMc>pC z)_MM{Ypl~}-3fR(WLdm4Vz@tc9)arhk%cs+h|kZumr&jD;M{PU3CJorO^hmhY1fXzqPBET2HZn7Bg z#nv{A%D86<{0;Coz`qpn8WFDvzh?Ye@LPsoD}I<6JS*^9iQnn?q5D^DNw3?RNax!# zgM-m@e06Um(ipbFEv@aX%RAOJuWt-DwXR&*wyb^Kvha#!jVsoLTh=x=b#$z4ZCu;B zcG>dw^~+WQy1aE=bL-0X_3bOdE0?VgTdP*DWJVFV8e;iOR^>}C1DYhDEgo-+<&%4p z`H`+%qOzZ zeB!_g$(yB!qdl7dl&NfZQzPrqoybqlygiyq^+scRqzs89tzhg8iTt_I)Nmr#kwld< z>1cLDnq*qk*hJT+Om=8M;No2!i$u_lp;UCFJr&L66p-z2X6%kcJ{lXC&~$;@2vgBm z2Z47F_vT{RWUsVlVodP~W?Pu^=1e}>H)4?6osVYo(k2NksFgs`z_$MWY@$Dk-dZ1J zpGgawi>6UPwq#kc@-jnGoP-q=r=U#R%Czg!llobbN{}>YIU`MIdXs<(2}IF`1Wqor zxhPZtQIp0MEJTrt!J2fVz#aUFS7>5o(W*Nn+9(kU$JXSwz~7mUrH12*L?>6mO&o}7 zQwD3BNu?4o>DRCo$pIo23r8AV@h}466+AZ5^~yw#NQ#Ovq&7wOBsvF&Qps2{-;<4| zbA6fYU~We?Iy98X9stQR?*bY(1vXEp31}GsN1-y4td;SOL=-v_`U|e2{RMa-*6qmB zsgqN>k&Ku&lHs1*I`EL)8f-h78Ub>~PFE(gXLxA+a5@HXM>5*KITKI7xurLk$nGVr zZ-@@}6S8?Ym7*Wc&UNYGLGUl*yJ$F?Hy$S;B0A-CV}vs4)@&l4jDg27n{+OpMMmj7 zXjULP-+W?gHiJ&fkE~DRV*`ll;(dngG5g#|I@XnmMN{x>1XIrRXQP8~Z%ahuThghK z?xAR!@q`J&(W%K0ERjAFZ2}Zi%TP3%%t;idHSL+`9L<4PF`$-?B?hwn}$>QWH%yo zMSBye&C$VxGaDew?kL7e!tf6O^4VxC(HU>Fa=;qj-T7=X-QS(KXgHCMC0NG`F@znz zOfiktUd}X)R!_7adGHa<;vt1LT38Q=4MelZG>=Cl*J!nOFIcsDMI@49zrmlhsQ}GQ z=bM{s)&Q47-QkE1z-Y-CG@?vo0PbPjL{tyQ@-hsY47oO0^pjk6Hz{-~(hv|ZmBg^(trb#5y zWJwuKibR@7B1p>zNJO`($r@@B5@{ldG=W5#TqFUssjdTm*GS!wO`_510|?SW)Y{?L zo_Hbiccv(|R7_wm7%8s_y_VBXi@Y=Sf z_KwD7YgevlTi4jswqk8FM98MKYnyHIgUcox%uG4}eaDY*roF%#Lhk zM>Z?EY{rKb=s48KX5flssT-09&0NZfAa{W#8W=6O30k+{StbZ%(KPlq!ViA`!B0}6bt|%691tTJ4^~z$Q z0B*{}hf|5w)~c=9(;ieXl-1-BHZ5E-n6W(Y1!J2rq+)2YnQDEuWMVr)>;ptGn(Il zbA&gvTix5RRbVgY$4CTh7&@zENY6^fJEHlh)s{-ho9s6Vb%vE8oU^7l;`H@Hd+bQ0 z;EKz$C)#Tzb32-2XmJdp1ZL`3_fR5c^(9l75!%x6tcjIA8%WP4(wxN^b*2@VhLNahE`6Ny1-got8` znN~zabwopn7uDJvntyIGmz1f{+H1S|m~kQb5&||w)6nwcJp;fArb~2DDiTS8 z;U%Lf8yL}3a{E9s#YoHs{X_{&m^Ot* zQ{#_|G!|All`?(xC41h=uwNg&j zL*-~n5U2I z)Tb0t)eqK?8YR~DbS~PLfQbhM0`4c-bIZ?dVDlCiBoJ zNbXi-z-S{Az@*1+jHE*m)M?;rjq?> zoyI1$dS z#V?h}!_CIJ)U%uu!gd!AVH#68@Dt%hIx7PfSX+u*VdRM6NW(%Vq><`PhNvFV6sf6P zC+^G@fK}}FC=@xU@tkFxB*Hap>Os=XK4c_NhhPmjl2rIH!?ZJv`Ax&NKxdb{scgCf zx)XV7uWpcOPG?-rm?msVVdlZh0-X2vND5tM3lPK?{Qf1)cH20L2cAzzbPgVWc8st}v2859pesp)i6W?81c8I5V@;30a!QRx!5kg@*pkPrvv^xf) zTVZ91o0fZ>RhjDl{Had?EV&fK=dV5V3qnbHa~+m=At=_3T% zm^?ywS2U+qNec7bo=p`3&rM`0;uHqFZa9Yp3|cjd26qfArdXH|hM72|!eV)LB)E7Y z#=^pM-2<87lvn~2>7GnsIGG?u;NVbUkZpD<=oq2N!UUV5`?n=HW9&_=%Vx1OR*+D0 zRxOzoi(zDaw3Iy$(I^?q6=ozHz6jj#fFePP3Q3_w0-+HWgHo1WpDG&0NvcQ^VFN|r zs`MfOdS#^mRc5j)()JAaVn?Dc3Zw0jW6|oXtgwYS^uVT;$QQ!5L-8nt3irgUx-F4I ziG|^6dM|{7Wb=vrMG`0m+nJ6h_7_P7R?yESy2%)!SR#6Hni80MY1fLWC0?ry^B+PP zle3LTN8*5XoFJu($INEp*<<2$<|sV$XJNZnIc(rEYJMQ2d=N{t4;+_3035YO@G85_IRGs%y&2e%F0>Y3yxmQ+s&p0sm4hHy@1-duy$?zy0l&d5M)aNIh+TTJZ9 z>`A0emXWxkQ0j9gUJHb!#;;BK&HgT*V`nFW`!n!)@i zYn#RbvJERfpf6ZL28SSmWTCn3MF-{@l(r}xsjUSTR7K;2;<#=Pzp){6GtCa5OFadMXGiTmv(;(oU2yC4)(zq-`OPEM$<2OGdc3BAMa*&~RSdER}+?Yt%c4Duz^UXL(lPJwDWok=z!EHb2*o+W0Q{f}Y5wQz6=u|IN_Fiut$ z=0r0U(L^b>5X9!xge5H~R}&y6vuDR&7stX}C&nRK_b?0)XB$YC@9je{v>U#v*(*#C z++l>Qxs)D*zFrV;+YOVi4!(MYuHY*HSS|g$m3F0#jaP(p7HYP|FV@?M7Q7&1uk8^NG`gkR zu*D6-5Wk$nE;>G99AQ(6O*;vXBwaW$wx>ZM(C;|oQLu1AY}akCuSROW*d$JF_`a3=G_swH6;N#f+L5# z%t@e@%{kscubW`71|d749hpQ9227<|clJ2}O2Jsq*p~6 zoPvY1x16g0G*duT(K&?@_-x=twqooS>SHN6tx zOx}9kj==T=s0nXk)d;*~?`j3tWMWiZ%}FGoXqb9u$qHqMV2_*mN<*{;t9>lRk#aPU z;(h^8DX`35$Lh&w2g=YcV{HI+qXj*gjfwp_Br;$-DLSbL?NP2VTaeTEii@O27ld^O zHQN$oJ_Kvs7>Q-A(+MaTH&#~$*foonjcwU}$US;dQ+#$<^Mo+*<*^h@D9m%#5fl&E ze`nd6hw>`Q@7|Y$%{Rq~}d!2C@a5V_?eKwz?ISL;+ zWqL2Pw(L<`Xelc2O9Jf9Rhv*U5W={#ut)$X*c}jwi{kEDbF$M!dcn7f2Bb3S{-Oc# zL@YTNO%)C6!*&*MI{O0)ryQtMMd7&t^mMV1!6Lb!U9PAyVK^nk41y+@Hgec{yvH*9 zu_v=Fng&9(A&aJDD`Iy0Y>MXg=&eESy%^A024NQ61WjZhnzEp1vH8Z>vn3lRUvZ3! zqDT^w8H#j4r0f}prnh9*!H$u#XzW(5wHUa2#CXH5HgXAf*{lN(w3Knr41CAjnQKtC zL~N8wq%1)|S7I-m5U~{Z$o5Cp4)?(X*OSR~qn@al+A8GO0dob$#D+NHb#@UQ4Kh@d z`C&>exrY6NDqq;&WKQE-aRr+hO1ThM2bB?m4iKico(UXYv|OBK1BiH%jH{{#PM;jq zIiri>nL#Tb!OTeqWGqlKlr))2DN>PBL%B2EsMG}~l*$ttDnq|HdOE>F1{;wfrZuDl*Bb=u(&C+CH6)DN78)FlA!~0!c=Qe zR%EYsF#8GXPlBn55JRD^Wf*KDqeLL$m6T!@sU*4W(fzw2mFeaDrlOnuT|^P;Xk<<8 z1!WK6wjuyqYC;rl;2ttESW+~d>;qoR4Ch1u{~qRd3R{NrTlzpl{WQet z#A==|5@68nifi(r;ONc)<1!hyO?pmDsiKrbR;@Hklm&DhZgYe^c8LJE1bXnF z{m3O3$?CN!12N+U%))?dBcThH$qyiTESkl3x-6zl`Mzui3={AXy=pChA)?e6Zv=BD zmKCxEUsR9^xypkCu!-XHCdtJN6|7ETR&d6g4R?l>4Z;j!yC;4%Ng_>T?Le$W*={5< zoX>`-*{}c{A#ZhmhYDQ?YwFyiYi-%bX9S}MFVzV`H5N96uK>~Gt1fAmRD`?wlW`b< zI9lux!7awz%ZQjJTiTD*RB1sZNQ+fp`;)dYQUjn@BIV@uDZOn`!;KGXKfpHTGA03m zJ0A2PVNf0T;))brYUv0Lt%aHv3h65&EzFtSkc>blG-5fto@;8HV<+roP?(ss!9iHe zigk6)B(y?&v{4KuVfM`HMFZg7wl;Le9iWo?)kNn&g|kX$$@e8z zLyRAiD>XZ2^TQPQ3Fid)L=VB6VCrHtXk%OR!c-i(5$Qh>%N6|&BZtK<&AF9Y!EY{d zmT+a|98_pjo(R9j$Qe2+f^8X;6w1_wDzQ3&qYq;)?mb=9Lxh;4x*w06+H(AC|g57RkFGZ zh|z!*74kC!S|Ikjyf%)=<}vL`lo<9eW(Hjl;Kb!4T^JQIC&SC}DM``sU!=EG(FkueH#>{c@0JsMO_`o!KVf&+j7oY3ym7<$}l%z z5p1t6gnBHb+{EBeeneX?1Vpr&U3dZj)+hKQIoXGjl|Y4PaYnENoP{-PpPkJ*<}E&5 zj*7RB-zUi`jI>rvu*$1Ht#LtE8)1hShAuFfX%VntW3HHadt0S_Qh+K8NP!uvUwKqB zlslh`=;A!ss)hAgSja|l2;Y>9 zWiz=_9z;lVao0w<$*L!nBEPRGgdd$3gn&A$+%Z1XC?H03gM7BwS&hQ zhc@$7Y4-#n+e!(4RS#$x6 zw4xVl8=SR48jLD*=)P34a3LFc5qBQ7wL>gHUsDT>Y`Vr8ewwH4L9@a}OWRsF-{P5;_~k zzD`>ha2ePUB!<5u1PVLSMmIr`Hs=|Gm}-Cqa%yk_(06*BB;hKW=;2OXr9w{B&7_(H z#a$J2Du!UE7gWK*l7KaE6794nR_#}-L$3TZybwt`z>FmA)g7XJYUivfn_W4q=w7*q zD~K~WOFpqQ_7#ETBEvLnPJpRJ&$hhYo0cal!KVvC5oYJPw9NKkinZM=Oe>r=jA)n) zV>~eXf<5h$bMXMP6l&*dP+|j;`dcx*CtOV?SY6J^Zei{16XTWH87<9nw#{?d3#<}c zQ(l_kVTYf5oGV7- z50dB}NWyDWGv$*#5?n_z^9|jIBBv)=!sw+H{CWVNNaC?>KOUWJJaPvmV?&%mEoBr% zVg#XZTd2{oOfMSQMuSDTaS~=#mhGt|P{gS>D<9|UQR^BjW{{li@ zp-@*V8{APzv8Jx*Y_ST1;0$Qh>L!RK>UaYP3&vH%ZpPU}$HT~y`AdDqp`82p;kR-c z#-M$1k~PMo)QSQSnXMi%umxz)RyPa^SRF87YIB=~9e3K)qXA9~GGZigVrYPDXu@nJ z=M~@(u0)JNrloa8swPTim8JfPUWrI;N*u~$T)4C?fmo}9!Z31#(9N7Yxs%D%-ess# zg``*~@=R{g#GC*hdkj26PiqcrJ-21SIw7x3&{{Vq_7hd|(xlTvkanx3qg;c)BK%@U z6N6Z)Ei6<-$q}jgFbq4^vhrmj_c1FFxFnohPw0$e@k2xL1(|Vzq>NLsN8>Z?HGb~D zl2Z2Ul}ccf|K`j-lBDA@_AuEuPmqhRa> zj+dTH&j4g*WQ)00WFPjq_7yN4#c;_&nP8lQ%@|MsV-4FODDfLaEE#HtE?8;GOy_jy`luW! z3a!)-hQc%Kl*qxzOqh<;U21w%Z=XM}n}oi0DPrf_8VN zfji~fk?7ry50@CAYiqV!DDnZ4MBLp%LoStCQ(bKav%Rt}GMO1x?Xib9Ix90|N0K~j zpQxfy&BcHTZd$-@BifoE^XL_GqD_4tl8C!u?QWYQD$l9JWn~<(WRqJWi|X6ShD@Hg zqJA+>61JAM;kJxCHmmK$FOPG-J8_%RdYluEHEi6b0XY%phVO+dh445od6^u4Gvb2( z;{@?E{w4A2KVqzI#Ec^6JZ|McUdt!v<%GAPyewkjFecQ=flIpM*P#@g9)r>b5l7Wv zJ93R#)~Q=?o_7LiS$Ax~L(I)^Gv4HuY?Zp;b4A2tt0$M40Nk24Io70HmUScN`~-|` zL5>q^Jh`3L9F?j|@U>@h&DN;U$t5%2$vN#n4tbnx?v88Cb4o9Yqj_he&LflByAJ2R zCvhG;+I-T)HueZMaW>S%QqI_p`b4c>^i)FX#TZc7(RSjW^rX^cq?MTb?by~y?zBDV zC6>sRBoT*{b}{m><}p?dlr@BZq)0_KJ*YeTn6!wMcHIB67IFIUkL5DA4C+AYP2r!l zsT=Xxt^{B_51X~jAO&_dh`RxI&E(*6$D15WVJv4^)eWw`wW^dagZfzGZ{CE8$B=DC z3g|bWasF&i>n`4XFfNRp28xg~S)qtjAr?mK3#f#7kHYbn6@F$Z7 z4i^Pn4L2O^4I;_o-;mUTB%eTsvxXD%X+Ygr*8!9p$5lVan#$Dk*i(>XSQzO9|QiSyY zeo_~6^Ni0aMqX?H$%s6DJ&I90aUT+8aZAL}N%Pp!D&p*u9I?S46|+EAPxsi zadJC03>7E9V@pd`LY6`j`Dbuzh|;rYJ@A*(Ikf?gapCJDfMtLS9JBxuW6y!x`6?}| zO3nUcG*&q-0st%V`1m`3@CN+$LzdW&`#&t-iM)KInsS2a8LN#c{*`~$39ppes^E-4 zCTNxKK`lottAcb+es3L@7g{fvy(&0&Q7W*4CUpY1Aa<=&)My~9P6>r6dRwBYkU5hQ zJg&Tl5RdUW#;oa1nXDDr9LkwKk$Ef;nZq-c^oLJJ%cJ5V~?kVd|2FYDqi|8&Tiq;VxHsEI6u`(!-6(?Byz@q;^YEV&q2fS9JF zVe+CJIE1>gWcGXrKjMvSQt>0~ZU?`x&Oeq?lq}`s&e1k8cg4Wnxl4P3lc!*7&SZ#t zQnrpS9xBpAK}t7=EKI3FCFN4m8Tl^u=>Qw-$>QZGZfh+$*7%Zp=2$Su@iUD6h@&S+ z73>jCZ=_q&f}v9OQw9)no_@S1*Ax0l#Tx+a#(jTQ-Bz@Sbs(+jF;%VVPI`tuQRU1b zRt4Qs<7TEypiGWpPLv`14E=B(3E|cwQq2HdyRuP9m9!B(-bW2wPEf~{g@9AgWTZfq6ib1XGI#*(H^lpd_*6aB|h zlHg>esWBx9Ba0kMYU_+wqCF*@s606ym1HWVo@C}}#dF*-8LoJSHC4UOguf9y#PaO| z7eB3Frm@a3vkONTbtIERgHB1VHh?h2ujwXVqnt*rj_+4MacVZX#A;$m(@ztrN6i7G zL6HLAPz*|3(Z)du#?3*~lH(G<(t0joKFZ?4`Y1bysi|kI`$&y&Ps5x9)kJKnOT>_5 zD5O!uVk1>^`8I;GGbOSUlsHLdPXvpqgQyQ2S?xH4b+#5r?!LdYdm#U8B*4cKEgP6>NtUlkTtz_ ztQw)EA**)m1b1LP3iSejV3lK_BxKcDfHLc`Mo)03e(&OYC5mM1GfnyKq$b6HPH_Nl z)S}L!pT#rsc6Z9xyFHtXM@tqsCFS0Viqh%9q^A^^u0fIF@%hR< zbPak+D?*-mV{c&yaOgj-+|S59{~VukNF0CZlo}6Oo5YoUbLK*U_V~)s%~OR00%heT ze*8&xzVdR!L$;;mzN)G!pM`A8J?JCSgyr=H0%aB+bL!y<1nSEyAD;E)RtaCq8wmIT ztsNZ;)K>s5j`~WgRJ#CFp>yi}7D*>K_CXZkMZVrZjaTvwl#~TWe^dboUigpN`{r6T zb1nWWt@PB6-Qh3y){b6PJNCH>p#Fm;DBVlSt)E#2|NBwna&JBJ^wigQODvD4zM{OO zcI?)AZ*50qjmN8Vle}&PnShoxfqTmWrR6B$RuDh>zB1&i^VQ+9Yxce#0w{+Njt-%L z(Hp$AUG*&9A0S@+bLz`OCGY@Sh!Y(9bXmEtcB2=g$_kF%SrJ0J#=a07{j?e=pz#1{ zf^R>;3+=sZOC2*K$JRcLQ8Z@UhZpbcF!klr=Y^ngQQ z(hwPW9wt%k5@b9<+P>O@tSVWCxJ-s5~m+sU1V}>t(>vA(au(l=6~# z6IvfCFR$&A76uQv8d@J52<{B-3XTQY7>r9{3~0)MN>ooG*716K^g2hbXH^z>4gZpNkq`HGEI zpc4oJa>@lSwPR09TQQ#5r=z>|g!rVIWJ zf3DZmfnEVekvRZ_kJ<>O*ICCCZ%7Op9c#0*P!Ty65kfL&AQ`eNl1YgYj*t?=$m^Md zvRKoBG7?a5CkC=#b#QsP4~~IA+4NuvnU|E+jvn-t1^4^PfJv5pr>T!$`GN-!+=B@x z*yAg!jbo(2KTrYufw$m)30O;fYI#X;z(ooG1_z{HgVM)AR_4I$@=`ypZ)U{Fm;&=2 zeH+kz&^Rt9j{=Vvy}W)38YG@NtG>Qc#x0{>UXHd6fEL5$>`eU)-pzG<^WI8T%D$6PO$JlyE%!3YY)_ zm=#{ZA#nu4&$@wiWm~tJ8uk+NGlaAb(>)4D&uKGTdBGfLfnZi;G zc?4?5PEvgrz_6960T9j*c=`OAhX%*2G9pC40ES8Z2t0Gu>9hM_loYSmP*0xza}@(fL0!h(#O+=T22LlNSJ z_SBGP3qQ~=j3aOv$QORHYZVk=q@?lrg_kiW@G{OSb_lXnMUbU>>#I>?G?p`Y?dahu zIKBabJzP6x(aoU*cfFyX0DqXxKU_P~@pYw{iJN8#p(&Ig$yt*2k9se1^DMWjf&{8}40%pW& z^mTPLk};g(@HhoIPMWGEDgzewS2Xnn7B*(hEic8BxhmGEYhr3tJpl?HDa2VL)K-dI z?uJx_|153vk+P6A2QMHPPrCe;x1P>=5uq57Qz2dq112N~kS=NipQc`g{MvDUjh5}D ze>o-~Bu|V4$^liV1g2dNp$IhWPr>o&26R}&h`|aL^f^Soo8#wUkVa|QywP{oSMiAk zKS5$)UzNg9#hFP!YUDF8h~~TK7J~3pPERh-6k!RB3p|0F*I6Cq6+pou;Rw(AAb~?* zw>>){wA&sC5nDV9E!+W1s*<5TI$vY0_xjfcXxJyrr$BAf^v zJT$$$w4O{w$JH++6+Dz%zWN%-+epDE0wYP*pMqpk5eUi>ggV(y7OFEM?U|4OhMrMy zfW1K2%UC9~tP-;FT+fQ~Qc3JISmK!WYEKbtVQNx{Q8>1}3Qx9IrL?^YQy6o^0p{De z7HTn7CLN~+j$dWw_*HI>UuDO!HF{{UJUG2}d;Sm@e)O1>#di(LtRN|mfEoONL=6x*s@Kn&0A#`- z(LwHEPKYZS4??|V$c;lp6jh7@U?eQk#5cU`Y{)PEN>rbS#^hz1GLxDJn<^FLh*bpR zDHu2&Nlsjv@5z3au7|%-#2~$qYf>e$y;!C&;RD?RojB0wFhZ8l@)_FFUBfViuLbytS zmqac>R+B5N0 zqtn`=00(x967ydKC zlV~R#)EnRsHCn_uB~ibF$r()?GVCA06F>;p5bEH-e=pD{m^We`8cud2QRwhO5z@dX$q9=Ln<6a;Urlb{W#Ig%_!~Xd5Ws53{NCEJDZmtl_87Ur z49id+8M%?#L=nRL3AK|#m=<7Z>eAR4J#5f24P}o0N;8R<)O&0d-Zdf2?4S-*iB$^( zrn>>U_&{Lx1gNTl)Jz#E&O%Oh&x{^6Jp*}+RgexDJsdJ!H+oos#-^cU6Y9hqo5osS z4Yqt3iniB_j#fQH>0$J+7nUi2>Kn?5$C*%>`9u;t84nVlJR!5m8$$=MO7hypY`F55 z3a4F+Cf9L%j2?!{WYe}t^vqO;p$P?HQ*;=V*MhKW9R`ui2@@tS0_Aj7A}i<$*A*+% zX+aK7S{+uY!z$fjPz``C&^{$I5Vv6I1)@;gngT{&(1OIBjMxZ+AdM-AOM(*7nd3>P zq3%7V0=3jesanUc61{zlqXJCUL=>nnK7lG(uYQ_pDVdJb7}|@*Tgt$HU<;!JJ+{Cr z1971|7t1qD`$>JhxLfG!%@;e66Mz)eCX$XDps4D^ zpki(3L-MiXSF@dVtxwi+v~Yq_J5P?9$vN1e5Gf`FOKUfJWsGk`!?$9L3#`kFS*&)f zi!2RHK!r%-d*r!Op1b6^nS(1;1+CkOg9p4tvXtsU?16YhmW zP)J_tg^}0i2R<2L?7mQWW$pMzQ60f+k@kDA-Rc&h69Y8zdINPu0$32V6WaX89>!a< zpTD9TrckZ83gKJ}sIhz^iYp6WaJ+G0xr__#A3GErlJP}z87f4a(@Kr!6bpF9TX`V; z2$xu2TC*nPpF;E*(UE2qv;4=ty7DdWWRpyY!z8nU`wLE`y7_kTgecNdVI zP`#At5fl6)wPO#}j@>WMhcr}7o%d5trsl~QV&C;wix6sH3}>MXuVHZy)sFrQO4f6j z3!n4Ty!|r-q78%v$5)C1c&6&iGi%4s6y$1s_%P)3m^|L4023TB736G5jDV-rE{9Ncbq1?#63rZeUgSmCkabP~-Ds%H+8B4wY}b&us0L_YIaLIx0az9S+d^CJ#BA?> z_>#K6KeFV>bNqL#iCh|dtn&2H>#YTrRWfQ>S6h}<=EVd4ZQX5+RtfindaSdry#HJK zd#-J{=kv4Am}&j|jKAIa*w5`B)`?$6rYZEtCN;RIy}@$Rx}3paU8E4KGy^o9n{=$j{f`Q<*jrNMj- z=A7nYAKbAxly)wvTO2x9ofv#(Q$v{l7Kil7sAr}Vau3PkkUEhIU-iiu#b?H1%X=G} z`}$(>rg%KQtZ}-h$6M3ACpmL8@R-J#ugz`ao{d0s5b zjNQkznad}v$pmCt!{S`tTULqn-m#xB;uCy`ZG=kT0g1ykNID>u2I{e3vm1GLafSFX zfpVEn99(Qe@K!0turMariQg{#hFDBc@}zvA4GSVNXkkLaM4BLg>l+6t%&P?%w&6N& znGY@ZiI~0#%glh?>Mg56LZxhb%c=?cwV1L{32nNiS}&3WZP;vMl#c`-^%7?07wu7I zVJRC`9X-s5N!$B^SWWJ$Fq)`T;}GhFvZ0SlJkg<H3UX+%$fFpg9knY2e*Z-h)WyvE~GJYZ7%^MECl3V*8dSY*Zmp)t6$ z6puNjSTojZ&3<-_@%iY3z>Yq`ZV#F-U>3O<%lTMr1ORUEL?2e1m31AGIaaHuIs!g? zHB>UhYUA~nTcSdhq6S!$wrYpr2;hfJ64*{u4@CrHmsSj}J;96BfG+F=p@Mb=P;eXq zv>Ktuk)oK{#o&s9f{x~)lY~R1MKeKGDhV7ya^`&+gr$N~i$@JY4w|SfQLEJ(JZeY3 z0!(VkU~`3j0kgp<{84f=cZWwm?`Vf|0_fsohMaS);?N2Wg2 zEIMhh%06K->K?-w2n3nM_P7ytGbgJ77Uyis?c>iLIyUeUakh~<*I)%!xQ!3RkdR;LAUbY{o9&A zO`sN=a$Mv}a4Cp+^g2cG*I{Rg$8EsH;{QuQ5N?1*d|IJojL!f!W^Og!31G?TR&dU$ zD$ow8*)~oA@0!A(>S3pu_NZ94i5js?NF@x$Iugs*PW{>uss;l`jbwta9eqfgO7@uO z6d?ql32%rb8uS93E}u3)%Hlo7B^G!Mn;RSCY67RhF^eHwujvO8+$t%v6 z7hr=Sn!+_TuIg}&4a2;YF9-KQnC4~S$?lD66p39C8k-o59!Ov)m+Sqg%dheBLmpGh zIN;dh_3)wc{%Ss}{r*bJP7U5D4IP_Sf`wr&Wz}PmqJ}#TxauJ}j=>y?mb>bt8hu!I z!$UGuMc5<#iUZ4hs3Rg6s;jRKOJli40H&;cTq%HW8g>Ms$&J8GllyDe0Ln%*^h-QOpjJ^!VM6)ydR`50Y zGEKXNyvM)~g_9|2AH(vw9f*xtP7o8rzHzuJ3=Iy=n~D0{rH<84=dLLPPaqDxLIXQC zh;>Y!<1Ltg!L~;q!~aTb%>sV;$97g$Dixvo2DzZ>ZnJPTWE3Ibkc$8sYfx60uyQ6Q6#jez_i9hdAWDToG1yeu#ub zo@Rl?f$<8`;3R`pi>-8F$l$-E7+WC2WC1(?zrb-Kp$~BrOu(>k6cUi7WlUUw8kj>N z;Gom*K;5Y~ks3qBh|7dF7F4zeWrBf4{t-1A#v$`!WGR|JRX{ly95OmpGY*5Im30%d zKG6&V=5te&P^D%J>|YbhBM?#Um${)7_9kdMerP)jtw05UN}~b9Te1-P03Z8H7h=LW z2q(l{_(y*v&&L7_8Qn1Ez(j9-g${+tZ(IkM+W;TC_}GaurIf8wu!!)e5B7N?um>)P z(F@Vvex?_xRXggD(2q#iT!T8rS(~w-Dn(>MDNl=m;->JY9gs%F^$tuc$fjOp4oRsL z<&9n^&s!@Ont|c3TNF!5H*dr{A<&wAHIixUea|AX}jb7Wu>_E{>KDGb`L1q7& zODl4ZcgBuvbOG0F9j|1SSM<0p!wP z`$8j`;ZQyk!cBphVO;hSis8iXP%0zm;v>V@KxpAG59Y&_Be<{(jXE_HcW%B~n#Yyi zyk%h|v@p@o-w^6E_n)2$XJ$}kC&l3aI9>yk3nlY9ZXP$j7Z3L}#g{k1;EgV>vAf`_w}nUwl2tV?yv*?? zixJ$scfvqEKa@Lt>C%3jus7V>5X%fMjc4+(ATQ10EJhqKYgy-ctnD~9E|kZ4%b`qP zNS&n{>P_IFx)2X`L<8A3lgTj@i>A|=JR+hiaxorX53J!tJh>@4HG+PJ=?WtRc1IfE zIhMBXFM>@Te~Pji69MPQIs4ri5wHf2oN%?c^5myy>{~K2m z*Gh}wio6}>gV!LnSN*#O3s$>}^&qKz%D-`SOt?DBgTsdkuZK1~WYMZsJd{@-ZoRrc z64CdI99R*KgjdH!B!mRk!KjiC?s8;-w|4>XGvt}iy-Ffost5NFLA*_+ za-kje$>yPbkfEurgoeyjP$67hB=@1^Li+}&q#zmPy@rr;TNL6XkZNCa1Yuf%ft;*P z#f6ki{y{D9wI>^L26%1MiqZuCUR%7Dk{AD2EArac2Cg`N^N+P6S9@*L%E&vcRrPDK zR)N=Kt){+aYGuaY00y1yfIQHDrNN< zGPXN4=iy53kiN~a1J{+|s)BTk2{P%BbN_`tslH*XzGy8M!LZWU*aX8$UrOC-hx;9I zAbt`>ZBL6?lJ^S4dDS0S)+8g#=+`^bA)x|gNn0FR2Qywafom`1TKY^D_xYI%58`On za87JlIL4l4JhW07BWZKQ91SB4t`gOAHm~MjEkeVtYKX;faR_%RAGM@VJcER^f<)=<-+_%-C`4tPO^67V)+T=dzMTtBPK!DS{b{mDtW!-b<5t z0w>*$zWG(cz?#Vh$p(?ti1NWG?u$qNQeZn0N*Ye~SeJuWK*#k~x6uf_30GYuVSEOl zqBD(a=y9h_+(NXjX~z_ebKEiH1}1ha(f$sGTbLU*>rSlOeZmtbH(_G5CRxV_l<*F; zlWnW<5(j@dms<@md>iyQyM#PUj=T!Br)P>gW^Ian4uOUC=`B3xXn z*@(9L7`O+PnxMBc$4RW`@0ThLt}yl8+v(mU_Q6&;}k}sn%+|K#hiD0}bGM2R1x*96C)LcUrW;WCNE;NvDbK5s#gv z6CXKR{|l`D+uwZgUdDMRekt9D+suXIyd+XC$J~~P#uM4ap+T&_WmCys=X;QrWBnea zclq+@ve>fL#+A)2iSUY*W+mDbk!#TRq8k7%{b40*@#EjtwhsRP%g$5Y`{oN?zVTz{ zE&tdLH~ByFop|8Tdk_5i-d|oh_=n_&e|Y#(YnE?A>e}h0-Pg|PnCEX=_`rF~`Y!Hn zy`$y(tKKsEzqXuy&y!pIm#rSaS*g~;$p02Jo*#8xA%#HBh8qj!)>U{n;(Z_Br@;L@ z-aYV-;r9rBumf2y1HKD-aKq%oy?J={Q7#%n(gl-~@SNGncMXM)9I+db)gkBn+A4yG zt&?+fqO{>iQ+`QR?8c#Ys4`ypvY7`FaW;=pEq*%@b{kp?cnG(1p%PCsRiARH<80NZ zTo`B8+@s&pvj$NXZqcWjsxwG=p6h1h#*>RBAo50 za?E-^qMYu&e~9_=Te@SryXezMzQCQl2SiB>@k>GX^+ivyDo4M;XgXGWJq`2E<>+ifAeeZa2am2D}n&zGovZJxr!$UkWDF zKJ08UHNo|K{h>rUGu%HQs#j)cL@c+I0wL88V*3a7G{D1q4;wtw=C4b~skoc;+k4vQ zdybp0@2P~+6pcZNge5nfZ-0jW zToQicDW}Z$oH~Dt-1v>V;wX=+J|H&G4{6-R7RqEpa%=Z|&#d`drN~avBTXUbf%%>V zPLOnB@eIzg@fsV5ru!2ib&E1z#Bo&L0;f8Wy<(SPaJ<6KAsUYZTj@Q-r=2j`C%YZ; zAu6A}32YRxd#Bk>Ns_S}0-J%IT8Y9;s!%)MGh@D(5em9u@pic$Se306?L??s?Qzr|JY|VJjA;^jjBLw ziP<1yI*y`0>gvi+Xcc!#4fdj-KF~%Q1aoFFqne}2DfMlBs4s#0 z#IsIpGkfP6u(?Ue69$BxF*!SdjQBI>=dopMzSID9IAO^WW1TZ;j*t!TI*5%xviVB{ z6wpH!EJ3R!xH29?n8q1eN)p^6rebk`fD8yr?2jdec#|R|=UgrdqFu7YRK$+25V3y0 zQ=KAW?qsAibZ=`gIiSHL!%X_j`KrqELrYC5vJt8P-QC*^K7bKzK*}Zi!G7FmUW?6S z2@I`*OWPNoIzQB#iI1E)KbIfwov%2n#;@TcG-@u zr9W@^!ph8oZA1AxM(^DHrFTDg%9X3$aKriU{Er*k)=a4nFqM4W&C5 z?L7FAsRKdJUmtzysj)NG{%PJPXMg3ZmtEd={`wPUeQ@k|O`mx2JNH~@Em%MAwk_xU zcI4*1#~0kaW8rw!y0&=*Gyk?V(`VgtHN^+&VKHF|Fr@e%`9vDwx4{+@@(1) zlC|E3-@>(CYvBU=)E_2Z>_3H!hTrE9_BmG=W9Sd7>6E{1-5uSYcyQB#io4bwik$V* zWnX=amS$^dWGUEvvJbtLTZ*k|OOK(Wm%6@?#tzIS+n}*Stv{Be4MXu>t9xTx)3R1e zSLX^-9X9z57mNk#&(41@^_$&ueCWYW^SFoG1BbC~OdBPI0J&|aL zr&21>-%mm&f|_bYx?BxH*0R&@Ux4j-S*-de!l*X{6RhOm6Vp1`zv&+ z%Bm^VfvHE%;+4XWobvxl$Ydn{+yDOs3}DwPsyP!@;EAu(UrIHu_W>Fuv%B1v7N+%?yNqdBO7ZRt1=p)qJilr|5a#^i(W4SIW=el&N`bNXX(HQ0icm9{71-M-KO7F~0k5R^Izq ztaZiVR5f$bZgoG_zm}W(UOUU`vT%l=ri~%sEsa_m1)Q{3cn_z#i!Y0|@x&EJZMOhf zfV>QacSzfLnQRgvR4j=l{{8cqm{|AK7o)%sVbo(-U6jvX?i29(!@dh+(Slwf@b_$G$>F)H$i^9j(< zvE!WdP8&!HZzmVhFYQ2Tbn&pBI7+r~&kx(XMaLu;VJ%F5(MRfkwfe_t_gUc59?fmy z823D;=;$Cd)6XIBa;}b&QTJgp~@k?KLZBk%q9->Zy) zv%InmDNMuczyJP!hk-k=c7qQ*t?>B5>&q%myK>`|f2{VDd#@i~_)dVXf}qnlHC$a* zvHQx6o`kQ&>nXLuyUHpTmEkMw@#S7m$@QDVUE$+gkg4GcpU1ksglAwj^}< zf1R^$-M6oNkMC`*3%-4M<|Ee34qwIPw_RHr`QFcWzu^yWxqiI*rSN!JHauQ(-t|5% z?bLxZeP!2Ocm7Gw)ZDUxJ>)B6wz{&ODX7w$8mqz;WxnktWp&=|-HmnOAU*!N${o?% z01O=YOuDfq93Zf~u6$b}jt|M=jdR2GgjCiQ|Cp|EVfbW*`|9S|tMd5R4qv`?!>~Yu z>(=(RP*b?EF+BIU>ZYdfif{|QPHJAZ@;rE(;ceF5aP0p`{i?%Ns(vN>zAQZMxzUXm zbd_)1^LBKt=dIpx&zSY8+kSTVUAY72esN)7@W5}rbKQ`?ZSyz#FTCZ@=XNw+dtKFv zUElfqZ_fJiXKopJ@BhsI%(S&j|M1Z3%Dewq_n&P~&;0YI3)l32=!>^k-?H%|$3Oq3 zYhUE z@kI2G-QS6P<&yutdDf#>pEK*v)3(-p`isHJ4Z}k>od4^;tov$h^!HEq&lvjUd%l0= z?Y?_bn-9DR^v)j~C;@^O14SIC|tw;d$t~IVY9O49~C!PnX|Q=Eud z{QkFw8#>BopPXr&nK|K#Q@$SVVQ{cyQ~2zUc7``JE(tFpEmYMlaA>tNn@G`$Xb@m!&5bs}puI&EV*{@m8mN5^kDZu#>0cMjhC z&0+5~s@QofHr#prhU?c|+0Jhm@d@L;eft^)ld)_jm+8yPmyAPul9{30(pWaN6m`PD z!LY%I;ed(ou_U~FNq9vA!oyM1ZjYyAd$>D%j`4@RSFU@-0uosmpN?KcK0Jl^s`GgM zUgCvHH<5q%#=RbE=bD?Yt1RDI+P$LfgUVI(^o4C(M8F zhN0+Jp1JF`Pn`Eu>-2LUxa`AUyWr=asJ?XL=ifSS$w%L^x8;2&S4CRS{O-y8zDq1hB`ONzBU;nXZXEuM2*3VA8 z`^L+DwfZ-yRrg=>y@%It-8b*iU;X^o58d_5=l}at-+BJP`YjJO=GMPyar)}})_i;B zRaFQ7W9%3A%{$|JH!gerBXe(RkKT0X^aD5ja!y-pp)VW!((WH09$)s*cL(15a@k4O zp8b~6_3Lgp@lVHZ+q!Y#?a%z;yoQf^UjE$!Z=Ly`mh`l@Ui6{o-&uO<;kh4~(fQzq zrhfQ@7q-7Ed+8r8-T&Z&f5|?1(=CtBKmWh3?|<*#>)w3x!fAK@V%u>4cT2Auzu^Pd zUw2wCc;z{fk&8Z-TRL9$gEv0^=<~5WGw-{g}$@Ay>;M& z=kM+sf9$94`O=nmz5WX?|9JRa-#Vjw?!${7XuR#j+zq3@xnb;%+opW& zUmPAU?Nzf*Wi;@P?{l)Td~RZ?!eldc@c#%mZwiMwBz<+Kf|S)T3T?|^<*6O?t&V<7 zgxZF&H4;1DM(lY9v(NJIil*?gm0_88TE*KKruYB#d2!r3-;F()lDtzfC3!2o9CM%i z?VqzX^$nkTB7Mtv&8C)ne)svECwzGA@u%&1{=BWX++DU}c1hif&?cxdHgo@tG1AAL*pNc_!jx_bA5)a@VYyzcpd3%>uQ1$fAon( zw_RLu`{VC<{Wo{dE`7dl@2{G+om{*0m!I@+{my4Q?mGX8`x|`2pB(u8w+4TI`mP&h zytMwFr&q*pO~;q*zv=qe)FqFe_3p#Z{ItCKv0Wn{>pb+qTK(y_o&T%1Y`J{)?`~N7`e)y9 z#**8bcRp~}>c2HT`dQzZpZ?74?^^Mu?|*P~@ynafedh_wPWsx)bo|opd#;=MsaYpp z{;ikp@m+bfm zzF$Y@UHG$woga)G{P{`eKYGI1tGC^M=Z-ZCe82tP#cx>p*on^!oj>)Q_4_`1*!tO_ zTfO6vAKy3qvtK&?2iwp7<;okTK7V58p_zAg99Z}4SH70L`04B~7d-Xl_3wY+#jn=y z`0-^|{d!Yp_~W1a&!>LkLknv zLpvAOoxl5<53JtOeEEOfaqzgGerWSc@44g9`s-8g`~K5EJovUMGbO%&De?JmO<9E& zET?-)Ap2RaIk4ztG|Nsf&08{ME{#IGRkqz~6Uk`K)DmWMWq7L1`%A2?q@&0cV~cs67UN%}As({kG^S z9LF6i0hr^D;3Nc<2++l9V^76sd{-e*t^O!;Uo{T=$&h0ZJ`DnfFBrFA)PlkKL+oq- zaT^5UtJqoZiyJ6*27n%*vtI_qPU)}2PRwCn>HebrKmeVCKY1=fbOwM<1JKDoZjvYr zKt}=!`^`Zihs6J?IlOo~`ZxrL;eSwN=YQ70H$c=i&7YMf1Fq3ZoR@hd6!&+TJf!Qw{eGtW0D0KR!&h@!s1o+j7KO_ z&iAvOI*+nJ*AzV^m+(uE^FOkpZT z!LLsWI^AlqGO&+nVRw+qh?yK)|Fm`}_d4J7vx1DiWh)28R~97M7v+i15aWm|f;buL z?d%?|zGy#8SU;)wl$w9}rIXlV#%8W%`Ut^Lu4>)s^^5|tQ|h$WA~^d91llUH3KUe% za7ecI=jG*`J9lhb{VM0(&uZKe8#g~ScvPLrn0Xfz!nXKU`r28RQ+q@Axm|lUK5WqlnPVX5U!^R0<*bak^6F^`6yM^nYn$810 z7>h0gzyavH4JCuYDSu4lL0=47%bzZp0!|IiKYx~)0I{D362gxWa>cr0B1PgIuEtXE z^I{@Wg=0+(kG+EL@($|Blui>fA^@cWhf~5O00fpXg8q+aGnXxb<)6j$!LS3Bm=FVr zaI;RReK7=CSuj|J^wMZXOuYSdk63)tRh?B?mHhCoCXtJ1bb6+xi8bzYthaue5HC{M zC@os=I%g0rnI`=BjS{hN-Ifb#US|zA;eU zdonB}W00?Gkr2%#Q)fg=QA2xmZnOgWMnfNue_^bkO0LFy&ns4TX!E>1u`UbzV*}N@ zCx?s)HgrA;$=xXmmUzR}+RN9-8#5#@+(Ue*NpvxL&S-M(<@BQMozAM%ECI(nep}KB z6SgvzL~e_Q!F#6HYL_d@CY~cp#hlg$>nd5)`79bb6s`-EFY^&#uSupQJoCCPgG8+L z5=W#4hxpr0B7-|Egb+js9uoi7w$R>O46^`$VdnkOxiA<6j$vj3x6%E0Lhv|-846$y z?Sd~f|09mUKu!}=>_3IHAd$g9)WN=01|{_*7){@+jyg>agZv4P$y<3!A)c|*xRzGs z`sTJa-x788)D3AggyKXGbMxKX?oeWfk7jcT{45N3mH{9T(ts3PQW7C5EhS+N5Jo^D zAF$|=eDolI?*ETWi~mhydmP}w&!Q<9*o|E6Ji&!5Muvu5Duz0;2t{QH5eX$ELPS*& zG@rZxH~#Nn3`c&>w(;wlM8FkJUcUQlm#`SR5YQL!fxdv|CyjzsbY1ynnPL@o7i8E3 zkcxwWg*OQ2|06fz`<1~M*#Gp5zq2UdJBvbs-31`v-&qtK0mq{$eDQy>pFl(L*G3~I z@2>pd;^C)@kqIZ%BE_8m^3)Szw2Y{kP=n8Pca`lanH4b|N;_QdLNAQ)u*DRH)p|S} zlIfng#KZ{CzGk7YB~ z9%qh($-tq69}V^v6%r&qA3teV8tYVS{G!p8%dE;28V!pmQ0&?@jVeAYd;k6B9k=St zuB_O}beC11%>nb1(ylGE?`jpX&HWXXR4?eYPiOcB$jmDm&rd|Z8(j@YMLKhQ!uU#3 zay(;dcljK@k&=HX=bkuWPC@3PkKjYPt2WES1HfS9?lU9AufP-sqtIQ$okGNL?YiB3a2Zaq}_HKqx`QhB3J*TSfx7a%GtVUWV zM%p;AN0auBTsw!kC6~}_vZq3)lj;&+jC-zz-l8RCS$285Zt2xbS_;xs+lDqmj z)}Bhxow<`w?;5i`OY3YMW2t3{I##2BHe1OxDSujIm&iVyLZ{UjZ8r zWA50kK9fsxe6Pji(V26xw?Xa9s0ZruPNuz`0?sigOlfiJgkOOx-!O`X;2m5eO?TgD zXn>=l$^l#PA*y5J{h6##y?z*mdlxj)4QErKmz z4I=mNToAMfdjGPmeV6cmYwh=F>=6Fqc=4c&5+L7i7e@M(p0m^7w}YmNB;t32-q%U| z$eeVFd%2!j6sbvTavZpvFSVCpBrijhM-3Xo;AF1mO~xYHr6`<*qNpEDSv0L#qh`%xUsO^e ze60^;W2-octgqA8h78dSmEml)Y*>t8a1x#6=K@|WEi*A_Z=9-`M^z3=y_~n?L-~oG zB>8huOuI=2t%Gu^J*kKyiohPs{Nv-SCh7dx2d8WY1$4!k*%5Q7>Wd~COBY6?3(JQ* zOpUzj(^3T2PH9BEM($oeUgKi(h+MeUwWBCNM@`IzO2g?>KJRpF;s?*s)=i$6841O> z8Bxzt;z9CH(7GWeIulc4FZJHFPT_J>&sa(XGKw@=*h6RDtv_4t;*HHsS-S{TP%8aE zsXYBtDhZg{<~(jfvox-KWob;mduslBSlTz;1hJVo0GB}^5RzaHM;!Q86vr3;W>x=J z0yjHds5SS%|0u=TyzXJ1vvt&in1P+;Y!Z_GVo#l*jxI^lO~?gL&8eBXYI$Z`@jXl3 zr_LX*8v2>fgln4bK9+KcR^_IAn8?t32GK~%GH)B^ZV;(lRd`v|gM@LtEqEhF??sbx zho7ZBTpCL*pY_ z^0Z8KCWSvVN_w$PWSr^cDtBGAZYjU)oPcym_q#}yIaTj2#9(6#V5uuSV_*5KdM5GG zYmf_@)sKq zvx%q~zY{LCD5bS2Y0vr4;GrN**UG=J^9g4TGsb@Te* zNC4^=ohEUl)@A4uC09|}w^914Gq^f;7IQmDK$lCN^)P=hbVi)Tf4GQiwRxMKeAvN< zvQx@2-U3?~dDO}V2uw~(8>!aYqKLIymm-#AiBcPXaTvE#`TR(m$EKx$z7_pAZ%w%# z(K*jHI(Gk+#4Ur?Xy(+$6HMc5(oad5SQJ9;syy1@xM)3=bn}qETYFh(Rh7K^jA-e; zz)gSxHww`IU_Ky8Bl@}zobUdiYfyYvNwCOZ*Rl0_Jtp~ts-!?K?VcFn@&RT1Q{l73 zYXjH!6b>k2AX!oe-A7ve=JPD=U2&+i zD;C2&*I8NtlW!`n3xLTiESSvtk!kuj86Q5G1&9DrBH&9y@yRUnebEHP8=oE5+%JRT zE&o^I{U?0yw{-{pZutBvx;Ko&z6h313v;?a;5-)7H~mk2DfW45$@oZKN6j&$f;cq; z1s8va9B%fLQW$geJl_|D^s1$S&o(E0_Qd6;u^d}oaCVV3)Sk$!dBhPiA|;w#j4>gA z-6N`xop+n6AzKceboZ$j==L5_P!EEPvb^-dP;Pi}8_k9o2Jx6yPvop$MzycIPC9Mo zo80+$^%1`@Ums81No)h_BYJu|D-_?<$#j{Lk6Qw(b~$|BVUmC#3Sh0@tK z`IJz+X>S4pE!=T8<(I;-aPhDw-3y@&GQP^VEAKn*%Erl(+Fuy;buiRUT*i165YaaI z5xdhqU^f;wyPxapyq1fBJ_r2|3Qx{35Q5zQT{oV`O%7fo2{DlnH4MrIV`apu22>;)22<8d{F~Bhv8gQcj4Wr1wB_w6c ze{7HezHI;k0ok9-h7bZ51_S}}?-k&4A|&7k6w0aa{R^G;x4lK}Q2bu01II$~D_DMj zM?3+7V#xtg{P8f7T&~>x?~oYm!GQ%lUlf zek}j!37P7YRt~RQy!Or2Ook^?(yw0foN!2Fu(UiHKTaf2dRS1ICX>Fz-+j%o%Sg73 z&lip%qykp~k$ok?sef;Ge&xY`hJ6n5U<^bPVEaMsKp;%@8!q<;=6mVYO;?(gom!&d zPtTdSf7PqWy(A#*;HSSw-!yB-1uX~A+XpIuiowxu0rVVzo(0f#gj|tJRPl@!lf_f> z-6I0E;a&?v9A)=Yt{`|&)z`MV1D=Wax#y_5WCv(79bakz+ zvxJ<(XpTi;z~V6PQT~GuB*@eVF;D`N37vVW9KH@**>fAkUkco+*^0(AxJyg*CHYq< zwjxlU0${o`ggVVWD283VGT2q2Lw>XkhnNgM{b%l$g!wJ)7+r#T$dZTiN zt~)6nAwb`3`Xb}JPR60>ymFpmqnl2dw>{Lr;>%-|Fm09-M{#LL0b->P+GnUf(pgsk zDT$UeD=|`IN}$x{)036$9xI;9q@?g`de50M(pz}rz0!s*#nLmj_H_iC$BNroE#nKY zlWzu3NmOS>*Ub!{*QRW|$38n2!kx5r;`p_gFw>5%y<|L=UDi^Q96;bhrdRV0tWI=}-VAB>8=dGnaPy)`3>p#r9WkTy_ch15rOkka9G zhL-?zNGL+NAxFwjq$nR=ppPGiU|h~~5K<-o^`#<|;Dx6M+6^W$&OnzUGNQ)_p(H}c z7=#odDS^DMsOWDcbg}3pyDZ=!lK8RYv$FYsJ?{^I4lglQkX!PhL+_Sc9ybn%q-@TR zk%m_XUWvyUq_^a<(m23K$V$jewnc|j;&DdERRSfmCy054hmeheq>#@bghr_$Bu7&F zKmc7hwSANy=N?>r93ZeeeChV>1+fpFKO5zLkec&M-9cX0se7k$qlx$3PlJ}UPsj3V z=c-yzu#IodwMw^A)F(RK4BWA#_|>D`P1Mw1ud3JCom^+vJ#Mr9hO~H#5ZxKAJ)>#7 zn6=-EHn!|Nd&ogH>Pz9rS8~%En+z16Jfbdjyf`eqJF4q!Ps(f!978f9(I`_ega(=+ zf+pWf>rux<D)O@N55| z-Co+C>J#K2wJV}yVpXRABNf(%2K+D@HHy5n88OD*tw5Cj2p6w$PTw4mx=+d~oSEy9 z;m{UUxF>!7@YiFW^t|EQmcpY$)Jf7egMPx>e6lKm0&e~wcr z!t&nZ4D=Nft_QKhg%8lEKcGqV(!}fDznQE|tU<3{_9yjHVxO6UHp>h5nRs1Lz(K$S%Ex>#O2pw1t?+!S7cYr`a!S2C&JMJxJ zvj)0v-(YtAz^7#u&>C_dIf*$bI*Y?ioy3^Lo5bYulM|S6eBLBZY|5nI93G#QZW)xx z<|n7KEZsQi8OdoZZZL~GH93yOvkYbPmijvO!==i1{E; zV*QA`6}*1%s=(_8FF})hjYT*@Pcec{)HH+BQW^!2FdwlYzm9~bNO+HgA4#Z&5v9XO z=s`jjHW`yf(?}>F;X)FYl5iIZ>oB7Idt`nJZ8FUt%^|iwJVFVGIV`|b(Ey4(Vn80K zfYB-T6bHzglUNXx5!f&iOAuieBsPOm44f1g`(R{3OTwDyMAM~c3uPwMcrL>B0Y*Vz z#MoTW?|z0t&Xbg4*zKkw>>gm!$XSe)!77D|uvSV1%oAUX{Q{>=i3t0ZvL7j;}?6Z$+3cl=Vk6BcWuv)Ej63(iLG=)Q4~@!Nu4M zWPsd7*jOktLX*VU3p5DvMOXy24Vj|ZB5X3X0}VyX#n@NSfK6gf8O$8*6Jczs8a51_ z6JgoZ0hk497Goxu73vaW78nDmlIm58vZ?l%4KfvB^Qjh?EwUG5_SgtCPK0fQHXTrm z7&E~fQMMSfz?@Kt7_-O5psgZo2ej#e4v8^)%nh9rVRckD%mdvKVRxv0m?wHG!rlPp zg%F%DgoYrRALfnvi7<6q1m=rOMVKy)iTNRW0z-w`<3S_*kk22m=s#dtVk`~n6^b!w zlc2fQf&jE#kZjki9&I{`bd4%~J6biH{S(l(wkvf&=rH}K!Lvet*LV0>?{l8Hr zkurQgUcQ)4LDT=6`7#N9$^8GkoeR)11zjcEZzl6E{xUBdmkmu0jfa_511JqUbUd62 zh9n$HLIw#P0IDDtGVevgKoUj()I>P|_0SZ6(r6wDR{`utp`%DF7+Hd!GK^}8CL$kz zj%Yc>5=}!o02PoiKpT_WmoXc$08)Bw;8Jpky9)Tqv6%P}O3 zLve7L=9Bqy5^e-aINFGEq4$l52mPNQ>8Hs2DU#kyQV>Q+NGG8)31di@Pr`B%o*-c} z2@!?lC!sS5V@Q}!!g3OxAYn5J5tZa8p)(0%NLWt7W)dPA$wR^z5|)$j1PPl-h@?m! z5;~L6T`CqNpDmq2LZXx=BZLHnCQIgJ$x;y{C_z*mM9UXiS=h|5?g(+Q5j4^!69n=x zMoO>;g%1_|LguAJsf;L<6Qv5GR7sSoh*C9Csv$}>MX45<(%{?{wreg*Ekvmmil-7% zS)mlrUTv_WLOvT&YAZ@dh*Aep>L^N`MClk&>LNd^r6GxnI1=8?kspUGns8>UHlFgSDH=@?!H@i7alPh#u*&toV3Ip?#C%xEvlQfe+3?Jj;d6 zOv~XV^AOP@3PC(hCO3{nVxdr!oXBRyqcCnVXkR>w$4_RHDuSjGGb*I_u@UPD+7`e` z1}V5GI5j!Li=E6z!O6KS{{)!Gj2yV$$EBj!96rm91LNwW^|eA&5wd~D!sWZf$8%Xc z9ukxLI9+&%1N{ZD5>UukE+-v@gm7R|V>#J~c%dc&KPR2V=KCik@K}6;;tE}hFhUAZ zHaIhu&jp_f^=2g4B(faP)?_vUu|PAB3zrqlOlP4qRstW9dJGFA64#T<0#)ILB!PB_ zi9Rq65ydYvEsc=7Hx1!3**szgj!k2Nx8xFy|4pUpWphtvCbBuOKyf_e&Wg=UO#GuV z32C4_a2Bz^9i!68vq@IVVJq{)BG*k@JwA_4RfRwW9m8ay5F;|mQgjNYtW0Dn6n!KG zshW%IrD+=9E?Ybd9E_1J9|eU_lw8u%I9a}#Y5e4jG!_u#yx2)BLTlm?jX0-)cXlda zKK`0lMis;KkqRbERi$KAF$$&vBr>BarH|x<6jf0UQWXpefeEriH6o?KKxAbR6{sqh z9Fb9#Qk9aEAt}OCRZ2=un(R%Ns7|&6Z4(*zC#On*9Dxu`LZT}V{R+!u30a7SW&3E_ zec1s-R$ItQWJR@zc8DzWNpwJ!)}s*9sYl5#CvNAoeDIfHo}>vY3V2Yk3xf#A5Z#aNFYOa@d)V?!i7-!hjE!1 zaE5tg$FWEg5R$~@WbrUH3@O?{gut3%X=`oGfIy!-hNK7zWX&-&_)q8CPeK3`q zrJo0EaoBA{7^K%0fDD=#QV_*D2z{r8aN$@Ysb0JgZgP6M1a&xutWIvDi_bs08;6_0 zfg>HvmL;7IDoiJLF^>)h4#ZDb@s0%)vB0?xW+_x}Q zS+rXehbAbEM4nFMzJGe-)qN$=Aff?jOtm zY(3zBPZ9ZlWF%uS2-NaBI>ASLI|z4%Z%42nd!IwJ;gFpGK0`D>4-^DBFYtW*0QUko zmh^%Vs-?B}2=C9*=>0`as3VL#juACPG)ZiE$;TZK3|eI(F0_*jhb#-)WTOPIcEn>s z91LKpxxm3jJSb-(KJak>6F$3X+Q5Q=OkkLxgpCq^&{7BK_u(*Z;ooo+OUwcEGX(0o zL3`=&$Aa2?=!N)>lmjUrDCyv>1))r`B$?zPye@)2LnJR)f8gVyses2pjt4bDfu9Gm zCIC)6J`nfm?I(jAOAgE&lWdPD_a*Ccp+;zIpxCa zFkvnGX5gPGt0jtuwuuNWq2!j(uMhN@NcKpqTn4Nyp(%+d3FZr-Z7|n=fBr3j+l6eO zF3}1Ps9bU-gqi?1Naz`%JaXLrB2Gd(iE;PNA%PKE_s`Wg$?-eGDS$!zm(Z+u(Be24 zao?=}Nbh#RNGyTJ19lxk0`NNjT>sB2-@EQOjCDA&C)b??F^o8PneaCP{#dZzh>}=% z69C$foEFbS8IGb{TE8h1xoL5fixQz&?b~qDc~Py*uWJ)W1*rh!}i#< zXkw)(8bq@qVKGGzDUYFm%Sls1Y0?^$&|roJu0|lT8uDRGUJ^KUd=8tTiYpUD84Z~r zR(v{#9na9mbqR{R#*c5X3{!kCQBKt`5MN{AP8`po2ZP%WtFRRe%-4(qi)|0;~Y7iO6t$ zxP$pZ*D!a(=z#_oZ>?N5VnFA)nR~y^pc z67bpEoBP&=}E7@>>o4NsCA=>pVN+8 zEfzfm(JL0xnjGbCygp;F&#HWWsjR}v!0fyB+s;&IufES&yC8*8^Zw>i`L#Ca;PZ<1 z0Ns-lxtBCP21&&%_MO~3@5%83?>9Pg1Ps5~C-#wF8i$CnSZhYJ6kYvUh^Ut>p?vJ=TifxpdG;5q%^yIdJ zoZP2*?p?f2&F2dbZgn}?s267$H|=`(jge}Z&JVp+KlS*SGw;?O{P?x2OLt2~zOLd| z_eg)aiu?VPTE@?=-i)qIIXAl87@ZNazfJ_#b&!Gn;$8i|_@qPrWl!nr9yW!T>Hs(a) zU?Y^sn2;#H-#B*sivX$Xg6&!(Mi}i+-+CdFvH}kwx-_8q;@-Gdxo5dYp<5E4pE1(P zDl03?GF==ti{qqQWuzu^GI&;T+%zlLJFsbB%fN0SHcK=CEbtK)xVzsy_AL-NX;HFB2m7CfZ+rQMp+4 zq_`E`Ahg{PtSLp?mr3xVp7&CF*Z?j%Ii{dUnsqHo0P3 z5I63mMNwUuX8xY!6|eP&z01t9lAV8g{4Q!VHIH>uUt3MNBWh{M8P_+_@9*oX*K2N> z-u~jrf}KOhtQ)uWMeYQnO984$s~ax;8p&I~w5$5Eb(X(X&ALZLDW@+U71W1Zm>#~e zWv|SQuf|v31g6LoSLr{U-gr9W__^V3ug)F7HuV_RC}*VJ$}TxPZ$?|=GP5iv%>I1t zqJxjS9~W3y-rVmu4+SjD^J9LNFLFwHwP9Ma-;;ECH)U^Y)4hvsy!H&c+GSplbJ=vw zP^laPQw|INP;9@$=J3vx#j>1PHkb15be>;5r_?%ui%+Tf?E>}W^t}&#hMqH`#oTUj z(A_;%`jDI~C-JuH%l;Q#j=o#_VfV$-RPV}x(>rvQsbuck@7Ybm z1v0s~Kq^*fapalGCD+I+0aa326u{6F6#Yw1aFvHmKiGcxQid zmGtg&4mYuW4A<-Plyc(d<}HsgNvmG(wYD{B^0ming7?Y~J5_ymoB6I>x$4`c5f@@~ zq*@cEzOoJ)tZvovi)_G^8ux=ycTQVUGk;0?a54SE$VnCbJH{SqwvXSzj= z)Amj)9C&y1o`q4b=K0Uod0$}_@w~**VwX+$nS-NytgqKlo%ZalUTU9rZC(DbPQM9D z3~dLUa$v{L3_h|}W#<6n*%v#GPzx7*jDFV?RJU;X++!yU`GcahO%GfeVroCA%wfFU zmFaty?$R}`+LrK^X^`^7)N5UI(bGXu*A2Z#2c6y@HpYbd?rQEttDDBpGNM!h$7a=Z zp(n?7Pz2HUPiWTE4!jZS-QrN8(rWB=O#6`gbdTrtr?|Pz+!m9^bz@hZX+NnOc7N8Q zx4vF@)h~-5zn!?D`pd)J2~X=+7EEiq)#lyeHMB~@bW7EY#Qc}@W3!|8TFt&4wsulo zmZ|A)ZRw{>i-#3EkMOU5GRJ-1X*r)WH#WOj@mG9gcV*MVhiOE`tXMtT-)8o`-9=iD z*86po?mjlQJgw|n^R1$V3ccpA4a{LHt|~1jx>RanG`RO63H$d$V>Ccqp&x~&s4ouz zl}vE++>i@-E7DV;5zQ3hD&n(W3a5ez_=B0_T8yMHO56_jlk$7=y6P?ZdbH!yZV zcmVF#i-WOq{VQW<71wL&{-S+8Ua)}>o=z)Ri5D!#3zmo{$&!i}%)-a?c1OYb+x%5` zgz=8&#PO^$AV|#Q=EP<2ER*=@xU;wc3O-!lnyx1iCy6HGPHALRDhJ|xL@bPmyb=Dl zFiK`g*ONRF;6Np^&B7bO8$alo#(cVACm9K)fw4tUKz!jT{2_A*nrSGic6ZC9@;TN}tc_I8ppztofraj!m_;?d(CjUQ`chYkK%Wxq6l9 z$}(SNCx!R2^KKcOveth3?u(Q{0^yIR=5%ZGRoT`KTQ_fP-TQD=z(Sk7=z6lB^YJ5AN6wlPk6q3xoBsNUW%YLD?-i3u@1R>1V{0QmtlTW;Jx+C1zCjZjdS=g>&0{>W^lcli zRaS1u%{A&Cx5D6;&z{Elo$I^mQV)8seEKFcTj%ZT5vy{vy}#Y6F;2>SS>63*!5fAA z*U666U+^}X&*I0AGt=XiI9**g!Oy=gKg_5iTg}=qx7|g4&zR3!FKvpduP9m*Hf4g} zIFA#q=hsY~D4#zr^=r--wx=bx9av(T0L!=h zcptyFC;Vac?go29&-1JI^UQv25Nx^mEi6!xCcE>4-r2TKd7Bsh-Zg=u>9DtM;8HtV zwf76(-&L1s+p>7zwc%Us9^F?u{NVid!p07C;B2hU#KNOHil(kD`DpBzcI3*3^*vF) z_q3e;_;Am(O=qb z)E=3ahSs%w#+_zj4a3cATj!Kzu3wllZB8xsT=jN+HZ{6kd(PrrY8wvu&wPs87W2wz zp8_f~7YEz6wDgRb`PAZ6Ef>oy4vd&2O;5X<^~k*EaFLc@gFDtb=HT<$Gt7QliDJ5= ztfS|*Y_MAJS=DK^jaAc}T{}Y?eZn~gJu}8D$><$2n=>voxA>mUvWv4l*Y50Ox^L`X zoL5}haVsELwcl2^I(k=Tij|3rUB!v2koXeKXV+@tCvM1_rCn?EF8tzw81{4eqbZl> zEI(T8cq^gE+-3gGa!1zVTeDYxc-*%9(o><6)!44(lv zb~P4gP2`<-pHcTBNPVu0)cN|`zs@@)x4q~7lnWGTW{Uo?*DBf?L@)!Q86)63rLDES zCC;#p#A*2ytfRc3X;Z;vyx_vWHm@m5RHtgq1QJ75)zBzPdFKW0-TvOOzzD|z1IGfx(8q7t)ta;CU%k3>%G6cwmwBtwChn}9 zeDYZ3m$HFL+fshj_AvByU$RKX+Awep=hogRs>s6BRsGU7n(|_E7iRq%=dt>;g9(^-qd7?x(%lVYxemd2D6%!7Eq#-z@Qw zQ|$2=nB1{zQOd{>e=?f z!Py1^vl}Lj8(N+>R8i|0ca{`}3$`7gS-hx_TD7nCQQVT$M@oJ6CV9DGe*Rf`fkEMY5ULd z9t~mygJ_Dld~X+2**|Sx2$W(dLA|uTW{AQK>-q~X1eeXCZ#`)kJhry|n2Gc6ziL#T zOE~6v_w}W0`|e$fhW@TK!}7qPGjdg_$A=spXY2m>+r)CKr-wWhR6<|5rJSBOc+63@ zfD!)<1%C<1oZz@!u0$s>TdT#P(ADd}5s@f8ou9c_JBA2JG%5dGnWLa)>LZAbnMl;ds}1uxG%F|qP}JsIK2zY+)+E< z)z>-js>)jF(TOuV6HZV|-SgU;yuY$vtiG^k>-$_YdB(eYe$q=06v^7Y%GTZ8y6W<% z7AyB7RUHrFYd2x_bh%~Om%ki4ao#;@a{slMl)sU0?@9F%PO7JW83Op>(ezIV0o?q3 z!o}iOm6KwVt~xC*nRvT#wf5=%>7gff(M5-zorSf{KkLx@N!#H1mlNk4{ATVO4Vl(<3&(+e_&By9ESW#j_Ha@TWERFKlPHcv&)(XleE4~`ZQU~w#;OLH^1Fg^;~t` z%!ZloN6d&Eqx*hU&iExksM=mdtJ5l{fOU7<{?zAZ8-Kr$i#Xo6yNS`LD{a)xrNt3L zj~)0*dy=uidi;>Dq19GB2VN|;IT{u-=s_+ONpKN@XUCHC4-+jyd5xp zO5D0>hUur)Zmb;DJ#$8BN=f#X^lMMne$xA5e`k3|!)E!?!cDd7b#~EQXC2y~zsAU( zzJJh*__rTB>hj_u2C3v)I)qKFoU&bdzRJA*N0?P=7gyg=_FSERrs;B3Q~Qir@18hL zk$W7)FEf&5-rF6Z&#C?G33}YZklD0s zcKF>hJ+x=r{nEWvu9fGn3~=#nF8pM+dZStbe*Gxl+WT?bw9ZxYtp=Votd7{f>w){I zl>t+3S6n+2`YicTSpC&U_=&HVUiyAks*Cb(U8g_5-s;$ua4E}nrSbsVd+l;VbZ^$= z+3L$4xo3C(dUWw4evy}Yg@DosAz}EG48DI?#s58bqS9C%h9)B|Wv)!6=ukD$TysI` z5#5L$b;Hw<(=n}^+G%eb${{vakiRMK-)yfWzKlspA&L}wVSJ_qH_}!S`+vC2@ZlpO z#RT~FKoamQI9!A=4sbSU7{dy#dh((Mh+wWf018F@It2o-GGt!OOvo@uE0JKZlc-K1 zzPyWrCWQA&DVN7(iE31t3VKCv9xE)DyqbW>)Pe#udr8jV_>p0yGyQz(!{kP_J~MpU z{b2_0*(tv=hYXFzVcHMpA32s-Q1Vo&cCGz@8*lP9exAR8H!OA9Jg?G#_OjJhm(n#J zIw)P37_t4ev6j(S)yX50j^Va5JqE~pTerbHTtS6b*YtHmZ)(JyNn zsMp?kUksWxR|YFMTGNyil9Be=>*n-`07->}xBvuW(A~~C@8?&of4DaEU}xoxQGw>C zx%LhnN0nuR8#PZlyTum|Uzy`!@y)uh-^-^yd$wI%dV7Fi&u?)DAH|~P_phe8&N!2$ zo1M@^ODOP+?~ZV;k-qM3wkO*2=Ki#r)Sl9a6(KltUQj|FO7HDEe@XNX0o zkyd2If%>6Sq9S!8*n@V|s-JR^TK?>MRokP5I<<`rYX__4)IX-_zdUSS@cgoybio_D zd#|214{m)PsJ1GLIfZvI!~2rU=A%ij - + Regarding Dates, DateTime, and DateTimeOffset: + The underlying Azure.Data.Tables SDK expects to work with DateTime fields in UTC format for conversion to DateTimeOffset objects. When submitting a DateTimeOffset object to the SDK, it will be converted to UTC timezone rather than preserving the existing timezone/offset info. Similarly, if a `DateTime` object is submitted in the entity with its Kind set to "local" or "unspecified", the SDK will return an error and state that `Azure SDK requires it to be UTC`. While there isn't any change needed to get `DateTimeOffset` objects to work with AzBobbyTables, the workaround for `DateTime` objects is to set the property to a new `DateTime` object with its `Kind` property set to `Utc`. e.g. `$obj.Time = $obj.Time.ToUniversalFormat()`. Related issue (https://github.com/Azure/azure-sdk-for-net/issues/30644). + It is possible via the Azure Storage Explorer to set DateTime fields with offsets other than UTC/+00:00. Note that searches with queries set to type `DateTime` do properly calculate to a specific moment, and find equivilent moments. e.g. a `-Filter` set to `Time eq datetime'2023-12-26T18:05:40.5345634+00:00'` will match an entry where the Time property is set to `2023-12-26T17:05:40.5345634-01:00`. @@ -610,10 +612,10 @@ PS C:\> New-AzDataTable -Context $Context New-AzDataTableContext - - ConnectionString + + ClientId - The connection string to the storage account. + Specifies the client id when using a user-assigned managed identity. String @@ -623,9 +625,20 @@ PS C:\> New-AzDataTable -Context $Context None - TableName + ManagedIdentity - The name of the table. + Specifies that the command is run by a managed identity (such as in an Azure Function), and authorization will be handled using that identity. + + + SwitchParameter + + + False + + + StorageAccountName + + The name of the storage account. String @@ -634,24 +647,25 @@ PS C:\> New-AzDataTable -Context $Context None - - - New-AzDataTableContext - ManagedIdentity + TableName - Specifies that the command is run by a managed identity (such as in an Azure Function), and authorization will be handled using that identity. + The name of the table. + String - SwitchParameter + String - False + None + + + New-AzDataTableContext - StorageAccountName + ConnectionString - The name of the storage account. + The connection string to the storage account. String @@ -780,6 +794,18 @@ PS C:\> New-AzDataTable -Context $Context + + ClientId + + Specifies the client id when using a user-assigned managed identity. + + String + + String + + + None + ConnectionString From e1759013eadd19205f3b1bf6eb87e5ac612289a3 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 18 Mar 2024 11:59:13 -0400 Subject: [PATCH 131/243] Fix alert duplicate lastruncheck --- .../Push-CIPPAlertApnCertExpiry.ps1 | 23 +++----------- .../Push-CIPPAlertAppSecretExpiry.ps1 | 31 ++++++------------- .../Entrypoints/Push-SchedulerAlert.ps1 | 14 ++++++--- 3 files changed, 23 insertions(+), 45 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 index 4d9f9e6d5a23..8054acdc8902 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 @@ -4,28 +4,13 @@ function Push-CIPPAlertApnCertExpiry { [Parameter(Mandatory = $true)] $Item ) - $LastRunTable = Get-CIPPTable -Table AlertLastRun try { - $Filter = "RowKey eq 'ApnCertExpiry' and PartitionKey eq '{0}'" -f $Item.tenantid - $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter - $Yesterday = (Get-Date).AddDays(-1) - if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) { - try { - $Apn = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/applePushNotificationCertificate' -tenantid $Item.tenant - if ($Apn.expirationDateTime -lt (Get-Date).AddDays(30) -and $Apn.expirationDateTime -gt (Get-Date).AddDays(-7)) { - Write-AlertMessage -tenant $($Item.tenant) -message ('Intune: Apple Push Notification certificate for {0} is expiring on {1}' -f $Apn.appleIdentifier, $Apn.expirationDateTime) - } - } catch { - Write-AlertMessage -tenant $($Item.tenant) -message "Failed to check APN certificate expiry for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)" - } + $Apn = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/applePushNotificationCertificate' -tenantid $Item.tenant + if ($Apn.expirationDateTime -lt (Get-Date).AddDays(30) -and $Apn.expirationDateTime -gt (Get-Date).AddDays(-7)) { + Write-AlertMessage -tenant $($Item.tenant) -message ('Intune: Apple Push Notification certificate for {0} is expiring on {1}' -f $Apn.appleIdentifier, $Apn.expirationDateTime) } - $LastRun = @{ - RowKey = 'ApnCertExpiry' - PartitionKey = $Item.tenantid - } - Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } catch { - Write-AlertMessage -tenant $($Item.tenant) -message "Failed to check APN certificate expiry for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.Tenant) -message "Failed to check APN certificate expiry for $($Item.Tenant): $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 index 2c061858411d..739f6953dfce 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 @@ -4,35 +4,24 @@ function Push-CIPPAlertAppSecretExpiry { [Parameter(Mandatory = $true)] $Item ) - $LastRunTable = Get-CIPPTable -Table AlertLastRun try { - $Filter = "RowKey eq 'AppSecretExpiry' and PartitionKey eq '{0}'" -f $Item.tenantid - $LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter $Filter - $Yesterday = (Get-Date).AddDays(-1) - if (-not $LastRun.Timestamp.DateTime -or ($LastRun.Timestamp.DateTime -le $Yesterday)) { - Write-Host "Checking app expire for $($Item.tenant)" - New-GraphGetRequest -uri "https://graph.microsoft.com/beta/applications?`$select=appId,displayName,passwordCredentials" -tenantid $Item.tenant | ForEach-Object { - foreach ($App in $_) { - Write-Host "checking $($App.displayName)" - if ($App.passwordCredentials) { - foreach ($Credential in $App.passwordCredentials) { - if ($Credential.endDateTime -lt (Get-Date).AddDays(30) -and $Credential.endDateTime -gt (Get-Date).AddDays(-7)) { - Write-Host ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime) - Write-AlertMessage -tenant $($Item.tenant) -message ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime) - } + Write-Host "Checking app expire for $($Item.tenant)" + New-GraphGetRequest -uri "https://graph.microsoft.com/beta/applications?`$select=appId,displayName,passwordCredentials" -tenantid $Item.tenant | ForEach-Object { + foreach ($App in $_) { + Write-Host "checking $($App.displayName)" + if ($App.passwordCredentials) { + foreach ($Credential in $App.passwordCredentials) { + if ($Credential.endDateTime -lt (Get-Date).AddDays(30) -and $Credential.endDateTime -gt (Get-Date).AddDays(-7)) { + Write-Host ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime) + Write-AlertMessage -tenant $($Item.Tenant) -message ("Application '{0}' has secrets expiring on {1}" -f $App.displayName, $Credential.endDateTime) } } } } - $LastRun = @{ - RowKey = 'AppSecretExpiry' - PartitionKey = $Item.tenantid - } - Add-CIPPAzDataTableEntity @LastRunTable -Entity $LastRun -Force } } catch { - Write-AlertMessage -tenant $($Item.tenant) -message "Failed to check App registration expiry for $($Item.tenant): $(Get-NormalizedError -message $_.Exception.message)" + Write-AlertMessage -tenant $($Item.Tenant) -message "Failed to check App registration expiry for $($Item.Tenant): $(Get-NormalizedError -message $_.Exception.message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 index 0e4b50c8f9f2..40fb4f9c404f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 @@ -29,13 +29,17 @@ function Push-SchedulerAlert { $Item | Add-Member -MemberType NoteProperty -Name 'RowKey' -Value $task.Name -Force $Item | Add-Member -MemberType NoteProperty -Name 'PartitionKey' -Value $Item.Tenant -Force - try { - $null = Add-CIPPAzDataTableEntity @Table -Entity $Item -Force -ErrorAction Stop - } catch { - Write-Host "################### Error updating alert $($_.Exception.Message) - $($Item | ConvertTo-Json)" + if ($null -eq $Item.Tenant) { + Write-Host ($Item | ConvertTo-Json) + } else { + try { + $null = Add-CIPPAzDataTableEntity @Table -Entity $Item -Force -ErrorAction Stop + } catch { + Write-Host "################### Error updating alert $($_.Exception.Message) - Task:$($Task.Name) PK:$($Item.PartitionKey)" + } } } else { - Write-Host ('ALERTS: Duplicate run found. Ignoring. Tenant: {0}, Task: {1}' -f $Item.tenant, $task.Name) + Write-Host ('ALERTS: Duplicate run found. Ignoring. Tenant: {0}, Task: {1}' -f $Item.Tenant, $task.Name) } } From 54fb82cf3929d2e181ed336ddf1d4ae2d837f8c1 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 18 Mar 2024 12:07:02 -0400 Subject: [PATCH 132/243] Reduce max attempts to 1 --- BestPracticeAnalyser_Orchestration/run.ps1 | 2 +- DomainAnalyser_Orchestration/run.ps1 | 70 +++++++++----------- Modules/CippEntrypoints/CippEntrypoints.psm1 | 2 +- 3 files changed, 35 insertions(+), 39 deletions(-) diff --git a/BestPracticeAnalyser_Orchestration/run.ps1 b/BestPracticeAnalyser_Orchestration/run.ps1 index 11fa99a62ec4..891f7e3fb6a4 100644 --- a/BestPracticeAnalyser_Orchestration/run.ps1 +++ b/BestPracticeAnalyser_Orchestration/run.ps1 @@ -2,7 +2,7 @@ param($Context) $DurableRetryOptions = @{ FirstRetryInterval = (New-TimeSpan -Seconds 5) - MaxNumberOfAttempts = 3 + MaxNumberOfAttempts = 1 BackoffCoefficient = 2 } $RetryOptions = New-DurableRetryOptions @DurableRetryOptions diff --git a/DomainAnalyser_Orchestration/run.ps1 b/DomainAnalyser_Orchestration/run.ps1 index 74a45a92e253..34848e03284d 100644 --- a/DomainAnalyser_Orchestration/run.ps1 +++ b/DomainAnalyser_Orchestration/run.ps1 @@ -1,44 +1,40 @@ param($Context) -try { +try { - $DurableRetryOptions = @{ - FirstRetryInterval = (New-TimeSpan -Seconds 5) - MaxNumberOfAttempts = 3 - BackoffCoefficient = 2 - } - $RetryOptions = New-DurableRetryOptions @DurableRetryOptions + $DurableRetryOptions = @{ + FirstRetryInterval = (New-TimeSpan -Seconds 5) + MaxNumberOfAttempts = 1 + BackoffCoefficient = 2 + } + $RetryOptions = New-DurableRetryOptions @DurableRetryOptions - # Sync tenants - try { - Invoke-ActivityFunction -FunctionName 'DomainAnalyser_GetTenantDomains' -Input 'Tenants' - } - catch { Write-Host "EXCEPTION: TenantDomains $($_.Exception.Message)" } + # Sync tenants + try { + Invoke-ActivityFunction -FunctionName 'DomainAnalyser_GetTenantDomains' -Input 'Tenants' + } catch { Write-Host "EXCEPTION: TenantDomains $($_.Exception.Message)" } - # Get list of all domains to process - $Batch = Invoke-ActivityFunction -FunctionName 'Activity_GetAllTableRows' -Input 'Domains' - - $ParallelTasks = foreach ($Item in $Batch) { - Invoke-DurableActivity -FunctionName 'DomainAnalyser_All' -Input $item -NoWait -RetryOptions $RetryOptions - } - - # Collect activity function results and send to database - $TableParams = Get-CippTable -tablename 'Domains' - $TableParams.Entity = Wait-ActivityFunction -Task $ParallelTasks - $TableParams.Force = $true - $TableParams = $TableParams | ConvertTo-Json -Compress + # Get list of all domains to process + $Batch = Invoke-ActivityFunction -FunctionName 'Activity_GetAllTableRows' -Input 'Domains' - try { - Invoke-ActivityFunction -FunctionName 'Activity_AddOrUpdateTableRows' -Input $TableParams - } - catch { - Write-Host "Orchestrator exception UpdateDomains $($_.Exception.Message)" - } -} -catch { - Write-LogMessage -API 'DomainAnalyser' -message "Domain Analyser Orchestrator Error $($_.Exception.Message)" -sev info - #Write-Host $_.Exception | ConvertTo-Json -} -finally { - Write-LogMessage -API 'DomainAnalyser' -message 'Domain Analyser has Finished' -sev Info + $ParallelTasks = foreach ($Item in $Batch) { + Invoke-DurableActivity -FunctionName 'DomainAnalyser_All' -Input $item -NoWait -RetryOptions $RetryOptions + } + + # Collect activity function results and send to database + $TableParams = Get-CippTable -tablename 'Domains' + $TableParams.Entity = Wait-ActivityFunction -Task $ParallelTasks + $TableParams.Force = $true + $TableParams = $TableParams | ConvertTo-Json -Compress + + try { + Invoke-ActivityFunction -FunctionName 'Activity_AddOrUpdateTableRows' -Input $TableParams + } catch { + Write-Host "Orchestrator exception UpdateDomains $($_.Exception.Message)" + } +} catch { + Write-LogMessage -API 'DomainAnalyser' -message "Domain Analyser Orchestrator Error $($_.Exception.Message)" -sev info + #Write-Host $_.Exception | ConvertTo-Json +} finally { + Write-LogMessage -API 'DomainAnalyser' -message 'Domain Analyser has Finished' -sev Info } \ No newline at end of file diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index 15a25671cc9c..837e63e18945 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -60,7 +60,7 @@ function Receive-CippOrchestrationTrigger { $DurableRetryOptions = @{ FirstRetryInterval = (New-TimeSpan -Seconds 5) - MaxNumberOfAttempts = if ($OrchestratorInput.MaxAttempts) { $OrchestratorInput.MaxAttempts } else { 3 } + MaxNumberOfAttempts = if ($OrchestratorInput.MaxAttempts) { $OrchestratorInput.MaxAttempts } else { 1 } BackoffCoefficient = 2 } #Write-Host ($OrchestratorInput | ConvertTo-Json -Depth 10) From 4be6341b3572e780efda5d0de2a81b7f46364997 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 18 Mar 2024 17:33:48 +0100 Subject: [PATCH 133/243] version up --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index e230c8396d19..7d3cdbf0dd04 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.3.0 \ No newline at end of file +5.3.1 \ No newline at end of file From 9a43bd874526c469066ca9b9aca24053f5a2ad58 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 19 Mar 2024 11:47:20 +0100 Subject: [PATCH 134/243] update apn --- .../Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 index 8054acdc8902..13a411f105e9 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 @@ -11,6 +11,7 @@ function Push-CIPPAlertApnCertExpiry { Write-AlertMessage -tenant $($Item.tenant) -message ('Intune: Apple Push Notification certificate for {0} is expiring on {1}' -f $Apn.appleIdentifier, $Apn.expirationDateTime) } } catch { - Write-AlertMessage -tenant $($Item.Tenant) -message "Failed to check APN certificate expiry for $($Item.Tenant): $(Get-NormalizedError -message $_.Exception.message)" + #no error because if a tenant does not have an APN, it'll error anyway. + #Write-AlertMessage -tenant $($Item.Tenant) -message "Failed to check APN certificate expiry for $($Item.Tenant): $(Get-NormalizedError -message $_.Exception.message)" } } From 3577edf9f0c1fa1c1b0655781485b0e0d487e4eb Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 19 Mar 2024 17:59:49 +0100 Subject: [PATCH 135/243] fixes issue with group assinging via standard --- .../Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 index d6676fc437ec..8ab1793fec2f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 @@ -75,6 +75,7 @@ function Invoke-CIPPStandardIntuneTemplate { if ($Settings.AssignTo) { Write-Host "Assigning Policy to $($Settings.AssignTo) the create ID is $($CreateRequest)" + if ($Settings.AssignTo -eq 'customGroup') { $Settings.AssignTo = $Settings.customGroup } Set-CIPPAssignedPolicy -PolicyId $CreateRequest.id -TenantFilter $tenant -GroupName $Settings.AssignTo -Type $TemplateTypeURL } Write-LogMessage -API 'Standards' -tenant $tenant -message "Successfully added Intune Template policy for $($Tenant)" -sev 'Info' From ac56c101c1f09aa274398693e511464c6261043c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Wed, 20 Mar 2024 18:40:38 +0100 Subject: [PATCH 136/243] DisableAppCreation standard --- .../Invoke-CIPPStandardDisableAppCreation.ps1 | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAppCreation.ps1 diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAppCreation.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAppCreation.ps1 new file mode 100644 index 000000000000..0d1d2d2a0af6 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardDisableAppCreation.ps1 @@ -0,0 +1,37 @@ +function Invoke-CIPPStandardDisableAppCreation { + <# + .FUNCTIONALITY + Internal + #> + param($Tenant, $Settings) + $CurrentInfo = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy?$select=defaultUserRolePermissions' -tenantid $Tenant + + If ($Settings.remediate) { + if ($CurrentInfo.defaultUserRolePermissions.allowedToCreateApps -eq $false) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are already not allowed to create App registrations.' -sev Info + } else { + try { + $body = '{"defaultUserRolePermissions":{"allowedToCreateApps":false}}' + $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy/authorizationPolicy' -Type patch -Body $body -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Disabled users from creating App registrations.' -sev Info + $CurrentInfo.defaultUserRolePermissions.allowedToCreateApps = $false + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to disable users from creating App registrations: $($_.exception.message)" -sev Error + } + } + } + + if ($Settings.alert) { + + if ($CurrentInfo.defaultUserRolePermissions.allowedToCreateApps -eq $false) { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are not allowed to create App registrations.' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message 'Users are allowed to create App registrations.' -sev Alert + } + } + + if ($Settings.report) { + $State = -not $CurrentInfo.defaultUserRolePermissions.allowedToCreateApps + Add-CIPPBPAField -FieldName 'UserAppCreationDisabled' -FieldValue [bool]$State -StoreAs bool -Tenant $tenant + } +} From 224474aeddc49aa411f19d54ca4882705e87dc21 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 20 Mar 2024 19:33:02 +0100 Subject: [PATCH 137/243] add reprocess to exclude --- Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 index 77139f1ddaba..db62dae8b160 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 @@ -67,6 +67,7 @@ function Invoke-CippWebhookProcessing { 'OAuth2:Token' 'SAS:EndAuth' 'SAS:ProcessAuth' + 'Login:reprocess' ) if ($TableObj.RequestType -in $ExtendedPropertiesIgnoreList) { Write-Host 'No need to process this operation.' From b4ec1fd0883f02270b4defd62dc06cbb7684e19d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 21 Mar 2024 21:41:38 -0400 Subject: [PATCH 138/243] Limit standards to enabled only --- Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 index 1c7e177e3555..8dd8055c6c93 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPStandardsRun.ps1 @@ -78,7 +78,7 @@ function Invoke-CIPPStandardsRun { #For each item in our object, run the queue. - $Batch = foreach ($task in $object | Where-Object -Property Standard -NotLike 'v2*') { + $Batch = foreach ($task in $object | Where-Object { $_.Standard -NotLike 'v2*' -and ($_.Settings.remediate -eq $true -or $_.Settings.alert -eq $true -or $_.Settings.report -eq $true) }) { [PSCustomObject]@{ Tenant = $task.Tenant Standard = $task.Standard From 7f4dfaded45d1593881d3588f80666440b0e4daf Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 22 Mar 2024 08:52:43 -0400 Subject: [PATCH 139/243] Convert scheduler/alert rules to json objects --- .../Public/Entrypoints/Invoke-ListScheduledItems.ps1 | 5 ++++- .../Public/Entrypoints/Invoke-ListWebhookAlert.ps1 | 10 ++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListScheduledItems.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListScheduledItems.ps1 index d23de674c779..17a650f11196 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListScheduledItems.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListScheduledItems.ps1 @@ -11,7 +11,10 @@ Function Invoke-ListScheduledItems { # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' $Table = Get-CIPPTable -TableName 'ScheduledTasks' - $ScheduledTasks = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'ScheduledTask' and Hidden ne 'True'" + $ScheduledTasks = foreach ($Task in Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'ScheduledTask' and Hidden ne 'True'") { + $Task.Parameters = $Task.Parameters | ConvertFrom-Json + $Task + } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListWebhookAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListWebhookAlert.ps1 index 5ee5feb2924f..d585504f4254 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListWebhookAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListWebhookAlert.ps1 @@ -11,12 +11,14 @@ Function Invoke-ListWebhookAlert { $APIName = $TriggerMetadata.FunctionName Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' $Table = get-cipptable -TableName 'SchedulerConfig' - $WebhookRow = Get-CIPPAzDataTableEntity @Table | Where-Object -Property PartitionKey -EQ 'WebhookAlert' - + $WebhookRow = foreach ($Webhook in Get-CIPPAzDataTableEntity @Table | Where-Object -Property PartitionKey -EQ 'WebhookAlert') { + $Webhook.If = $Webhook.If | ConvertFrom-Json + $Webhook.execution = $Webhook.execution | ConvertFrom-Json + $Webhook + } + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK Body = @($WebhookRow) }) - - } From 6177af2e387c1c39906e1ea2dd0e8e9195a55441 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 22 Mar 2024 09:09:45 -0400 Subject: [PATCH 140/243] Webhook batching --- Scheduler_GetWebhooks/run.ps1 | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/Scheduler_GetWebhooks/run.ps1 b/Scheduler_GetWebhooks/run.ps1 index 9b890b878588..ca8c3a456566 100644 --- a/Scheduler_GetWebhooks/run.ps1 +++ b/Scheduler_GetWebhooks/run.ps1 @@ -2,12 +2,24 @@ param($Timer) $Table = Get-CIPPTable -TableName WebhookIncoming $Webhooks = Get-CIPPAzDataTableEntity @Table -$InputObject = [PSCustomObject]@{ - OrchestratorName = 'WebhookOrchestrator' - Batch = @($Webhooks) - SkipLog = $true +$WebhookCount = ($Webhooks | Measure-Object).Count +$Message = 'Processing {0} webhooks' -f $WebhookCount +Write-LogMessage -API 'Webhooks' -message $Message -sev Info + +try { + for ($i = 0; $i -lt $WebhookCount; $i += 2500) { + $WebhookBatch = $Webhooks[$i..($i + 2499)] + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'WebhookOrchestrator' + Batch = @($WebhookBatch) + SkipLog = $true + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started orchestration with ID = '$InstanceId'" + } +} catch { + Write-LogMessage -API 'Webhooks' -message "Error processing webhooks - $($_.Exception.Message)" -sev Error +} finally { + Write-LogMessage -API 'Webhooks' -message 'Webhook processing completed' -sev Info } -#Write-Host ($InputObject | ConvertTo-Json) -$InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) -Write-Host "Started orchestration with ID = '$InstanceId'" -#$Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId \ No newline at end of file From f5fee6da0b1300bfdde2e4f3591c8f75751680f7 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 22 Mar 2024 09:24:33 -0400 Subject: [PATCH 141/243] up version --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 7d3cdbf0dd04..84197c89467d 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.3.1 \ No newline at end of file +5.3.2 From af3ccf4f319b20afd73e57bfa0f8a9958c7182b6 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 22 Mar 2024 09:27:06 -0400 Subject: [PATCH 142/243] Update Push-CIPPAlertAppSecretExpiry.ps1 --- .../Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 index 739f6953dfce..7b1b8b12fd4f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 @@ -21,7 +21,7 @@ function Push-CIPPAlertAppSecretExpiry { } } } catch { - Write-AlertMessage -tenant $($Item.Tenant) -message "Failed to check App registration expiry for $($Item.Tenant): $(Get-NormalizedError -message $_.Exception.message)" + #Write-AlertMessage -tenant $($Item.Tenant) -message "Failed to check App registration expiry for $($Item.Tenant): $(Get-NormalizedError -message $_.Exception.message)" } } From b8e5c12912b7a22be7a18229131a6da8a9034e34 Mon Sep 17 00:00:00 2001 From: Esco Date: Wed, 20 Mar 2024 14:12:04 +0100 Subject: [PATCH 143/243] SafeLinksPolicy Standard * Created SafeLinks Policy * Safe Links use Optional Variable * Added Set-SafeLinksPolicy and EnableOrganizationBranding * Updated SafeLink logging * Changed Name to Identity for Set-SafeLinksPolicy * Update Invoke-CIPPStandardSafeLinksPolicy.ps1 * Update Invoke-CIPPStandardSafeLinksPolicy.ps1 * Rename CreateSafeLinksPolicy to SafeLinksPolicy * Update Invoke-CIPPStandardSafeLinksPolicy.ps1 --- .../Invoke-CIPPStandardSafeLinksPolicy.ps1 | 74 +++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 new file mode 100644 index 000000000000..8bacac4cfbf0 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 @@ -0,0 +1,74 @@ +function Invoke-CIPPStandardSafeLinksPolicy { + <# + .FUNCTIONALITY + Internal + #> + + param($Tenant, $Settings) + $SafeLinkState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SafeLinksPolicy' | + Where-Object -Property Name -eq $Settings.Name | + Select-Object Name, EnableSafeLinksForEmail, EnableSafeLinksForTeams, EnableSafeLinksForOffice, TrackClicks, AllowClickThrough, ScanUrls, EnableForInternalSenders, DeliverMessageAfterScan, DisableUrlRewrite, EnableOrganizationBranding + + $StateIsCorrect = if ( + ($SafeLinkState.Name -eq $Settings.Name) -and + ($SafeLinkState.EnableSafeLinksForEmail -eq $Settings.EnableSafeLinksForEmail) -and + ($SafeLinkState.EnableSafeLinksForTeams -eq $Settings.EnableSafeLinksForTeams) -and + ($SafeLinkState.EnableSafeLinksForOffice -eq $Settings.EnableSafeLinksForOffice) -and + ($SafeLinkState.TrackClicks -eq $Settings.TrackClicks) -and + ($SafeLinkState.ScanUrls -eq $Settings.ScanUrls) -and + ($SafeLinkState.EnableForInternalSenders -eq $Settings.EnableForInternalSenders) -and + ($SafeLinkState.DeliverMessageAfterScan -eq $Settings.DeliverMessageAfterScan) -and + ($SafeLinkState.AllowClickThrough -eq $Settings.AllowClickThrough) -and + ($SafeLinkState.DisableUrlRewrite -eq $Settings.DisableUrlRewrite) -and + ($SafeLinkState.EnableOrganizationBranding -eq $Settings.EnableOrganizationBranding) + ) { $true } else { $false } + + if ($Settings.remediate) { + + if ($StateIsCorrect) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'SafeLink Policy already exists.' -sev Info + } else { + $cmdparams = @{ + Identity = $Settings.Name + EnableSafeLinksForEmail = $Settings.EnableSafeLinksForEmail + EnableSafeLinksForTeams = $Settings.EnableSafeLinksForTeams + EnableSafeLinksForOffice = $Settings.EnableSafeLinksForOffice + TrackClicks = $Settings.TrackClicks + ScanUrls = $Settings.ScanUrls + EnableForInternalSenders = $Settings.EnableForInternalSenders + DeliverMessageAfterScan = $Settings.DeliverMessageAfterScan + AllowClickThrough = $Settings.AllowClickThrough + DisableUrlRewrite = $Settings.DisableUrlRewrite + EnableOrganizationBranding = $Settings.EnableOrganizationBranding + } + + try { + if ($SafeLinkState.Name -eq $Settings.Name) { + $cmdparams.Add("Identity", $Settings.Name) + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SafeLinksPolicy' -cmdparams $cmdparams + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated SafeLink Policy' -sev Info + } else { + $cmdparams.Add("Name", $Settings.Name) + New-ExoRequest -tenantid $Tenant -cmdlet 'New-SafeLinksPolicy' -cmdparams $cmdparams + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created SafeLink Policy' -sev Info + } + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create SafeLink Policy. Error: $($_.exception.message)" -sev Error + } + } + } + + if ($Settings.alert) { + + if ($StateIsCorrect) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'SafeLink Policy is enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'SafeLink Policy is not enabled' -sev Alert + } + } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'SafeLinksPolicy' -FieldValue [bool]$StateIsCorrect -StoreAs bool -Tenant $tenant + } + +} \ No newline at end of file From 71e6e9f60c1505f62eedb729bd79cebe1f9234f0 Mon Sep 17 00:00:00 2001 From: Esco Date: Thu, 21 Mar 2024 14:18:06 +0100 Subject: [PATCH 144/243] MalwareFilterPolicy Standard Update Invoke-CIPPStandardMalwareFilterPolicy.ps1 Update Invoke-CIPPStandardMalwareFilterPolicy.ps1 Update Invoke-CIPPStandardMalwareFilterPolicy.ps1 --- ...Invoke-CIPPStandardMalwareFilterPolicy.ps1 | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 new file mode 100644 index 000000000000..502cb87ed1ff --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 @@ -0,0 +1,69 @@ +function Invoke-CIPPStandardMalwareFilterPolicy { + <# + .FUNCTIONALITY + Internal + #> + + param($Tenant, $Settings) + $MalwareFilterState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MalwareFilterPolicy' | + Where-Object -Property Name -eq $Settings.Name | + Select-Object Name, EnableFileFilter, FileTypeAction, ZapEnabled, QuarantineTag, EnableInternalSenderAdminNotifications, InternalSenderAdminAddress, EnableExternalSenderAdminNotifications, ExternalSenderAdminAddress + + $StateIsCorrect = if ( + ($MalwareFilterState.Name -eq $Settings.Name) -and + ($MalwareFilterState.EnableFileFilter -eq $Settings.EnableFileFilter) -and + ($MalwareFilterState.FileTypeAction -eq $Settings.FileTypeAction) -and + ($MalwareFilterState.ZapEnabled -eq $Settings.ZapEnabled) -and + ($MalwareFilterState.QuarantineTag -eq $Settings.QuarantineTag) -and + ($MalwareFilterState.EnableInternalSenderAdminNotifications -eq $Settings.EnableInternalSenderAdminNotifications) -and + ($MalwareFilterState.InternalSenderAdminAddress -eq $Settings.InternalSenderAdminAddress) -and + ($MalwareFilterState.EnableExternalSenderAdminNotifications -eq $Settings.EnableExternalSenderAdminNotifications) -and + ($MalwareFilterState.ExternalSenderAdminAddress -eq $Settings.ExternalSenderAdminAddress) + ) { $true } else { $false } + + if ($Settings.remediate) { + + if ($StateIsCorrect) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Malware Filter Policy already exists.' -sev Info + } else { + $cmdparams = @{ + EnableFileFilter = $Settings.EnableFileFilter + FileTypeAction = $Settings.FileTypeAction + ZapEnabled = $Settings.ZapEnabled + QuarantineTag = $Settings.QuarantineTag + EnableInternalSenderAdminNotifications = $Settings.EnableInternalSenderAdminNotifications + InternalSenderAdminAddress = $Settings.InternalSenderAdminAddress + EnableExternalSenderAdminNotifications = $Settings.EnableExternalSenderAdminNotifications + ExternalSenderAdminAddress = $Settings.ExternalSenderAdminAddress + } + + try { + if ($MalwareFilterState.Name -eq $Settings.Name) { + $cmdparams.Add("Identity", $Settings.Name) + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MalwareFilterPolicy' -cmdparams $cmdparams + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Malware Filter Policy' -sev Info + } else { + $cmdparams.Add("Name", $Settings.Name) + New-ExoRequest -tenantid $Tenant -cmdlet 'New-MalwareFilterPolicy' -cmdparams $cmdparams + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Malware Filter Policy' -sev Info + } + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Malware Filter Policy. Error: $($_.exception.message)" -sev Error + } + } + } + + if ($Settings.alert) { + + if ($StateIsCorrect) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Malware Filter Policy is enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Malware Filter Policy is not enabled' -sev Alert + } + } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'MalwareFilterPolicy' -FieldValue [bool]$StateIsCorrect -StoreAs bool -Tenant $tenant + } + +} \ No newline at end of file From 353e134a8677f61339240136c4d1a8deb25bc55a Mon Sep 17 00:00:00 2001 From: Esco Date: Fri, 22 Mar 2024 09:36:39 +0100 Subject: [PATCH 145/243] SafeAttachmentPolicy Standard * Update Invoke-CIPPStandardSafeAttachmentPolicy.ps1 --- ...nvoke-CIPPStandardSafeAttachmentPolicy.ps1 | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 new file mode 100644 index 000000000000..a2f40f9d48d9 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 @@ -0,0 +1,62 @@ +function Invoke-CIPPStandardSafeAttachmentPolicy { + <# + .FUNCTIONALITY + Internal + #> + + param($Tenant, $Settings) + $SafeAttachmentState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SafeAttachmentPolicy' | + Where-Object -Property Name -eq $Settings.Name | + Select-Object Name, Enable, Action, QuarantineTag, Redirect, RedirectAddress + + $StateIsCorrect = if ( + ($SafeAttachmentState.Name -eq $Settings.Name) -and + ($SafeAttachmentState.Enable -eq $Settings.Enable) -and + ($SafeAttachmentState.QuarantineTag -eq $Settings.QuarantineTag) -and + ($SafeAttachmentState.Redirect -eq $Settings.Redirect) -and + ($SafeAttachmentState.RedirectAddress -eq $Settings.RedirectAddress) + ) { $true } else { $false } + + if ($Settings.remediate) { + + if ($StateIsCorrect) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Safe Attachment Policy already exists.' -sev Info + } else { + $cmdparams = @{ + Identity = $Settings.Name + Enable = $Settings.Enable + QuarantineTag = $Settings.QuarantineTag + Redirect = $Settings.Redirect + RedirectAddress = $Settings.RedirectAddress + } + + try { + if ($SafeAttachmentState.Name -eq $Settings.Name) { + $cmdparams.Add("Identity", $Settings.Name) + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SafeAttachmentPolicy' -cmdparams $cmdparams + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Safe Attachment Policy' -sev Info + } else { + $cmdparams.Add("Name", $Settings.Name) + New-ExoRequest -tenantid $Tenant -cmdlet 'New-SafeAttachmentPolicy' -cmdparams $cmdparams + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Safe Attachment Policy' -sev Info + } + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Safe Attachment Policy. Error: $($_.exception.message)" -sev Error + } + } + } + + if ($Settings.alert) { + + if ($StateIsCorrect) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Safe Attachment Policy is enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Safe Attachment Policy is not enabled' -sev Alert + } + } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'SafeAttachmentPolicy' -FieldValue [bool]$StateIsCorrect -StoreAs bool -Tenant $tenant + } + +} \ No newline at end of file From 233a54a6651613a1cfceff55704d440b88fde2dc Mon Sep 17 00:00:00 2001 From: Esco Date: Fri, 22 Mar 2024 11:56:08 +0100 Subject: [PATCH 146/243] AtpPolicyForO365 Standard Update Invoke-CIPPStandardAtpPolicyForO365.ps1 Update Invoke-CIPPStandardAtpPolicyForO365.ps1 --- .../Invoke-CIPPStandardAtpPolicyForO365.ps1 | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 new file mode 100644 index 000000000000..9e99c455b3b2 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 @@ -0,0 +1,49 @@ +function Invoke-CIPPStandardAtpPolicyForO365 { + <# + .FUNCTIONALITY + Internal + #> + + param($Tenant, $Settings) + $AtpPolicyForO365State = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AtpPolicyForO365' | + Select-Object EnableATPForSPOTeamsODB, EnableSafeDocs, AllowSafeDocsOpen + + $StateIsCorrect = if ( + ($AtpPolicyForO365State.EnableATPForSPOTeamsODB -eq $Settings.EnableATPForSPOTeamsODB) -and + ($AtpPolicyForO365State.EnableSafeDocs -eq $Settings.EnableSafeDocs) -and + ($AtpPolicyForO365State.AllowSafeDocsOpen -eq $Settings.AllowSafeDocsOpen) + ) { $true } else { $false } + + if ($Settings.remediate) { + if ($StateIsCorrect) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Atp Policy For O365 already set.' -sev Info + } else { + $cmdparams = @{ + EnableATPForSPOTeamsODB = $Settings.EnableATPForSPOTeamsODB + EnableSafeDocs = $Settings.EnableSafeDocs + AllowSafeDocsOpen = $Settings.AllowSafeDocsOpen + } + + try { + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AntiPhishPolicy' -cmdparams $cmdparams + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Atp Policy For O365' -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to set Atp Policy For O365. Error: $($_.exception.message)" -sev Error + } + } + } + + if ($Settings.alert) { + + if ($StateIsCorrect) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Atp Policy For O365 is enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Atp Policy For O365 is not enabled' -sev Alert + } + } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'AtpPolicyForO365' -FieldValue [bool]$StateIsCorrect -StoreAs bool -Tenant $tenant + } + +} \ No newline at end of file From b33a399b91b066cb38ef0022e15b8df0806d5e00 Mon Sep 17 00:00:00 2001 From: Esco Date: Fri, 22 Mar 2024 13:43:40 +0100 Subject: [PATCH 147/243] AntiPhishPolicy Standard Update Invoke-CIPPStandardAntiPhishPolicy.ps1 --- .../Invoke-CIPPStandardAntiPhishPolicy.ps1 | 79 +++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 new file mode 100644 index 000000000000..6bf3654f28d7 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 @@ -0,0 +1,79 @@ +function Invoke-CIPPStandardAntiPhishPolicy { + <# + .FUNCTIONALITY + Internal + #> + + param($Tenant, $Settings) + $AntiPhishPolicyState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishPolicy' | + Where-Object -Property Name -eq "Office365 AntiPhish Default" | + Select-Object Name, Enabled, PhishThresholdLevel, EnableMailboxIntelligence, EnableMailboxIntelligenceProtection, EnableSpoofIntelligence, EnableFirstContactSafetyTips, EnableSimilarUsersSafetyTips, EnableSimilarDomainsSafetyTips, EnableUnusualCharactersSafetyTips, EnableUnauthenticatedSender, EnableViaTag, MailboxIntelligenceProtectionAction, MailboxIntelligenceQuarantineTag + + $StateIsCorrect = if ( + ($AntiPhishPolicyState.Name -eq "Office365 AntiPhish Default") -and + ($AntiPhishPolicyState.Enabled -eq $Settings.Enabled) -and + ($AntiPhishPolicyState.PhishThresholdLevel -eq $Settings.PhishThresholdLevel) -and + ($AntiPhishPolicyState.EnableMailboxIntelligence -eq $Settings.EnableMailboxIntelligence) -and + ($AntiPhishPolicyState.EnableMailboxIntelligenceProtection -eq $Settings.EnableMailboxIntelligenceProtection) -and + ($AntiPhishPolicyState.EnableSpoofIntelligence -eq $Settings.EnableSpoofIntelligence) -and + ($AntiPhishPolicyState.EnableFirstContactSafetyTips -eq $Settings.EnableFirstContactSafetyTips) -and + ($AntiPhishPolicyState.EnableSimilarUsersSafetyTips -eq $Settings.EnableSimilarUsersSafetyTips) -and + ($AntiPhishPolicyState.EnableSimilarDomainsSafetyTips -eq $Settings.EnableSimilarDomainsSafetyTips) -and + ($AntiPhishPolicyState.EnableUnusualCharactersSafetyTips -eq $Settings.EnableUnusualCharactersSafetyTips) -and + ($AntiPhishPolicyState.EnableUnauthenticatedSender -eq $Settings.EnableUnauthenticatedSender) -and + ($AntiPhishPolicyState.EnableViaTag -eq $Settings.EnableViaTag) -and + ($AntiPhishPolicyState.MailboxIntelligenceProtectionAction -eq $Settings.MailboxIntelligenceProtectionAction) -and + ($AntiPhishPolicyState.MailboxIntelligenceQuarantineTag -eq $Settings.MailboxIntelligenceQuarantineTag) + ) { $true } else { $false } + + if ($Settings.remediate) { + if ($StateIsCorrect) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy already exists.' -sev Info + } else { + $cmdparams = @{ + Enabled = $Settings.Enabled + PhishThresholdLevel = $Settings.PhishThresholdLevel + EnableMailboxIntelligence = $Settings.EnableMailboxIntelligence + EnableMailboxIntelligenceProtection = $Settings.EnableMailboxIntelligenceProtection + EnableSpoofIntelligence = $Settings.EnableSpoofIntelligence + EnableFirstContactSafetyTips = $Settings.EnableFirstContactSafetyTips + EnableSimilarUsersSafetyTips = $Settings.EnableSimilarUsersSafetyTips + EnableSimilarDomainsSafetyTips = $Settings.EnableSimilarDomainsSafetyTips + EnableUnusualCharactersSafetyTips = $Settings.EnableUnusualCharactersSafetyTips + EnableUnauthenticatedSender = $Settings.EnableUnauthenticatedSender + EnableViaTag = $Settings.EnableViaTag + MailboxIntelligenceProtectionAction = $Settings.MailboxIntelligenceProtectionAction + MailboxIntelligenceQuarantineTag = $Settings.MailboxIntelligenceQuarantineTag + } + + try { + if ($AntiPhishPolicyState.Name -eq "Office365 AntiPhish Default") { + $cmdparams.Add("Identity", "Office365 AntiPhish Default") + New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AntiPhishPolicy' -cmdparams $cmdparams + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Anti-phishing Policy' -sev Info + } else { + $cmdparams.Add("Name", "Office365 AntiPhish Default") + New-ExoRequest -tenantid $Tenant -cmdlet 'New-AntiPhishPolicy' -cmdparams $cmdparams + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Anti-phishing Policy' -sev Info + } + } catch { + Write-LogMessage -API 'Standards' -tenant $Tenant -message "Failed to create Anti-phishing Policy. Error: $($_.exception.message)" -sev Error + } + } + } + + + if ($Settings.alert) { + + if ($StateIsCorrect) { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy is enabled' -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy is not enabled' -sev Alert + } + } + + if ($Settings.report) { + Add-CIPPBPAField -FieldName 'AntiPhishPolicy' -FieldValue [bool]$StateIsCorrect -StoreAs bool -Tenant $tenant + } + +} \ No newline at end of file From 50379fcb5c064871c6c1a75844d9a97c9f98328d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 22 Mar 2024 12:28:37 -0400 Subject: [PATCH 148/243] Webhook batching via activity function --- .../Entrypoints/Push-GetPendingWebhooks.ps1 | 8 +++++++ Scheduler_GetWebhooks/run.ps1 | 24 ++++++------------- 2 files changed, 15 insertions(+), 17 deletions(-) create mode 100644 Modules/CIPPCore/Public/Entrypoints/Push-GetPendingWebhooks.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-GetPendingWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-GetPendingWebhooks.ps1 new file mode 100644 index 000000000000..11e518c782bd --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Push-GetPendingWebhooks.ps1 @@ -0,0 +1,8 @@ +function Push-GetPendingWebhooks { + $Table = Get-CIPPTable -TableName WebhookIncoming + $Webhooks = Get-CIPPAzDataTableEntity @Table + $WebhookCount = ($Webhooks | Measure-Object).Count + $Message = 'Processing {0} webhooks' -f $WebhookCount + Write-LogMessage -API 'Webhooks' -message $Message -sev Info + return $Webhooks +} \ No newline at end of file diff --git a/Scheduler_GetWebhooks/run.ps1 b/Scheduler_GetWebhooks/run.ps1 index ca8c3a456566..a36890b001df 100644 --- a/Scheduler_GetWebhooks/run.ps1 +++ b/Scheduler_GetWebhooks/run.ps1 @@ -1,25 +1,15 @@ param($Timer) -$Table = Get-CIPPTable -TableName WebhookIncoming -$Webhooks = Get-CIPPAzDataTableEntity @Table -$WebhookCount = ($Webhooks | Measure-Object).Count -$Message = 'Processing {0} webhooks' -f $WebhookCount -Write-LogMessage -API 'Webhooks' -message $Message -sev Info - try { - for ($i = 0; $i -lt $WebhookCount; $i += 2500) { - $WebhookBatch = $Webhooks[$i..($i + 2499)] - $InputObject = [PSCustomObject]@{ - OrchestratorName = 'WebhookOrchestrator' - Batch = @($WebhookBatch) - SkipLog = $true + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'WebhookOrchestrator' + QueueFunction = @{ + FunctionName = 'GetPendingWebhooks' } - #Write-Host ($InputObject | ConvertTo-Json) - $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) - Write-Host "Started orchestration with ID = '$InstanceId'" + SkipLog = $true } + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + Write-Host "Started orchestration with ID = '$InstanceId'" } catch { Write-LogMessage -API 'Webhooks' -message "Error processing webhooks - $($_.Exception.Message)" -sev Error -} finally { - Write-LogMessage -API 'Webhooks' -message 'Webhook processing completed' -sev Info } From 757f778dac116fc692c707dbf9fe62c80c7b0f29 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 24 Mar 2024 19:59:40 -0400 Subject: [PATCH 149/243] Get-Tenants update - Simplify queries - Group relationships - Add props for relationship details - Remove write-hosts --- .../GraphHelper/Get-ClassicAPIToken.ps1 | 4 +- .../Public/GraphHelper/Get-GraphToken.ps1 | 4 +- .../Public/GraphHelper/Get-Tenants.ps1 | 87 +++++++++---------- 3 files changed, 47 insertions(+), 48 deletions(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-ClassicAPIToken.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-ClassicAPIToken.ps1 index f887e8ce850e..ce7e48fa5247 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-ClassicAPIToken.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-ClassicAPIToken.ps1 @@ -5,10 +5,10 @@ function Get-ClassicAPIToken($tenantID, $Resource) { #> $TokenKey = '{0}-{1}' -f $TenantID, $Resource if ($script:classictoken.$TokenKey -and [int](Get-Date -UFormat %s -Millisecond 0) -lt $script:classictoken.$TokenKey.expires_on) { - Write-Host 'Classic: cached token' + #Write-Host 'Classic: cached token' return $script:classictoken.$TokenKey } else { - Write-Host 'Using classic' + #Write-Host 'Using classic' $uri = "https://login.microsoftonline.com/$($TenantID)/oauth2/token" $Body = @{ client_id = $env:ApplicationID diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1 index 05b1b7f9c8fc..b0021973a701 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1 @@ -36,10 +36,10 @@ function Get-GraphToken($tenantid, $scope, $AsApp, $AppID, $refreshToken, $Retur try { if ($script:AccessTokens.$TokenKey -and [int](Get-Date -UFormat %s -Millisecond 0) -lt $script:AccessTokens.$TokenKey.expires_on -and $SkipCache -ne $true) { - Write-Host 'Graph: cached token' + #Write-Host 'Graph: cached token' $AccessToken = $script:AccessTokens.$TokenKey } else { - Write-Host 'Graph: new token' + #Write-Host 'Graph: new token' $AccessToken = (Invoke-RestMethod -Method post -Uri "https://login.microsoftonline.com/$($tenantid)/oauth2/v2.0/token" -Body $Authbody -ErrorAction Stop) $ExpiresOn = [int](Get-Date -UFormat %s -Millisecond 0) + $AccessToken.expires_in Add-Member -InputObject $AccessToken -NotePropertyName 'expires_on' -NotePropertyValue $ExpiresOn diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 index e44eccbea5d9..4dc97a3ce27d 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 @@ -36,41 +36,54 @@ function Get-Tenants { $LastRefresh = $false } if (!$LastRefresh -or $LastRefresh -lt (Get-Date).Addhours(-24).ToUniversalTime()) { - try { - Write-Host "Renewing. Cache not hit. $LastRefresh" - $TenantList = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/tenants?`$top=999" -tenantid $env:TenantID ) | Select-Object id, @{l = 'customerId'; e = { $_.tenantId } }, @{l = 'DefaultdomainName'; e = { [string]($_.contract.defaultDomainName) } } , @{l = 'MigratedToNewTenantAPI'; e = { $true } }, DisplayName, domains, @{n = 'delegatedPrivilegeStatus'; exp = { $_.tenantStatusInformation.delegatedPrivilegeStatus } } | Where-Object { $_.defaultDomainName -NotIn $SkipListCache.defaultDomainName -and $_.defaultDomainName -ne $null } - - } catch { - Write-Host "Get-Tenants - Lighthouse Error, using contract/delegatedAdminRelationship calls. Error: $($_.Exception.Message)" - [System.Collections.Generic.List[PSCustomObject]]$BulkRequests = @( - @{ - id = 'Contracts' - method = 'GET' - url = "/contracts?`$top=999" - }, - @{ - id = 'GDAPRelationships' - method = 'GET' - url = '/tenantRelationships/delegatedAdminRelationships' - } - ) - $BulkResults = New-GraphBulkRequest -Requests $BulkRequests -tenantid $TenantFilter -NoAuthCheck:$true - $Contracts = Get-GraphBulkResultByID -Results $BulkResults -ID 'Contracts' -Value - $GDAPRelationships = Get-GraphBulkResultByID -Results $BulkResults -ID 'GDAPRelationships' -Value + # Query for active relationships + $GDAPRelationships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships?`$filter=status eq 'active'&`$select=customer,autoExtendDuration,endDateTime" - $ContractList = $Contracts | Select-Object id, customerId, DefaultdomainName, DisplayName, domains, @{l = 'MigratedToNewTenantAPI'; e = { $true } }, @{ n = 'delegatedPrivilegeStatus'; exp = { $CustomerId = $_.customerId; if (($GDAPRelationships | Where-Object { $_.customer.tenantId -EQ $CustomerId -and $_.status -EQ 'active' } | Measure-Object).Count -gt 0) { 'delegatedAndGranularDelegetedAdminPrivileges' } else { 'delegatedAdminPrivileges' } } } | Where-Object -Property defaultDomainName -NotIn $SkipListCache.defaultDomainName + # Flatten gdap relationship + $GDAPList = foreach ($Relationship in $GDAPRelationships) { + [PSCustomObject]@{ + customerId = $Relationship.customer.tenantId + displayName = $Relationship.customer.displayName + autoExtend = ($Relationship.autoExtendDuration -ne 'PT0S') + relationshipEnd = $Relationship.endDateTime + } + } - $GDAPOnlyList = $GDAPRelationships | Where-Object { $_.status -eq 'active' -and $Contracts.customerId -notcontains $_.customer.tenantId } | Select-Object id, @{l = 'customerId'; e = { $($_.customer.tenantId) } }, @{l = 'defaultDomainName'; e = { (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/findTenantInformationByTenantId(tenantId='$($_.customer.tenantId)')" -noauthcheck $true -asApp:$true -tenant $env:TenantId).defaultDomainName } }, @{l = 'MigratedToNewTenantAPI'; e = { $true } }, @{n = 'displayName'; exp = { $_.customer.displayName } }, domains, @{n = 'delegatedPrivilegeStatus'; exp = { 'granularDelegatedAdminPrivileges' } } | Where-Object { $_.defaultDomainName -NotIn $SkipListCache.defaultDomainName -and $_.defaultDomainName -ne $null } | Sort-Object -Property customerId -Unique + # Group relationships, build object for adding to tables + $ActiveRelationships = $GDAPList | Where-Object { $_.customerId -notin $SkipListCache.customerId } + $TenantList = $ActiveRelationships | Group-Object -Property customerId | ForEach-Object -Parallel { + Import-Module .\Modules\CIPPCore + $LatestRelationship = $_.Group | Sort-Object -Property relationshipEnd | Select-Object -Last 1 + $AutoExtend = ($_.Group | Where-Object { $_.autoExtend -eq $true } | Measure-Object).Count -gt 0 - $TenantList = @($ContractList) + @($GDAPOnlyList) + # Query domains to get default/initial + $Domains = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $LatestRelationship.customerId -NoAuthCheck:$true + [PSCustomObject]@{ + PartitionKey = 'Tenants' + RowKey = $_.Name + customerId = $_.Name + displayName = $LatestRelationship.displayName + relationshipEnd = $LatestRelationship.relationshipEnd + relationshipCount = $_.Count + defaultDomainName = ($Domains | Where-Object { $_.isDefault -eq $true }).id + initialDomainName = ($Domains | Where-Object { $_.isInitial -eq $true }).id + hasAutoExtend = $AutoExtend + delegatedPrivilegeStatus = 'granularDelegatedAdminPrivileges' + domains = '' + Excluded = $false + ExcludeUser = '' + ExcludeDate = '' + GraphErrorCount = 0 + LastGraphError = '' + LastRefresh = (Get-Date).ToUniversalTime() + } } - <#if (!$TenantList.customerId) { - $TenantList = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/contracts?`$top=999" -tenantid $env:TenantID ) | Select-Object id, customerId, DefaultdomainName, DisplayName, domains | Where-Object -Property defaultDomainName -NotIn $SkipListCache.defaultDomainName - }#> - $IncludedTenantsCache = [system.collections.generic.list[hashtable]]::new() + + $IncludedTenantsCache = [system.collections.generic.list[object]]::new() if ($env:PartnerTenantAvailable) { - $IncludedTenantsCache.Add(@{ + # Add partner tenant if env is set + $IncludedTenantsCache.Add([PSCustomObject]@{ RowKey = $env:TenantID PartitionKey = 'Tenants' customerId = $env:TenantID @@ -87,21 +100,7 @@ function Get-Tenants { } foreach ($Tenant in $TenantList) { if ($Tenant.defaultDomainName -eq 'Invalid' -or !$Tenant.defaultDomainName) { continue } - $IncludedTenantsCache.Add(@{ - RowKey = [string]$Tenant.customerId - PartitionKey = 'Tenants' - customerId = [string]$Tenant.customerId - defaultDomainName = [string]$Tenant.defaultDomainName - displayName = [string]$Tenant.DisplayName - delegatedPrivilegeStatus = [string]$Tenant.delegatedPrivilegeStatus - domains = '' - Excluded = $false - ExcludeUser = '' - ExcludeDate = '' - GraphErrorCount = 0 - LastGraphError = '' - LastRefresh = (Get-Date).ToUniversalTime() - }) | Out-Null + $IncludedTenantsCache.Add($Tenant) | Out-Null } if ($IncludedTenantsCache) { From d26eeefef8aec27f861c45fb80db60092301d87b Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 25 Mar 2024 12:32:24 +0100 Subject: [PATCH 150/243] Added changes according to feedback --- .../Invoke-CIPPStandardSafeLinksPolicy.ps1 | 39 +++++++++---------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 index 8bacac4cfbf0..69f35f7160d9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 @@ -6,18 +6,18 @@ function Invoke-CIPPStandardSafeLinksPolicy { param($Tenant, $Settings) $SafeLinkState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SafeLinksPolicy' | - Where-Object -Property Name -eq $Settings.Name | + Where-Object -Property Name -eq "SafeLinks Policy" | Select-Object Name, EnableSafeLinksForEmail, EnableSafeLinksForTeams, EnableSafeLinksForOffice, TrackClicks, AllowClickThrough, ScanUrls, EnableForInternalSenders, DeliverMessageAfterScan, DisableUrlRewrite, EnableOrganizationBranding $StateIsCorrect = if ( - ($SafeLinkState.Name -eq $Settings.Name) -and - ($SafeLinkState.EnableSafeLinksForEmail -eq $Settings.EnableSafeLinksForEmail) -and - ($SafeLinkState.EnableSafeLinksForTeams -eq $Settings.EnableSafeLinksForTeams) -and - ($SafeLinkState.EnableSafeLinksForOffice -eq $Settings.EnableSafeLinksForOffice) -and - ($SafeLinkState.TrackClicks -eq $Settings.TrackClicks) -and - ($SafeLinkState.ScanUrls -eq $Settings.ScanUrls) -and - ($SafeLinkState.EnableForInternalSenders -eq $Settings.EnableForInternalSenders) -and - ($SafeLinkState.DeliverMessageAfterScan -eq $Settings.DeliverMessageAfterScan) -and + ($SafeLinkState.Name -eq "SafeLinks Policy") -and + ($SafeLinkState.EnableSafeLinksForEmail -eq $true) -and + ($SafeLinkState.EnableSafeLinksForTeams -eq $true) -and + ($SafeLinkState.EnableSafeLinksForOffice -eq $true) -and + ($SafeLinkState.TrackClicks -eq $true) -and + ($SafeLinkState.ScanUrls -eq $true) -and + ($SafeLinkState.EnableForInternalSenders -eq $true) -and + ($SafeLinkState.DeliverMessageAfterScan -eq $true) -and ($SafeLinkState.AllowClickThrough -eq $Settings.AllowClickThrough) -and ($SafeLinkState.DisableUrlRewrite -eq $Settings.DisableUrlRewrite) -and ($SafeLinkState.EnableOrganizationBranding -eq $Settings.EnableOrganizationBranding) @@ -29,26 +29,25 @@ function Invoke-CIPPStandardSafeLinksPolicy { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'SafeLink Policy already exists.' -sev Info } else { $cmdparams = @{ - Identity = $Settings.Name - EnableSafeLinksForEmail = $Settings.EnableSafeLinksForEmail - EnableSafeLinksForTeams = $Settings.EnableSafeLinksForTeams - EnableSafeLinksForOffice = $Settings.EnableSafeLinksForOffice - TrackClicks = $Settings.TrackClicks - ScanUrls = $Settings.ScanUrls - EnableForInternalSenders = $Settings.EnableForInternalSenders - DeliverMessageAfterScan = $Settings.DeliverMessageAfterScan + EnableSafeLinksForEmail = $true + EnableSafeLinksForTeams = $true + EnableSafeLinksForOffice = $true + TrackClicks = $true + ScanUrls = $true + EnableForInternalSenders = $true + DeliverMessageAfterScan = $true AllowClickThrough = $Settings.AllowClickThrough DisableUrlRewrite = $Settings.DisableUrlRewrite EnableOrganizationBranding = $Settings.EnableOrganizationBranding } try { - if ($SafeLinkState.Name -eq $Settings.Name) { - $cmdparams.Add("Identity", $Settings.Name) + if ($SafeLinkState.Name -eq "SafeLinks Policy") { + $cmdparams.Add("Name", "SafeLinks Policy") New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SafeLinksPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated SafeLink Policy' -sev Info } else { - $cmdparams.Add("Name", $Settings.Name) + $cmdparams.Add("Identity", "SafeLinks Policy") New-ExoRequest -tenantid $Tenant -cmdlet 'New-SafeLinksPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created SafeLink Policy' -sev Info } From 06994a6a5142c9981699a99384078967ebf4d08d Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 25 Mar 2024 12:40:33 +0100 Subject: [PATCH 151/243] Update Invoke-CIPPStandardSafeLinksPolicy.ps1 --- .../Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 index 69f35f7160d9..6b6ff52f5cee 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 @@ -43,11 +43,11 @@ function Invoke-CIPPStandardSafeLinksPolicy { try { if ($SafeLinkState.Name -eq "SafeLinks Policy") { - $cmdparams.Add("Name", "SafeLinks Policy") + $cmdparams.Add("Identity", "SafeLinks Policy") New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SafeLinksPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated SafeLink Policy' -sev Info } else { - $cmdparams.Add("Identity", "SafeLinks Policy") + $cmdparams.Add("Name", "SafeLinks Policy") New-ExoRequest -tenantid $Tenant -cmdlet 'New-SafeLinksPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created SafeLink Policy' -sev Info } From faf597334b9014e8510b63db1cf34497eb22be2b Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 25 Mar 2024 12:43:51 +0100 Subject: [PATCH 152/243] Updated according to ffeedback --- ...Invoke-CIPPStandardMalwareFilterPolicy.ps1 | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 index 502cb87ed1ff..40ed853dc1d2 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardMalwareFilterPolicy.ps1 @@ -6,14 +6,15 @@ function Invoke-CIPPStandardMalwareFilterPolicy { param($Tenant, $Settings) $MalwareFilterState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-MalwareFilterPolicy' | - Where-Object -Property Name -eq $Settings.Name | + Where-Object -Property Name -eq $PolicyName | Select-Object Name, EnableFileFilter, FileTypeAction, ZapEnabled, QuarantineTag, EnableInternalSenderAdminNotifications, InternalSenderAdminAddress, EnableExternalSenderAdminNotifications, ExternalSenderAdminAddress + $PolicyName = "Default Malware Policy" $StateIsCorrect = if ( - ($MalwareFilterState.Name -eq $Settings.Name) -and - ($MalwareFilterState.EnableFileFilter -eq $Settings.EnableFileFilter) -and + ($MalwareFilterState.Name -eq $PolicyName) -and + ($MalwareFilterState.EnableFileFilter -eq $true) -and ($MalwareFilterState.FileTypeAction -eq $Settings.FileTypeAction) -and - ($MalwareFilterState.ZapEnabled -eq $Settings.ZapEnabled) -and + ($MalwareFilterState.ZapEnabled -eq $true) -and ($MalwareFilterState.QuarantineTag -eq $Settings.QuarantineTag) -and ($MalwareFilterState.EnableInternalSenderAdminNotifications -eq $Settings.EnableInternalSenderAdminNotifications) -and ($MalwareFilterState.InternalSenderAdminAddress -eq $Settings.InternalSenderAdminAddress) -and @@ -27,9 +28,9 @@ function Invoke-CIPPStandardMalwareFilterPolicy { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Malware Filter Policy already exists.' -sev Info } else { $cmdparams = @{ - EnableFileFilter = $Settings.EnableFileFilter + EnableFileFilter = $true FileTypeAction = $Settings.FileTypeAction - ZapEnabled = $Settings.ZapEnabled + ZapEnabled = $true QuarantineTag = $Settings.QuarantineTag EnableInternalSenderAdminNotifications = $Settings.EnableInternalSenderAdminNotifications InternalSenderAdminAddress = $Settings.InternalSenderAdminAddress @@ -38,12 +39,12 @@ function Invoke-CIPPStandardMalwareFilterPolicy { } try { - if ($MalwareFilterState.Name -eq $Settings.Name) { - $cmdparams.Add("Identity", $Settings.Name) + if ($MalwareFilterState.Name -eq $PolicyName) { + $cmdparams.Add("Identity", $PolicyName) New-ExoRequest -tenantid $Tenant -cmdlet 'Set-MalwareFilterPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Malware Filter Policy' -sev Info } else { - $cmdparams.Add("Name", $Settings.Name) + $cmdparams.Add("Name", $PolicyName) New-ExoRequest -tenantid $Tenant -cmdlet 'New-MalwareFilterPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Malware Filter Policy' -sev Info } From 5a60d1245a1c1c6cd160f8d0a2eca2574a73dbe8 Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 25 Mar 2024 12:45:11 +0100 Subject: [PATCH 153/243] Updated for easier name change --- .../Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 index 6b6ff52f5cee..7233a4e92fc9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeLinksPolicy.ps1 @@ -6,11 +6,12 @@ function Invoke-CIPPStandardSafeLinksPolicy { param($Tenant, $Settings) $SafeLinkState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SafeLinksPolicy' | - Where-Object -Property Name -eq "SafeLinks Policy" | + Where-Object -Property Name -eq $PolicyName | Select-Object Name, EnableSafeLinksForEmail, EnableSafeLinksForTeams, EnableSafeLinksForOffice, TrackClicks, AllowClickThrough, ScanUrls, EnableForInternalSenders, DeliverMessageAfterScan, DisableUrlRewrite, EnableOrganizationBranding + $PolicyName = "Default SafeLinks Policy" $StateIsCorrect = if ( - ($SafeLinkState.Name -eq "SafeLinks Policy") -and + ($SafeLinkState.Name -eq $PolicyName) -and ($SafeLinkState.EnableSafeLinksForEmail -eq $true) -and ($SafeLinkState.EnableSafeLinksForTeams -eq $true) -and ($SafeLinkState.EnableSafeLinksForOffice -eq $true) -and @@ -42,12 +43,12 @@ function Invoke-CIPPStandardSafeLinksPolicy { } try { - if ($SafeLinkState.Name -eq "SafeLinks Policy") { - $cmdparams.Add("Identity", "SafeLinks Policy") + if ($SafeLinkState.Name -eq $PolicyName) { + $cmdparams.Add("Identity", $PolicyName) New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SafeLinksPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated SafeLink Policy' -sev Info } else { - $cmdparams.Add("Name", "SafeLinks Policy") + $cmdparams.Add("Name", $PolicyName) New-ExoRequest -tenantid $Tenant -cmdlet 'New-SafeLinksPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created SafeLink Policy' -sev Info } From 18ecf9bf3f2730b1f75fa69bbe35da68d8da15d0 Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 25 Mar 2024 12:49:50 +0100 Subject: [PATCH 154/243] Updated according to feedback --- .../Invoke-CIPPStandardAntiPhishPolicy.ps1 | 35 ++++++++++--------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 index 6bf3654f28d7..1bd6e70bebf0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 @@ -6,22 +6,23 @@ function Invoke-CIPPStandardAntiPhishPolicy { param($Tenant, $Settings) $AntiPhishPolicyState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishPolicy' | - Where-Object -Property Name -eq "Office365 AntiPhish Default" | + Where-Object -Property Name -eq $PolicyName | Select-Object Name, Enabled, PhishThresholdLevel, EnableMailboxIntelligence, EnableMailboxIntelligenceProtection, EnableSpoofIntelligence, EnableFirstContactSafetyTips, EnableSimilarUsersSafetyTips, EnableSimilarDomainsSafetyTips, EnableUnusualCharactersSafetyTips, EnableUnauthenticatedSender, EnableViaTag, MailboxIntelligenceProtectionAction, MailboxIntelligenceQuarantineTag + $PolicyName = "Default Anti-Phishing Policy" $StateIsCorrect = if ( - ($AntiPhishPolicyState.Name -eq "Office365 AntiPhish Default") -and - ($AntiPhishPolicyState.Enabled -eq $Settings.Enabled) -and + ($AntiPhishPolicyState.Name -eq $PolicyName) -and + ($AntiPhishPolicyState.Enabled -eq $true) -and ($AntiPhishPolicyState.PhishThresholdLevel -eq $Settings.PhishThresholdLevel) -and - ($AntiPhishPolicyState.EnableMailboxIntelligence -eq $Settings.EnableMailboxIntelligence) -and - ($AntiPhishPolicyState.EnableMailboxIntelligenceProtection -eq $Settings.EnableMailboxIntelligenceProtection) -and - ($AntiPhishPolicyState.EnableSpoofIntelligence -eq $Settings.EnableSpoofIntelligence) -and + ($AntiPhishPolicyState.EnableMailboxIntelligence -eq $true) -and + ($AntiPhishPolicyState.EnableMailboxIntelligenceProtection -eq $true) -and + ($AntiPhishPolicyState.EnableSpoofIntelligence -eq $true) -and ($AntiPhishPolicyState.EnableFirstContactSafetyTips -eq $Settings.EnableFirstContactSafetyTips) -and ($AntiPhishPolicyState.EnableSimilarUsersSafetyTips -eq $Settings.EnableSimilarUsersSafetyTips) -and ($AntiPhishPolicyState.EnableSimilarDomainsSafetyTips -eq $Settings.EnableSimilarDomainsSafetyTips) -and ($AntiPhishPolicyState.EnableUnusualCharactersSafetyTips -eq $Settings.EnableUnusualCharactersSafetyTips) -and - ($AntiPhishPolicyState.EnableUnauthenticatedSender -eq $Settings.EnableUnauthenticatedSender) -and - ($AntiPhishPolicyState.EnableViaTag -eq $Settings.EnableViaTag) -and + ($AntiPhishPolicyState.EnableUnauthenticatedSender -eq $true) -and + ($AntiPhishPolicyState.EnableViaTag -eq $true) -and ($AntiPhishPolicyState.MailboxIntelligenceProtectionAction -eq $Settings.MailboxIntelligenceProtectionAction) -and ($AntiPhishPolicyState.MailboxIntelligenceQuarantineTag -eq $Settings.MailboxIntelligenceQuarantineTag) ) { $true } else { $false } @@ -31,28 +32,28 @@ function Invoke-CIPPStandardAntiPhishPolicy { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy already exists.' -sev Info } else { $cmdparams = @{ - Enabled = $Settings.Enabled + Enabled = $true PhishThresholdLevel = $Settings.PhishThresholdLevel - EnableMailboxIntelligence = $Settings.EnableMailboxIntelligence - EnableMailboxIntelligenceProtection = $Settings.EnableMailboxIntelligenceProtection - EnableSpoofIntelligence = $Settings.EnableSpoofIntelligence + EnableMailboxIntelligence = $true + EnableMailboxIntelligenceProtection = $true + EnableSpoofIntelligence = $true EnableFirstContactSafetyTips = $Settings.EnableFirstContactSafetyTips EnableSimilarUsersSafetyTips = $Settings.EnableSimilarUsersSafetyTips EnableSimilarDomainsSafetyTips = $Settings.EnableSimilarDomainsSafetyTips EnableUnusualCharactersSafetyTips = $Settings.EnableUnusualCharactersSafetyTips - EnableUnauthenticatedSender = $Settings.EnableUnauthenticatedSender - EnableViaTag = $Settings.EnableViaTag + EnableUnauthenticatedSender = $true + EnableViaTag = $true MailboxIntelligenceProtectionAction = $Settings.MailboxIntelligenceProtectionAction MailboxIntelligenceQuarantineTag = $Settings.MailboxIntelligenceQuarantineTag } try { - if ($AntiPhishPolicyState.Name -eq "Office365 AntiPhish Default") { - $cmdparams.Add("Identity", "Office365 AntiPhish Default") + if ($AntiPhishPolicyState.Name -eq $PolicyName) { + $cmdparams.Add("Identity", $PolicyName) New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AntiPhishPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Anti-phishing Policy' -sev Info } else { - $cmdparams.Add("Name", "Office365 AntiPhish Default") + $cmdparams.Add("Name", $PolicyName) New-ExoRequest -tenantid $Tenant -cmdlet 'New-AntiPhishPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Anti-phishing Policy' -sev Info } From 9dc1e5a7a51e1c86e58d0cece723047ce1dbb8e6 Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 25 Mar 2024 12:54:31 +0100 Subject: [PATCH 155/243] Update Invoke-CIPPStandardSafeAttachmentPolicy.ps1 --- .../Invoke-CIPPStandardSafeAttachmentPolicy.ps1 | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 index a2f40f9d48d9..7e87fcab26a4 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 @@ -6,11 +6,12 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { param($Tenant, $Settings) $SafeAttachmentState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-SafeAttachmentPolicy' | - Where-Object -Property Name -eq $Settings.Name | + Where-Object -Property Name -eq $PolicyName | Select-Object Name, Enable, Action, QuarantineTag, Redirect, RedirectAddress + $PolicyName = "Default Safe Attachment Policy" $StateIsCorrect = if ( - ($SafeAttachmentState.Name -eq $Settings.Name) -and + ($SafeAttachmentState.Name -eq $PolicyName) -and ($SafeAttachmentState.Enable -eq $Settings.Enable) -and ($SafeAttachmentState.QuarantineTag -eq $Settings.QuarantineTag) -and ($SafeAttachmentState.Redirect -eq $Settings.Redirect) -and @@ -23,7 +24,7 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Safe Attachment Policy already exists.' -sev Info } else { $cmdparams = @{ - Identity = $Settings.Name + Identity = $PolicyName Enable = $Settings.Enable QuarantineTag = $Settings.QuarantineTag Redirect = $Settings.Redirect @@ -31,12 +32,12 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { } try { - if ($SafeAttachmentState.Name -eq $Settings.Name) { - $cmdparams.Add("Identity", $Settings.Name) + if ($SafeAttachmentState.Name -eq $PolicyName) { + $cmdparams.Add("Identity", $PolicyName) New-ExoRequest -tenantid $Tenant -cmdlet 'Set-SafeAttachmentPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Safe Attachment Policy' -sev Info } else { - $cmdparams.Add("Name", $Settings.Name) + $cmdparams.Add("Name", $PolicyName) New-ExoRequest -tenantid $Tenant -cmdlet 'New-SafeAttachmentPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Safe Attachment Policy' -sev Info } From 9070395d9493263ff596fb4a2e91e0c33dc8f94e Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 25 Mar 2024 12:55:52 +0100 Subject: [PATCH 156/243] Forced Defaults --- .../Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 index 9e99c455b3b2..75d78bc395b0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAtpPolicyForO365.ps1 @@ -9,8 +9,8 @@ function Invoke-CIPPStandardAtpPolicyForO365 { Select-Object EnableATPForSPOTeamsODB, EnableSafeDocs, AllowSafeDocsOpen $StateIsCorrect = if ( - ($AtpPolicyForO365State.EnableATPForSPOTeamsODB -eq $Settings.EnableATPForSPOTeamsODB) -and - ($AtpPolicyForO365State.EnableSafeDocs -eq $Settings.EnableSafeDocs) -and + ($AtpPolicyForO365State.EnableATPForSPOTeamsODB -eq $true) -and + ($AtpPolicyForO365State.EnableSafeDocs -eq $true) -and ($AtpPolicyForO365State.AllowSafeDocsOpen -eq $Settings.AllowSafeDocsOpen) ) { $true } else { $false } @@ -19,8 +19,8 @@ function Invoke-CIPPStandardAtpPolicyForO365 { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Atp Policy For O365 already set.' -sev Info } else { $cmdparams = @{ - EnableATPForSPOTeamsODB = $Settings.EnableATPForSPOTeamsODB - EnableSafeDocs = $Settings.EnableSafeDocs + EnableATPForSPOTeamsODB = $true + EnableSafeDocs = $true AllowSafeDocsOpen = $Settings.AllowSafeDocsOpen } From 64ab7fa12bdd9a03a254bd9be6aa6cca9023bddc Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 25 Mar 2024 13:02:47 +0100 Subject: [PATCH 157/243] Remove Identity from cmdparams --- .../Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 | 1 - 1 file changed, 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 index 7e87fcab26a4..f00866c433fb 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 @@ -24,7 +24,6 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Safe Attachment Policy already exists.' -sev Info } else { $cmdparams = @{ - Identity = $PolicyName Enable = $Settings.Enable QuarantineTag = $Settings.QuarantineTag Redirect = $Settings.Redirect From 1db6783978fff9ce4b4fed653c024b7e65d37820 Mon Sep 17 00:00:00 2001 From: Esco Date: Mon, 25 Mar 2024 13:22:23 +0100 Subject: [PATCH 158/243] Changed Enabled to True --- .../Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 index f00866c433fb..784e221b659f 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardSafeAttachmentPolicy.ps1 @@ -12,7 +12,7 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { $PolicyName = "Default Safe Attachment Policy" $StateIsCorrect = if ( ($SafeAttachmentState.Name -eq $PolicyName) -and - ($SafeAttachmentState.Enable -eq $Settings.Enable) -and + ($SafeAttachmentState.Enable -eq $true) -and ($SafeAttachmentState.QuarantineTag -eq $Settings.QuarantineTag) -and ($SafeAttachmentState.Redirect -eq $Settings.Redirect) -and ($SafeAttachmentState.RedirectAddress -eq $Settings.RedirectAddress) @@ -24,7 +24,7 @@ function Invoke-CIPPStandardSafeAttachmentPolicy { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Safe Attachment Policy already exists.' -sev Info } else { $cmdparams = @{ - Enable = $Settings.Enable + Enable = $true QuarantineTag = $Settings.QuarantineTag Redirect = $Settings.Redirect RedirectAddress = $Settings.RedirectAddress From da7d21806be2b2fcbfacfdfd3aac6b70c73dec3f Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 25 Mar 2024 10:58:39 -0400 Subject: [PATCH 159/243] Webhook subscriptions Add different paths for validation token/code --- .../Public/Entrypoints/Invoke-PublicWebhooks.ps1 | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 index 97c135235cd6..51e18586d925 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 @@ -18,10 +18,18 @@ function Invoke-PublicWebhooks { $body = 'This webhook is not authorized, its an old entry.' $StatusCode = [HttpStatusCode]::Forbidden } - if ($Request.query.ValidationToken -or $Request.body.validationCode) { - Write-Host 'Validation token received' + if ($Request.query.ValidationToken) { + Write-Host 'Validation token received - query ValidationToken' $body = $request.query.ValidationToken $StatusCode = [HttpStatusCode]::OK + } elseif ($Request.body.validationCode) { + Write-Host 'Validation token received - body validationCode' + $body = $request.body.validationCode + $StatusCode = [HttpStatusCode]::OK + } elseif ($Request.query.validationCode) { + Write-Host 'Validation token received - query validationCode' + $body = $request.query.validationCode + $StatusCode = [HttpStatusCode]::OK } else { Write-Host 'Received request' Write-Host "CIPPID: $($request.Query.CIPPID)" From aa5aadf3b6bf97b97785d1e5d23d44cccd314dae Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 25 Mar 2024 17:16:48 +0100 Subject: [PATCH 160/243] bulk user adds --- .../Public/Entrypoints/Invoke-AddUserBulk.ps1 | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-AddUserBulk.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUserBulk.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUserBulk.ps1 new file mode 100644 index 000000000000..14d52620943d --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUserBulk.ps1 @@ -0,0 +1,52 @@ +using namespace System.Net + +Function Invoke-AddUserBulk { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = 'AddUserBulk' + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $TenantFilter = $Request.body.TenantFilter + $Results = [System.Collections.ArrayList]@() + foreach ($userobj in $request.body.BulkUser) { + Write-Host 'PowerShell HTTP trigger function processed a request.' + try { + $password = if ($userobj.password) { $userobj.password } else { New-passwordString } + $UserprincipalName = "$($UserObj.mailNickName)@$($UserObj.domain)" + $BodyToship = $userobj + #Remove domain from body to ship + $BodyToship = $BodyToship | Select-Object * -ExcludeProperty password, domain + $BodyToship | Add-Member -NotePropertyName accountEnabled -NotePropertyValue $true -Force + $BodyToship | Add-Member -NotePropertyName userPrincipalName -NotePropertyValue $UserprincipalName -Force + $BodyToship | Add-Member -NotePropertyName passwordProfile -NotePropertyValue @{'password' = $password; 'forceChangePasswordNextSignIn' = $true } -Force + Write-Host "body is now: $($BodyToship | ConvertTo-Json -Depth 10 -Compress)" + if ($userobj.businessPhones) { $bodytoShip.businessPhones = @($userobj.businessPhones) } + $bodyToShip = ConvertTo-Json -Depth 10 -InputObject $BodyToship -Compress + Write-Host "Our body to ship is $bodyToShip" + $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/users' -tenantid $TenantFilter -type POST -body $BodyToship -verbose + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message "Created user $($userobj.displayname) with id $($GraphRequest.id) " -Sev 'Info' + $results.add("Created user $($UserprincipalName). Password is $password") + } catch { + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message "Failed to create user. Error:$($_.Exception.Message)" -Sev 'Error' + $body = $results.add("Failed to create user. $($_.Exception.Message)" ) + } + } + $body = [pscustomobject] @{ + 'Results' = @($results) + 'Username' = $UserprincipalName + 'Password' = $password + 'CopyFrom' = $copyFromResults + } + + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $Body + }) + +} From e310140a88d7f10839bf9007255c22a54cfe7a28 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 25 Mar 2024 12:39:48 -0400 Subject: [PATCH 161/243] move validation outside cippid check --- .../Entrypoints/Invoke-PublicWebhooks.ps1 | 204 +++++++++--------- 1 file changed, 102 insertions(+), 102 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 index 51e18586d925..38d6f00157bc 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 @@ -11,118 +11,118 @@ function Invoke-PublicWebhooks { Write-Host "CIPPID: $($request.Query.CIPPID)" $url = ($request.headers.'x-ms-original-url').split('/API') | Select-Object -First 1 Write-Host $url - if ($Request.Query.CIPPID -in $Webhooks.RowKey) { + if ($Webhooks.Resource -eq 'M365AuditLogs') { + Write-Host "Found M365AuditLogs - This is an old entry, we'll deny so Microsoft stops sending it." + $body = 'This webhook is not authorized, its an old entry.' + $StatusCode = [HttpStatusCode]::Forbidden + } + if ($Request.query.ValidationToken) { + Write-Host 'Validation token received - query ValidationToken' + $body = $request.query.ValidationToken + $StatusCode = [HttpStatusCode]::OK + } elseif ($Request.body.validationCode) { + Write-Host 'Validation token received - body validationCode' + $body = $request.body.validationCode + $StatusCode = [HttpStatusCode]::OK + } elseif ($Request.query.validationCode) { + Write-Host 'Validation token received - query validationCode' + $body = $request.query.validationCode + $StatusCode = [HttpStatusCode]::OK + } elseif ($Request.Query.CIPPID -in $Webhooks.RowKey) { Write-Host 'Found matching CIPPID' - if ($Webhooks.Resource -eq 'M365AuditLogs') { - Write-Host "Found M365AuditLogs - This is an old entry, we'll deny so Microsoft stops sending it." - $body = 'This webhook is not authorized, its an old entry.' - $StatusCode = [HttpStatusCode]::Forbidden - } - if ($Request.query.ValidationToken) { - Write-Host 'Validation token received - query ValidationToken' - $body = $request.query.ValidationToken - $StatusCode = [HttpStatusCode]::OK - } elseif ($Request.body.validationCode) { - Write-Host 'Validation token received - body validationCode' - $body = $request.body.validationCode - $StatusCode = [HttpStatusCode]::OK - } elseif ($Request.query.validationCode) { - Write-Host 'Validation token received - query validationCode' - $body = $request.query.validationCode - $StatusCode = [HttpStatusCode]::OK - } else { - Write-Host 'Received request' - Write-Host "CIPPID: $($request.Query.CIPPID)" - $url = ($request.headers.'x-ms-original-url').split('/API') | Select-Object -First 1 - Write-Host $url - $Webhookinfo = $Webhooks | Where-Object -Property RowKey -EQ $Request.query.CIPPID + Write-Host 'Received request' + Write-Host "CIPPID: $($request.Query.CIPPID)" + $url = ($request.headers.'x-ms-original-url').split('/API') | Select-Object -First 1 + Write-Host $url - if ($Request.Query.Type -eq 'GraphSubscription') { - # Graph Subscriptions - [pscustomobject]$ReceivedItem = $Request.Body.value - $Entity = [PSCustomObject]@{ - PartitionKey = 'Webhook' - RowKey = [string](New-Guid).Guid - Type = $Request.Query.Type - Data = [string]($ReceivedItem | ConvertTo-Json -Depth 10) - CIPPID = $Request.Query.CIPPID - WebhookInfo = [string]($WebhookInfo | ConvertTo-Json -Depth 10) - FunctionName = 'PublicWebhookProcess' - } - Add-CIPPAzDataTableEntity @WebhookIncoming -Entity $Entity - ## Push webhook data to queue - #Invoke-CippGraphWebhookProcessing -Data $ReceivedItem -CIPPID $request.Query.CIPPID -WebhookInfo $Webhookinfo + $Webhookinfo = $Webhooks | Where-Object -Property RowKey -EQ $Request.query.CIPPID - } else { - # Auditlog Subscriptions - try { - foreach ($ReceivedItem In ($Request.body)) { - $ReceivedItem = [pscustomobject]$ReceivedItem - Write-Host "Received Item: $($ReceivedItem | ConvertTo-Json -Depth 15 -Compress))" - $TenantFilter = (Get-Tenants | Where-Object -Property customerId -EQ $ReceivedItem.TenantId).defaultDomainName - Write-Host "Webhook TenantFilter: $TenantFilter" - $ConfigTable = get-cipptable -TableName 'SchedulerConfig' - $Alertconfig = Get-CIPPAzDataTableEntity @ConfigTable | Where-Object { $_.Tenant -eq $TenantFilter -or $_.Tenant -eq 'AllTenants' } - $Operations = @(($AlertConfig.if | ConvertFrom-Json -ErrorAction SilentlyContinue).selection) + 'UserLoggedIn' - $Webhookinfo = $Webhooks | Where-Object -Property RowKey -EQ $Request.query.CIPPID - #Increased download efficiency: only download the data we need for processing. Todo: Change this to load from table or dynamic source. - $MappingTable = [pscustomobject]@{ - 'UserLoggedIn' = 'Audit.AzureActiveDirectory' - 'Add member to role.' = 'Audit.AzureActiveDirectory' - 'Disable account.' = 'Audit.AzureActiveDirectory' - 'Update StsRefreshTokenValidFrom Timestamp.' = 'Audit.AzureActiveDirectory' - 'Enable account.' = 'Audit.AzureActiveDirectory' - 'Disable Strong Authentication.' = 'Audit.AzureActiveDirectory' - 'Reset user password.' = 'Audit.AzureActiveDirectory' - 'Add service principal.' = 'Audit.AzureActiveDirectory' - 'HostedIP' = 'Audit.AzureActiveDirectory' - 'badRepIP' = 'Audit.AzureActiveDirectory' - 'UserLoggedInFromUnknownLocation' = 'Audit.AzureActiveDirectory' - 'customfield' = 'AnyLog' - 'anyAlert' = 'AnyLog' - 'New-InboxRule' = 'Audit.Exchange' - 'Set-InboxRule' = 'Audit.Exchange' - } - #Compare $Operations to $MappingTable. If there is a match, we make a new variable called $LogsToDownload - #Example: $Operations = 'UserLoggedIn', 'Set-InboxRule' makes : $LogsToDownload = @('Audit.AzureActiveDirectory',Audit.Exchange) - $LogsToDownload = $Operations | Where-Object { $MappingTable.$_ } | ForEach-Object { $MappingTable.$_ } - Write-Host "Our operations: $Operations" - Write-Host "Logs to download: $LogsToDownload" - if ($ReceivedItem.ContentType -in $LogsToDownload -or 'AnyLog' -in $LogsToDownload) { - $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' - } else { - Write-Host "No data to download for $($ReceivedItem.ContentType)" - continue - } - Write-Host "Data found: $($data.count) items" - $DataToProcess = if ('anylog' -NotIn $LogsToDownload) { $Data | Where-Object -Property Operation -In $Operations } else { $Data } - Write-Host "Data to process found: $($DataToProcess.count) items" - foreach ($Item in $DataToProcess) { - Write-Host "Processing $($item.operation)" + if ($Request.Query.Type -eq 'GraphSubscription') { + # Graph Subscriptions + [pscustomobject]$ReceivedItem = $Request.Body.value + $Entity = [PSCustomObject]@{ + PartitionKey = 'Webhook' + RowKey = [string](New-Guid).Guid + Type = $Request.Query.Type + Data = [string]($ReceivedItem | ConvertTo-Json -Depth 10) + CIPPID = $Request.Query.CIPPID + WebhookInfo = [string]($WebhookInfo | ConvertTo-Json -Depth 10) + FunctionName = 'PublicWebhookProcess' + } + Add-CIPPAzDataTableEntity @WebhookIncoming -Entity $Entity + ## Push webhook data to queue + #Invoke-CippGraphWebhookProcessing -Data $ReceivedItem -CIPPID $request.Query.CIPPID -WebhookInfo $Webhookinfo - ## Push webhook data to table - $Entity = [PSCustomObject]@{ - PartitionKey = 'Webhook' - RowKey = [string](New-Guid).Guid - Type = 'AuditLog' - Data = [string]($Item | ConvertTo-Json -Depth 10) - CIPPURL = $CIPPURL - TenantFilter = $TenantFilter - FunctionName = 'PublicWebhookProcess' - } - Add-CIPPAzDataTableEntity @WebhookIncoming -Entity $Entity -Force - #Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url + } else { + # Auditlog Subscriptions + try { + foreach ($ReceivedItem In ($Request.body)) { + $ReceivedItem = [pscustomobject]$ReceivedItem + Write-Host "Received Item: $($ReceivedItem | ConvertTo-Json -Depth 15 -Compress))" + $TenantFilter = (Get-Tenants | Where-Object -Property customerId -EQ $ReceivedItem.TenantId).defaultDomainName + Write-Host "Webhook TenantFilter: $TenantFilter" + $ConfigTable = get-cipptable -TableName 'SchedulerConfig' + $Alertconfig = Get-CIPPAzDataTableEntity @ConfigTable | Where-Object { $_.Tenant -eq $TenantFilter -or $_.Tenant -eq 'AllTenants' } + $Operations = @(($AlertConfig.if | ConvertFrom-Json -ErrorAction SilentlyContinue).selection) + 'UserLoggedIn' + $Webhookinfo = $Webhooks | Where-Object -Property RowKey -EQ $Request.query.CIPPID + #Increased download efficiency: only download the data we need for processing. Todo: Change this to load from table or dynamic source. + $MappingTable = [pscustomobject]@{ + 'UserLoggedIn' = 'Audit.AzureActiveDirectory' + 'Add member to role.' = 'Audit.AzureActiveDirectory' + 'Disable account.' = 'Audit.AzureActiveDirectory' + 'Update StsRefreshTokenValidFrom Timestamp.' = 'Audit.AzureActiveDirectory' + 'Enable account.' = 'Audit.AzureActiveDirectory' + 'Disable Strong Authentication.' = 'Audit.AzureActiveDirectory' + 'Reset user password.' = 'Audit.AzureActiveDirectory' + 'Add service principal.' = 'Audit.AzureActiveDirectory' + 'HostedIP' = 'Audit.AzureActiveDirectory' + 'badRepIP' = 'Audit.AzureActiveDirectory' + 'UserLoggedInFromUnknownLocation' = 'Audit.AzureActiveDirectory' + 'customfield' = 'AnyLog' + 'anyAlert' = 'AnyLog' + 'New-InboxRule' = 'Audit.Exchange' + 'Set-InboxRule' = 'Audit.Exchange' + } + #Compare $Operations to $MappingTable. If there is a match, we make a new variable called $LogsToDownload + #Example: $Operations = 'UserLoggedIn', 'Set-InboxRule' makes : $LogsToDownload = @('Audit.AzureActiveDirectory',Audit.Exchange) + $LogsToDownload = $Operations | Where-Object { $MappingTable.$_ } | ForEach-Object { $MappingTable.$_ } + Write-Host "Our operations: $Operations" + Write-Host "Logs to download: $LogsToDownload" + if ($ReceivedItem.ContentType -in $LogsToDownload -or 'AnyLog' -in $LogsToDownload) { + $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' + } else { + Write-Host "No data to download for $($ReceivedItem.ContentType)" + continue + } + Write-Host "Data found: $($data.count) items" + $DataToProcess = if ('anylog' -NotIn $LogsToDownload) { $Data | Where-Object -Property Operation -In $Operations } else { $Data } + Write-Host "Data to process found: $($DataToProcess.count) items" + foreach ($Item in $DataToProcess) { + Write-Host "Processing $($item.operation)" + + ## Push webhook data to table + $Entity = [PSCustomObject]@{ + PartitionKey = 'Webhook' + RowKey = [string](New-Guid).Guid + Type = 'AuditLog' + Data = [string]($Item | ConvertTo-Json -Depth 10) + CIPPURL = $CIPPURL + TenantFilter = $TenantFilter + FunctionName = 'PublicWebhookProcess' } + Add-CIPPAzDataTableEntity @WebhookIncoming -Entity $Entity -Force + #Invoke-CippWebhookProcessing -TenantFilter $TenantFilter -Data $Item -CIPPPURL $url } - } catch { - Write-Host "Webhook Failed: $($_.Exception.Message). Line number $($_.InvocationInfo.ScriptLineNumber)" } + } catch { + Write-Host "Webhook Failed: $($_.Exception.Message). Line number $($_.InvocationInfo.ScriptLineNumber)" } - - $Body = 'Webhook Recieved' - $StatusCode = [HttpStatusCode]::OK } + + $Body = 'Webhook Recieved' + $StatusCode = [HttpStatusCode]::OK + } else { $Body = 'This webhook is not authorized.' $StatusCode = [HttpStatusCode]::Forbidden From 952a600713fd1fa49af191e23879fce5684406af Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 25 Mar 2024 18:41:57 -0400 Subject: [PATCH 162/243] Update Set-CIPPGDAPInviteGroups.ps1 --- Modules/CIPPCore/Public/Set-CIPPGDAPInviteGroups.ps1 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Set-CIPPGDAPInviteGroups.ps1 b/Modules/CIPPCore/Public/Set-CIPPGDAPInviteGroups.ps1 index e2ae2dba708d..a4c87ab9eb5c 100644 --- a/Modules/CIPPCore/Public/Set-CIPPGDAPInviteGroups.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPGDAPInviteGroups.ps1 @@ -6,8 +6,10 @@ function Set-CIPPGDAPInviteGroups { $Invite = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($Relationship.id)'" $APINAME = 'GDAPInvites' $RoleMappings = $Invite.RoleMappings | ConvertFrom-Json - - foreach ($role in $RoleMappings) { + $AccessAssignments = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$($Relationship.id)/accessAssignments" + foreach ($Role in $RoleMappings) { + # Skip mapping if group is present in relationship + if ($AccessAssignments.id -and $AccessAssignments.accessContainer.accessContainerid -contains $Role.GroupId ) { continue } try { $Mappingbody = ConvertTo-Json -Depth 10 -InputObject @{ 'accessContainer' = @{ From 6addfac0dc20a2b81e06f6b9939dc56c24be6a03 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 26 Mar 2024 12:30:45 +0100 Subject: [PATCH 163/243] add app protection policies --- .../Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 | 13 ++++++++----- .../Public/Entrypoints/Invoke-AddPolicy.ps1 | 9 +++++++++ 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 index d8e651ae36ad..1244cb396104 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 @@ -35,13 +35,17 @@ Function Invoke-AddIntuneTemplate { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created intune policy template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug' $body = [pscustomobject]@{'Results' = 'Successfully added template' } - } - else { + } else { $TenantFilter = $request.query.TenantFilter $URLName = $Request.query.URLName $ID = $request.query.id switch ($URLName) { - + 'managedAppPolicies' { + $Type = 'AppProtection' + $Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$($urlname)('$($ID)')" -tenantid $tenantfilter + $DisplayName = $template.displayName + $TemplateJson = ConvertTo-Json -InputObject $Template -Depth 10 -Compress + } 'configurationPolicies' { $Type = 'Catalog' $Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($urlname)('$($ID)')?`$expand=settings" -tenantid $tenantfilter | Select-Object name, description, settings, platforms, technologies, templateReference @@ -112,8 +116,7 @@ Function Invoke-AddIntuneTemplate { $body = [pscustomobject]@{'Results' = 'Successfully added template' } } - } - catch { + } catch { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Intune Template Deployment failed: $($_.Exception.Message)" -Sev 'Error' $body = [pscustomobject]@{'Results' = "Intune Template Deployment failed: $($_.Exception.Message)" } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 index ca5240804f3b..4112edd89ed7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 @@ -24,6 +24,15 @@ Function Invoke-AddPolicy { } try { switch ($Request.body.TemplateType) { + 'AppProtection' { + $TemplateType = ($RawJSON | ConvertFrom-Json).'@odata.type' -replace '#microsoft.graph.', '' + $TemplateTypeURL = "$($TemplateType)s" + $CheckExististing = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$TemplateTypeURL" -tenantid $tenant + if ($displayname -in $CheckExististing.displayName) { + Throw "Policy with Display Name $($Displayname) Already exists" + } + $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$TemplateTypeURL" -tenantid $tenant -type POST -body $RawJSON + } 'Admin' { $TemplateTypeURL = 'groupPolicyConfigurations' $CreateBody = '{"description":"' + $description + '","displayName":"' + $displayname + '","roleScopeTagIds":["0"]}' From 692c1a2ddca485a5d87f4fcb5c39a484f5c8529b Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 26 Mar 2024 14:54:26 +0100 Subject: [PATCH 164/243] Added Compliance Policies --- .../Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 | 6 ++++++ Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 | 8 ++++++++ 2 files changed, 14 insertions(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 index 1244cb396104..590d3c09e9d1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 @@ -40,6 +40,12 @@ Function Invoke-AddIntuneTemplate { $URLName = $Request.query.URLName $ID = $request.query.id switch ($URLName) { + 'deviceCompliancePolicies' { + $Type = 'deviceCompliancePolicies' + $Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($urlname)/$($ID)" -tenantid $tenantfilter + $DisplayName = $template.displayName + $TemplateJson = ConvertTo-Json -InputObject $Template -Depth 10 -Compress + } 'managedAppPolicies' { $Type = 'AppProtection' $Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$($urlname)('$($ID)')" -tenantid $tenantfilter diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 index 4112edd89ed7..c66333e60048 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 @@ -33,6 +33,14 @@ Function Invoke-AddPolicy { } $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$TemplateTypeURL" -tenantid $tenant -type POST -body $RawJSON } + 'deviceCompliancePolicies' { + $TemplateTypeURL = 'deviceCompliancePolicies' + $CheckExististing = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenant + if ($displayname -in $CheckExististing.displayName) { + Throw "Policy with Display Name $($Displayname) Already exists" + } + $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenant -type POST -body $RawJson + } 'Admin' { $TemplateTypeURL = 'groupPolicyConfigurations' $CreateBody = '{"description":"' + $description + '","displayName":"' + $displayname + '","roleScopeTagIds":["0"]}' From c026a00312ac69989a42ffe486bfa7732cafff4a Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 26 Mar 2024 16:19:12 +0100 Subject: [PATCH 165/243] allows deployment of compliance policies --- .../CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 | 2 +- Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 index 590d3c09e9d1..ca7815ec778b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 @@ -42,7 +42,7 @@ Function Invoke-AddIntuneTemplate { switch ($URLName) { 'deviceCompliancePolicies' { $Type = 'deviceCompliancePolicies' - $Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($urlname)/$($ID)" -tenantid $tenantfilter + $Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($urlname)/$($ID)?`$expand=scheduledActionsForRule(`$expand=scheduledActionConfigurations)" -tenantid $tenantfilter $DisplayName = $template.displayName $TemplateJson = ConvertTo-Json -InputObject $Template -Depth 10 -Compress } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 index c66333e60048..3cf7126bd8b4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 @@ -39,6 +39,10 @@ Function Invoke-AddPolicy { if ($displayname -in $CheckExististing.displayName) { Throw "Policy with Display Name $($Displayname) Already exists" } + $JSON = $RawJSON | ConvertFrom-Json | Select-Object * -ExcludeProperty id, createdDateTime, lastModifiedDateTime, version, 'scheduledActionsForRule@odata.context', '@odata.context' + $JSON.scheduledActionsForRule = @($JSON.scheduledActionsForRule | Select-Object * -ExcludeProperty 'scheduledActionConfigurations@odata.context') + $RawJSON = ConvertTo-Json -InputObject $JSON -Depth 20 -Compress + Write-Host $RawJSON $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenant -type POST -body $RawJson } 'Admin' { From 2fcf33b21b6da5eced1082e7ce73ade39a185106 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Tue, 26 Mar 2024 20:50:00 +0100 Subject: [PATCH 166/243] Standard for trusting external MFA in Cross-tenant access setting --- .../Invoke-CIPPStandardExternalMFATrusted.ps1 | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 new file mode 100644 index 000000000000..3b9df5cfb779 --- /dev/null +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardExternalMFATrusted.ps1 @@ -0,0 +1,44 @@ +function Invoke-CIPPStandardExternalMFATrusted { + <# + .FUNCTIONALITY + Internal + #> + param($Tenant, $Settings) + + $ExternalMFATrusted = (New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/policies/crossTenantAccessPolicy/default?$select=inboundTrust' -tenantid $Tenant) + $WantedState = if ($Settings.state -eq 'true') { $true } else { $false } + $StateMessage = if ($WantedState) { 'enabled' } else { 'disabled' } + + if ($Settings.remediate) { + + Write-Host 'Remediate External MFA Trusted' + if ($ExternalMFATrusted.inboundTrust.isMfaAccepted -eq $WantedState ) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "External MFA Trusted is already $StateMessage." -sev Info + } else { + try { + $NewBody = $ExternalMFATrusted + $NewBody.inboundTrust.isMfaAccepted = $WantedState + $NewBody = ConvertTo-Json -Depth 10 -InputObject $NewBody -Compress + $null = New-GraphPostRequest -tenantid $tenant -Uri 'https://graph.microsoft.com/v1.0/policies/crossTenantAccessPolicy/default' -Type patch -Body $NewBody -ContentType 'application/json' + Write-LogMessage -API 'Standards' -tenant $tenant -message "Set External MFA Trusted to $StateMessage." -sev Info + } catch { + Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set External MFA Trusted to $StateMessage. Error: $($_.exception.message)" -sev Error + } + } + } + + if ($Settings.alert) { + + if ($ExternalMFATrusted.inboundTrust.isMfaAccepted -eq $WantedState) { + Write-LogMessage -API 'Standards' -tenant $tenant -message "External MFA Trusted is $StateMessage." -sev Info + } else { + Write-LogMessage -API 'Standards' -tenant $tenant -message "External MFA Trusted is not $StateMessage." -sev Alert + } + + } + + if ($Settings.report) { + + Add-CIPPBPAField -FieldName 'ExternalMFATrusted' -FieldValue [bool]$ExternalMFATrusted.inboundTrust.isMfaAccepted -StoreAs bool -Tenant $tenant + } +} \ No newline at end of file From 17bb69cb12e9eb0ef38c5a71e94a9259eff50410 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 26 Mar 2024 21:14:53 +0100 Subject: [PATCH 167/243] dynamic lists --- .../Public/Entrypoints/Invoke-AddGroup.ps1 | 24 ++++++++++++------ .../Invoke-ListConditionalAccessPolicies.ps1 | 2 +- .../Invoke-CIPPStandardGroupTemplate.ps1 | 25 +++++++++++++------ 3 files changed, 35 insertions(+), 16 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddGroup.ps1 index 9794b0d51f3c..2a9d176a365e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddGroup.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddGroup.ps1 @@ -45,13 +45,23 @@ Function Invoke-AddGroup { } $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/groups' -tenantid $tenant -type POST -body (ConvertTo-Json -InputObject $BodyToship -Depth 10) -verbose } else { - $Params = @{ - Name = $groupobj.Displayname - Alias = $groupobj.username - Description = $groupobj.Description - PrimarySmtpAddress = $email - Type = $groupobj.groupType - RequireSenderAuthenticationEnabled = [bool]!$groupobj.AllowExternal + if ($groupobj.groupType -eq 'dynamicdistribution') { + $Params = @{ + Name = $groupobj.Displayname + RecipientFilter = $groupobj.membershipRules + PrimarySmtpAddress = $email + } + $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DynamicDistributionGroup' -cmdParams $params + } else { + $Params = @{ + Name = $groupobj.Displayname + Alias = $groupobj.username + Description = $groupobj.Description + PrimarySmtpAddress = $email + Type = $groupobj.groupType + RequireSenderAuthenticationEnabled = [bool]!$groupobj.AllowExternal + } + $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $params } $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $params # At some point add logic to use AddOwner/AddMember for New-DistributionGroup, but idk how we're going to brr that - rvdwegen diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicies.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicies.ps1 index affec8e72291..c093a8c4f009 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicies.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicies.ps1 @@ -243,7 +243,7 @@ function Get-ApplicationNameFromId { 4660504c-45b3-4674-a709-71951a6b0763 { $return = 'Microsoft Invitation Acceptance Portal' } ba23cd2a-306c-48f2-9d62-d3ecd372dfe4 { $return = 'OfficeGraph' } d52485ee-4609-4f6b-b3a3-68b6f841fa23 { $return = 'On-Premises Data Gateway Connector' } - 996def3d-b36c-4153-8607-a6fd3c01b89f { $return = 'Dynamics 365 for Financials' } + 996def3d-b36c-4153-8607-a6fd3c01b89f { $return = 's 365 for Financials' } b6b84568-6c01-4981-a80f-09da9a20bbed { $return = 'Microsoft Invoicing' } 9d3e55ba-79e0-4b7c-af50-dc460b81dca1 { $return = 'Microsoft Azure Data Catalog' } 4345a7b9-9a63-4910-a426-35363201d503 { $return = 'O365 Suite UX' } diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 index f07e54320d72..e2809c6f4bd9 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardGroupTemplate.ps1 @@ -32,15 +32,24 @@ function Invoke-CIPPStandardGroupTemplate { } $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/groups' -tenantid $tenant -type POST -body (ConvertTo-Json -InputObject $BodyToship -Depth 10) -verbose } else { - $Params = @{ - Name = $groupobj.Displayname - Alias = $groupobj.username - Description = $groupobj.Description - PrimarySmtpAddress = $email - Type = $groupobj.groupType - RequireSenderAuthenticationEnabled = [bool]!$groupobj.AllowExternal + if ($groupobj.groupType -eq 'dynamicdistribution') { + $Params = @{ + Name = $groupobj.Displayname + RecipientFilter = $groupobj.membershipRules + PrimarySmtpAddress = $email + } + $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DynamicDistributionGroup' -cmdParams $params + } else { + $Params = @{ + Name = $groupobj.Displayname + Alias = $groupobj.username + Description = $groupobj.Description + PrimarySmtpAddress = $email + Type = $groupobj.groupType + RequireSenderAuthenticationEnabled = [bool]!$groupobj.AllowExternal + } + $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $params } - $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $params } Write-LogMessage -user $request.headers.'x-ms-client-principal' -API 'Standards' -tenant $tenant -message "Created group $($groupobj.displayname) with id $($GraphRequest.id) " -Sev 'Info' From cad90c64f1f3edf8bc7a4e6b8d64a99708b661c5 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 27 Mar 2024 14:12:04 +0100 Subject: [PATCH 168/243] phishing test --- .../Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 index 68442e76a7b4..b0b37efd06cf 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 @@ -25,6 +25,12 @@ Function Invoke-PublicPhishingCheck { Write-Host 'Not being Phished, no issue' } else { $bytes = [Convert]::FromBase64String('iVBORw0KGgoAAAANSUhEUgAAAbEAAAFUCAIAAAAlO5XXAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAALCCSURBVHhe7X0HoCVZVW2/9zr36zQ9OTLDEERRklkx54AR9ZsjoIjpGwBBFBWzoKKIfFHMqKgfRBQUUD5iQJSkwDA5MDOdu18O96+w965z7+tmhmGGSWd13XN2WHufU6eq9q0b+r6p0Useuqmjo6OjQ5iOvqOjo6Oj18SOjo6OFr0mdnR0dAzoNbGjo6NjQK+JHR0dHQN6Tezo6OgY0GtiR0dHx4BeEzs6OjoG9JrY0dHRMaDXxI6Ojo4BvSZ2dHR0DOg1saOjo2NAr4kdHR0dA3pN7Ojo6BjQa2JHR0fHgF4TOzo6Ogb0mtjR0dExoNfEjo6OjgG9JnZ0dHQM6DWxo6OjIzHqNbGjo+N+jtGmTetoRxR6Tezo6Lg/guVvSi0ewjpUlsVeEzs6Ou4HcPlDi1tC3hViW6ewNjVY1Paa2NHRcZ8Ey56b3OJOUNtIN4airdvoijnqNbGjo+M+BJc51jjdAFJgpVPJQ/mDqiLoV8q8Q5yKMLv6584dHR33ZriiZe1j4VOZYysLqx66NE4w8YjKOJB7Tezo6Li3oaob7/hcy7Sx2JWcN4OwrFm1ME4rMjfWzV4TOzo67iWIMqeK5uqGB9Vsw7s+/upYTGwW4nW0+eUSX22viR0dHfdMqHKpV8GCgFfKKmR0aQs7NtU2yGuwu6yt0w7II1m6Q9ooNsoMYb3fJ3Z0dNxzoBoVBcs3eqxxUHXrR0HtGkoYSpsI0Ckkn0lUHMPoSofWRiq0OI9eLOd9pY39/cSOjo57AlieXKeoDDULYLWS4LqGlgSUNqvYUNQUnnWNRruCAAEElVFuolUbriD3mtjR0XF3wDWIm6uYChketLhstVsSvBWHeWxXICS6tNEChwS2qKH6kraUqIMRVRxuvSZ2dHR8SODKFa1qUCFKmD45AcMyKPWSlq5ptt6cwXZu+T6jiprUlKliAxk1FOUuP34hWXeXYDCVaGp7Tezo6LjroHLDDQ+0vjVDKwvlEetgFClFWPWLWdPCpbu8iLJX2QDnYQgDxDG5Kp35NXQaTYgRTWbh7Ojo6LjzMBQdtK41KFIqPZRVyOCKOgVVluCjyxSDUXbwaUSjnOViHmzTyfeI5mgg2ykrZ4wiOTZPAEaY+3dxOjo6PkhMuaCoRcWhgKrUtJum+Emx1fCmi2/zqd7RBaMLpQjORg6YCNetH4udQmyPPMl0nlBxB1pl1K1rn5Lz3jBDaHQqbP1z546OjjuAKjSsL6p3/oEZSFFligALFaqAK5GI8opGb5YzchyohCTYZRmVEbeElhXLljGDChc6RKFlEk0vOJpbxHpzNRSHgf39xI6OjtsP1hTVEbaqWaHabouLTlaZ4NjuAiQBJocwKmtZ1C9ZJHHQ8PqmD4TKY75kEIbX5jKGHYJvRc1X7eaOKDkJIjOzjGv9tXNHR8fpgDLBtopLtq5E3qqasPToZq0KDQVnKKNkC21Oy3bHq9oslN7CYjWj0FGusdKOafhDauhVbUXnBljFXkAo2ZPP/wTT0dHRYahsoHG5icKkosPykZXOLYUqcChDVWXqM2Kp2CBRSDJfbmcho9fGad3rqai1sRCoglllMUO4eYatJd9G9C2hLU7oPDBZNo0GTNhz6/eJHR0dRlQHbKoUrBGoHU0ZclWKsiImrDRKpl00mlVffAcHAQmDjCbTOXNtzCkCHhiFFpc2qA5MQoQ0EwuLZJuitormyZBvIfNHiO9t09K/i9PRcb+Ea5Y2FoJqXX2wqYui5lKCTWq0Uv25CjaSFYsHU7mVS5kosE7pdoyjOHOSsQFFpgX8/Ooiw6v1LZ7GhYAHVYdIgj1ypp3DeXNsbsOIaVLTa2JHx/0JLgHcJKMooGvrCGtWuibINqIDBy3sbGWxC5YgnCqtW4CyvihDrzl+nQumX3QrSjmUUy5mk+zaCj0ymyaBLg1kvmPtbWXkMQFtlXVuSNjfT+zouI9DhSOKglrfZMkjb9YmVAfT0Na9VdURgMZ0kZwtqwmEZMbNHewKc5Q3MmHSDSBa+sWhN/OQIAsE2qXAa9k5Kee07UUgwAw1H9OqdGpKnBuJEhTlcZkEDdT+fmJHx30QvsJ1tbMcqK3NRYpGlw9ZIbN1NATVFDMppEwvihE2FxTY1TJVDkeOvIAtHstDMI9DxDSBW1XDSuXRFcgRJTNE9mgzAx4Ml9GtXQz0raWM3FQZ2zl4aLv6/3fu6LjvoK75qFNZs9AN1zyMfpXaFo7yWlXJ820jVZOhgiCZDo/XvoCVwJ87rDyisZERgjeWJAsqRlGz/GafZshJmuNUGhoSm6bUUshJ1qBhlLveQMSjaF4WKHQ1n4+zZZJeEzs67s3gxYwLvClDVLX5Itd1npY08pVjU5u8oZSYBiXqpmUTlIe0TEXBxUs5EWILWlgdhSFQ+Fz7IoMiKafATYEACd5q2oiFnHOz3eG0eCARIDhDbdwLeZkfQrM5YcjOH5PsNbGj414CXL1uY3NRSIHeLC6WbRxcvvJbY8rc4IViGvpMZdk11Hy7gubYoaCQYzseFFT1pCdHZAe6jNrPhJkZne1o0cHCPCrTAz8Hiihs6cWj7NE2hIhKlclrPpxmr4kdHfdk6DL19YwOV7gvXWz+fINGMCSb5o3GIrsumKMkdKYXD8q+pRq3uKLF3VZVFlUQGys/Q1KGi7eHVk3WWCSbpjlAYKuyCIUq+xQU4iE4E02ek3QqpTW7hmCLbH67UN5YLtNMkGqL8zCnXkGTQ7HXxI6Oex58AfOK9U9gqRxEIYBdVzsFFRRe4L7CIaTF5SCM423UFwgVhVy2SOVdoThkWsiN/GyhQqKQfGeg3YI2PMqO1vxhc1pxADNZ1JAwyXiE7FiHSOATgypabEWArMlDgp00W0wQOZgg2GtLr4kdHfccxBWLh1uo+X09X6+4ekuN67/KIjZXCgmASwB0W0oGB5tyyN5UBOQ06JLKTeXYUVV0QlXRYZJ8jUyCp5Ec5lHrbTBqXMairRtAuQAIkEwAM8q0vObAjkpHTptHo3NNJAwJLatlBq+MZKpoc537b4V1dNyd4DXpi1lXpq9VtL7+YTEHAooC7558zZspO4uRBG/mD2UiaxlVbR6CglTyMWLOgVt55WY4LCZkrDyZ2UOo5e2YBJMBJkcHu+YZm5LgQUFTZQZsssRwVb/Mx5aLANCo/BBYLoupFh2FZrZVDS2zAnqeymwXHhD6/3fu6LgbwCtTW1y0LgRyULWlaYPmEMeqIkDilS+jtzWlcglwLLOmik1WblSTaQ5pVdok+yUnN9jTSKZTWXAGyZHHat55MVb3dFAhMCRltppzZPZw8lKQ14JSBhzFEBsdLoGWGkhjRes7SjYxOumyQEXHENv7fWJHx10NX5O8ArXxusWWF2Rcw2jhkmxXbDBO648ryRjZsK3H/REUh1gYCNqYWWktu40bK09ARhas5NhCWR0a5vSHLZI9SW6VNquny1wIsCAkN1gdztZGyRBUlIbNSTyKCUGWQKN4zk+m0taswljzgT1pdjkWi+CVpxHknG3/jKWj464CLzlddbgI60Ll5UdDXJB2iS1j0oKgyxWt7SawbWTaTVMS05hEAh682iXTLqYJtEBWfrvhssDGFhlcUzyHCNSUYmtV87FpPia7+pQLNLvsDb4FJaGMmeRrbXoRDruTSHB+E7BhCHQ1AQgy5LgK557mNPBgHtGYB+rw0n5q9JKH0tHR0fHBgxezrrS4LKf0t0pgTEv6dfmVYq9pVqHpCg+j5Cld0nhQppkCLYKNVtk63JDDRsged5gqG9lRHjyEIG4Injwh6zBbp2qpZfS+p2onRXst0xyqgbIVUIZwZAgEjIV1cDkrDFqTKsK9R7JK02K2rnKo7587d3TcccQV5XsZ33H4Ew9dmdws6JaEZN0E8R5Hgr1xy6Prk0KG+6aGsmMhO7k4EwI2EsTkfZkE5yTBw8lCQTkHo0g0gu9AqTQ6ecrclCHmBlVvGgLBtDf3Lt6OzFjAdqo5E/KtaoOvDYktVc4kW8e6pWo5d3nYENvYOdwEJ+eAtJD7+4kdHR8gcNn4WnJd8JUpE1UY00Kj3qqzbC9d9eEDNl2H3mCEKVw2Sh7ICCdJxrySQaMFqvmi0qWxSMjNcnkVFqMMZdRGNA4XAXAdcUIT4AqmE1q1BZtvxOoFaQ5acuviSkqhS3K5wLRMwQRtNuLhgcJbHPPrw2UN533BxqhMyBYjalAz++fOHR23C7yU8nJlBcGmqxrwxYYrKq46e3l1sSBC8uVHjhzMo2uSm2W1TmJCWGorl6Jal/MMsgPRSrexbSl4MpKrZIddAjrLgGm0SLWdWwYCGJRt2gHm1144PAgqTKTl6JTRmuxw55clkpuTa1IhXiUIOBxOW0wAAjcPJ5eN8PrwAU5IDrLJRHK/T+zo2AhdVrpydMHEdZXlgObmYqvq4Erka5JRcusyCybtuozjutWlWN4hIXONBbYbjCF7CCZqMuSIvuDpcip73WYtMGwPl1KxUOYodsHC4SBDKBoIUqGYhq2iLJTXRgq1XNg0T1IkOGG5aMxYdB5UooyNBbDsUTxuqXZxF2SB4qXDWgHkwJXe9f4ZS0dHABdnXmNsLfmKlYhLizAtr2RpkuXhFS7dRsJqyy+OBWTDrYkF0QgT8FB5MujFVauqYQxCpip+uKzWiLKUjKj4JCds7ILTWNiImZpmAUl1hPlsVRQs06g4VjO5ZQBNTDURGSB59yFpBylqubykwVHnPULLWdlusgs0nLkXaJ3Emc0MeDjDCUXe1F87d9yfwcsgt7gPwiYdF4xlvtSCqivKFl+ltviFmAkMh+K2+JmnbnlIboZjNr/I1XVuAlqoaJ3fqjkV5YRB9gTSiw0Ijo1oaybJh2QyZc8KnCwfMDqnZUT5bhFTgmkYS0N4FHiBWBOmJxwLtV0re9ECjJKFLVJJ9lsT5JisaXDasJijiuYkVjkcFFvE8XwqiV0OYUIYZYeMuWWqXhM77mfwZTDR+rKhN7e4chwCwUwL4tuCR1xLslDFlvWCtOadfraOlYqOE/DnsxJ4JTvKluSbzPyVB7HmqDTQmEmcn5XLJU95OCuncpsDVf3yHCCBxgKhKKd2FJ0aFJLDza/XpOR4DjTLa7tDyg5jjkUjNk8mczpVqM6Aze8J5EDRKtz7FZacDI1ZNAG4KtbGEDxhedlS7a+dO+4H4PmPR5aPgCRfxvDg8qiXh7yMcd34Ja0tiJaRNJvTZSBk7HWoSBBMpkWXHDkwpcUgYWJ0u2zRT+NUcmSkYFcyw5UoNQR0WWLClNMDsEd4tWsvpwETVCgeSAjBk5diCzSsU9rUWhHTRiAmnxb69VKXo6TF46JjFZNgp12WAYeEqgzt6BjIx9HzrDY4ZKQgoKfX0xO40r0mdtyH0V6xgAW0w2Uji0nlDZhjfqYKY7Yy0WcmMIRLHsum3nFAeEu3RSoalgYBxqCIltxBACyjbZJpwhoUOeOyh1toixHbHM9M132qmaEtNAWoLkmUxzzK35Q8y4xuBAd4ks5iOluPJdDpyUNujDbZLhJb5x+ySfaIYVFboxsgODPN/T6x4z6GOtV9ovMsr+swHCEMF0V7SaQdra4QJcm7D9sNE6pyGRFVNOmUU2hnUq0tE4Eel6Kvc4ECeJY3tKfIrJ11KhuB8J6qWATNI1a6qolpS/MgAJZrhuHCAuE+N3U2TVr3NRam5BZjuS6TMEGWtXIMbQZSbFYM1JAhoE1azZMWedFp0F4TO+7VyDPeF4nEOO9D1PWDcz19zcUA+HoQfLGFakJeLXEvQ0PAZG6YQCanVhez5sBrz3w8WloVUylsxPe+mNmmdaqSbTfNeZzQSahqGkEbegmylwWA7Hlu9FqI0WHXmwmtNwLbQQ2RSPCeWgozu9oLWzgEWtOcM8TAINghwR80B012NOyVocKR3AtLu/PbJ36QigxWr4kd9y7oZM6TO2xptGylBF0DFH0BFS0DrA40PhhLeyVFLzsFqeYPgtrhapTFhUnNAMitClBVmC9da2wzsghoY1Ag5QgSIZgCDW2dsidnG9miV6zUQo3uFurghaS06xaS4N23XOzW0hJqbt7rpCc8z7Jj9Dx8QB0L08hp4i2SIhqLcoMis6nY2rv+2rnj3gGcsjr7eZb7avF53LRGyGijyXPdyFhfbzQkP8hNXTvlrVYxAQgxpSS0LsMCs0mAyvwe3alylGFijlHbVjR7mUFOz9NcwuESw6hu+PKjbREcKiEXzRqL6+zkVnOgNoRCKdo1Z2WnDGxtdGev7NUjPzNjq9vPyEJ4ntDAGVQd62Al2RFubYzimTntQh4sJrMpDzAWWEKviR33ZAxXlE5YNlJ9/vok5nWF8z7tNo5dPGlMncLYZWOzvbBM847SGUQKDkBBxnBp6InLjAJ5gRIppMI+wzlPhzuDZTHRxzyzpBIghCRAQRIJUcQdUFPKdYDaThWIGiEXGW7Sol6qJyktanT4crYak8S69WOj/ZLA1oxm9MGVKLlc4HIFMg8w8JXKHGmTLrcRm4I3z8WwQKOZ6HtN7LiHACdlXHLNuUtZp2pcS5YlFqiKbTtF3SzEuV+XdzJptjEugyAWDQhvZrClSgOnZEmgy4L4lgNS2ODRzAQS5wC+6u+Q1gIeThWODMwkHsgrll8Zkl2E0G1R8lhDO0WgQTo5ttMUXtql0pEzRNvm58Fa11eUHJsCyTlzEstCwwCoZRnCpQKTrtR9hjibPUA4awjtFFUFovFTC2IZqLAa0TEOVNtrYsfdDZ+ccdaq9QkKhOBzPc/g8gKM1ak/KcCnRLS4CGojSjnlO032ZCo8IMR/VkvCWDZAnBIcW2oI4jvQUoVPCDVbI4xqicwJi3PHLmiIMMnHlcww9jJaqAyBmiegIgutQswjwUNQUatsg6UlaM2JzIyG8zRNfTBhUFRMwHz5gqP1tFotOnpxO29XQ/DQzFlPFCLENLx3TRtfzNSgaBk41Wtix4cePonz8uCjqRFAyHWalgUCzvgkV8tTOhlOC6tP9LBY1VUBG0Oai5+xjgJEUB9ezs11SiZa0oecFDMkjI4yzJFd15ttkc0qIZOjYjJSamLhUovOgU5IjuBRKFSCDUOMPQfAiyYKAfMwqllwhmqV1FP3WwrWHZIjyS415iPVUe1nI4D9HE5kqwWoHsIfiLmS+ogHU0NbgUARFqji2OOWFM9HeuzmxgyagzSj18SODwl8zuWpONYakEPVxckrQh1P3zBz85ltnae4YsAkX7KTsLUKsmgRCGNznZhsC7z2p3WsgthWSaimwF4Xm68ugKn0P16cudIONy/KMzFhZq4kIhBSIcZkGiP7SE1wBdDVvsgezrwzKr4JYVQgXZgzZih+wXYLJpeTghKGpdlZu6KG5rhsAbH9hITMYYRZnCIzG62R1nnh8hzscWt6Ka0XnbNVzmonloscW/pnLB13EeIMk+BuONdlYmNLmNlaQEdZ5zftjk3QKIJjKIgcV2AZGw7asDQXtj0yDwg5Y2NcqwnK0ulVtWXRMDM87IZYCbCTHl3SIGpKvkS9MjGuZDTBrACIjZexUENp8ssYQdHRCAL96a1bP1OqVQ61MnlEt3YZMe3GQjT7ng0BAWYV2CGVVR6Uia92Cx49hnBXu2CCU6A1R8aAFhkEJKdWMTkoMKyenKT0mthxl0BXBc/AONFs5bnoc9QtT+b0oiFX57Hhu6pQFaLevDib0UL1TYfLgfluiSbQye2ibTyQBircHEIh+kAQLLuThXI7kFU0sqDhRViBmja9oZNBWbqHCI7CrYbgXhxusjvWLkLZrHogAwLoLgcD2YTK08D1iEK2fA2rGsrxcw6eG73iscRIIE3ecqFRP4AnQJMBD2d21fPxrRDSMk+IktDInKoUEyimxbCIllPCywvrSpLoNbHjg0ee+nj4nLbFLja2yABAaE9ZuiCNV0DaTZCpskGzc8gpgi3M48AJQW1dG+6dwSpFZFPIQG4IBoWipb8Cx658ZYgE7dCZk3K1eIAjtaqAc1pGR4rywN7e3KF3mavEbCVZtQMyNpOLCdAohwl4OHMxOFyGY3OsBXoh2TJRv6KXUMUxyaGmYGuE5DqERVHtjMJrQYppFmoObtExPx05Q8vjXjRNde41seMOoU41nE3oecLZrkecc7bnmYenfX6AK9mhpkUqStWMn7g4a6XSkuF8WDYzOYYtbNNbxhjY79/XlSyLhZgzZEEettw2uKpjk/OpNoDMkG1MVCw9SistQEEZYpKqZPb6qrYyJJyYlcfSuOQ2QzvUm10YmgdFPhonUimgzUCIYVq0tQvmywhQwEOxwfSUcncI8WGMG0Mp9DaD0htz8SMGAsJeq5T2iQxMa8GjNDtLD9RYq14TO2434qTS+RQnXr78lDic7lB0eulUg08nHDVZIMUZiRNa3XBqNqAqZsgNSNYQlDOhSRBwbfiPxEvXMKkBnpWkrAWAJlBoyZ6AwVD5Yq8zqubgHTEghCwvECo6L4stCiGlaKdaEMtkes3NxENrG3BaPMDxN89bO+AuP5IaBsKj5dhek5QFCmfowMzEKCmDS8IpMjvA/IZAOQOtkoP5meM4OTjn0NlwIHTKE2VRDtoNMQEHYtw0RKDV1qjYXhM7Tg+dOfnsXZbm3PJ53HoDkPSrf3LL4BNOqmkRpfd0UMF0FRCO4KB+hVgZ9HAsABcziGCZBc5utxqo+EDrxHyUlWhpECoNgFlNzk1XIABaVUYO7UDN0AI9slMY66JPbRAMXsO5OOgiSe6swV7yxBCxDkaFeCkkRGZAKx+5TZsYK8QABSnhqjcWQc5feCR8A66ZAENC9fB6ZQD02OjXcJRFY0g4Ys6SIhWHG2wN06JpMkas+AYFu6wqkM+g3hGa8K/XxI4GODN4QTZVwOeKzyGeMe1FZVecTTrV0oGeZnW21QlKOa8lymwICKT4nE4LW1obHkSp1fragzxRC2AvC5JA9K5RrVZJQhYoaAd9Z0GMCzGiBJsLNVXaNVIEAsmnvx20kguVofIUmd5W1oMWcGtP02KauWy9Gpk7OPmmpOGERgyUc5M4rB5gYtDN8d5pziSLatWIM0ruYloOsyaPEX0zyAwio4XdfJMBCuVFo+EgOchwNkJeZpbXtqIhc4wl9JrYofOpTpASdSJSUYs+zstUjfDjUReYOLZLi85GPJTANsKqt5JjIAGqfVUvaCkkM4zqcIrz/ydoxLgSKrVeUw/VwWNZ9QyBsoRGhXl88QyRQYvfhkl+ICcWgnxBkEpZgRW1cQcR6KUIsiMqc9jCWDtFiySr9KokOTD2wjztF1vG0BAjUgxAFiWiINfa6kEM5VIJzWdmtHJ4PoUQa6DM7CyVwYActBLU2W4aDd6XBJOUT7ONdRNngu8+jCD2mni/hq8QI8/R4WRKQISRZ1RyCEt+rQRZJ1x7IlJN2VwKzanpy88hzD/xKkZSqONnMLY4xQseC73Gai8Ag1Gy2FbhVCVDix0R0EcCeFFJbVIbmR0uwXNjkvQmNzoasal4gKxQemm3pGnXPhpDrTFZ6uQ6qCU8DekWQkuZ8ExClFHeiWkbY4FWYah55sC1C9TKaEJoQzsM5EFtzyja841gNOTbiMacZNoLFUlqlTzDyJADOcRk+WVEk/aYkgC118T7E3BO+KTIcwJngs8n2HlyQJWRfp0dpllTr6rRQJTkAz7tJKPhED4dJUNiA45Lg+zsJPvkhuyQ8CZ8jakJlzljJ7Q5WXG4L00qM0UJJpTBIoJvhQDPloK8FhgFNK7y0Zta3TbaNETBILmSlzwM55Bm3ejVRU41o4AIkVdBPDYw2s5GacOlA2fj8J4AVJHNYTJJEeIRTVAIxFgfuoMAF6fqtGH2g7QYVBpaHwLvWhmNEJLtGbLRWOFVeCoERGxOG7qPe7mKAEFKZbDXQihB6zXxvg6dAEQJAM45n0Y+n9rTwmK16OI08kmjc3ooNynAy1YxZcTGIGcotaFZiMwSAQjBURRdKUTTjsWGGGZS/MYbRhHQ89o2Kkl6qSoVBbvwEJ8XapvEWtYLE6sFgk9JRsk0sst7z/H3HAIpg1s5AKt4wMLRMbQm4ZSGZUeFXV2VJ8c6algx/Z6C+bYQCoi1IjvM6Di9UOwZXD43KDZDBGfcAthIcuohiICNhFxeThvQ6LaTL45dsQtNQqvtrlkohL2snECvifc98HxhH+eQtLSpTb0s5QXKaAebPNXa87XNAPA0hYoNduphNKiJzCAHFs3WRnQSsbgVYIcxLrnMEIQmoZN43ytP8kQTBw4yk29/tbSbWb7yyoKmlhdowwmmYIs+xInVE5IVAquPfdYllIHQnPmQzpyZIULbadt+yl3AhpXRDjhJQFJlQCwo1DIDA9HJNRwmx3sHoZclguSykGmtJotGhChUadFB8diCDzrteKQRgEY+LLan3I4SRovyoqlj5310LCBCr4n3CWw8/Dy4ssZpDbl5p4YPnIg+F+teAPD5ZL5OLITTokCgTiaS/G0MnXweV0Hs4iR2WhHk0HCi0ZghEZV2KB69ODSXRX1MgwFqahqSBzva1qV2mFgaCXEYC1FWq5wwWulOLGe0QAjoTBOcgQIeCisXZUzJrtyRU0xJHRpsMa4JbSrAtBpCnGH+DUqFwAlUHs/Hh8xqmJMggSNolLK4i1kBfuUOQW3lz4jAYCRpcA/28bYFLTmivR6F808vwBO+nViSaSE7BTUUxaTB5zOie02894JXrA+qT8G8LOtK5rkuiwEmCY6iW4EwSvCZBLOTBCdhMQzw5Ys+8xFL4wTNszJyoOn2C9XqiwOBOcTUqR0u21saOfUumyGJgRbwQPjglgWPImRyIFxAE8J+QlXLPU3VBMoqKx69ncOY0RZ1cUtoFywlCCVQ2viuXCMbISjDRq9B1QTvVH0yBtRSRFc9Ia7eJIUMqVATzoRhaVQCxsw/MTe2loQSIWDj0uUhphxOCZpGHRoAIkbxofHaOiTImoNpcUQMy4qKOVPrNfHeAx8/HFQ/pfNQ4qC2P5SfoJgHGxgOvFU8ZIEw5JELsJrnR7Sk1ckk3S50YRSBrTOmEbKftyuEootCA7o8hwyv3WFC7KAujzjRHVsEWXyuO8o56JIURE+1iQIvZiIjkzSF3mYmTEt1ZOZwcMazjgJMCwIl2sMIMedgghdhMCYtxo6m2alxGjSubU7DdgACLbIzxHCAD8cEOUTNCitgQbEhZDZy5EWHhudhzscdD5MGIBktmmbCLaCKMj5J02RxYAiecc5BFMVqa1U8nM12GiVFhrJ78WV0lKxS+2cs93D4YBE+eDhsgg8kWh5HnXwB02Rvz362eaZS4bFPH3pnqEtL3iQK48w4X6GLFBb/xxVYYKNPQjMKQNFDVxLJ5lR4cSRKRdsyU4wLRnJwXKI0TxLQ0hEzMUeivJ6DaSQN86kJhEy3G6o0pMVOC7ZYoSAMq+FWAWiqHNPYjiiEpxmdmjllhIAyBOhgt0ecQuWEIIsJbS1zHqiAazRAsgnyomWgstEosmHRmYkmykMzWiQzqaqdUC23qkFZuo0xW6nYhikVPAEz2alFT3ZqJXuSyQG0Mr0m3iNRBy9OLJ0HFHQI0fqUDZqPq576fJag5fmd9jrwFc4gfxkQdp0f8rN1hgFSy06aqZBpDTXsmYrm6MKoh5togTGhTaXOQnEAz98CZy5tIHjmOX/a8WhlNxOrl0Z0FPDw/kKUxUvE9aznDNHaUTifxsVGXsh1UEiTDQgBRlcpWWjMWM/QOR0LhaeB7JWcRonogqaGHvGDCdhFx8CkJcVhkpkcgoczSgAqCoAw0DToMCt4MWenTSaNJiSJrlwl2z3B8EPRKjkzraJRlRcCw81PGYIPmSjJp4PyQKYhkgCIhdJr4j0DeUh8kHB+8IlXh5DQkQ5BPUBBx9IHOOxShiQZFU2bxOcBNgsKZJNzoE3MGFoWd5G5mRWbOq3Nq6ikOWGhtQMQ6yR25hjdhglX3ZhA1ss9CPa7cyVyW6kYq4E8LlWlHVT34ltwgP9fsL3GMFWBYoaEOVWnAnhd51hpIyBji18Msp4EuvKvwbRTcto1tKLZEoL7hhZeCM2Rjc6WZFLOQLbjquEerfeFKhUZk2MU053vZ8lJvn001OhhI0JtXOg4E7vw0OjtNE4xJTZC5XdC0CYuHIPHutfEuwljR0Lg6aKjVK44wIYOZOnsxVeTBQJye7wlGIx1hPI7Cl6cqfUmGq1mpsA8bZLoTyFAagPL4cwTGUJDp/mH6AxGuxeeKraG4CiElByuxgKEMJ6ZPxgDS+gUnJ8uXDASoNJuH2QJ5FDR3OT1JMOsLGwkwKwgqlhhoMooLa6AzfI6ahhOqFQG7DBwkjINs1VUyywjLeNJQm53B5rqPsD52Khp16xMrnXwAkqbnCTlHNrRlt2FkKNYph0WqNq1cOWg9LpvLB43mNgg5zQ8aLgMmFJrXWhqf7NB22vi3YFc/WiHq8vHE02eHK09nUQYLQi8lbDkkJaMh4Ip+Dp0oAVxGNucfCGVrBkGsnZULDsNaopDgp85oVXhJlwUDHG4v/ogRYYABfqSoMxWw4WmuZAo50Bhd4gteqQWAltxihhtEwiBahlSpW5Zuz+g+DBWYEUBkjE9iQEeQfGDrNWgQWTTvKeWmY3u0EONRp420MtiZSPZB7TOIQUOBBkppB1Nw+VGs1y2hJCjm0BBGYJoDht2DE+MGdE6PzZ1bPBAyfbv8WgyXC0dBS+RA+KJBwSfDGkHM1Rq0cqDR6+JHxJgrb30Pk2huLWLbaqUmzPAz9XpEdpjqUPrA19R4ZLqywwqU6U9O9lDDGGYFQTHaqqeNjwQ6GUTLiJGkjEz8CyUkTRxKknEi2nRNAN949ejieJkkFyyCdycnLaA7SElPLeaoUGm7WFQ2qQxM0xYZDnA8V4QG26jAPJht+KPJmgNSwQqqGLQY3Na+DmQrFQ9lpim2+gr3Ebbk8WOxhyIqmTsETmVbQjIHp0mDCGYtlVC8cSShVqAcg4UUBR7s/MIUmyY5rgzcxioyTacGzZmcgOrwZ+lkIkr4wROwoZAIGTvSwszxwbtNfGuQLvucTibQzIcAJqboyVdHiK82PDAk2DWF0KONo/bNBClMk4KYic4gJNEquJAzQserbQg0KJAikloXRRlZKCub/IbZnJlN+xKcA5STSB/oGZgcioVhehEcAZKmon4VkmxDMmryiBFuNxIoJFUhpSXgRAaewGyaTVoue0yOBN2mUo5/eRhGeEUS1BUeGX30yQQLnW2QB7mn/kNEiznBAIVbrsNJiOb3meg0fzkDIJd5uBhWZM3wog5K5XOCFrFatIqsFIZjmUroz3l9zGFHvaSM0lkq8lYlkCXwEWWUU57e028MxALOr6+tOschU4711vGWHvJoqZGe3njsLUHvrH40ioOm7LbKAtDFU7VjzwtLKiXZSMh7QTSNm/DeQjK68MuBzSB2lmg5gPg1Rn4uDDgzxfKEe6Zl2B7jFjD5QSKbGRJoZ1FQQ42tS/0SRZKADzVmiSJOWgsoLxhtCqhBZOIzwAROBO5mEGzlVWxkDVjyhWi/BIp1IjkJMsykTOUqNYMSjmWkXWNBruEoCe5QtjUxAT3aEHhrKWj8QxN5ugNSmvN5ProSA5XO3TOxEPUMeXDo6CHIC9RuyOLCQPKW/aJscYt1GLNe0384FCHYRAgaaFr3XlE5TYnlz5kS2JFbHuGFa1C0FHNE9QZ0JY3UjZ5sk8ypIgfLJWKNDaNMS3AIJjpieXoNUna87L3VqmgsLzqZsf7K/d4wiAGSgDKBRqiMEjo2SNfXU4c0eMmAahBOQHnafy22GWEBRKioKLVADFK8oKgWPCjNHt0eZM4cGhUCMCslj202RlOSJZfMhq5TGaowwUbzQkzHk3mSGujwmMlxRZFsg8TRM/ELgnRqmGPh36hJ9YlnGxJlOJBB0tlLmMKphlgtnPgqqbXizww8VAWTzVNWtiCLEUwC4BgmSl7TfzAgJXzuVWyj4HXVBa0lH0kIMlYF6pbCqJx86FtkkAcDiSpbOlKQpHpSTV1iSZkiZRtkCkkbeDUGaaEkNs50CKaND2sKwNRgswpDkSDE9P1V0OgBThWksjJMNsq3DPkVrMVBkumhclpsFFQN8wQcmYL2GuaVHTMhrqQ3rKXVyY2ZFrTkfZwno8JbsOCGSqHQa+MRTNCYNhghDTQyuVwjwjRiwCzhxOGfcdDfMCcIX8mN3h0RCQHQk4ycjZUGnM4mqmEvVquJF4dQJXuSRYBdJ0XghfQ1uY8pJYhiK1bYFuIlDzDctVABmU8cq/DpQ5nTa+JtwEdFCIWDkKsnZBL784nDVBnvF3t4QfCqA12yhkIwUZqZWTDzkKRC2FXC7S0IONQ6zyjakKxG5GCoyDlKJMhJkgE4I0FyX3MuIaTHTl5HZrvhSq+5VIDNVyOBd2vwQnEmNyEeVZo4XVRq+mZEuHWs6e9kYGaITDYRbIKtHwCkg6i5YGWqUuwjHkOBnSKpar5YwKG+4h1fpnSH5ZhWRoXpEFuRhwjtNOTJWS70JttSwoAGzxyl5m8dsHI5GKN29Hm7cJAMBlt1VDY65kpU0CIA6o9ogWiA4MSCK8S+i2biGrSSpHc3088JbjcvpCa92KAuKnRCtKARawrJigEhGD5HM2DR0KSspfdv4ygPGWPkInk6Ta5OBbY+rgC1HU2yGIjCPTILk+SgdQ9Iu2tnLDdcETsnY05umkmhIpW+UsFYPGUuDviF2Jfcg5UZQcshKqOTQ4dcLgmgDZcMvLIeji0VsMZSTAWdwoWKuENvjOgtVGgLJ0EAVoZYwY2ilDhbo0qZIDHlZTMZlBPT1JDUDtk9rSloKFdIfYCrcA0IigfHyab5ImFCx2Wy+8Ey1vMmJKMQYZRFc1GApn9+hqPNMbEXKYjMp2aCTYfsnQSQwLztT7DGrrO2pXzoSaFDTIrijYNbYjWa2IDrVicH4X2ZCVDbZwWbsSfPO206ESenfSGKXsHWs1wAno+eUKkpmykAbKKQtCYsZaDkBZqdNBC1TKbaAEK9LEdplF2NOnyTMJsy7hq9yBIdlTawkuLQ9IOUEhqJbEtzdqdZv25R3lzVOd3DVFyIEccBDm9LJFE9jJGeMnsBg5pZRlP7r2mW8eSLpdjQfkClFOv484QG/MUcqZAjVWhzeiGeyZpmVKDohCP4kHllFddWNJKMrla55qe+UCGABkRSgVaDqRMV7irTwFdO5BWdXjGsjH6QYAUo+TQw7GQkRlsQavCbY6E+3dNjGVCV4sIeLESsXymobHPxxiPOtjhJ5nPmTqDYeGWh5BtHWC0Ges2RhGzJmMXkbMy7XQhtMsHF8Anagm2xwRoIGx0YJuWsOpYzZ8Waslx55AaPfeacrNuEWIXHooKpr1Fy3g1SuKCYtWPmmeOS0Ghda4HwWkzp0mxVg4QGQLvRPwj/rDYKDsF8xNcE6nmjA0nlMwoTd6zogXkPCJUHZ6jhKUGpcGmkGNohXhcGvHIHXG24MvNEKAmTFKQGy3VTAvjUJqzRRdTtSuszd7hAYLtnokAb5TyzOg81iqPe2eO2JactDrERgkAZAbKxEYCDLwepcLLyWzMYFdG3B9ropfDa+GF8Ir4PIDuwwB47bzlkhFUc1mLTChW7mAXp1UBCnhwvJDJsS3lMCqmzVAEB3qsIEDQ817IMGYg904CZe0vCdYh+mzOVGDyPM5Yg6K8JlpuCXHqA002wIFllC1dxWHGlAcxcmDzghfN3soWaiqmQYv0skcshGAHrPHKaZ7JDA/KUdA1Mx+mLcMQJZfHiQXfMMMQ0kK+JDSR1g4PKrg3c7iklTneCkgvLDSqpaD5QNCD8BAtGexKSwKbpCfTi0NDBsZ+SR6GIyV23Bwik5hTvFCFEgy7YkyFD9CzF/baz/fwxHCZUw8344Hm2KE+RHReSaVisvtDTeQONysCYVgO9147e92LbD+8DFeG4WCnl0DCVDZ6Y9wKNEdtzcoWE4E678emLRfHKjk6giLI7Y2hM0NyhnyBWbsAwRYDRu6gTBC46ZxjkloxJ5NiC0MwYTNB81s/HkJeI1LFaReInDkQXGP7q8yRJx7hbTnByB6tR4dn4koGOLr2xQOZKc+gShHNA0llthDpKmbwBciKY1cTY+PVk485ZSFqOEBewDNkpZMQBCVsZ2tQlguCxx0LsQAxJ0M5W9i4Pj5eg5+g3I4oN1VMTv+dzuFjNOhpYSOVsKqtRnFCSaHSqyQ2Gz4rwkgGWxOs+YhEMjnYZDZ4x8cJtDKUIb+AMe+zNRELGouYh7bU2H0RLHv1KeAhYxwPGd0hMEW2kVMoAYBMZuMtpu0AzsX4I7k5ije8bkJHChUx24HKC0EH3Hbk8c0C1JDrBVrz/E/NIemCWojYHAstneY4iYx2mxPkzMlBdZI6ZLDnKLyi9EIyjM4ywZQa5po8CE2IGtHSGBahmO0bXgBFDcS0jYyOfDHGnlHo9g4RsbMmTwyaIXDJ01jAzb2zyeGcpAwZQASt5QteBBvQiqJW2WjXWTRBM0oAOLQI7NWxqZCJmZhc7bAQ9CZRAh6m2SRQ1m7CQ5fnKdjInJINEiw7lVra01KoiZSxnHG2CO7RIjpClDaSye1RKOYQYDLHfaYmaqcEr2mIG06UXAi61IbdS5Zr1BpTTGRCAAL8WsowDjR7NzxfFZ+qHBFiklRzysiDLY3MmlIyFRSC548NOls+CA9EkvJCTc+4YI5MaDwQbWlpQUKIEjQxjzDw61wXQgRT1Qcq16fZO1tIc2A50Di1BXYpQHQFFJHhuXdOZRmoq64sgGW4PHnLRrjUAm2UFTaZLWabk7fAdciJjaGZpGnDTqkHOB/TbLJAtryyka+xUhtgmS0epxrLFgOZYePqZraaDxuGDXxpNFrA4QNqqdvnAAcalIWqXGyYKOW29QGFVK1cCORwUmwBPFU84/Lrijz5Ghce4pOjW29HB8EuyzLKcG+uidiHuNvy/jS7BwxG7KgwHAwvENpcFMeaWWrItkuK46qc4PDwYPOrDw/UusRsgXByLEevxEqu631wDIQcV0NpPrIDFCpnE9gyixxMuQdjEcpeO2J7wqpYzY5I8L47NkZVY5dlg8aBQpTFpliEJNhl2aihaa/RpUOlUQFcMVjEpBuWrMIDGhVMhowPRwEcJxFgsdeHeGzvdAQ9Gc8KYIOHF0dyCLVcgvuweNoQcnckJkxwLxlSqGg9W4dHE63hJaqyQkuR6zh6XMhYMTroh4VCTVtRjqWmqLLAS1oy6UqNbbM48svuWMvZRbZGoOyuXPJ6zlarJWpK1jQxjO5jVzQaB9a9rSbWbhDaFTTsc+dlC2NSQg5gRWCEteFY8DJRzrVjm/WlqozbIDSrrLjxM8DUaAgKnmoJ5auKIK8PM5z2F3EiA5uUoVVI8HW6RGu7aHRbN3/DKVKyYdV2hwJje6rOu+P5MKf2J6YnGsNzAjGlZiZMPT6NWmHKNkqqoQGe306QRvbiONwm5hHBZHNsb/fdiAMB2KU5WGWjnBSbcNqkYhQagyuyo6QSyY99KWOmRe+TzbpzFkqkIPbkEDaWLm+cnxrafAeZAiXeEU7ECshtjqcXUJ4WTAWCbzWM3KOiRp5sB2cxW7VhWBxKuYRgygBLCBmL1nRs2Gt5AhbYWvLyqmXIveLvsdRSDGcqkLtB0QyvhUUI+dtqNOYOM4QRYUTrZwwZ1ErlGcksNKoPb8BnmExM4uHYa6BGRUeLh5CRz725GybzVteqNuQbpmSHmGxNEMmeIGgyzNbsb8FRBkM9XDtPZ+MjVHT0om9SyZ8hAoTwllFhbDKQdnud1m2qRvYE90iBPgThkoWBGcUl9EkP1XYAQvMd+yCrrXE9MeWI8CFWpuDYrQQGB0oVnphAftO+AEJwnAQqhyHZKiJjRCMnwFnh8DXzIVSqPBO65CUhvRQqw2DIPNka2UuwK73hslyLMOHVDOmyCntxcu/YNoy4jjKDPZbdIRwEryFXWG7mlJ9zgGQjbQHLbj3PYapoNc+6dfVkyNHV4SjyOTnqw3B23cP/H4t3wB0rRcpeAogQvCg4O62GBaTk8KFKVLWGNnkpWLYkuU50UnLJyktBbQRK5eqbk+S4VGwvZgJiWSC0E44jZXJlToGuMjqBVO8Xcwr2o6VgxS7TypZ7Z1q9VsqGmT29wcIZKFvz5gPtdotAf7NHDrFaqWiUFAlLlubwcNmY3nBRpKvGNZPaRkFyCMrpRTYqcxDgkqUCsXFlKoOZyhOy4NlCdXg5otdUWzvJGpeirmHWWaMZCxjkzFCBgNNODBo72DDtaQYnHEE5HZUkhMxgP2QMRCMUEcb4IQqSfMUNRpihtEypEyvjUbJkBchp/1OZfGCaQD6iRAsXGgllrJblUkk8ZynB596huefURO6wpouNsm70COrR2jJhtmxMCM4JhWqxsx/OQiHWC75cNYbIXrFo2DcqHr5mrHuhwy65DhgtNBCRk1LO0KeC2qA10/COp5YzFwF8dGw8DWwCe2e2LtjYZsOWE5EsFybDXjJ7hbQuhtSJqM0WM8PaJGFjo+C+FsEq/c4gFR1krwZcGCsl2R0Fr79r7RqtEMcazKYLw4DZOSwYYXSsryJ7JYUstELwJXBuAvcIcIqGD0B2/sErmaJV2cOfOy4PQcFri15Dt66BnJyCtTFbzpxQoPoBJUPgTHTDQeRsY3qesHdHCT00GzHBIUF3JLS3c87ahM1/cMYoAkBZOoeQyITJiTYXyjLTNoSQc5JWaREzkFOliwPdA2oi58ZJhVwqm2ZvIQ27JFCQoj1Je7ktKgYCOEM2tQAEGh2ug9RWSXs5EwV4Dra7TYPaclU2tBUb5uRXqnSgp0FzqOE8N1K8C7BmIICp1utuV1LA6sRUgbIYEMGPnxXRKDGEBbqZn1PL+QD05v145WMrfgjyQqBNmWUjn2vbhJEWYqPai74Z16h5hpqZ0XrylRwNmZKYVpec18oq20LanTlkv6qQamPI5lSSbNEAXjGHAIPg+HHBTIfTos1H3yy36KrgAg6MpwdA/NCa/bKz8tgVqyTE5CGlgN5n0cDJlsZcbXQ1Z8JqY7AUnOYYBcT3KMHJDIbt7TSKwJWpgzK4FZJSxBYNrVTIzAEZLaTmVU6FO5D93VATPQ/NWxo3TMjgleNpp5sT9YHPXWKs5dgNIhLYrgyA5ZaJwDrJbGdCtcEWQI4o6xAt1fraksM4p2flCTfOsBhU5UK4qzBpmh4pGQh1LJszuJXAPi30OnU0Aco2ttmEogXHeVI8hV2CVXpq0USz2F5UbmWN2I1Dl8TenFITYxZ0HteaE2oFY3poaqDMFpmLYEtI6UJfgYCZDlE7hJtTySGaE/5AGCu5HibQ3O5F0w1k0NTVuZq8mAk1CFjbfI2SfoJyDk2I70A1jSyaVTNplZ1o5gmQWSW4jfBYlFJNVwwkOy3uBMppB6hVoOYAhSP6RrJGVR8EIALUV7bMYyRFMCdNzoMmyg4DPyQ1sYY0MB9MBU/FdORuF7xqbOS1hRnwsNHXgDS25tgLpFoHr8ZqQ2jMFanjlP2AOGzlcBIHcvk0H3ltAVwXaGEToJxRhoemWjmVzKtC1YQhgoLnY8V2hoyPyHY8HOKwI7kOhKRhRL3GGRuX2TNEsaTJjlQcFDXd/JzPQGtami0olc68pNEZLQAavByzYhWCrb3RoxGtRIOBmryczZ6a5sNNkRbSQPKeFzO4iRoutMhAjqMEWzLNMPPwJw2AC3A+RxkNhbArZos8VGhiD7UOh2ChVGBwNVaIXoGQZWRWSMrG3bRD8zMBnaNiqcFsaMERLMs8kFtGiRBIQ872nbEEo2zw/krgCZbZ2EDOA2eOFxaA6gwDxAEpZjVkIkJoXLqU7sqaWDOIsQ3MUla0WBrunWbccihL9x5yrrZIdWwJNGewe2bzsRQtnSFZHeqImTICELAhzhbK9voksLU5DESuOBB9Dm1UYLIIy6S1szUNbck1rvfUosge1BZvBN3RV2e5HcsCjeKbQD/sEqLSAQ2hJmZ1TAYkO3/w8YAqARtfkNZNDccYMgOO8qwgUbDPt9Ky0JYuJpSfURKAEixFErUajRoNltyU4FYuT6O8TU8U2bOiTCWsxYRgL2g+3yIQsu/vmmegCBwfFw0MVmMgx9YRKYIUcqSEJYXBrmkMFmz1flHeQ1CEhLbuKmQEKGietLd7ZBWtfDaayQcsIvsQhMtDaDNEVAarDoREq02MSn8YB4Jdzpz5ZbIzjNxkjMknbSgI6O/0mugzGIjJadwY3vNAm9eGtGg5S00xPWJWuAChle2yJew6kPFOWXrb+bQC5RpXbZgbL4xFKCMeYUGLXoLbcm0MBHj+wa5LwnnceLZMQgNRJ0cZYUGyqFYyoSkNXo4lS/EDzX5RwEOWGBTw5OHJYAgmUNaDLnlt9/N87aCHLsGcugaUhi4mrBCYTCZbQjwIezlELlpa1VcG2ahFNxhbhLGSNEWKQQoMgkzIBtkER7SYMHpoNZJtjJ44HXMYQkY8ilmwvZ6icqZs7QpLk8EWG0OCVzKNomWjOUgxYShbSQiXBDZtHgEWqnjIJRObmjPhEDOTRQzSmCvMGtpZx8Z1Z0vZsRR+1RIknTYGLLAPHoWY6XAJ6b0zauIwkuUaD42PeqOaYGPZZRuXE5CZpCE4inZOf9gZt0AI6oI8MRBULRjtaEWgaOa44AYaWm+efOxXUPJiEA/2olmlLD9bG6UankCAkfKKEUOY7bZedAASeHknp8bCRuPGsbKLETNqoOXkJyuajI4azrb0ml8gWa29hVLtioQeuhkMRuyOd8RqzQptCYTDvWKtHWZJcA2j5BBlJMdjNXLkFBcIi+V4KJa91CYt20jADYiBUrA1mKVWCDoxvZhlt2IC85hph0k6KN6LSCUnUAJgLvfoVATm1MBD8nY3ZXf+qHcwikmnLP4bZFS9d0JkMN2Tj7gU1NWgg8CmOsITIMShSqssAkTOMOdJ1Z2ZwdA9meQaq8EdromZbmxIq0IdVxh40cIlFbBQbcxKOpvM4J0fCLZIwS4xoQm2OCpDjEHIFJXBowShCbcl7AmojMAeZVTQzavlNpSNlvLybKVY0zDHS2RbuJKQLO2mY9MSnZjl8n4VmS7ZKyGQvbwNjZQ6fDI7z0Y+W5xqVpMMhNeBJaQxIAtVupMpi+WCZbGG9cEDZDBxCIZ33Cuh4J7j1oKLw1j0ICtJ2IFWJivGskCLB5WPgWrpVUKaHVCCIu1CRyO2eoHcMtEkWb0sTWuMzdMPhXP/IGg324uL/pwkELJrxHgGi2xbVd52QYoMoLfFw9mMtqHETkGPXTbMl2UyNmfIKAemEVLsmgIdEvzUHRerkRY80IIGsk0OgcqEQXw/uN01MRIpZSWN5bZFAufhSUslxztW9tbYWNhL9Z4M+ymaQc3l3xa7PLow2NUDEEQJxXyKGyYQLhib191ypEvJbTehYCNQY4VXHcOFoOFhi5IgVXuo2GrpTPHVbVd0OWfPCnIQ0OU7TTE9pTA5msZbs4ICufbILVACgPmYz3CrsgMaVnuhdYOjmAFb1JIg1+CF3IwOxFjQHYVeCwJgIMN+INok10207QYsk3xtMFqugcJKiXNQL3hK6EXgzlZGIL1GTEZ+ilLbWbFtRvFRkyKmBcBRark+EBRVa+Wo4DvQMCFzBk1uEUOotjgUc608VhjrAJkJqRkuBLliZaQaMIrOzBSg6iiGbKIGrQpIl4fTWCa0IwIxDfHZymJbQMYhYeu6DZy+JnIMDzaeMYTUfXKwkUC+Ag2rRXbvI20lPUR4GxfEuAySZy/tSYPC5c7ZGhbYtoHsNswn1bQN04ucDcGWiesB5LpWrbrHowaNxsc1Ob4YrHkUDy1RKto8FWJWEoIgQAjZnfOMD9QSOBBrWBoFJ2frN/5h8sTGd99tGGz0gjTPIhFiwAWLM0eEkBaAfXlrtniIM1w24VC/YReCg0dzGtCYk2fmsku2p5jAEAifjbKQaXY0MppsJlqdAfbCSEEKXNwLCbVERgmQQtYoltF6TKqScpAgoPM8A1JjrIqNbmAy1vFyMSTJVCGj1Xv9ESugD5GMRkbT7GwmYlPhSIjrBSIMdrnlQGmKaWgCMTF5jArho2EiyoPYUiU12CV/wBiviTGeckEuUE5dZ6Mm5JmFmRID6Utjk4pm2SevkPANO0B7qRP27EJujXlswI+xMtDwoDWWVe8CjXnCDbALEHmIdgYoeHhQiW5j7+yy1RzLLVMtBRC8pvbKFy5NFVLQ5JVfU1IILRYEcrIbCAqpHXTOkKMfjJ62Y4f1sSAKNXVuwYkniaTVuAbGre+W83rzbZH4yBD7RR/tlDMwe2KQi4YkdYclgmcSc07EVCGNJycqlWTP36I1gItmu8iEVBJU8YcopWpXDJvrCwXFhiunbXKkpc8NMSbgoYSU2wk3PdrK0yY3ioNwfvqvbIWYmywQWy96a1zY9ZCDn+46DQAsCL35NEA9l32YlUME9j6FrMtijuWCk0RTXjPLfudgavS7H6Z8Hkb7IOkU07JiCkQQvBDeQ/PNUUNQaI6ihQiXzK5ZNbss2xlQrEcsIwSyRG6jIn/yig9Qbg4JwJx5v0ZV7cQo2JAz1gYuf+Rqsgb1UawQgCFllGPCO8A1xdC4NdZkiHwhCMhvI9pIIpf94TVBsu0UciU5QxE82+LQJouNbEwIX0SZZpsxNo2m5AWhRtlwKAvFtyA6yf4eDwXZPRl66VYrsPcQiqrhpMtbgslDl140Sg7wQFQ29OpMEzFQo3inTGCA5YRd4gacEHprD68Slp07jvyQZQcsGzT6/i4MhKMoiE+RpiYKD2W3wS0MXGHZw6TedqyG17/Y7MX0KIMgeCxYYmXkgtHppWSSEBWSO86x7Gs47pwh1DsTqIkP4Xjc25y0BcMC92R88EmCwn09WLbAx3Qml5eo/BJ82VBIewyn1hYKoGFuza0BjHWWpIFqHLMEnXK03hJsrBabHgTVXA16ZR+e+aHAmnYK0YtfM99wLLkjEjyiO+9ICLCGj01pMsRK1qCARbZNZq55Q7OdSweJI8nizvZEJcdAXCLl9E4DTFt5RFaXDR6ZvDjMYAFALFpbkum14riSW6Nhb9DslWVAkgdvqq3M1svu2GYIYKDBy/2ULKv3hWYJdGWe2BHRyNSDdqnwQPIyFsxxA6Z3Gai1haG+oE4nHuNDpCihXIo1gqAODe3okhleC4pqcgxtewh8WpYKhAyjvlWGzTvSLsggquM6WEzHxA5ajRC30rnaai3fxZga/bZeO8c8NN4wqGapfnw2aQ9AdZ97E97GzvVqo3Txh1sCxRwizA3fFrQwxMo2yWmXykyOkhJCBqIzOZh2REMMdikmFwZa8kCoSdbihFPdEOLWF5JltUBMElvxIfh1yoYMpfMczdvbGK75jg6NOf9hGYMadk8G0OWfTnRo5ZDILgQDsUGVqyYgJwMlWSUmwpvh+NBAEHgyJGAeC6/sgkUYYwc3LqlDpNIlNRYh85Rsb0ABpiSxlXTiOZVUtC2t8jQRuZ6SjVPIG2Ob2VoolZboA1Cx0V95UvBUy8hGecIOXWq87mkIQBRBLQg/6KeNkJOAQG5FpckWC7A7CVofd7Ya3QgCJGWIWGUymFlKWe56uCY2o3ISuQCU2Q0zq30eppg7TySHIWMaU+JeI34MrlZhIlBos/GmzGtpg8KDmyHuK4EFHgMx2/Re/ajFciAhNVsEyr4VLaGc6kxGi2xpC6MknUylIb8nbN2rlxlorJ1NypBKoKgQcvP6N8dxXh7SnDzJemRyyYYphoVQlaUhKhva2h2rbNgOiRVVe0FkHrYRHLJ33wei3VP3bMtir/YllnrDIuBZwQRyyAhOIXZBssPK6xCf6ZyPvU6tkySMAgc1QUaKzmwCjJ6AAgNNNnvRejMqf6WCxh1StnYUM9tYg17vbyOAbJmqYBoFq5kwFDTgm2OVTbSE7GNG02qJ5M1ogpdeKuTUS6sadPxjyUjSpijy3YCp0Yvw2rnB2ApK9jzRUkuL+hCm8wcHqQB+JQ4tSdg99C6IXCNx0MWZBxFC/RKJXEb06kwOLdO6jTsmOGARY3ClHCHyW/DdOL225J4CjqBK3nCAgwxgxPbDVp/NFWKmBTyUOXY8ATk4OYfQSBVDOSPGrWcIbxZr5PTKI8rhwUk+BIum1RxqegSM+Q6p+eFtwkNVHx457AXfFs8q4NgmiduAw9uVETM9wwy5sE0SdopiL5MHjflIJjwZG2UIeeJYQE17oFyOcJLKZn5llhCxsvvXqmGpu3iDTjHDIjJaZ6DBqpxA2dlCRi+hbAXPn4I7c8aNoaGTFzPh+SA1fdVTqMkUy6ci1XYXEgwJkWj3pY31JWx77SCaFNnRfjdDNZETqtl40tjz5jKjWYThZLIqgjl0yRiulMXlllqgTRhMtMWRWscbsNgYKE+oBqPyzHDiGki2aGOGkKnImjI54jfz0qEFiiBYoM3Z1E6MJbf6do9q9IpNIymisUk7G1ItNsNRCWOp7GBkObGZfcwfEDvCMVsZZJt0oQ2vOxEGr5EypuQrzdyg5XQoSIXOVhZZx5ZLBgmwZ+mH7mwU05JNkxBDK1VwAAdalBxpHJ6paM9ACLKlEcmTTFfSgmSvWhbunLBsbAEeBEsOVE62NpXcCjpwlE2WEBaJ7kyumdtilX64igyUHY90hFfzt32slKOTKzTLXofMw9Z7LVfYrTU3PYHxbHBQG5vlPQFToxc+WHOFrJnF9HL2bLSrQFgm9hNyrkXYla3lILB9FWwOuqLZwpaPQIkWQvUKtsnHp8c8dVnaKxWwf2glsUm3XQD3sTm/iVyQMRoeLQewV7pfMngCMY1WFSLQUYlWBqyixcYM469E6KUjvF7jyN8uuGChVdvDVGcw7cxCY6jWclAK7lPlBGwSaG+NamGkzUlsUWZMswCLjfJnpzyOoqERIELyzIFKFeFGE0VN2dohYBlUCDkWrCFkYC3XQI7+9MLE6BKHpW5yAhQ0es3HFqO1cGINuM6yDPxctCG/kkJmbHIgeNHKZg5UPsPJyLXNbLF0TqsYRjkg+zjv/BxpazSBVr7nYWr0m7hPbHZpcgewz1nOYByzKyR2Ho2WyTR66YwWiBVsLBC8vpYJrThAJkpSvjg1SgA84SKDHhYNBHC+jm0GbVtRQzmFV/vCI6oklpNOeGibSGhd0ceUJNHo3TebnORlT5Cm4YJsr1XxuLN1qqW3MNCsqgUgIArgXqTV5I3MAtaQn356rJzDxBAALXr+sCfs7rynCSxIZMvTia1j/PxBkgiyB1mWyG9vstBi87ghSWCgGBYY6+QyW0gKEUKOSNVR6BUoc9IgZHAFRpNH1rFxEsroZUdDOSKIVvAkGWsBVlE9XA1aMKd2rUY3JqMsSxvLJLsXFgIpDbMWHGCgxiIt+WTSND7VZgi2mfBegqnRb+i1c+ykbAZkq1wILzcs9QTbrqMFyRbabG4NXQvDQju2CBSa5Ruzj08jaFA0DdzU8M1KJ5cfoKDkHCUtNjLK5Lo4jRx9zIJW82zLIttcCm8Dcm4e10xCU6VRAaxrlc4uiQAE76wHHRwpOj+jzJSDRvSyA2EXMWj6zsRgVxLLA5qCCwS/MgvoPTcrE+NSjj5DvMIai2NqZwMyhebJFJnUGAgiDhQ7RegRrQ8KmWhxGkzx3e0YoskAlQkFRzupRzHch8WxsgAbXfb6LekiABRydIzrwxdCA/gdwrlBds40Gubwhh3It+zRxEUkM1vvmvRhPrKY4xhahDACDixLk2fgWFbadLLzslNNfnmLwyjL9zJMjX5d94lju1QH1aeXrCBwIVxEqKRQS58ZDCWQBSto2eSwBpgzVQ+KRn2yUq+ZsHGqZghaCu3RVZTPPLM9ChOKAGRPDLKStGo2g3FCJaC088SWO0iZ/QCrg7H2Is85WmQALMDI6gA1jw5lWQAI3FPvGlzpcF80SA4EmdnGmZUzpi3vECuXMRg9aBPCPt1FK0FUXeQQJA8cSzmlwV6dXIwdM/CBcceWWj4ZiEFAgBbRu0Z4xYxGRj/MJ7ls8VAsR0yOvcCQNvtyGVAR4mJHVy5v0cYEZ8Nmvny+amyOt1Jy0GF0tBt2P1SPKCb56Isn+IIF4LXLwzEhuhoiCY1hEO61mBo9/8HaDe2KF4hC9JQg2xxXY6NyLXI92OChQ0SXjaJ61RyedGJCQBtH2uz8wh3UOiSwD5P0wVBGt9CdBIjZVu0wgaa4Y2qPJQUnARrBLVSLRKoRK5XTK446NjVtqeFN2MJxxHGSONc1OvnNDK2Grk/2AzmBKDFACly9nKqPSGS2vVbPFsByqk5L0flpI2jBQ2TCnAQTZhSHEBONOdQkDVe18sRAQhhLt1g5yzJ0EmryMhhjMjJgUEqya3qOKxUyF2rc4iRsk20L5GFVbfL0JAcnBbTBsteKWyX0OpTNsjtPm2ozlgVrY0y1YQFMlggEGWFSbEfLPJXZqs9GEQiRybGch6/QyvdyTI1+zTURqDVqdjhWASgLjkRek0HTMQCRRpN0PhUakbLJNCJc+WkRyV6A2SamIZmW9pALw1g1bjMB9LFHmcRWDx3ImuJXHzFKDco+aI6i2jjCm0Konuc4AXDaskOloaWJEHIaSSN7sMfVm3PwcF4xG9jSFLKNtQ7k2wStkqAPngTvguGhxQxjyiKGMVwCMnjvSDOZipC8OMobJg+EkHpkGB+L+aWERT5YeDRt8TFNArqYQ+hhgRYrE7Yxy1is2pqqDANI0IGpZYwo0zLATmez2SgOmxxibAxcetijCaZEjxKjh5OtHoSNsHp9mF9zI81GOGWJCHV2MbnmQ3ZzX3JfxNToVx4UYiyEd977DAHWZt3HXHXkwjcIBgm2O9ydVURBqoNHRbIyoOXNnV8VJIGijxb1ZmLlYidZHTLVhQE15jaRofiAOYDnEL2QLqgtv7JJDFoRwtWcUoQIdtlmMwChLBUS4SZkEhJ0bQRMBtC299HZhcV5JGPf0ZvQtrDGN3igJ4ONlouTCZ2I6yo0CpTx8BAWaWKgZWpKKzPBuUl15iqRUDGRcMhCORqCHvCbD+J8ShhFI5q0kN2i4emRvMhmiw9iHaCkTcwhvAqEqwRCU4JclvZkc+tn3+DIamZlszHHjNawK+a5QTVKpsdDSOFSWE5OnQxWLZPWXoM1j/s+pkbPU03k/mq3J3acqo+WHcmhxRdPnltFAYYoUXhyAwqUjTKjdFqgHXtrzFna4y3YNWQTamJslC0MeCiDnAMG16nONghyyiIpXO7kgBhGYZB9fWpNJjiEAtlnEtLGFw1wFRi7r7Ggxawzm1GyhCoZiITK3KaOQcUHmRb5PZwJSqBDaqYYHtHhUJ3ftICH1hFsCwoCeVFJjZwRMAiGk8eEIdqtJIS6QZ7Oj8U8Q2fOcdF60Bo6sgE+OpqG6fbUuNCRxy7KshFOUqkgoHUeD21YbplOFRnZ0KlADuQhFA7+kAcQv3q4KhAs7T3lYKlrp2ECHkhbfLSEI9VQzDk4VUyJ0uBK0/0KU6PnVk1Eq1XwImKNeJZ7sbxwEqBKDLJhb70DSDnX2q27kDMQDXufxzRIz7EGmiw+Zo2ZHQXpMRkxaZQsyU1a1HsveOXolKFFlOyiZ1tJUqCcbUxJLrZhjT7gSQomD0+/7bTVDpaEL28a7PWgyYygjDV81KymjQTSkunyXaMDXv8huVRGoQ1F9pw5XBECTXyXcoCyLFaBVvCYVihkHgIW7W9qQwtMqpY8W+0CLJHcRtqSj87L1QzqgUxwa0DGppRBjsxJioNSixOjEug9mRhI8JJiY0gzSRMGS0LcYQjlG8iE8rSO8ObZQlVJbQcgwOWZW41ZCZZNuN9javRLD4r1AmqZKLBL2Ys7fhKw12EzoNJrCY1TbYxNl0QJOE7yuK0zD7BolwXmScJwftjlc8tZohnactmSJqkT+2XVkFSqBRIzkOo4B6hCNgwainbWQ9gCSGUbFNnKlcYxr1qAghRncMJhfaIPGpz+uS1slT+aVCsEEHEY3iEQ66DTSz28gwqc/iV87X6GRguwOJYCQcWyxkJIlV3AuxkqOtEoSvYQlQwwP0xq0dvGIZIXw6U6oKkX9laQx6LOQksrLRLpjQeRvQRxJieph+dAxdmiJ3hqQW5c5aOtdionkDMSZIpYG+UIb0dgavSLl+cxMLRC9Xyi03KAl4/8XEj01NSxldfHpgB7DWG7oyzYEldaBg5DpNFpIcWpmXwDPTS7PHN72JaqigDBqUwgNgyKxiI17Vd47PV52VrYDFNlr84todkGTfyJ/YVYSx1eSAoZZIcYKXOIBMlqKadUfnpzuMHovfPcZGXCXCjpkbQSArzSHOhpY0Gadz/Mcpw7WpSBWs3BR8FRNoFQf+RIR7PIAIVShKFATHqoDnyPC36SGGUp94staElw7ygam5nbRdlPMGpszC7WB6p3uezeZU8bRh/xYRGkAg6BLdZZqlOBTE3JZU6MJylmXSzeO/XiZIaODZga/QJeO+fqDCvoBg+tXS23j1/S5XLfLDF6MlNmi5OgfidiIklm4DGT6kyWh6/j+JGcdjjDGjJzFBDyfIXmK4FzQAvZBLRCnPEYVwJPUwhVFPhgM5ziopFPj/1Dy1EUKDofbCsWonxMYoI6JPflYYTdQjEziVv2yQsaTCkHv1xopA4rb2MJuVxozbQGQPAeEbn7AC2y2hUEW0QgMpAWSGppgeA3EOijBYRhFHHdmWzXGEcdjX6X0FbtWhEoeCaQJZhGfqMyrasPFUY5sAaVzgaW9iMdYCDQLUv6YgjJfrekXECJMDKBkgzGpm0By8DxuJQoQ8TEpAXanBDbE6zj/WJq9POXc82wdjxmWDxg4vDI7oPnp7jw+hlPSh0h0Cg3iAzR0Fsh6H2GheAr06Mr4XBch1HZp0hYtj+m4UBDMmw0OFXRLOMhNVxqgTqDi+w+aE0GCFbRtpywh9gQoJivnlejZCotU8bKYCMAe5zftkQKyXZAkIv5lQQQJbMxb8howQGGaQA63GxtVELA3uAU/DyUcKCjvIYxEMz500dhtJd0iTWleEyOW4hDo+kFJMXTYSUEbIFSp9b4s92QpEaH7viaP5uwuI+u2UH2JmTryThE7shM0a4cEZA/1r8INoITxwUP8SNzwnOokNqLcVbH7cfU6Ofw2rmWD53ffk6VxzvviWjXQSULLpHVEFB5/CSoCyY5eYTQ8qqQiyF6OMoCOQ4UzbFszc9AWIJmNQW09YcukSFQUYZcnk/Y0WkIqm3ptz1IBEVZHB4WgYIVETx/8ynYKD87DWeUAFCWbmMkycG8dJRxjNJoZmhFrjlAM0OQh23Z6M0QtHSNq+TUvkzIakkDGX3otDMazObFATDBN89RtFhgE22x2KJrFg0YmJJiYuLUDAEKGsUj1EBoQ3ZaGU2o37hWF0KRDYtIS7v0EGQsjCWRWJ0z1HE0aBTZtmoHVs0kQTF3AS6Eh7HjDmJq9DO4T/Qi1nKjtYomT7VQB6da2R1ki7tS7TIo6OykVKep0tFlYyi0qx/U4UT3fAxUQH8DRkTb67RgEo3CENwg1Bv/aCGLANEnMV0SKDetzdjCr9ExxMTV7ulNjgjUoAIzqPNwdkXy8FH1EBTggi+ThIUPCnqokXdQs2UHpmZFjp7uwgVIKtVCq2LjxFI1ykghd6RAUUbb23DKckGILx7LPUSPq0MqPdVZsAOCuLLU3tltVXDPtiGMDTo+IkC5jHh40I18CEBzcIOQgls4dW4GYmIOUR5sdeYEoEJWJAR7ocY+KoQcU/CwRGvHnYKp0XMeqKX3wdPK+kgAuoKG1eahguJjRl1tvQcnb0tGkvaEAJIlmqlKxUvFsoaMgWTxqVBnOezObINnEnKGkBN9uEIpFYLyBMQuFyTLbhkKS1tS00WmLGg4calM5gwioYGR65lDDPsihFFtAWpZar+GHQQ8tAdq1sczgZaskLkLOsoKcBMt4FQUpAKTgsP1TOBsZSSaCVQqylL5bppp0M30UoimhjlrAcsIQMBW9grhIHywpU12q4ajxp63HOtj4QiSFOKzzkZDLvcI1FABjzshW7AZLUOl0kJFRhM0Sdg0pizCIJAaOhpmNhTuQJ2MHXcRpkY/9UD2w4HIs7aOAY1upQ9etGnnYRYPTfiLkybKvjxwkjmPwKNrmhDhKVdrUJaOPOjjamkYFnnpmibVXVwhkCWEC8L4SQ9Qzh2UOHRO4vM7CBkZvXLRaxVQKqgxW1nYSPZ6hpcGoZjiOtDe4lBIpYxAyMqmuVjLNqcXaqHqXUaxFcOLyQnkQkGOzw00N3YyqpdqOfToU9OuNS5kiCHSwtZHMN/JGc4W2wFNaUwwTcnHXBkLmaLUJPJR4Z6JCYD71NJLSVFyQazqxl0QYZBFM8j3uiUnIOZYiAiESGPGIazjLsLU6CezJnrReWDYjx0GHxVCFpx50GibOJb0xdvYhi2ghkEdGtkiPHwyDSpkCdbILlnDeZ7DxARa8BDZqtvaqYHf5CcB9o23gRY0nEhq2tHDnBwBllDlo9ogBpW3QnhVedGUNgaSQY/JC9Vz4JZFKixBEZwqYXLITp4TiFhbBRIzIbzU5DIHFlcBc2xHX0kcTgsEq3zei4Jie3iBHKiskQewKoGTlA2wAI5dBuVkoOfE0NUwSmsBxopli6naUiEyOg5oBVJqeoJFW5rRArQrYVg0Coz1vnwLqhp3mI8xweu4azE1evZlsfo8GLn+cRTqRAEkQCxaCcT4IeST+YQrFLrG3sNG08T61IfqCxWAWrKurIhqeoJRIQasOtayT9yaWT29Y6shpCQziARpNSu0YQ4GGprr46mGQMHDREOUMSw5uq+WssNIi2U8PDFsuUdGDKrwSFtJHKKZ20616q9ohATXLNEHglVqRQYyucShRRdkbSVDwgTi8NkydGOZsw9hbFCLmhXNFnKS9GB0qQPH9rSgtdF5isEmFwqKbAnnT3tGNLQcPSxNTog8NMocHCC9MZbHFSK08nTcPZga/bjuEwEfj+FQ0Skj0By56MW0nJ6Q0PAcMjLDRgsMVZVoNAGKzyGf7mlxHyLsuqrLaxfgENkIG7kvlhLUksQ5OFVdYCJzPrYb4mdQzNBuCuyigeo8UGQLmSxZxgLHhZJbS6jpsjoMYZfyx41YU32KFl+sM017wfTqIi0aCakFjQS5IpUsQI1lMl2Zl3Kz5g5H5wxoEQsjBHqVx1lgtxFgFEKcx2nDk7RmCIB8dDJ6IOoeyF66iXZE9zG9lJlBchiTT4tkTylauWRVK4tFdCEkDakqM9s2c8c9BVOjZz2Q5xBPcRyZ9oTwURd4LPXSkl7fDfkAqyVLgjMwGyz22m4oW/CFEMBxLyZzJDMdGTU+DVpqXPE5dE6DLpqJVvCczeH07IAFkOo8wbEgVzQeXTQIhJgWAQg0NPzwasJ2OfnYQIJ707zIjjKZfR2dbAuD0ZIDpY2FSKoJSKHNHE+JtqJpGnRRJGCMHZexkhtZGMNnF0UlodwEZB/gaUNqtN7Z4YDKC9EZvHRFl1MPGG2y7N6yQoKFBwQxJcrqRlG0+wDJEl67EpBB4C4reRnd1Vg2xYTzLI3MHfc4TI2eifvE9krLE8IWbD6W8kmgiVp7BvtIMzDD7aJcmgiuZbTXEO5k4ehI5bf2nDad6Hh5CDEljygUh/ZSEzxfbU+He7bDAOpr0BwCiv0YtCZgu8l2Q4hR0NpSudVVrJzsBsJ4G47GGEuXBYJODV0Ed5yMRa+tpuSoYcXE8SckVMUHhlSSTPY0IDCVhGwE77KECdfAySHY1gSg2IoMHiLfzI2E8sPAmY8b3Xk+zmQLU6VsIQYqTrCihA0j2u6JGc7vdcZDCW3ZCIcXQlY3LLsM9elKxz0bU6NnXBYHHmBjIQ9kATKMOK46U6S27iREjFudpsFSF7IFn8R4OKo5KWnzcylkkpr5ZCU1FCdLnrKQPcdwVVp51cjlfbEqNi2KHSAjQ5hIKuQhNSk1FiEjpuGERIULzJayQS05lZiPzBDXFUXCAlsQmmtsgsBOrlg9PDJhEFJAS09auQi5m2hhpzdjARol2GYZLVQLtmQXsalRoEFLVFnbNak64qpNT4VnKnuhMlDzHFKpNY3GNkS+ks10C1DAow5QBgIysy0PTxJZbXEnw9COnRgd9yZMjX700rGj69MoLLY2cp1P1HRqRuWik63PPBhTl0tp60QEYpRogiC6LIN0inMLcuMnLIRauwA4Jyw2yg4Ljdk6P+CIcJmfOhp7h31vYLVt3SFD7XLJQbAAC27WagaCr3O6JsiJQQZHTIoWHKhsvrYh8gI20iVR89nA987aBYv8ZrNRfwomJPIb1UG0lJADESmLKBVtBY6vVSWkXKwaSOPqQcDoaVPWgxZF2cLJS6m9I80SmnRNgAY8lEo9EWdmkTGWjiZaFnSTOu59mBo9HfeJgE8yC+59aupID+cozwK5h16CCc15UOecMVyZQGUwQy3ksdMUyHirSQw5oEDraGLOUJpsdlUbcKCMtg9kdb6GI8S+1iKQKQvIQD0ToK/9relRjv7UwrDIGjAuuQxnQ1IIrd00adQdK5GgNyX0FPFwuFqmMgeyXlBjJt4XNEylVTUzwqPJDFLb99SAWhzKaiOtlGH+PmSporUlFtNmH0pxgqXMNFhvXWoBCiKZw/DGoogBlj1nI+Q2bbrGjAIEbOXvuDdjavRU3CdSGI5wnKA48BNvOemwxynbRLC15GsAIb6K8ooKb8tEn/Y6WcPj013PtBSqvphvk8gRWOZmqtKbSWpKhvfC16GjgHZ3AAsMySf84uNhZpCljIVL4lUHvseFI1tbKIpdOQPmJ2weI2BGDaHlc7+waaAYIuMiOroI4QytZks7YhVIiyS30tWYgwUUQbZAKwNQaTFZrWVa3eaRTa3hNAsaIYnB47kBDgkx0E670taxHlzOZgJk1WJpEWJaNmrDHZaO+xyyJuIAY8vDHWqhZHPQmUC+YkyYPIcspBEaZJ6XCpEtELcPOgsh8ryHrIockKtaGTwVnv1hMyH8bGnAw3VNVgp2eSzxPaRdACzFt4oHQ6pAKNZyZAhe5jctbAEaRfDQtoRKrcmTVzu9ZRcoe6rpCK9zZpQtY3lyUDKDqBympRCQ23wfCyP7cFHVZCI5Wj+JOlW2Na6b4MsGUBCHXGWIF54ZyDTiyxYWKA7MZgCT1IgTK9AI9kdXqbFDKXsOdFHJxrE2dtw3MTX6kUt53uMw81zRSaATQOdEPinbQpcIdWbYPpziEGSkZZwmzQ89FSeBkLtEwAktx3CVDX2d1p5PAqLTwhi5lZaqdJ/uaEh2TtFiMpINC6FmtkmvrRJiPjJAjnGdOVgE50ZnuGixHZ3fitI0YKVd5FCbsdKqHg+FlBwCmmaRzYr7o0xednRxc2QSTbGwasS00ZoyO7iWkXAIE0Ubo1iOJi0hDmrNljYvFCxJCDUDbZRVHFvQyjgIatGMVTrt4xAFiwGT9qi0Qit33NcxNfohv3b2NdPC51YCcp2FdoVqg4QiUPV5nC6G+ETMCgK13oo2BUhu2w0DoSlZqdMoQ4GqXRs4bjlmzQcP0TwTCmgtQ5O3rhPAdHS8zCBnqa1wNhluxOLgoVQIoUAbYSFa1195owTI0ZJp8yQBDURZjhioqYbhzTaQdvbjM5kM9IQhZ/JA7i9tDJOFBuIUApK0b2XQNMzTQ7RetzUZcuyVIwLFYetdsC4v5NSIki2grYGch/JpdrDj/oep0Q9eqnMCj/EvY/PeQWcJz0hfGGaBkK9qh3OUXRCkpMt8CPqgBnBaidGiQ4QrCxsN5zkEzfNRYsiwui0CYnmbBQV2euTyhWROc8azp2M8J1qFmE9jBhqORmtBDAmKqpbQuIQzWPBwaJOFlrI6WiyENWXBfWjuFEJRqudPBKn6ECKtVO+gDTXnyKCnKE8VdsuxRkAxlcEem2nLpRNLHEfZYpJ6ivK6HeMjY3O/HExILa1VjVQ4U7jK56erBMyRTbDAgTR06+q4f2Nq9AMPYN+ehT5LohVsHytbaeHJJHsx5Ut5Qxv8tBB5OtKL1l1awphqdWx8AcgdU9UFHLTksPMQ5sjNXWj2xUbSstxLkwUE/R/tqrk2WmDjIdSoH0AVj5wSRc0EIZHAEzOqaGZCtDWQo+IXc9NiYmUYhMqg3oN6SJeMcDb7bkvYxXXJY6ZmGg4xLdJC9XBSQlZLA/hpB1/Hx0RaSBTZHBqzDZp1Z2ty2m4nAMEbPOjIFEhIUoRnLC3Rd3S0mBp9f90nGj5vdOpEyZPmK6RQISDjhK4zzeSQSxLi0koLA3FboOvEaLiDPBg1E/Y5KwMCtlMM6uFSoK0tglKzCZRsMgcqY42u1o4ai5e0xgqvYGO4LNMqn+3jfChOyDYihszQ63BEuMlyGpDTPABMqo6d2PekejIeiKLn0D7/+d5NMlUQ2FF2CCyhWlAGGmUwLDAhMnsIWxjBdhDqjDIZsnRaBCxFnTkVa7fHtWVwlYQXQzmxjo5TYWr0fbhP1JkH8HzyCygqstPs06o5L32GRUPt1HUNSmUQKEuXJ9Xk2Fh/XM0YczlG/FNfb36YUGrr9VjWi5AJo+ggUvbJ/W3tQPtXt7QCY7GyegWkRAK0NOpuVGbBPntlsLe+zUOZA9jX0BoB0mB0Nulo+BHThrduAcgwciUztrwUqrggUNOgKqEwxpcSNGkaNvNkEvtCcKOEni1hFb3y1MLC7NMscwxpyfcqUcrjSPNA6Oi4fZgafY9eO7cn1gCfcxbTMRQOh8hIrVSfnXVSyoLOKhACSeNGWdA6eXs2Fw1STQBbjQKMCVIGC+41PBYeOejgzY4jSiBHrX0uR6ZRkMQJSI3AMtY9DvXISbWsnrw0zB/2WjpxtYNQaz4A5JACVqN1ZPGlttOw3wXFoN0+j55zIK/1Dr2S5zQis0fMcWHh7tQZQjEQsozgFgGBVM2AjKeZ5j+BOPkAH3r0MpY3BLWmM+34BDo6bjemRk+5hOdTnExqAZ5jzVnlkxhoT1P0cfJh08kKk43mDKcmHhpCZp29vgjTDkC1nSHyDjQTog8wWhzKpuW4w2zT5qIGCUxzpOVb8p6D96J2wfD8HSQm+yw3NnD0YBCO9bQhYjJweadoT6JnyHIgQoxYSaKXoEmSJWvNjRoeCo8dFBwbZDzksDGQO+VYyNgczuT21pQEZ6NgglqrXjHGu5ZBnfjPbaplKeZSKMrmzB0CWqetnQp78oZBBQo+jh0ddwKmRt99SZ6jE2eoRJ9wPgXDU0wgT03TDJ6dSlhMn8RxYcjOk9iyvMFs1LBkJrtY7CTT71mJY4IoBARGRWR6FWs5mvELabBobkiOzvkBeluVuodJY04AGi/mtJtZgUHzEKWyz2xWcg6u7wwXT02q5lu24HW2xxayKTAJZFmchHY0DjcyBIYwZ+ypp6G2EMa0ss+oWgSoAJ8JpMZHRm0IHtr3gCZpcHR2kWc4nTo67kxMjZ58SZzxgC8knnD51RmfcnHiufMpi0dz7k5cCeho0Vnr3peBPH640YluaegHAVIR4rKU2UPTk1TPnEJDYwtj3m+YHIEUowVOKQQt51CZQ7DRbMHyYJFUKvkWtHl5uVMb3+mjO1XLUorm0WvfDarNEYEkA9syDt5TGSeF3EdPwCLNkjwZqhUGVAhgGhoI2kdH0CKBXXI8hGGV9gxwTjU2dHTcdZgafSdeO7dnm089bLrA2OdZa0bI7NTkKWt+Aac4LwPzoTbhGT24TlEXIDtzIq4Zj4IHXIhqvjpjI2lqh1hbJEhMjp2m+aKtKDFpoeiHGk3VdyhQw5uyBTycJCYMwTyRhqefcsHs3Vcgej5/iGyLQb6N7Vo5S34dOuAou0DXatQ6xcqI4HxlN8KYBCMS5nxsx47guRMKnRE2eElPi1Uvr08JroMICIxwIA8KIbKjxvauo+OuxdToSXjtfJoz0npdxoD7gSZAtcWnewVSkOhwunRyTwgBmTwTBxbJNPMNWwr0NhO2hS0doVoMux9y2RSXqIyxGsKwL1KBwZkSOBQ9AQmEjEhFW7nSidaJqcrUTh6gK8vHYK59VNsON8wf7XgqIPaomRI4QSmmdtwaWyXBBJDZchm55S4PQjRCzq0sFpwtjpSNGQgL7JQ9hJB9R8eHElOjJ148nIg+WSFTs1GXCm0w6gU1NJnFyZZxOtdJ1vntF8uAczoJXbrNgSZihANUc9wwWpUAY9wsaBTb7K45O51D2DbZB6O68EKEZFpNyfnJcGOn5NZV13Zla4WiaeO9lL2A9w4PrdVUu1/ys4U+fucIo72EJNjRxzjpG8atUQT09KgLuwXL7mssTwxqcw/uvto4UuVv5iktOs4nxJgAXeIFR2MFWrmj427D1OgJF8dliROSZ7bOV2zxmaxlnd8UpNroLs770ImqhgYJ+XJvqCPKRmg4gCyNbvD2pMk5kD2NzEObBbRJq0uLguo4p6T7I6YVGJFDG1Gb5IoMzqmxINLIrhlLtGEmKZtMOSE/MSm0c8gQWCKlvJRruSDLxKaJHSYJBR0W3O8I+9bMe2dO3awpLRz89iLU6U0jRTFBPm8xg2nO7BHFB9rjhT5F0RRi0I6Hd8EZCuPMjo57AKZG334x+7pOcO6G4LNZCAEdzmwpaKTJlVda8qoXR9lMY5u+6BXli5MtrKZltqQHqJqfszUDTYiShpI04c0WAIGydHirlNsIr2fu5wYam7Eoh8Sm5sNeRkiDUKGyoLEHoJBMDgfZhcbrCchFA+ySyNENJj1icnT0kB0ic3QaOFSIUimMq5SzDZv0yMwmLRIBuKp0SnenE6mlxYPwcOXq6LhHYmr0raqJgC+AqE2Gzt9QfTbnBen7DpkDEEomfK1u4Bgk50XORpcWi8LE3ZzHos96NeKnjK4m6RmydULYUqY/Y9jInkrIaEGJvXOqcqlaBcEkGQ3PnMycABQHpiPUaNPItknihPYQ7a6N9RRK5sRytkAlZ4XSNGA5xQqodaxhFZ0/PKEFga59nljtplqSm1WqPITGZV9G6x0d92hMjb7lIp7WPIPzZC+hldmYRq38IQRLChvoEJKEHhs56tKcyZEz36mkUQ+70h8oPl4RMxW2LEBxYY+3Q4jAStdaNCJUGKTJnGQgWFlW8GCs7JEjLVLcEBZKBYrc0DnzCAdgquLiEWUxgp8SmkgFmmQATST0QHLR6v8ckmT28OYf0ikjFIcjEHAs54BNOdF6AesJI2Jr2pLZyStbR8e9DlOjb754OH15MtdFAjWugDjpfaKTI822IOtyCgFtXTAJyzQ3TDbJVE9wQI2Imfg2x+MCbIuas4prGzbnMVkuA2JY7MqR1BDMgy3/ShwbjWtCGDWG5bE5225q2g0a5SXGo3ibGeaE11kcwHa2VlHUcLMGQYFmIX/csEutCXNBZOUodVtHRkxpQqWWgnxsPZDE6HwsJmYIWLCrjB0d91pMjb7pIp7KdQ1AwfnNl06Sx059KRuvFjYuXrq0jfAW2gJXl1ySqGqsuOrkETcvV7UVGExIGRicaGQUk/Z6pxLNhOC6YFiNfmwsw3ZLplGcqJ4FsT152ms+SXKfGuERg5WBFgCPMkxbliiImRlkPyVg04NwX4FoSRiftp1GCJqMFTYORGs0XmkdHfcZTI2+4eKxkxtbne1spdvoemcvLe29A0C2G8IEMh2QbVzk5TLVjYWpp73z2I6ZqR0zektrfdPM1NSH7Z552Ozmi3dsJsEQF/j3o8tvPbH69uMrq6NN4GB77Bnb6A5CjsiGxqe++/jOmSmX/Kdfttu0o8vrP3vNSdk2fflZ2x+zZ2tN5t+PLf/X3Mrb51bXkH/nZmyP3Qsv8ZaTKy+9dTEHAjRQBuLxYTu2fMPZOwaLJvCLN8wdXFkPItsMEZ5z4W4Yf/S6kzu09w/dMfPl+7bTMZp62ZGFf5tfFWvTc86fffHBxXcvryg84TSRb/Q1+3acMzP13EMLsjYLkvLnz2795J1bf+PIws2r69unpjbHoRxhwQ9MTz9ky8zH7twspkMiL5pfO7pwcC2e/b533459PFLE6+aXX7ewYvlLZrc9YhuP19UrazC+a3nt5GiEnB+xdeZTd8YCGk89OGfh0i0z37FXO7tp028dW7xyZc3yc87chfanD88vj0bbp6fqJNgyNXXG9NTDtm5+9PbmxBjHc48uHM2pGpdvxRw2e26FV80tv2kxZv65u7Z+3PYtlgv/vrjy+oWVK1fWj62PLtg8ffmWmW/PqRb+4uTSGxdXD6+tY2IXbp7+nJ1bPlp53ra0+vsnlrZi/TZt+s69O87bPL2wPvqZI/PUN236yG2bv3wWZ+ymnzw8f3x9tDoa7Zie+qkD3GXgXxZX3ra09vZlnN2bHrZ1Bjv7yTvG5vajh+Zw7LYruTE7PXXuzPRjtm++cPOMLb94ZP7kaNMO/fKygfkj1YO3BqGjBWriRbrd8Ekfpz3bsliVifUFxmm043yIdeK1FlUBMi2EI29wABvDhY7ec/7mfbcsj53Hxteev+M3H75312YdWYU8/X+O//SVUcsKX3jWtmdctvtj9m1t7puUWXN45D/f+p8no7K85GF7v/68HZjeFfMrD3rTQRv/+GH7vurs7Zr/1NOuPP6c6+KKLXzRGVufcfHuj57d8mcHF7/yf46G9VR48rk7fvXSPZSwApwCp/K4/zn2f48uyX8KjB5zzvpofebNt1rdPT117Ucc2IddHm165k0nn/2+uJBGjzjrSdedfEHUu1PjLy/e+4At049475HQN+CF585++74dX3/j8d8/fur5fMmurb9x9uy5HF1HLfFnJ5e+8n0nLH/v3u2/fNYshJProw+75sj1KkAP3TLzlov2QcCV/7NHFxaHUOIzd2z5rbNnH7AlLsipK2Llv2PP9t88m6mAb735xG+fiFmNLj8T7WffcOzVWXAn8HWz2150zuw2HOsNuPTqw1evnuJc+sKdW/703D2osFYfdM3hK/BEJXzuzi1/c/5ey8Yfn1j6mptjfwsXzEy/+oI9H7Y1auvXv+/E75+cXMYn793+q2fNvmd57cHXxlH4w3N2f83ubS87ufTluYCP3b759Rdyrc6/6tBNeOLNKAg/dHDu549OHmIclGfs3/koPQ1gzXdfecj2CaBKPu/MWT/HPO6m4/93btn2Fp+yffMLzp59aO5ChzG9CU/GOBC440PhwFnBy1anMC2qa/zY1xYRINOod99kzsAMx4Oy3LZYhVA0AG0Y01VzOA3+4MaFL/y3w2Iy7Xe//djGggi84talr37rkREuTqTF3nnayOw9bfDN7zx2AlcCjON2Yn3Td7376MaCCLz88PLXsBRq2u8fLoXc1KFZO8V1OwbvXeLE+uirrjoe8/eTkDFepE4NDvp+oUm1aXD/dl7e9AF/Obf8u8d9IzyW6itmt33FrrjX+7Vji29f4nPMTx2ed0HEFfbic2ZRbp5xeP7Hj0wWROA1CyufdsMxXM+hJ3wndXuAC/78Zp4oRrgRC+U0mJ3adGET8or5lecei3LzhoWVKojAa+ZXrl+NW1QAd8RVEFF8v3n3tn2qpDesrX9t1rVnHppzQcSTwdP37/i0vJXD4vzmsYUHNbdjuNlE+zfzQ4X6x8V4hnZBBPCcgfY7bjmxsSACOChfu6FAG3uzxANY9qfceoqro8XrF1c/6fpjoXQk9AEujgU2lCR0vvb49V3L8vJClQwFMouLVJYbEejKcF7AzbWtIOakKi83R8nI4cxB2fInA4HLdsxc82lnv+ZjzvisM/niAnjd4eX/d3gJ5L+7ZfHXro2C9Q3n7XjXJ559zSed/fRL4y7jqoW1p13h8wZ5AQ+h0RtgPz7/v47QbpbBndr0qoNLv35TnJHfdPaOdz/6wNWPPutpF8Yrmvcurj3tqhMP3T7zYxfu8nbR1uF6+7ELdnn7xN1bYn89OjZIzVijR58zetQ5o0efPXqUt3NEHcPfnVj+8ZvmIkNhfdMn7tjyY2ft9BbGTZtwY/hjZ8KyA+1D8Pzf7O+vnD07euiZo4ecFduDz/z2PdvHcm7atHT5mTdeesaRS8/Ynfdcr54/9a0Z7h/P1BWIC/pJt578n+XVX8gLGK+m8doThRKvW215xNaZPzpn9z9fuBc1xRbcuz3j0OTzzSlv9E6JhQeeecOlZ7z74v2hc56nuA9qgTp+3aVn3PSAMy7fEkfq/+Vd5++eWLTgYoc9aivsy05GZlSc3zt392+fs/vHzogFf8fy2jV6gf8XeRf2+NmtP3lg1z9csPcBejWDdL+rVI/Ol+quiS8avzF/8fHF/8jKCHzKji0vn1v6reR86+5t77l4/1WX7P/hfTts+Z+VtWdtWL3v2bv96GUHcE/90zk9xL92w7Igzxsu2IvKbvXQ+ghV23KHgSOHA6fLFRtKkgVegXUxW8jKZdgFuK6hkEWZ0+ZL0YKZvvZ8JwhdzVBPKUimi13h4m1bPuOMHb/5YcNrmb/WW3ivPTScVb/8kL0P3jlz8faZn3zgns89EAf77w8tZ1psLvE5sQZvOLbyY1ee4F4M4B699uhwMv3ypbsftG3LJdtmfuqS2c/ONxP/4djKR+zc8qwLdz/rwllsFzf3As+6gJZnnT/71Wds0w5qT7HvUfGHHXzTyWVtK2xPrFy5sMoZDvcogWfdPHfD0voikhRGo6/bt/1ZZ+/yFkbWxJlnnbXrWWfuetZZO3HP0o519crqm+ZX3rSw/KZ5b7gIdeyarMZSY7ksK8gEzpyZRlm0/IbF1c+64bivaQz6bF2Tr5hftgX3dHgp+tW7t6FQoqbgpZ/MJFgotC/htt6O+niyOVUuy1fi7x/nbp6ud9l8A4tVxUtjGTZVsfvdpmadOxMzObY+wsvbb7z5BErnNZfsR/XBU8glGvdA3qD9xJGFT7j+6I8emnsRnoEuP3P98jPfqNfFn5F3jihnNzQ3ocbvnVj6t6Uo0FidfTPT/5BPRVCfd9bs5VtncGR/5sxddQf6D6d5GwHI+RIblwV58GyKyn6J34PatOmvTvWy+v4MvHZWSeK1gbXUR7S8LH21wOIi5bKl68cbHmjbUgh+bVBx3C20LqRiiMpreBWufAN/DCxnl+7cfG7eiL1nbg22d87F8+ojd28+Y7NLOWLXH7ozToKr8cTrsWpfPG7mryvwJ66du3W5OU11pb0zT8pH79q8b9pvFHCVHpqf81y9uCaml862BCx+HcQJoPVaicx5Dufsx7/ryMe/+4jaox//niO/duv8KbIJH3vFkRP52opgQrTaKQgtOI53WU9yiV86svjx1x7jdp226496T1t81LVH9l156MKrD59I1xeOfx7Son0FPfGqGfI7lmJJz52Z5juSiY/KJw+8XB2r8uPYMkz8FHjktUc+/rqjj7pueDP3808/T+MNiyvffPOJT77+aH0K9BGayZ/NLZ3ULD5u2+Zv2xMf1qBy/Xt+5PLFs9uqouHl7UtOLH3zLScvuebIZ99w7FB+evO/9w+36v+8uPpTRxY+88bjB648VHfKn7UzMgCogBY+MT8aeu3Cyh+l8TPEfGeekI/evnlX84r4IVnjNr5J+oq5ZZTjy64+/MOH4k3nx+3a6pJ9Sjw0D8R78rOsDkMnKy4hXqsuWL7YdEXZQllctHTZLtnntC0hiEZNMlZ78JbdNLS+dJXHLgiwtIgRN+1F4RNu5sU2um4hDuQ5OOogrKlsrU/V66+DK0oVA2XbJD9/23Chfs7bmw8iRLtuKajn8EYJsbCy35bn50GclKB4Fk1awWM14ypa80G8lVPBTI8lPHF/fLh5w+r66+aaWwMzOcRAJsJowfoHgLcur+FuyM82uD968dmzqAjSTo16BW34VbPl92W9yON2ChzFVE+D918T/3N57U16ExO4bPP0y87d/UlZtk4HlODfObGEW1qr2Lun666wbgm/YNfW2empT808fs1rvOaCvb985q6PbF4KAK9eWEENOqbd/MJdW9960b7/Nbtttpn24fXR9x2c+4GDfFPvM5uS/ZOHo2b9TH64DLw+J/bpmsB1WfLOad4DBYbTL5e38N7VdZTjqzLwK2e3/sW5uy2fEn6jALiZn2l3DJjmlYPNlxAuMMtUUbCySOF2Axc/a5Hf8ku+XUMlHXdR1vUJUFUqGquVF2nNpFcluAVzwjhcPfzmx/oIr5StvgevAXk3pI9KNo2O5Jvle/kSAmXLBcITG6sguABe9lC+rgEmb8FGo4uzYr4HxTdmy+1InkDMb7tn3iSIvWAIRvTzjcLJbHmb3vKg/W+5fH+0l+///jN3tDMEPmHHli+cjcvpf9qbWWdDXjSNmeA8NSWgSfbD+3a85aJ97RaOBs87c9eleU+3e3rqkeNfWNkIvIJ+YvOVFL9qNi7MPIueSaJ9Ye77xx15ndcdHPDGhagR7bdMCr94YNf+vKTPmJm+zXkCKIKod9i+bnYbCtx/X7wfk79+de01Oejc+uh3ji/irLCKF9TtbSzK/X9dvP8dF+/7uQM7H7Utzr13r6z7/UHg4ds2/8G5u0888MyXn7fnO/cMa/LyfGV6cS7IXGZFHf+YDTP3V20uzrcsJm7ijuSU2o9TjMdu3/x9zbE4a3p66v2+//DGrML72hfbHfkZCy6huh/UZeYr06WE57Q4gMpTGGWI8GGzxV4JLnnm28srVpUiwtnTgs0hthiUR6+6Zfnd83FyfNRufmnuMbvj+fy9i2v/dHRJ4aOr59f++JZ4v/yjQcD8AQ6hGlFjCbtnpr70jG2PPzCcRgFN4DH5xP6epbXfu3WBxnWMtfInhzL/LuRXQk+7Bd++1HoC2FnLnEMaE4/YvvkRO/hdOQrbt/CtLiYML4DT9eUX7j1jwwUQ2ZhwPMDwKONjXbB5mgM1WzgaPGXfDn8LBHjPyvrX3XxioakLp0R771RfbQE+Nl8Y4mX1q7IuHF3DzVos4Ccl4cPy/qtujoDrU/6wU736+/79mGfcZP370irmafn94HN3bn3tBXux/d65u+s7lS86FpMBfuboAl4U/2VO9eD6yO947r/y0MwVB6euOIjX3Q/buvkH9+98dfNNnWtX1//q5NJ2EbC9cm4Z94zPP3v2mfvj85DaqXor0Phk7f5X52cdhY/VjfZj8ui8Y3ntT/MrPu9cXv2TvHstQgFPDL901uwX5ov0Xz+++Iv5FciNuGJ5bYlnDnF7nlHuV9B9IhaH6+N65AqiashV82WPXtezBRrTjg3w1U7V1UebL1omNr9SMUBeWcIoiXnoNt63tPaEdx794rcc/rK3HbYFrx2+8Zwd4D/+rKGWPfY/D3/bu45+3xXHP/kth47nHR8JUY61LzErjSjM8l3CqT958L4Lm4+MA8h/xpD/G648/u1XHv++a44/9r+Pnsga8fh925Uz97cF10p2lnEJsSy5CIkvuuoYt6uPftHVaq85diVeEoJZkPzS8/UlxxYewtla/unxwuOLX3TjsXb74fyydAu8hPzqvDN9+/La0zZ8vnk78XW7t9fL6s+76fjn3XjsSbecvOjqw+/LA/SEvKn5tB0x3I1r6w+8+vBjrz968dWH/QYl8OmneaPwa3dv/6ysMv9vcfUn8gXpB4T2BfJG/IG8X7t7m6eC192/dWzxqpW1H2/G+vSdWx43uy3uuDZt+tkj829ZWn3z4uo/5V1YlcJ6VW58/W7u/nePf/G73i58fPOWxf9634nvuOXE99568tNvOFbTbQktntHcqv/gofnDG15iP+GWk19+0/EvuOnYLXkg+PWDjgb+9ECXK16BonVV8ob15PcQ88ILwW0VzXT5sgecjTRKWQ5UH4OAIUxTHpJThcyowPz6phfeOP/yQ0sLDsSLu8v3XI4n0tGmB2/f/ILLh0rxf9638Nwb5q/Pb3o/77Ld33Y2XodqbuhiJho3wXesOPToxZeNVxxFPXT7zG9cPLwd86KDC8+9ZeHGfGH+KxfOfotvMJl4bM4EWMPu13o2K5B4xcllbSspLMcXPwdwhp+xc+sP531HwEfBG785cNtAgXvF/Eq73dDcl7Vor6vnHlvc+NbV7QFehL74HNzSB141v/KC44v+NAPAq1cUTcs/ccbOh2UtuHJ1HdWk7q3On5n+yWYyE3hm4/qxD7wmvm5+uT6p+KNzdl91Cb/vgu17s069Ym4Z+/7sM3ZelC97v+PWk5ddc+RX8u7y63dvw50jhF/S/7QB/nFx9VHXHX3M9Udfm6+pvyl3c+I+8Yv18dTmqamHN29TfnJ+gveR2zb/SuZEcf2t40vPO7Z4c1axXz9r19efppB9zPYt37YnyiXYT9rwFUU8Nb5sbhmv+q1iZ3Fja7nD0MH2/RSu22hVO7houph5JesK9DKWCx2bvDgrajAq3F5s7jAWX1pWW+EVNXaF43zBi9xHz27+6rO2/8ejDjzh/J0V8oTzdr7u4fs/f//YEf2E3Vt+7dLdTzl3F+cDRGYJDBwvH7J/5u5tP3F+vGAklByTeeJZO1/74H2fx//nN+ATd215/oWz330mplE5/XQShMCwGl5AVUaTJpgT4FsTDYOBXP+fOTD72HyxeVcD1/l3Nfcv33HLbXz193TAxfZPF+79kl1b68vSs1P8QvKLz57Fq1dbgJ3TU2+8cO+X7tpa7/oDYOJ29V8v2tu+Hp/AJ+3YUre0AO5DQ7p9qJtEjPUVs1sfsIXfd8H2Vfl6FsXo908s7Z+ZfsMFe5+4Z3s7PezRD+3b8ZJz4lnzKft2/Om5ux+1bXhnDilQ7P7xgr2Pz2yXbJnZme7Lt0yfk3X2K5s7vk9q/k/hd+/b8Zrz93xO84E1gFfcLzhr15P2jj9BjuNZzVPFS08uT3z1B6PumOJn7ljwV523x/8HqaPF1OhxF+RVqpIx/Ce8vHpZR9LEHgT/TIsuezoVMqXL3mQ0uJj5X9kElIaACc7jLlWPa6/dbFxKlFM2EqhZCeLNy6vH1jatro8esHVmJz/mBDnvtpAWo8fcPEoOETMRDwROkoxI2nhvXl4/tr6OM+sBm2d24LSnreFUqjBKpNEnfTPuRKB3zTtOVXao3GvrQvb3auCG6+qVtUds24w7ozCdCjetcqkPzEyfNf556z0EeCl67er6g1HdTl+p8eIaPtTW0D9ovE9rgtOTp9/px+24szA1+uLz86rDcvvyVutrNVzobEeTR4W2up5tDHYa1QKtoDRRDmgf/y/JaH3N4F7JdhI0H3LoaSCd9pwSFNdiWuBAi9qNq0vBNg4u9YMlQVEzIUd2iqYVUaoplu2w13bWYimcgJ5CwodmIn+tdlo6OjruJkyNvihr4sSFDdS1SlkPciSTi06SCcMV7r65vMEcC7SEBvnlZZKyeMS0ANFPqBZydJCHzDbKIc2iWimhpowRqeqdU8NGarV35lhEoNEaFYKK3IKz8o6oVS9+TVttdh0dHXc7/P1EX7G6aN3aCIlCqrZgM4eC3ymDqAykqaXFbxdmrGUAKiTbHcJs8pGT4Xyt0NDoUp7wlqBYh9vCKaGF0XUn/x8LQzzJjB0CsQhycbN9U7xFyLf2ENJGafO4TJsbjUyWSSTAwvdqMxaTGZjKENSOjo57Cvy+m75yyGu1vfL9PUQpbLIKVLEIsmpf1QjRJSeNgWnEBhLTYlBXKMj6QngYHQumkzvEgpOYZlVt0JzBc9DoTILZovUoGTtEYctR0Hq/HCtJuwCCbv0iSe4yQAGtsjmQVRiSXLb7tpCxHjTJNJLY0dFxT4NeMPLy1tWOR1z2EBuBVUBXM3tcz+mirFahYwTKVm1xq/+Ex4QQZMRj8OquirLKkyeANqqwOE5Iu1ywQLcKIWgpR5lTabKEhoUpE3qDbG/1tkPiiB40K6MJFCSXkbMdnwn3JfmydXR03PPhCuXa4YvflzFadLy+Jbs86cIOb9rJUjmwUKnYYlPgkASVRVngAiCycPhmyhyKEnD7GZHcPHQZPBxosNgVsiqXjbTX63d9B2gouJ4AWrkrT5Q/tc7jcG7pgsz9hay9Do5IZsJiI2BLR0fHvQe+T9TGC3i8ornY+crn5lrga97lwExXCmSzUVt45UIxGpKYKS9LmDgsWE7uDJBVXjmrHIit03pTZoabXEa/lvdksvxZxUYZ9sxG1bFiwuiN9mozQ9HCgkcZi0BbR0fHvRdTo886L67kup5xzbNY6Z7Larwvpos/PqXFQwUiXLQRFGQMi7pIVRmSNshpoZ4WdDUHm6ja2MRSaJgRmwLbNA0ukb2bFJoW3UQqtPEZtACBlpQ7OjruW/Dnznmpc9MVH0bUAtUItKGKEy9CrZrTeHHnBTIkWCxTcAY+BiYgg/gQilxTasb1TR+ZNurWkkkyG72WJTCJxuIcxOSOQBaHbg0Xm4fAZmZlsOzAzKMxQ+jo6LhvQZ87x+Yq4KqBG6GqJi402uBCQQRg5Cti87NYkInOXhgzqjbTkAQ+NdGicyw2qjDkoHhwFEUVP9rkeCzbncECi6CTVwYb8yP1GE5GRpmplmYRIhU7bR0dHfdl6P1EbC5wuOarCrhGtJVoKBbYVDSxBT+/YTPQkoqeRVMaAGEoQC5S9WZibY6S3LbeIFOFpNYuPIJQgozhVQkmPCgMrs5oVb4Z5UC1HqKjo+P+h/rcOWtBVQQWiNxCVR0BswiuKdiIKiveWprsa1mhSFMqqIxrooLgTQk3WiDggbbqNTa/jsZ8hntGe9FKqI18cJQKusNdIr11dHTcjzE1euy5rAQoEwArAh4Tcus1XJhs8Q2jMBjRolMUdITXJzP2FoKs1p3LpT/W8LjS2dJfOdVD5UADRXb7xLSXAh5OghalUaN0dHR0jMPfxdG7iigULhmWabesugOBG4S0YyPs0r1YcLSFKwPh9RZqO4qNSkuOQihnUSNBr80pw4ubO3Nkp8D45uU/G90eWs4X5rRAgFGjd3R0dGwAqiEKhKoM6kSUKlQNVRM8yh4lydUwaw0trR2vYa1WiOpU0HKDjAeTYMvCF0xqIsjCbA7J/PSqXJpMu5IwxJayK4TMfIHc0dHRcVvwd3FUZVw4UM6AkFVrWG5cv0pQjfNt11D+ZAfId6mSy6mYzYIz5P/Y481dVkw8zMTDCcOiFhZvzkCXNsdyDlB92yiLo/hQ2e3o6Oi4HVBNBFxcLEeVkWTBluJQlsp7MZU/6FFAJfv/MsOCzrWJbYW7fsnOQVQcI9yENDrEd3x4WChaG0JvMaV2dHR0fODQ76260LCmqLSxtVFFh8XLFccFyMYsl+holGCayxktaqMCKjzyoNW9W3wJRq+jXUyL5qI5pJVsgQkVCJdHcWBHR0fHBw19uuLbOpYbtS5q2KIMWdX3+CAFTUYw8OIXEpj+iCOi1Do8VFfSsivQXg6nzLTbkjk1QkS1OaF4Av1lcUdHx50KvHZuy1zJKj2uPqxEqmiUZaQl7aCgja/OqGahg4BHBdpYAmUVM6gR1YQ7P2QTvNnb0dHRcRdD94muhi5zfj3LSqR6F6pKIQWoskcIBJUzf2DirUqYQyCZA9CbVRIbKmlVQ2RwIFrANEd1dHR0fKigz1hclbzhEbJKnlU8WKR8c2cC2qaKufyFXRwYq/yFpThO6/z2qg2XW0sdHR0dH1L4//a5hLkqudLJAtU3gLbQiLZKIdkKURvhRUZyhVj2tslVUn9sgEzfXdJhd0dHR8fdC33uHDVO5Sk+b5Ec5QwtileWQttNZoGzUZtVSEVjVPuyOl1i8SGxo6Oj4x4Cv5/YlkVVrrFKBxXFK/83SLlc7PCgtyl2sHMzU1SSFUK/OB0dHR33SPhzZwiqawb6tqhBBlwBbeGWAl8Fuwi6kqa3iqC3jo6OjnsDfJ/oEuYf2vL9oMoYWtiho96pjwJKAa1fFKP1rWLZRe3fHOzo6LgXAjXR93fYfIvnSpc1Dg/fIfor1jKI39RBmTs6OjruA9B9YtVEdFXj/FrY5c/eUHMD2Frq6OjouC9gmq+XUddc76Lq+V3CZvOtIjbAbUdHR8d9EfkbENzyVTMKIlB1EJseHR0dHfd56DvbLH/r8WLZ1a/XwY6OjvslcJ+on+rCTWJHR0fH/R7TvRp2dHR0FHCf2NHR0dER6DWxo6OjY0CviR0dHR0Dek3s6OjoGNBrYkdHR8eAXhM7Ojo6BvSa2NHR0TGg18SOjo6OAb0mdnR0dAzoNbGjo6NjQK+JHR0dHQN6Tezo6OgY0GtiR0dHx4BeEzs6OjoG9JrY0dHRMaDXxI6Ojo4BvSZ2dHR0DOg1saOjo2NAr4kdHR0dA3pN7Ojo6BjQa2JHR0fHgF4TOzo6Ogb0mtjR0dExoNfEjo6OjgG9JnZ0dHQM6DWxo6OjY0CviR0dHR0Dek3s6OjoGNBrYkdHR8eAXhM7Ojo6BvSa2NHR0TFganT5mSHeRzF1xcGQNm166bm7v3J222fecOx1Cyu2jDZtWtMKbL7i4JpNmzb9ztmz37hneyh3Kv7P8cVvu+VkKJs2rT/wwNTUVCgdHR33ANy/7hOPr6MGbrp2dQ3lz9v6pk1H1tYX10dVEIHLt8yE1NHRcT/Dfb8mPnDzsI+uibeusS0cXBu9a6UtiZsuG6+Jx9dROW8b80q+ESea8E/ZvuWFZ83WdrqbxDakcGztdk2jo6Pjg8F9vyZevnUocLglXB6Njo4Xr1vW1t89XhPPUxn9u/nlL7rx2PYrDu698vDWKw4++JrDP3tk3oT3LK+deeWhA1ceOuPKQ/uuPPS2pdXPvuHYN9x84im3niz7JVcffv7RhQdcfXjPlYcffu2RV80tI/D1iyv/++BcbaPR6DZDgF8/tnAWBrrq8COvPfKHJxY//JojF111+LyrDsH4j/kmQEdHx52C+0FNbG76Dq+Prl2ZvNu6cW396vGaCLzs5NLn3Hj8FfMrS1JReN6zsv4jh+a/9KbjMmw6tD5CtiPro2Pro+++9eSrF1Y2656v7Desrj/54Nw1qxzu7ctr35pvIx4fjWqz5f2HvHt57btunTuoOv6fy2tfe/PJd66sXb+2/r61EYybmaCjo+NOw/2rJh5aW79udbL83bS6jmIUyqZNl+om8aePLFgFvmH3tpA2bfrLueW3Lq2Gknj9Ii2bN429EEYN+5rZraGo8qK6hXIanDLkTYvDneCeqamvnR0mA7gQd3R03Fm4f9XE61fXr23Kn4GbxJuat+oeuGVmfTR6cxa+M6enfvec3Y/aNiR552lK20R1+rjtm19yzu5QhCO39b7kKUMONu9+PnzbzO+fu3vi3vAvTi5NXXHQW5g6OjruKO4PNXHYR5Sz9pbQuHJ1vf3UBTX0RPOGoz+WadF6C2fPTN6w7ZmetJzuQ5jCKUPWePsY2N6/uNPRcRfj/nWfeHh9hBekls+fiX2/cmXttc0nFQ/cMg3G181u8/b42W0vOrb4H0vv72Xv9+zdfvOlB37v3LFbvI31b/Il9wbcgZCOjo47F/f9mrh5/N7qprxP/Pjt8RoUNdGCcemWmf0z0yhwP3fmrku3TKNcfvutw7esT4lvO9UXvFc3VLiNlgncgRDgwVtmnrF/h7cwdXR03FHc92sicF7zwvZf9HkI8Ok7t1iYG687D9jM+8oXHls8/+rDzz6ycMPa+sTr1fUN93N7N7zmBVbzY+XCbXzCcodCgA/ftvknDuzyFqaOjo47ivtFTXxg8/IZNc7CY7dHTZwA7g3R/tjhOavAGy/cu6spessb7t12nrImRv8B4Pa8uF4bjfoL6o6Ouw73u5pYuHzLzIc3X+cunDEzvbg+el9+6nLm9NTHbd9yTr75CCxvuJub/NRGuD0veydwypDZpuBes7L2N/P9S9odHXch7qc18eLN09unpx6xdfIrz7OqP4sbqt7+pibentezwJ11n/jhzSTfu7r+Rfml8cLbllZ/9NCctzB1dHTcUdxPauLkbl6kL2ZvvE909dw3M9ybHVwfPf/owq0f+P813vjm4G3ilCGP3bHl8c0XuR+0YV+uWFn7qSML3sLU0dFxR3E/qYmTte9c3fdtrImXJhM3khaAJx+cu37DtxpvE7fzdrLF6UL+5Nw9r7tg76+dues15+959yVnnHWqty87OjruFNxPa+KDZPnwbZOvnf0f+4BfO2u2Pq3+mtmtj2j+H8uHGL98dGHqioOfesMxlOanHpp/0+LKrc13v/dN3y+OYEfHhwz3/d+U/WDw9qXVczdPnzkzvd68qp3WFx43WowJ++loLd5/yFuWVh913dHQx/F5O7e88vy9oXR0dNwZ6DXxXoBfP7bw9EPzEz9x9tWzW1989u7t/XV0R8edil4T7zV4w8LKwbX1VX44PvVx2zfvaz4K7+jouLPQa2JHR0fHgH6v0dHR0TGg18SOjo6OAb0mdnR0dAzoNbGjo6NjwMyzztgZ4geHpx2ae9Pi6r8urrxR29uX125eW3/QqX5k4a7G0w/NvWZ+5TN3Dv8fbiPeurT63KMLj9m2+fZ/l+WfFlZecGzxM3Zs2fgHSP/i5NJLji+9/xGfqv8M84gN3xIH4FocbXrwXbNWSH54bbTx2+l3Oo6trX+gXwz605NLv39b69bR8SHGnXafiKLwo4fnf/BQbE+49eQX3HT8sqsPX7vhT+JtxGOuO/rbxxdDuUP4pptPfN6Nxyz/3fzKK+bjr4CeDletrP3M0YX2T53cJt61zJAjp/r7Af+1tApXKKcBCKiqoYwDro1/9+rOApK/5baSr49Gj7r2yO+fuOOH4HtuPfkJ18f63378x+Jtr1tHx4cYd+Zr5wdtmR5dfmZtf3zO7qtW11Ecw30a3LK6/ual1W0f3FeP/2Z+uf6YyYvPnv2j8b/0dFfje/fteNtF+0I5PRaa/6DSArFP2Xd3/kT2TWvrb1le2zL5V7Y+ALx+YWXjH5Pp6Lg34i58P/Grdm/77B1b2puUf15Y+c1jCy88tvjvzd/nfOlJ/gnlNyysvqS5VXzl3PJPH56vP/pu4CXq6miEl+cvOLbwBycWb8y/SorAufXRdavrznD16jo2u4B3Lq/+yYmlnz0y/4cnFm/zpnU0GmEUCK+ZX37O4fl/a+ZZeOPCys8fmf/bZm43r42N+Nr55V89uvC7xxdx/xgmYWHEv3yA2zHM8x2NC7HIAAFT9ejefcxB/gFYN8zqH2QH8+Rp/ujV+1bXX3x88a+UagLvXl77veOLWEAsY5g2bfqzk0z4jwsr7SH46zmuQLubBg7B38wt/9KRhTo6XP/RaOf0VBv+psWVXzm68Mcnlib+tAOAgbA+uDU+3ZNER8fdiLv2MxbUqa357tvTDs19wg3HXnBs8UXHFz/6+mPfpT/o/val1Z/Xq6dXzi//+jFeUW9YWHnktUfwuvufF1c+76bjn3D90Xcts3wsrI++7H0nvu2Wkx97/bE/P7n8jTef/Mhrj7rgPuPw/PJo0w2r6xCg/vjh+afmLwk++/D8h1979McOzyPka28++dBrj7w5//bAKfHqhRWM8vj3HX/Gofl3LK998vXHvvZ9J8InfOstJz/xhmN/enL5c286/sU3xk8Z/tGJpfpZwyfccvLTbzyOkvQLRxcecd3Rpze/aYgX7Bddffj5Rxe/8ZaTH3Hd0VdkTUEsqjaEl55YwuiffcMx7P5fzC1/1o3H60/sA4+76TjW7R8WVj7jRi4LmH93qrcI8JRz3tWHn3d04YcPzT/smiNhFX7hyPxDrj3ym8cXf+/EEpbx+3QLjzX8JR2CV8wvv1BFDTd9H3XtkS+86fgbF1ewm590/dEr8s+3YvUOXHn4ibee/Ov5ZRydL9D7FVj2q1fWQdaBYJn7pptPfPz1x1BVsf6Yw+9krVwajR5z3VHs1P+dW/6o645iX2zv6Ljn4E6uiWujkbeDa+u4OP97Ze1xu/gOOm43nnNk4Sl7t7/l4v3/etG+vz9/z68fX/yNYwsfsW3zv1zIV52/eOauN+nl5zMPz2+Z4v+uefn5e9ceeGB2asqVznjtwsp/X7zv1Rfs/e+L96MO4l4MxmsecAZeen/Wji0QTDNwL4Zszzpj5/9cwkH/6YK9uFP7k1PdPU1gBre0F+37/XN3v+HCvX94cuknmwnsn+bckO2H9+14+fwybnnCIeCeCGXlD8/Z/R8X73/bxfvB+ekjC0fytxevXFnHHJD5yKVnnDk9hZs12yfw0ds3rz/wwL9dtO/nDuz8y7nlt6nuP/XgHNbwzRdy3+H1b53V803hdfPLT7j15Hft3f6fF+/HXrc/HIk8P3ho/pfO3PWGC/f9vwv3/fOFe597bBG324/ctvkNF/CHJH5FLgjPPDS3S7uJQ7D8wAMY5Rn6Swwn1te/5KbjXzG7Fev89xfs/Zvz9rxyfuX/HF+EevHm6U/X+oOMyvu7J5Zeed6ev71g7zsu2f9ls1uffOtJ/wDlV73vxJZNm664ZD/24h0X77vxA/8Fto6Ouxp3Zk18z8r65vce8nbWVYdxcX7Hnu2/etYsXLgveOTWmedJBj5959aHbJn5Q90cGf7o8b+XV1H1vmb3Nmn8VZgv3rUVN2XH86/Ff/3ubQ/V704/aOvMw7fN+CUnsG1qaseG97MeunXm787f82P5wTqu20s33643vb5pd/wdvsds34L68qrmdux78o2/75NwXb5+N/zHqv785BJutSD8zJm7UFnqN7rx9PDxO/hHYPbNTH/Rrq2nqwhYNH+0/bn6QNbVBPfR379/x6P0twbhRWGCsPHg/cfS2nkzU7+W6/x/z9uzJ+um36N48t7YtY/bvuWhW2ZeqlfNBp6K0KJ0/uPi6tfMxiGAEYfgj08uz6+P3rq0dv3aev2Rws/dtfU3z5r1r65h/etvT78EN6HbNn+enguB5545Ozfa5JviV88vf/ve7V6Qh23d/LH5pxM7Ou45uDNr4oO2TP/ymbtwu/F/zp597fl7bnzAGb95dlyc71pZO2v8Nwu+dNfWt+crsoIt339wbuqKg96++yDvUN6ZzPa3YQ5MT9efn2+vycLM1BQ4P3Dw5OffeOyyqw9fcs2Rq27fjcmHN7+WiGn/R/Pe39m5F/4j9xN///7AzPQLz5p9zcLKp95w7LyrDn37LSf+vqmnlzV3bftnpjb+NX1g59SmS/LXHs/UWCfXR3hB+tbltRoa+MTT/IGtty6vYg6hqHqemb8C+Tat4db3Hqq1/Z+VNTwJ2VvwIXhKcwi+Lw7BKpJDeHjztZ7v2Lv9saryuE/fofVfH40w0L8srVb4OVcfhh1H8D3La/OjTWc0z0pfnpW3o+Oeg+H6uVPwvft2fPe+Hd+yZ/un7tx6XvNT1bPTUxNvfS2d6v11Xy4vUUmt7XUX7MVNjTyb2r+gMto0Wswcp/zY+j+XVh99/dFfOrr4+Tu3/uG5u09eduABzZTeDzY3n8DiNu2CJgo1q8XShp3AfdCtl57xp+fuxp3gy+eWP/PG46gFduGVe4uNsUDtUQEWvCDFTVdbfzf+xRhj59TUyrin1XCn3C4stt86e/IDeu/fH5wzeQhwy2zXSjM0bh4t4DnJtdecr5vd1oZjw2rs1Cr2dxA77uG4k2vi6fDwrTMTnz/iJuXRuuNo/vZy/JkUFAuUVG+4wfxh3acYy801jhJTpQHXpIUWf3pyCQPg1euT9+1AVcU1ffXq+sSvEJ4S/9J8JvtfS6sff5qbMmDiL6i89MTS59xw7Ja19a+Y3fbCs3e/Wj/4+udz8RZB+zHrajP5FhvvY036mO2b2683vvY0n048Ytvma1fXDuZbCjesrl2Tt8YoiJgY7vJqbX/+6MJzjvCt0s3N6m08BO9YjkNwkf7ydf2BbOCSqw9/wvX8vdt6TsKdKTLMjUYV/uCtMz96eB6zumDzDG6u/faocdd9K7Oj4w7jQ1QTn7R3+3Wr699xywncdh1aW3/Wobm/mV/5/uZLeVeurr9ybvljt2/58l1bf+LI/Ovml/GaEe0PHpz3q7ONQImpuypckgif+MRj7/QUrjl/QoKK/BU38RPk031/pQWu4b+dWz6xvv4LR+bfsLj6Lfn+5m0ClevvFlYw0JsXV69eWftVfYryGTn/9hvimvxtz6TwtP07X72w8oxDc29fWn3yrSd/sHmeaIHbsfNmpp90y0ncnB5dW//fB+eqyP7Avh0oxD9wcA5LcePq2nfdcvKV8yvP2D/8L6b3rqz99dzyJ+7Y8iW7tj778DxKMNbqtTgEh+Y+fSd34Qt2bf30HVuefngON+DXrqx9w80nDq6PvmcvDyLW/+/nV/5Z6//M/Tv/Ym75l48uYAKogBjx6pX1r9NbtN+1d8ezjyy85Pgibjb/6uTS8/RNA+P5Rxe+6MZjbzxNre/o+JDhQ1QTz98884rz9rx+YeXsqw6fedXhPzi59Ifn7P58vQ1/1sz0l+3a+n0H577iffzeyW+dPYsL79NuPL77ykNoP3XHlp87c5dyTGJhfVQ/0/+Vs1vfubL2KTcca//A3g/t3/l5O7c84/D8GVceesg1Rz5u+2YM9Bd51/Z+8Mhtmz/3puN7rjz8OyeW8EIeNzvhuC08YMvM88/aheLymOuPXnrNkb+aW/7ts2c/+lS3majmp3ztfDp83q6tv3v27J+eXH74dUf/dXH1pw9wTSZeyAPnbZ7+k3N3X7u6/uBrj+y/6vCBmeHPtVyyZeZvzt/z5qXVB15z5IKrj7zw+OJT9+9ABYQLUY/btfUpB+e+Rl88etHZs5+0Y8tjbziGQ/DpNx7/rJ1bPRzwO2fPnjMz/cjrjl5yzZFXzS0/58DOr9ITxuNmt92wtv4JNxzDbfW37d3+S2fuwq0lJvCR1x19y9La/8m3lZ95xs5v27Ptew/ObX3voSfp83HbgePro1f0P13dcQ8Av3IR4ocEt6yub57i35UPPXFsbX1maqr+vjvuI3A7g0vanzMY4OwdV9GWZW00wuvi9hMG432r67gpqz/Id3x9fc/p/67T380vf86Nx9960b6HbZ25amX98jv0f5BHo9H1q+t4OX/27Xv7ssXGfbT6spNLH71t80VbZubX+e1o1KPPu+n4f1y0D+XbzAnctLq+f3rqlP8B+fDa+rH1EZ6K2r+mD0wcguXR6KqVNaz/xiXFGh5ZG9VnQQU8IbWfpF2/uoZceMkceoMrltfu2Np2dNzV+FDXxHs4qia2n67eE/AlNx1/5/Lqmy/at3t6GiXpM244fnBt/arx72N2dHR88PiAb2Q67hb83IFdeK2Nl/Mfce2RvVcevmVtHS+Ew9fR0XHnod8nTgK3Yw9rvvFzj8Lfzi0fXh89atvMQ+6pM+zouLej18SOjo6OAf21c0dHR8eAD/Y+8eQ6f1zrrctrh9fWL9sy8/jZbXfLb2vf0/C6+eW/nV/5gf07zpyZfuppvksIPOdUXzNaGY1++sjClL65EqZT4TXzy38/v3LKDKfDq+aWX79w2yGY8KO2b/7K/h/vOu6X+KBq4h+fWHrSrSePro8+YuvM/umpf9L/cHj+Wbu+U9/jvWN48+Lqp95w9F2X7D//VN/huD34ghuPPWTLzC/l7yDcLfiNYwvfeevcOy7e98AtM9vfeyisG3D8sjN2b/hikGMhvOfi/e/nCyvPO7rwvQfnlh94wL/dcHvwC0f4E+i3ecSnrjj41P076juJG7Gun/z6/v07/E3s24+/PLn0pe870d+u6bgn446/dsYdx9fcfOLDts7g0n3bxfv/8cJ9116y/xt3b/uuW+dee6rf9buduGZ17eQH8mXmjXjl/MruU30v727BNv3umbc/1q9//945s2XZWBCBFx1f/Ex9lfr5p/kxsTuMJ++9Xb8HDo5/9ed0uMO/y33F7fhDFB0ddy/u+N+oesqtc1evrL3y/D31Gejemekv2LX12UcWbllb/9q8g/j7+eVXzi2/c3kNV/85+R3mf1lc+bfF1Qdtmfnr+eU/P7m8Nho9QF8Aftfy6p+cXP63pdVLNs8sj+IXYt6xtPoPCytgXru6tn9mqv3GNV6w/9+55X9aXFkdbbpI5JccX/zLueX9M9PLo9FHjX/H8M/1Y1ntl4p/5/ji3ukp/3QV6jjm+XbN89yc5z8trPzz4upHNHlwa/yQrTMzU1N/Q/Lq+mjTb59YRG24ePwLzP++tPrX8yvftXd7O9w7ltf+bG75y2a3fuTpv/z4dv7m48JPHti1vmnTH5xYesaGo/OmxZWXnljeOjWF+sL/7XfGTkzmL04u3aD/1/xXc8tvXVo9a2YK1RapqC6vnjsz7SeJG1fX37Wy7j+GhZC1EX8h/FXzy/+6yL/9UN8w/9el1a2bQr1VK/w3+q+WddP64uNLr5pfOXtm+tDaOhYZqSC/dmHl7+aXL9o847FeN7/8irnlNy+t3rw28ohY4b+YW/7vlbXLNvPr4v7e/j8vrLxyfvk/OJdRvTK4cmXtdQsr581Mv/D44sEM7+j40OCOv3be8d6DX7Zr2x+cO/nDKkujUf0iwxNuOYnT+mO3bV4cjf5ree3p+3fgaof9u289+YJji4/ZthlXyAM2T8P1v2aZ6lePLvzC0YVrV9cv3jz95bu24vXvsw7N/fiRhYdumcFVhEKza2rT/7twn4vdH51Y+l+4Ud0yg+v5P5fXfnDfjmcf2Pnga444HISJn5jFS8LHz279k3Pja31+Hff2i/Z9+LbNT7715POPLX70ts0roxFS/dC+HT+rN90wz187tlhL9J9Lq4+87uirz9/zmTu3foV+hhqF+9D66BFbZ95y8X5zjHrt3H6t509OLH31zSdwn/h+XnJ+760nn3ds8cRlB3Ab/oU3Hf+ts2a/rfkPcJ9xwzE8l2yf2nTr+uiRGHR5za+dH3IN/xvffy2tYkn/cXF159Sml5yz+yved+Izdmz5+4UVFLjrHnAGalz72nnzFQc/d+cWFO5HbZu5emX98Prod8+e/Qb9NmK9dn7z4upj9BMPX7hzyyvmVzDin5635/j66EtuOu5Fvmjz9Bsu3OeF9U8xvujs2Y/fvhnH/Q2Lq5+1YwuqNow4lH923h4sJsqrA5H/iXt3PO3Q3HOOLGD1sAt4IvzOPdufr/8F6Hl+6o4tqIxQ7/Ap2tFxBzDcxXxAuHZlbXHEH0wMvUEVRNyFoSD+9Xl73nTRvv+8eP+fn7v7p44s1B8JWd206Utntx697ABcz9y/4w9PLiHnd+/b8ZwDvDP6twv3oSDiIkdB/Mkzdv73Jfv/7aJ9rz1/z1z+UDZKBgril+3a+s5L9qMe/eyBnT9/dOG9K2uug0/cs32iIAJP2LMd1239F+nfPr504cw0CiJqKwriX567+18v2odUf3Xu7p87uvDS/L3b93OLctPaCKVz7rIDuODD9EEDBREFCE8AuOOenRp7+fxNN5+4bnXtnZfsu+WyA9dcsv/k+E9I4H4W5f71F+57y0X75kebUBD/4JzZ11yw9z8u2odahXvn4DVAQcTL+TdftP/QZQc+btvmlzQ/8Wtg9Edv24yS9PLz9x669AyU4Gcfnt/4u9wAbqjfdOHeay/Z/617tv8E/47N6snLDvzdBXsR+1WzW/98jr8K/KtnzX6Lai4ODQri6X563QkB1Hc8NyBt6B0dHxLcwZron716/2/b4bXq43Zt9Q89AF82u+0zd2xpf9j5O/IXm/0Xfjf+ZdGHbp352/P3PD1fP166ZQZVzEPilu3M6ak/z2L0Q/t3vuTs2XqH65T/z/cH9/M9sj/VBI6urb98fvmpZ9DyspNLn7Nzy+PyY9Yvnt2GquTKi3u8naf/BAO3YygBO6enHrjhf/7eMfjVvQsH8A27t+OmtX72FS9Ov23P9gv1AhMv1T9h/KclcLf1hVrqR2zbjNvqL9619X/pbhQlbM/UVP16WAvspn/BAQDNr75b7JqewtPSk245ecPqGl7qHr/sjN9p/iBi+9nOl89u+9jtW/z2xY/u34lqiFi7/EPcG3GbP72O0wPPDUgbekfHhwR3sCY+ZOvmA9NT78hfSz0l9NvaYwXl7Jnpt+UVfv7M9L58r82/BT1x4wPgltM/lP15Nx679OrDD7jmyPV5bb8NNbF5qw74+j3b62tAp7wKUbk+Eq/+VHd+T9fe16sicJ7jn3XUPDGBXY1nojpedieVwoL/VtS33HJy/5WHsOHeGepPH6bxyNo6XnW2P8eAe+SQhPqRC2DLVPwMorF1im9ohNLAf8XBwCGY+M1w4Bn7d+LZ4gXHFy+8+sin3XDsuUeHn/aawKXNlwQ+Ytvmq1bWvvHmEx9z3dG97z30k0eGW7/2bdTb/On1S071KqSj467GHT/tPmb75lPWxIdec+Siq/hz87NTU8vjVxmuzCorG3890H/yrf27S34/65eO4uXk1j/WD2XjPjF84z/4DIxSfT+F6ol7t+N13C2r6y89ufSVs1v9sS9uRtqfqgWWRlH+tk8h2zCfiRE33Nd+UMCs3ri4+hFb+R3P2j5x++bfV2X0L/t7iYyJwdt7PKztYlPgcFN/yt8l881+YeMROXvz9CvO3/ufF+37qTP4A4rPPDz/LTeP/RXDwnoznSffevKbbjmJIvuj+3e8+aJ9v3cO7wT9s5XbpoYTTss+honC3Z4JHR0fMtzxmohXZ/+6tPo83doU/uzkEp7/v3UP778evm3zu8eL5ntW1uq3rSYuyEL7VwRQuVCVRpef+V37duA1FDy4TzyqUoQXj1evrtefeL52ZW36vYd+RN+ORsjp8CR9cfIn9UuxvkkEHr51c/15AOPdOc/9M9Pt3et7V8ZeXZ5uF+4Ynqu30n7vnN2/efZsbX4d/YJjC9unpx62Zab+Lg3wX+NzXmiK4CJ/xDtkYGE0VkwLbd2EtPFe8stuOv7EW05+1LbNTzuDL4e/bnab/xJ0+7vcRv1ZBQz0G8cWn7l/xy+eOfvFs9su3zrjc2BVBNx319F5Pz+93tFxN+KO18Qn7t3xuTu3fO/Buacfmnv9wspbl1Z/9sj8k245+dHbNv9v/Xrzk/duf9PS6tMOzeF1H26CnnLryatW1uvvxk38cZIJvPjEIhLunZ7Ctf0z+n38966sPV4/Ousi9b37th+Ymfq+g3O36secv+bmE7g9rHfiblxd3/gH441v37Pt144tnjU99UW7oiZiSm9ZXvvBg3OH19aR7ftvPYmhn6Lq+Yhtm4+tjzCBq1fWXj639ET9QeTCnVsTn3Nk4cO3zmDE0AXv0U/r5ecT9m7HzH/92MK8fv66/QurQDsZ1Mf2zvcUbyUK7QLpDzmEXMC93m8eX3zpiSWszD8trLx+ceUz9YPbhn+X23INgZu7PdNT/7i4Cu/qaPSyk0vP1uTncnoY6HeOL960un6bP73e0XG34I7XROCvz9vznXu2//qxxU+94dhHXXf0Rw7NP27X1pedtxsvi+D96O1bfv+c2RcdWzzjqsPnXH347+dX/uK83Y851Vvm7RtZH71ty4dtmUGqHzk099T9Oz5n55anHpo/cOUhvCT/pB1bcHOKywy0PdPTf37unrcvrZ2tH3M+vj763XNm/UW2b9i9/WePLnxW/kH6CXzHnu0YzV86MXA/+yfn7P6DE4sHrjqMbK/iPPd8gr41/Sk7tvzIvh2YwKXXHPnWm0++YPz/xiycrth84PhbFZdvbWZVwN0ZasfbUab37fjf+3b8+OH5XVceevz7TtRfVTXaO64P6K8aGCij8UZvg+efNftFO7d+1c0nsDKfcsMx3DtjkWGf+F3uCfzCmbveuLBy+TVHtrz30HOPLvyVvq31Mt1gftz2zfunp775lpN4mnk/P73e0XE34s75XZzrV9fm1zc9YMv0Kd8DwivcvdPT9UEkwBuZ0eiUPyhtvG91ff/MlL/WAxkXub/UPRqNToxG7de2cZeBCjDxi9bIj1eC9RlOi9fNL3/ajcf/86L4kmML3LzMTm/a+H9L5tZHb1te9d8ORFrPauJXvj+U+J/l1fbjEWBiMhvVndNTE/8FcIJzYn0dz0yn3B3cxB061RenkcG/yw1hIhDZbl0bHZiest1/nruO2g2ra+fMTNcL8FP+9PrGnB0dHxrcOTXxXoErltfO3Tz9UdcewY3hX9553yjs6Oi4L+F+9FT81ENzu688dHBt9ON39L8zdnR03OdxP7pPfNfy6juW1z5jx5b+oqyjo+N0uB/VxI6Ojo7bRL9j6ujo6BjQa2JHR0fHgF4TOzo6Ogb0mtjR0dExoNfEjo6OjgG9JnZ0dHQM6DWxo6OjY0CviR0dHR0Dek3s6OjoGNBrYkdHR8eAXhM7Ojo6BvSa2NHR0TGg18SOjo6OAb0mdnR0dAzoNbGjo6NjQK+JHR0dHQN6Tezo6OgY0GtiR0dHx4BeEzs6OjoG9JrY0dHRMaDXxI6Ojo4BvSZ2dHR0DOg1saOjo2NAr4kdHR0dA3pN7Ojo6BjQa2JHR0fHgF4TOzo6OhKbNv1/Oryz0fTVz6kAAAAASUVORK5CYII=') + + $AlertMessage = If ($Request.headers.referer) { + "Potential Phishing page detected. Detected Information: Hosted at $($Request.headers.referer). Access by IP $($request.headers.'x-forwarded-for')" + } else { + "Potential Phishing page detected. Detected Information: Access by IP $($request.headers.'x-forwarded-for')" + } Write-AlertMessage -message "Potential Phishing page detected. Detected Information: $($request.headers | ConvertTo-Json -Depth 5)" -sev 'Alert' -tenant $Request.query.TenantId } From c08bf52cf9792eb3445a108f562387346617eadd Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 27 Mar 2024 14:13:02 +0100 Subject: [PATCH 169/243] Nested json fix --- .../CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 index b0b37efd06cf..37136c230bdd 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 @@ -31,7 +31,7 @@ Function Invoke-PublicPhishingCheck { } else { "Potential Phishing page detected. Detected Information: Access by IP $($request.headers.'x-forwarded-for')" } - Write-AlertMessage -message "Potential Phishing page detected. Detected Information: $($request.headers | ConvertTo-Json -Depth 5)" -sev 'Alert' -tenant $Request.query.TenantId + Write-AlertMessage -message $AlertMessage -sev 'Alert' -tenant $Request.query.TenantId } # Associate values to output bindings by calling 'Push-OutputBinding'. From f025a96f8d27d714fc1270942fd2bf4c607d88b6 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 27 Mar 2024 13:27:31 -0400 Subject: [PATCH 170/243] update exchange to use initialdomain property --- .../Public/GraphHelper/New-ExoRequest.ps1 | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 index cfe78a4af8c6..4a05cf778fe7 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-ExoRequest.ps1 @@ -5,7 +5,8 @@ function New-ExoRequest ($tenantid, $cmdlet, $cmdParams, $useSystemMailbox, $Anc #> if ((Get-AuthorisedRequest -TenantID $tenantid) -or $NoAuthCheck -eq $True) { $token = Get-ClassicAPIToken -resource 'https://outlook.office365.com' -Tenantid $tenantid - $tenant = (get-tenants -IncludeErrors | Where-Object { $_.defaultDomainName -eq $tenantid -or $_.customerId -eq $tenantid }).customerId + $Tenant = Get-Tenants -IncludeErrors | Where-Object { $_.defaultDomainName -eq $tenantid -or $_.customerId -eq $tenantid } + if ($cmdParams) { $Params = $cmdParams } else { @@ -23,11 +24,12 @@ function New-ExoRequest ($tenantid, $cmdlet, $cmdParams, $useSystemMailbox, $Anc if ($cmdparams.User) { $Anchor = $cmdparams.User } if (!$Anchor -or $useSystemMailbox) { - $OnMicrosoft = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains?$top=999' -tenantid $tenantid -NoAuthCheck $NoAuthCheck | Where-Object -Property isInitial -EQ $true).id - + if (!$Tenant.initialDomainName) { + $OnMicrosoft = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains?$top=999' -tenantid $tenantid -NoAuthCheck $NoAuthCheck | Where-Object -Property isInitial -EQ $true).id + } else { + $OnMicrosoft = $Tenant.initialDomainName + } $anchor = "UPN:SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9}@$($OnMicrosoft)" - - } } Write-Host "Using $Anchor" @@ -40,9 +42,9 @@ function New-ExoRequest ($tenantid, $cmdlet, $cmdParams, $useSystemMailbox, $Anc } try { if ($Select) { $Select = "`$select=$Select" } - $URL = "https://outlook.office365.com/adminapi/beta/$($tenant)/InvokeCommand?$Select" - - $ReturnedData = + $URL = "https://outlook.office365.com/adminapi/beta/$($tenant.customerId)/InvokeCommand?$Select" + + $ReturnedData = do { $Return = Invoke-RestMethod $URL -Method POST -Body $ExoBody -Headers $Headers -ContentType 'application/json; charset=utf-8' $URL = $Return.'@odata.nextLink' From fa59b33fa3a8200b9d253145b2336d97001507b1 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 27 Mar 2024 18:32:22 +0100 Subject: [PATCH 171/243] added appConsentRequest --- .../Public/Entrypoints/Invoke-AddAlert.ps1 | 1 + .../Entrypoints/Invoke-ListAlertsQueue.ps1 | 43 ++++++++++--------- .../Push-CIPPAlertNewAppApproval.ps1 | 15 +++++++ 3 files changed, 39 insertions(+), 20 deletions(-) create mode 100644 Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNewAppApproval.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1 index ad22d9aef8b1..6cc440842493 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1 @@ -43,6 +43,7 @@ Function Invoke-AddAlert { SecDefaultsUpsell = [bool]$Request.body.SecDefaultsUpsell SharePointQuota = [int]$Request.body.SharePointQuotaQuota ExpiringLicenses = [bool]$Request.body.ExpiringLicenses + NewAppApproval = [bool]$Request.body.NewAppApproval type = 'Alert' RowKey = $TenantID PartitionKey = 'Alert' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAlertsQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAlertsQueue.ps1 index 8d12a5c8f94d..cb26d77ec876 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAlertsQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAlertsQueue.ps1 @@ -20,26 +20,29 @@ Function Invoke-ListAlertsQueue { $CurrentStandards = foreach ($QueueFile in $QueuedApps) { [PSCustomObject]@{ - tenantName = $QueueFile.tenant - AdminPassword = [bool]$QueueFile.AdminPassword - DefenderMalware = [bool]$QueueFile.DefenderMalware - DefenderStatus = [bool]$QueueFile.DefenderStatus - MFAAdmins = [bool]$QueueFile.MFAAdmins - MFAAlertUsers = [bool]$QueueFile.MFAAlertUsers - NewGA = [bool]$QueueFile.NewGA - NewRole = [bool]$QueueFile.NewRole - QuotaUsed = [bool]$QueueFile.QuotaUsed - UnusedLicenses = [bool]$QueueFile.UnusedLicenses - OverusedLicenses = [bool]$QueueFile.OverusedLicenses - AppSecretExpiry = [bool]$QueueFile.AppSecretExpiry - ApnCertExpiry = [bool]$QueueFile.ApnCertExpiry - VppTokenExpiry = [bool]$QueueFile.VppTokenExpiry - DepTokenExpiry = [bool]$QueueFile.DepTokenExpiry - NoCAConfig = [bool]$QueueFile.NoCAConfig - SecDefaultsUpsell = [bool]$QueueFile.SecDefaultsUpsell - SharePointQuota = [bool]$QueueFile.SharePointQuota - ExpiringLicenses = [bool]$QueueFile.ExpiringLicenses - tenantId = $QueueFile.tenantid + tenantName = $QueueFile.tenant + AdminPassword = [bool]$QueueFile.AdminPassword + DefenderMalware = [bool]$QueueFile.DefenderMalware + DefenderStatus = [bool]$QueueFile.DefenderStatus + MFAAdmins = [bool]$QueueFile.MFAAdmins + MFAAlertUsers = [bool]$QueueFile.MFAAlertUsers + NewGA = [bool]$QueueFile.NewGA + NewRole = [bool]$QueueFile.NewRole + QuotaUsed = [bool]$QueueFile.QuotaUsed + UnusedLicenses = [bool]$QueueFile.UnusedLicenses + OverusedLicenses = [bool]$QueueFile.OverusedLicenses + AppSecretExpiry = [bool]$QueueFile.AppSecretExpiry + ApnCertExpiry = [bool]$QueueFile.ApnCertExpiry + VppTokenExpiry = [bool]$QueueFile.VppTokenExpiry + DepTokenExpiry = [bool]$QueueFile.DepTokenExpiry + NoCAConfig = [bool]$QueueFile.NoCAConfig + SecDefaultsUpsell = [bool]$QueueFile.SecDefaultsUpsell + SharePointQuota = [bool]$QueueFile.SharePointQuota + ExpiringLicenses = [bool]$QueueFile.ExpiringLicenses + NewAppApproval = [bool]$QueueFile.NewAppApproval + SharePointQuotaQuota = [int]$QueueFile.SharePointQuota + QuotaUsedQuota = [int]$QueueFile.QuotaUsed + tenantId = $QueueFile.tenantid } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNewAppApproval.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNewAppApproval.ps1 new file mode 100644 index 000000000000..438fd62739d6 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNewAppApproval.ps1 @@ -0,0 +1,15 @@ + +function Push-CIPPAlertNewAppApproval { + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [pscustomobject]$Item + ) + try { + $Approvals = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests' -tenantid $item.tenant + if ($Approvals.count -gt 1) { + Write-AlertMessage -tenant $($Item.tenant) -message "There is are $($Approvals.count) App Approvals waiting." + } + } catch { + } +} From 7944045997039cddee72df4641cd008f70529d02 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 27 Mar 2024 18:57:45 +0100 Subject: [PATCH 172/243] changes --- Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 | 1 - Modules/CIPPCore/Public/Entrypoints/Invoke-ListUsers.ps1 | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 index 7c4674317d06..5a29285bd695 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 @@ -42,7 +42,6 @@ Function Invoke-EditUser { 'displayName' = $UserObj.Displayname 'postalCode' = $userobj.postalCode 'companyName' = $userobj.companyName - 'mailNickname' = $UserObj.username 'jobTitle' = $UserObj.JobTitle 'userPrincipalName' = $Email 'usageLocation' = $UserObj.usageLocation diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUsers.ps1 index 50c2d13f4525..8431d441a320 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUsers.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUsers.ps1 @@ -10,7 +10,7 @@ Function Invoke-ListUsers { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $selectlist = 'id', 'accountEnabled', 'displayName', 'userPrincipalName', 'userType', 'createdDateTime', 'companyName', 'country', 'department', 'businessPhones', 'city', 'faxNumber', 'givenName', 'isResourceAccount', 'jobTitle', 'mobilePhone', 'officeLocation', 'postalCode', 'preferredDataLocation', 'preferredLanguage', 'mail', 'mailNickname', 'proxyAddresses', 'Aliases', 'otherMails', 'showInAddressList', 'state', 'streetAddress', 'surname', 'usageLocation', 'LicJoined', 'assignedLicenses', 'onPremisesSyncEnabled', 'OnPremisesImmutableId', 'onPremisesDistinguishedName', 'onPremisesLastSyncDateTime', 'primDomain', 'Tenant', 'CippStatus' + $selectlist = 'id', 'accountEnabled', 'displayName', 'userPrincipalName', 'username', 'userType', 'createdDateTime', 'companyName', 'country', 'department', 'businessPhones', 'city', 'faxNumber', 'givenName', 'isResourceAccount', 'jobTitle', 'mobilePhone', 'officeLocation', 'postalCode', 'preferredDataLocation', 'preferredLanguage', 'mail', 'mailNickname', 'proxyAddresses', 'Aliases', 'otherMails', 'showInAddressList', 'state', 'streetAddress', 'surname', 'usageLocation', 'LicJoined', 'assignedLicenses', 'onPremisesSyncEnabled', 'OnPremisesImmutableId', 'onPremisesDistinguishedName', 'onPremisesLastSyncDateTime', 'primDomain', 'Tenant', 'CippStatus' # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' $ConvertTable = Import-Csv Conversiontable.csv | Sort-Object -Property 'guid' -Unique @@ -22,6 +22,7 @@ Function Invoke-ListUsers { $GraphRequest = if ($TenantFilter -ne 'AllTenants') { New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($userid)?`$top=999&`$select=$($selectlist -join ',')&`$filter=$GraphFilter&`$count=true" -tenantid $TenantFilter -ComplexFilter | Select-Object $selectlist | ForEach-Object { $_.onPremisesSyncEnabled = [bool]($_.onPremisesSyncEnabled) + $_.UserName = $_.userPrincipalName -split '@' | Select-Object -First 1 $_.Aliases = $_.Proxyaddresses -join ', ' $SkuID = $_.AssignedLicenses.skuid $_.LicJoined = ($ConvertTable | Where-Object { $_.guid -in $skuid }).'Product_Display_Name' -join ', ' From c5ca39214231ddae60a6f33a14283a11dcca5d1b Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 28 Mar 2024 09:40:08 -0400 Subject: [PATCH 173/243] remove nested orchestrators --- .../Public/Entrypoints/Push-SchedulerAlert.ps1 | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 index 40fb4f9c404f..43a1433ce573 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 @@ -14,17 +14,18 @@ function Push-SchedulerAlert { $IgnoreList = @('Etag', 'PartitionKey', 'Timestamp', 'RowKey', 'tenantid', 'tenant', 'type') $AlertList = $Alerts | Select-Object * -ExcludeProperty $IgnoreList - $Batch = foreach ($task in ($AlertList.psobject.members | Where-Object { $_.MemberType -EQ 'NoteProperty' -and $_.value -ne $false })) { + foreach ($task in ($AlertList.psobject.members | Where-Object { $_.MemberType -EQ 'NoteProperty' -and $_.value -ne $false })) { $Table = Get-CIPPTable -TableName AlertRunCheck $Filter = "PartitionKey eq '{0}' and RowKey eq '{1}' and Timestamp ge datetime'{2}'" -f $Item.Tenant, $task.Name, (Get-Date).AddMinutes(-10).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss') $ExistingMessage = Get-CIPPAzDataTableEntity @Table -Filter $Filter if (!$ExistingMessage) { - [pscustomobject]@{ - Tenant = $Item.Tenant - Tenantid = $Item.Tenantid - FunctionName = "CIPPAlert$($Task.Name)" - value = $Task.value + $Item = [pscustomobject]@{ + Tenant = $Item.Tenant + Tenantid = $Item.Tenantid + value = $Task.value } + $Function = "Push-CIPPAlert$($Task.Name)" + & $Function -Item $Item #Push-OutputBinding -Name QueueItemOut -Value $Item $Item | Add-Member -MemberType NoteProperty -Name 'RowKey' -Value $task.Name -Force $Item | Add-Member -MemberType NoteProperty -Name 'PartitionKey' -Value $Item.Tenant -Force @@ -41,9 +42,8 @@ function Push-SchedulerAlert { } else { Write-Host ('ALERTS: Duplicate run found. Ignoring. Tenant: {0}, Task: {1}' -f $Item.Tenant, $task.Name) } - } - if (($Batch | Measure-Object).Count -gt 0) { + <#if (($Batch | Measure-Object).Count -gt 0) { $InputObject = [PSCustomObject]@{ OrchestratorName = 'AlertsOrchestrator' SkipLog = $true @@ -55,7 +55,7 @@ function Push-SchedulerAlert { #$Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId } else { Write-Host 'No alerts to process' - } + }#> } catch { $Message = 'Exception on line {0} - {1}' -f $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message Write-LogMessage -message $Message -API 'Alerts' -tenant $Item.tenant -sev Error From 42a26e3794dfebb2391e9dd55656e576f0ea7ec1 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 28 Mar 2024 10:25:43 -0400 Subject: [PATCH 174/243] force domain array --- .../Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 index 2bec443954b5..55fb22f3f99e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListExternalTenantInfo.ps1 @@ -58,20 +58,20 @@ Function Invoke-ListExternalTenantInfo { # Invoke $response = Invoke-RestMethod -UseBasicParsing -Method Post -Uri 'https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc' -Body $body -Headers $headers - + # Return $TenantDomains = $response.Envelope.body.GetFederationInformationResponseMessage.response.Domains.Domain | Sort-Object } $results = [PSCustomObject]@{ GraphRequest = $GraphRequest - Domains = $TenantDomains + Domains = @($TenantDomains) } # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = $StatusCode - Body = $results + StatusCode = $StatusCode + Body = $results }) } From e067b239d0e86e4c19b4f5a5d0929154c74ef16f Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 28 Mar 2024 11:42:25 -0400 Subject: [PATCH 175/243] Move domain analyser to core function Allow for scheduling --- .../Entrypoints/Invoke-ListDomainAnalyser.ps1 | 22 +--------------- .../Public/Get-CIPPDomainAnalyser.ps1 | 26 +++++++++++++++++++ 2 files changed, 27 insertions(+), 21 deletions(-) create mode 100644 Modules/CIPPCore/Public/Get-CIPPDomainAnalyser.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomainAnalyser.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomainAnalyser.ps1 index ef10d6a3505d..76fe08536529 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomainAnalyser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomainAnalyser.ps1 @@ -8,28 +8,8 @@ Function Invoke-ListDomainAnalyser { #> [CmdletBinding()] param($Request, $TriggerMetadata) - $DomainTable = Get-CIPPTable -Table 'Domains' - - # Get all the things - - if ($Request.Query.tenantFilter -ne 'AllTenants') { - $DomainTable.Filter = "TenantId eq '{0}'" -f $Request.Query.tenantFilter - } - - try { - # Extract json from table results - $Results = foreach ($DomainAnalyserResult in (Get-CIPPAzDataTableEntity @DomainTable).DomainAnalyser) { - try { - if (![string]::IsNullOrEmpty($DomainAnalyserResult)) { - $Object = $DomainAnalyserResult | ConvertFrom-Json -ErrorAction SilentlyContinue - $Object - } - } catch {} - } - } catch { - $Results = @() - } + $Results = Get-CIPPDomainAnalyser -TenantFilter $Request.query.tenantFilter # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CIPPCore/Public/Get-CIPPDomainAnalyser.ps1 b/Modules/CIPPCore/Public/Get-CIPPDomainAnalyser.ps1 new file mode 100644 index 000000000000..e39e6d5953ba --- /dev/null +++ b/Modules/CIPPCore/Public/Get-CIPPDomainAnalyser.ps1 @@ -0,0 +1,26 @@ +function Get-CIPPDomainAnalyser { + [CmdletBinding()] + Param($TenantFilter) + $DomainTable = Get-CIPPTable -Table 'Domains' + + # Get all the things + + if ($TenantFilter -ne 'AllTenants') { + $DomainTable.Filter = "TenantId eq '{0}'" -f $TenantFilter + } + + try { + # Extract json from table results + $Results = foreach ($DomainAnalyserResult in (Get-CIPPAzDataTableEntity @DomainTable).DomainAnalyser) { + try { + if (![string]::IsNullOrEmpty($DomainAnalyserResult)) { + $Object = $DomainAnalyserResult | ConvertFrom-Json -ErrorAction SilentlyContinue + $Object + } + } catch {} + } + } catch { + $Results = @() + } + return $Results +} \ No newline at end of file From 9ddb001d4b12b048fd0f462800f744c4c01380e7 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 28 Mar 2024 14:30:00 -0400 Subject: [PATCH 176/243] fix bug with scheduler alltenants --- Scheduler_UserTasks/run.ps1 | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/Scheduler_UserTasks/run.ps1 b/Scheduler_UserTasks/run.ps1 index 8ad06065a2fa..2585ee499be6 100644 --- a/Scheduler_UserTasks/run.ps1 +++ b/Scheduler_UserTasks/run.ps1 @@ -3,7 +3,8 @@ param($Timer) $Table = Get-CippTable -tablename 'ScheduledTasks' $Filter = "TaskState eq 'Planned' or TaskState eq 'Failed - Planned'" $tasks = Get-CIPPAzDataTableEntity @Table -Filter $Filter -$Batch = foreach ($task in $tasks) { +$Batch = [System.Collections.Generic.List[object]]::new() +foreach ($task in $tasks) { $tenant = $task.Tenant $currentUnixTime = [int64](([datetime]::UtcNow) - (Get-Date '1/1/1970')).TotalSeconds if ($currentUnixTime -ge $task.ScheduledTime) { @@ -26,15 +27,20 @@ $Batch = foreach ($task in $tasks) { } if ($task.Tenant -eq 'AllTenants') { - Get-Tenants | ForEach-Object { - $ScheduledCommand.Parameters['TenantFilter'] = $_.defaultDomainName - $ScheduledCommand - #Push-OutputBinding -Name Msg -Value $ScheduledCommand + $AllTenantCommands = foreach ($Tenant in Get-Tenants) { + $NewParams = $task.Parameters.Clone() + $NewParams.TenantFilter = $Tenant.defaultDomainName + [pscustomobject]@{ + Command = $task.Command + Parameters = $NewParams + TaskInfo = $task + FunctionName = 'ExecScheduledCommand' + } } + $Batch.AddRange($AllTenantCommands) } else { $ScheduledCommand.Parameters['TenantFilter'] = $task.Tenant - $ScheduledCommand - #$Results = Push-OutputBinding -Name Msg -Value $ScheduledCommand + $Batch.Add($ScheduledCommand) } } catch { $errorMessage = $_.Exception.Message @@ -56,7 +62,8 @@ if (($Batch | Measure-Object).Count -gt 0) { Batch = @($Batch) SkipLog = $true } - #Write-Host ($InputObject | ConvertTo-Json) - $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + #Write-Host ($InputObject | ConvertTo-Json -Depth 10) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 10) + Write-Host "Started orchestration with ID = '$InstanceId'" } \ No newline at end of file From 093ae1291736de96fb09b3c1047699dd8ec61b21 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 28 Mar 2024 17:06:15 -0400 Subject: [PATCH 177/243] cleanup tenant access check remove lighthouse call add group principal name to available role list --- .../CIPPCore/Public/Test-CIPPAccessTenant.ps1 | 29 +++++-------------- 1 file changed, 8 insertions(+), 21 deletions(-) diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 index 6e9d85fd7a74..014218b3cc16 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessTenant.ps1 @@ -25,19 +25,11 @@ function Test-CIPPAccessTenant { $TenantIds = foreach ($Tenant in $Tenants) { ($TenantList | Where-Object { $_.defaultDomainName -eq $Tenant }).customerId } - try { - $MyRoles = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/managedTenants/myRoles?`$filter=tenantId in ('$($TenantIds -join "','")')" - } catch { - $MyRoles = @() - $AddedText = 'but could not retrieve GDAP roles from Lighthouse API' - } + $results = foreach ($tenant in $Tenants) { $AddedText = '' try { $TenantId = ($TenantList | Where-Object { $_.defaultDomainName -eq $tenant }).customerId - $Assignments = ($MyRoles | Where-Object { $_.tenantId -eq $TenantId }).assignments - $SAMUserRoles = $Assignments.roles - $BulkRequests = $ExpectedRoles | ForEach-Object { @( @{ id = "roleManagement_$($_.id)" @@ -49,10 +41,12 @@ function Test-CIPPAccessTenant { $GDAPRolesGraph = New-GraphBulkRequest -tenantid $tenant -Requests $BulkRequests $GDAPRoles = [System.Collections.Generic.List[object]]::new() $MissingRoles = [System.Collections.Generic.List[object]]::new() + + #Write-Host ($GDAPRolesGraph.body.value | ConvertTo-Json -Depth 10) foreach ($RoleId in $ExpectedRoles) { $GraphRole = $GDAPRolesGraph.body.value | Where-Object -Property roleDefinitionId -EQ $RoleId.Id $Role = $GraphRole.principal | Where-Object -Property organizationId -EQ $ENV:tenantid - $SAMRole = $SAMUserRoles | Where-Object -Property templateId -EQ $RoleId.Id + if (!$Role) { $MissingRoles.Add( [PSCustomObject]@{ @@ -62,16 +56,10 @@ function Test-CIPPAccessTenant { ) $AddedText = 'but missing GDAP roles' } else { - $GDAPRoles.Add([PSCustomObject]$RoleId) - } - if (!$SAMRole) { - $MissingRoles.Add( - [PSCustomObject]@{ - Name = $RoleId.Name - Type = 'SAM User' - } - ) - $AddedText = 'but missing GDAP roles' + $GDAPRoles.Add([PSCustomObject]@{ + Role = $RoleId.Name + Group = $Role.displayName + }) } } if (!($MissingRoles | Measure-Object).Count -gt 0) { @@ -82,7 +70,6 @@ function Test-CIPPAccessTenant { Status = "Successfully connected $($AddedText)" GDAPRoles = $GDAPRoles MissingRoles = $MissingRoles - SAMUserRoles = $SAMUserRoles } Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message 'Tenant access check executed successfully' -Sev 'Info' From 32ad33a82db249f50a572035b2418326f957d72a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 28 Mar 2024 23:12:45 -0400 Subject: [PATCH 178/243] Mail test --- .../Entrypoints/Invoke-ExecMailTest.ps1 | 82 +++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 new file mode 100644 index 000000000000..7bc6c3f17f90 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 @@ -0,0 +1,82 @@ +using namespace System.Net +Function Invoke-ExecMailTest { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + # Write to the Azure Functions log stream. + Write-Host 'PowerShell HTTP trigger function processed a request.' + + try { + switch ($Request.Query.Action) { + 'CheckConfig' { + $GraphToken = Get-GraphToken -returnRefresh $true -SkipCache $true + $AccessTokenDetails = Read-JwtAccessDetails -Token $GraphToken.access_token + $Me = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/me?$select=displayName,proxyAddresses' -NoAuthCheck $true + if ($AccessTokenDetails.Scope -contains 'Mail.Read') { + $Message = 'Mail.Read - Delegated was found in the token scope.' + $HasMailRead = $true + } else { + $Message = 'Please add Mail.Read - Delegated to the API permissions for CIPP-SAM.' + $HasMailRead = $false + } + + $Body = [PSCustomObject]@{ + Message = $Message + HasMailRead = $HasMailRead + MailUser = $Me.displayName + MailAddresses = $Me.proxyAddresses | Select-Object @{n = 'Address'; exp = { ($_ -split ':')[1] } }, @{n = 'IsPrimary'; exp = { $_ -cmatch 'SMTP' } } + } + } + default { + $Messages = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me/mailFolders/Inbox/messages?`$select=receivedDateTime,subject,sender,internetMessageHeaders,webLink" -NoAuthCheck $true + $Results = foreach ($Message in $Messages) { + $AuthResult = ($Message.internetMessageHeaders | Where-Object -Property name -EQ 'Authentication-Results').value + $AuthResult = $AuthResult -split ';\s*' + $AuthResult = $AuthResult | ForEach-Object { + if ($_ -match '^(?.+?)=\s*(?.+?)\s(?.+)$') { + [PSCustomObject]@{ + Name = $Matches.Name + Status = $Matches.Status + Info = $Matches.Info + } + } + } + [PSCustomObject]@{ + Received = $Message.receivedDateTime + Subject = $Message.subject + Sender = $Message.sender.emailAddress.name + From = $Message.sender.emailAddress.address + Link = $Message.webLink + Headers = $Message.internetMessageHeaders + AuthResult = $AuthResult + } + } + $Body = [PSCustomObject]@{ + Results = @($Results) + Metadata = [PSCustomObject]@{ + Count = ($Results | Measure-Object).Count + } + } + } + } + $StatusCode = [HttpStatusCode]::OK + } catch { + $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message + $StatusCode = [HttpStatusCode]::BadRequest + $Body = [PSCustomObject]@{ + Results = @($ErrorMessage) + } + } + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = $StatusCode + Body = $Body + }) +} From 07ba0b48559b439e4a1ddd6e5ca0144b2ad1c2ab Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 29 Mar 2024 13:20:54 +0100 Subject: [PATCH 179/243] fix so api doesn't change --- .../Entrypoints/Invoke-ExecOffboardUser.ps1 | 66 ++++++++++--------- 1 file changed, 34 insertions(+), 32 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOffboardUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOffboardUser.ps1 index 2391bd643995..02516f3148bf 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOffboardUser.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOffboardUser.ps1 @@ -7,42 +7,44 @@ Function Invoke-ExecOffboardUser { #> [CmdletBinding()] param($Request, $TriggerMetadata) - try { - $APIName = 'ExecOffboardUser' - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - $Username = $request.body.user - $Tenantfilter = $request.body.tenantfilter - $Results = if ($Request.body.Scheduled.enabled) { - $taskObject = [PSCustomObject]@{ - TenantFilter = $Tenantfilter - Name = "Offboarding: $Username" - Command = @{ - value = 'Invoke-CIPPOffboardingJob' - } - Parameters = @{ - Username = $Username - APIName = 'Scheduled Offboarding' - options = $request.body - } - ScheduledTime = $Request.body.scheduled.date - PostExecution = @{ - Webhook = [bool]$Request.Body.PostExecution.webhook - Email = [bool]$Request.Body.PostExecution.email - PSA = [bool]$Request.Body.PostExecution.psa + if ($Request.body.user.value) { $AllUsers = $Request.body.user.value } else { $AllUsers = @($Request.body.user) } + $Results = foreach ($username in $AllUsers) { + try { + $APIName = 'ExecOffboardUser' + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + $Tenantfilter = $request.body.tenantfilter + if ($Request.body.Scheduled.enabled) { + $taskObject = [PSCustomObject]@{ + TenantFilter = $Tenantfilter + Name = "Offboarding: $Username" + Command = @{ + value = 'Invoke-CIPPOffboardingJob' + } + Parameters = @{ + Username = $Username + APIName = 'Scheduled Offboarding' + options = $request.body + } + ScheduledTime = $Request.body.scheduled.date + PostExecution = @{ + Webhook = [bool]$Request.Body.PostExecution.webhook + Email = [bool]$Request.Body.PostExecution.email + PSA = [bool]$Request.Body.PostExecution.psa + } } + Add-CIPPScheduledTask -Task $taskObject -hidden $false + } else { + Invoke-CIPPOffboardingJob -Username $Username -TenantFilter $Tenantfilter -Options $Request.body -APIName $APIName -ExecutingUser $request.headers.'x-ms-client-principal' } - - Add-CIPPScheduledTask -Task $taskObject -hidden $false - } else { - Invoke-CIPPOffboardingJob -Username $Username -TenantFilter $Tenantfilter -Options $Request.body -APIName $APIName -ExecutingUser $request.headers.'x-ms-client-principal' + $StatusCode = [HttpStatusCode]::OK + + } catch { + $StatusCode = [HttpStatusCode]::Forbidden + $body = $_.Exception.message } - $StatusCode = [HttpStatusCode]::OK - $body = [pscustomobject]@{'Results' = @($results) } - } catch { - $StatusCode = [HttpStatusCode]::Forbidden - $body = $_.Exception.message } - $Request.Body.PostExecution + $body = [pscustomobject]@{'Results' = @($results) } Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode Body = $Body From 5d7dbe2eb8cf4b322c6e5cdbff9947b6f5f8ce51 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 29 Mar 2024 13:22:55 +0100 Subject: [PATCH 180/243] version up --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 84197c89467d..1e20ec35c642 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.3.2 +5.4.0 \ No newline at end of file From c261bf0e26b158c0af922dc36522d79569b521b9 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 29 Mar 2024 10:15:48 -0400 Subject: [PATCH 181/243] add exclusion check to onboarding --- .../Push-ExecOnboardTenantQueue.ps1 | 119 ++++++++++-------- 1 file changed, 64 insertions(+), 55 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 index 24d206b069c7..c4200021627f 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 @@ -263,72 +263,81 @@ Function Push-ExecOnboardTenantQueue { $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress) Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop - $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Clearing tenant cache' }) - $y = 0 - do { - try { - Remove-CIPPCache -tenantsOnly $true - } catch {} + $IsExcluded = (Get-Tenants -SkipList | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Measure-Object).Count -gt 0 + if ($IsExcluded) { + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant is excluded from CIPP, onboarding cannot continue.' }) + $TenantOnboarding.Status = 'failed' + $OnboardingSteps.Step4.Status = 'failed' + $OnboardingSteps.Step4.Message = 'Tenant excluded from CIPP, remove the exclusion and retry onboarding.' + } else { - $Tenant = Get-Tenants | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1 - $y++ - Start-Sleep -Seconds 20 - } while (!$Tenant -and $y -le 4) + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Clearing tenant cache' }) + $y = 0 + do { + try { + Remove-CIPPCache -tenantsOnly $true + } catch {} - if ($Tenant) { - $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant found in customer list' }) - try { - $CPVConsentParams = @{ - TenantFilter = $Tenant.defaultDomainName - } - $Consent = Set-CIPPCPVConsent @CPVConsentParams - if ($Consent -match 'Could not add our Service Principal to the client tenant') { - throw + $Tenant = Get-Tenants | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1 + $y++ + Start-Sleep -Seconds 20 + } while (!$Tenant -and $y -le 4) + + if ($Tenant) { + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant found in customer list' }) + try { + $CPVConsentParams = @{ + TenantFilter = $Tenant.defaultDomainName + } + $Consent = Set-CIPPCPVConsent @CPVConsentParams + if ($Consent -match 'Could not add our Service Principal to the client tenant') { + throw + } + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Added initial CPV consent permissions' }) + } catch { + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV Consent Failed' }) + $TenantOnboarding.Status = 'failed' + $OnboardingSteps.Step4.Status = 'failed' + $OnboardingSteps.Step4.Message = 'CPV Consent failed, check the App Registration in your partner tenant for missing admin consent.' + $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress) + $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress) + Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop + return } - $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Added initial CPV consent permissions' }) - } catch { - $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV Consent Failed' }) - $TenantOnboarding.Status = 'failed' - $OnboardingSteps.Step4.Status = 'failed' - $OnboardingSteps.Step4.Message = 'CPV Consent failed, check the App Registration in your partner tenant for missing admin consent.' + $Refreshing = $true + $CPVSuccess = $false + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Refreshing CPV permissions' }) + $OnboardingSteps.Step4.Message = 'Refreshing CPV permissions' $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress) $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress) Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop - return - } - $Refreshing = $true - $CPVSuccess = $false - $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Refreshing CPV permissions' }) - $OnboardingSteps.Step4.Message = 'Refreshing CPV permissions' - $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress) - $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress) - Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop - do { - try { - Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Tenant.defaultDomainName - Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Tenant.defaultDomainName - $CPVSuccess = $true - $Refreshing = $false - } catch { - Start-Sleep -Seconds 30 - } - } while ($Refreshing -and (Get-Date) -lt $Start.AddMinutes(8)) + do { + try { + Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Tenant.defaultDomainName + Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Tenant.defaultDomainName + $CPVSuccess = $true + $Refreshing = $false + } catch { + Start-Sleep -Seconds 30 + } + } while ($Refreshing -and (Get-Date) -lt $Start.AddMinutes(8)) - if ($CPVSuccess) { - $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions refreshed' }) - $OnboardingSteps.Step4.Status = 'succeeded' - $OnboardingSteps.Step4.Message = 'CPV permissions refreshed' + if ($CPVSuccess) { + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions refreshed' }) + $OnboardingSteps.Step4.Status = 'succeeded' + $OnboardingSteps.Step4.Message = 'CPV permissions refreshed' + } else { + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions failed to refresh' }) + $TenantOnboarding.Status = 'failed' + $OnboardingSteps.Step4.Status = 'failed' + $OnboardingSteps.Step4.Message = 'CPV permissions failed to refresh, try again later' + } } else { - $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions failed to refresh' }) + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant not found' }) $TenantOnboarding.Status = 'failed' $OnboardingSteps.Step4.Status = 'failed' - $OnboardingSteps.Step4.Message = 'CPV permissions failed to refresh, try again later' + $OnboardingSteps.Step4.Message = 'Tenant not found in customer list, try again later' } - } else { - $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant not found' }) - $TenantOnboarding.Status = 'failed' - $OnboardingSteps.Step4.Status = 'failed' - $OnboardingSteps.Step4.Message = 'Tenant not found in customer list, try again later' } $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress) $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress) From 6194713ac0a6e3c9f9ede2c90fcbb3fa598b9a27 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 29 Mar 2024 10:40:48 -0400 Subject: [PATCH 182/243] Get-Tenants bugfix --- Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 | 13 ++++++++++--- .../CIPPCore/Public/Test-CIPPAccessPermissions.ps1 | 2 +- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 index 4dc97a3ce27d..fcf350f72774 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 @@ -58,7 +58,14 @@ function Get-Tenants { $AutoExtend = ($_.Group | Where-Object { $_.autoExtend -eq $true } | Measure-Object).Count -gt 0 # Query domains to get default/initial - $Domains = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $LatestRelationship.customerId -NoAuthCheck:$true + try { + $Domains = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $LatestRelationship.customerId -NoAuthCheck:$true -ErrorAction Stop + $defaultDomainName = ($Domains | Where-Object { $_.isDefault -eq $true }).id + $initialDomainName = ($Domains | Where-Object { $_.isInitial -eq $true }).id + } catch { + $defaultDomainName = 'Domain Error, check permissions' + $initialDomainName = 'Domain Error, check permissions' + } [PSCustomObject]@{ PartitionKey = 'Tenants' RowKey = $_.Name @@ -66,8 +73,8 @@ function Get-Tenants { displayName = $LatestRelationship.displayName relationshipEnd = $LatestRelationship.relationshipEnd relationshipCount = $_.Count - defaultDomainName = ($Domains | Where-Object { $_.isDefault -eq $true }).id - initialDomainName = ($Domains | Where-Object { $_.isInitial -eq $true }).id + defaultDomainName = $defaultDomainName + initialDomainName = $initialDomainName hasAutoExtend = $AutoExtend delegatedPrivilegeStatus = 'granularDelegatedAdminPrivileges' domains = '' diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 index 971753f68d40..f82b937d9e57 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 @@ -26,7 +26,7 @@ function Test-CIPPAccessPermissions { Set-Location (Get-Item $PSScriptRoot).FullName $ExpectedPermissions = Get-Content '.\SAMManifest.json' | ConvertFrom-Json - $GraphToken = Get-GraphToken -returnRefresh $true + $GraphToken = Get-GraphToken -returnRefresh $true -SkipCache $true if ($GraphToken) { $GraphPermissions = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/myorganization/applications?`$filter=appId eq '$env:ApplicationID'" -NoAuthCheck $true } From e515b315f422d63aaabc43a140774172102429df Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 29 Mar 2024 10:44:09 -0400 Subject: [PATCH 183/243] Update version_latest.txt --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 1e20ec35c642..ade65226e0aa 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.4.0 \ No newline at end of file +5.4.1 From 1adb64744562b328f89c50632fdbaa7593d4ce31 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 29 Mar 2024 14:49:52 -0400 Subject: [PATCH 184/243] Update CPV to use customerId --- .../Entrypoints/Invoke-ExecCPVPermissions.ps1 | 16 ++++++++-------- .../Push-ExecOnboardTenantQueue.ps1 | 8 ++++---- .../Push-UpdatePermissionsQueue.ps1 | 8 ++++---- Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 | 18 ++++++++++-------- 4 files changed, 26 insertions(+), 24 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCPVPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCPVPermissions.ps1 index 7573e9fd209c..4703972094e4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCPVPermissions.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCPVPermissions.ps1 @@ -11,14 +11,14 @@ Function Invoke-ExecCPVPermissions { $APIName = $TriggerMetadata.FunctionName Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - # Write to the Azure Functions log stream. Write-Host 'PowerShell HTTP trigger function processed a request.' - $TenantFilter = (get-tenants -IncludeAll -IncludeErrors | Where-Object -Property customerId -EQ $Request.query.Tenantfilter).defaultDomainName - Write-Host "Our Tenantfilter is $TenantFilter" + $Tenant = Get-Tenants -IncludeAll | Where-Object -Property customerId -EQ $Request.Query.TenantFilter | Select-Object -First 1 + + Write-Host "Our tenant is $($Tenant.displayName) - $($Tenant.defaultDomainName)" $CPVConsentParams = @{ - Tenantfilter = $TenantFilter + TenantFilter = $Request.Query.TenantFilter } if ($Request.Query.ResetSP -eq 'true') { $CPVConsentParams.ResetSP = $true @@ -26,15 +26,15 @@ Function Invoke-ExecCPVPermissions { $GraphRequest = try { Set-CIPPCPVConsent @CPVConsentParams - Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $TenantFilter - Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $TenantFilter + Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Request.Query.TenantFilter + Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Request.Query.TenantFilter $Success = $true } catch { - "Failed to update permissions for $($TenantFilter): $($_.Exception.Message)" + "Failed to update permissions for $($Tenant.displayName): $($_.Exception.Message)" $Success = $false } - $Tenant = Get-Tenants -IncludeAll -IncludeErrors | Where-Object -Property defaultDomainName -EQ $Tenantfilter + $Tenant = Get-Tenants -IncludeAll | Where-Object -Property customerId -EQ $TenantFilter # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 index c4200021627f..46868993d12d 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 @@ -278,7 +278,7 @@ Function Push-ExecOnboardTenantQueue { Remove-CIPPCache -tenantsOnly $true } catch {} - $Tenant = Get-Tenants | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1 + $Tenant = Get-Tenants -IncludeAll | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1 $y++ Start-Sleep -Seconds 20 } while (!$Tenant -and $y -le 4) @@ -287,7 +287,7 @@ Function Push-ExecOnboardTenantQueue { $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Tenant found in customer list' }) try { $CPVConsentParams = @{ - TenantFilter = $Tenant.defaultDomainName + TenantFilter = $Relationship.customer.tenantId } $Consent = Set-CIPPCPVConsent @CPVConsentParams if ($Consent -match 'Could not add our Service Principal to the client tenant') { @@ -313,8 +313,8 @@ Function Push-ExecOnboardTenantQueue { Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop do { try { - Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Tenant.defaultDomainName - Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Tenant.defaultDomainName + Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Relationship.customer.tenantId + Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Relationship.customer.tenantId $CPVSuccess = $true $Refreshing = $false } catch { diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-UpdatePermissionsQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-UpdatePermissionsQueue.ps1 index e1d72b14e867..672f1f196b65 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-UpdatePermissionsQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-UpdatePermissionsQueue.ps1 @@ -7,11 +7,11 @@ function Push-UpdatePermissionsQueue { if (!$CPVRows -or $ENV:ApplicationID -notin $CPVRows.applicationId) { Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message 'A New tenant has been added, or a new CIPP-SAM Application is in use' -Sev 'Warn' -API 'NewTenant' Write-Host 'Adding CPV permissions' - Set-CIPPCPVConsent -Tenantfilter $Item.defaultDomainName + Set-CIPPCPVConsent -Tenantfilter $Item.customerId } - Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.defaultDomainName - Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.defaultDomainName + Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.customerId + Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Item.customerId - Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Updated permissions for $($Item.defaultDomainName)" -Sev 'Info' -API 'UpdatePermissionsQueue' + Write-LogMessage -tenant $Item.defaultDomainName -tenantId $Item.customerId -message "Updated permissions for $($Item.displayName)" -Sev 'Info' -API 'UpdatePermissionsQueue' } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 b/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 index 35a90d7f9e90..d508471a08a4 100644 --- a/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 @@ -1,23 +1,25 @@ function Set-CIPPCPVConsent { [CmdletBinding()] param( - $Tenantfilter, + $TenantFilter, $APIName = 'CPV Consent', $ExecutingUser, [bool]$ResetSP = $false ) $Results = [System.Collections.Generic.List[string]]::new() - $Tenant = Get-Tenants -IncludeAll -IncludeErrors | Where-Object -Property defaultDomainName -EQ $Tenantfilter - $TenantName = $Tenant.defaultDomainName - $TenantFilter = $Tenant.customerId + $Tenant = Get-Tenants -IncludeAll | Where-Object -Property customerId -EQ $TenantFilter | Select-Object -First 1 + $TenantName = $Tenant.displayName - if ($Tenantfilter -eq $env:TenantID) { + if ($TenantFilter -eq $env:TenantID) { return @('Cannot modify CPV consent on partner tenant') } + if ($Tenant.customerId -ne $TenantFilter) { + return @('Not a valid tenant') + } if ($ResetSP) { try { - $DeleteSP = New-GraphpostRequest -Type DELETE -noauthcheck $true -uri "https://api.partnercenter.microsoft.com/v1/customers/$($TenantFilter)/applicationconsents/$($ENV:applicationId)" -scope 'https://api.partnercenter.microsoft.com/.default' -tenantid $env:TenantID + $DeleteSP = New-GraphPostRequest -Type DELETE -noauthcheck $true -uri "https://api.partnercenter.microsoft.com/v1/customers/$($TenantFilter)/applicationconsents/$($ENV:applicationId)" -scope 'https://api.partnercenter.microsoft.com/.default' -tenantid $env:TenantID $Results.add("Deleted Service Principal from $TenantName") } catch { $Results.add("Error deleting SP - $($_.Exception.Message)") @@ -51,7 +53,7 @@ function Set-CIPPCPVConsent { } Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force $Results.add("Successfully added CPV Application to tenant $($TenantName)") | Out-Null - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Added our Service Principal to $($TenantName): $($_.Exception.message)" -Sev 'Info' -tenant $TenantName -tenantId $TenantFilter + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Added our Service Principal to $($TenantName): $($_.Exception.message)" -Sev 'Info' -tenant $Tenant.defaultDomainName -tenantId $TenantFilter } catch { $ErrorMessage = Get-NormalizedError -message $_.Exception.Message @@ -68,7 +70,7 @@ function Set-CIPPCPVConsent { Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force return @("We've already added our Service Principal to $($TenantName)") } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Could not add our Service Principal to the client tenant $($TenantName): $($_.Exception.message)" -Sev 'Error' -tenant $TenantName -tenantId $TenantFilter + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Could not add our Service Principal to the client tenant $($TenantName): $($_.Exception.message)" -Sev 'Error' -tenant $Tenant.defaultDomainName -tenantId $TenantFilter return @("Could not add our Service Principal to the client tenant $($TenantName): $ErrorMessage") } return $Results From 3ce6d5097a996f6344d5a24364617e9bd53a33ba Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 29 Mar 2024 15:25:29 -0400 Subject: [PATCH 185/243] Fix onboarding tenant cache clear --- .../Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 index 46868993d12d..b6938cc1389c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 @@ -326,6 +326,12 @@ Function Push-ExecOnboardTenantQueue { $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions refreshed' }) $OnboardingSteps.Step4.Status = 'succeeded' $OnboardingSteps.Step4.Message = 'CPV permissions refreshed' + if ($Tenant.defaultDomainName -match 'Domain Error') { + try { + Remove-CIPPCache -tenantsOnly $true + } catch {} + $Tenant = Get-Tenants -IncludeAll | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1 + } } else { $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions failed to refresh' }) $TenantOnboarding.Status = 'failed' From a57afd0a31061b43c2a9e3107690f92a93f3d6d6 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 29 Mar 2024 16:32:54 -0400 Subject: [PATCH 186/243] Update version_latest.txt --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index ade65226e0aa..8ae03c11904c 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.4.1 +5.4.2 From 93d3b6e70a5fd754a300c4c403a057335c63c60d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 30 Mar 2024 12:00:21 -0400 Subject: [PATCH 187/243] Fix email address check --- .../Public/Entrypoints/Invoke-ExecMailTest.ps1 | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 index 7bc6c3f17f90..f74c44179b3b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 @@ -18,7 +18,7 @@ Function Invoke-ExecMailTest { 'CheckConfig' { $GraphToken = Get-GraphToken -returnRefresh $true -SkipCache $true $AccessTokenDetails = Read-JwtAccessDetails -Token $GraphToken.access_token - $Me = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/me?$select=displayName,proxyAddresses' -NoAuthCheck $true + $Me = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/me?$select=displayName,userPrincipalName,proxyAddresses' -NoAuthCheck $true if ($AccessTokenDetails.Scope -contains 'Mail.Read') { $Message = 'Mail.Read - Delegated was found in the token scope.' $HasMailRead = $true @@ -27,11 +27,17 @@ Function Invoke-ExecMailTest { $HasMailRead = $false } + if ($Me.proxyAddresses) { + $Emails = $Me.proxyAddresses | Select-Object @{n = 'Address'; exp = { ($_ -split ':')[1] } }, @{n = 'IsPrimary'; exp = { $_ -cmatch 'SMTP' } } + } else { + $Emails = @(@{ Address = $Me.userPrincipalName; IsPrimary = $true }) + } + $Body = [PSCustomObject]@{ Message = $Message HasMailRead = $HasMailRead MailUser = $Me.displayName - MailAddresses = $Me.proxyAddresses | Select-Object @{n = 'Address'; exp = { ($_ -split ':')[1] } }, @{n = 'IsPrimary'; exp = { $_ -cmatch 'SMTP' } } + MailAddresses = $Emails } } default { @@ -54,7 +60,7 @@ Function Invoke-ExecMailTest { Sender = $Message.sender.emailAddress.name From = $Message.sender.emailAddress.address Link = $Message.webLink - Headers = $Message.internetMessageHeaders + Headers = $Message.internetMessageHeaders AuthResult = $AuthResult } } From cd2559488be64f64f3b836c59bd322962c85c58a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sat, 30 Mar 2024 12:13:21 -0400 Subject: [PATCH 188/243] Update Invoke-ExecMailTest.ps1 --- Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 index f74c44179b3b..4dfaf5e732e7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 @@ -37,7 +37,7 @@ Function Invoke-ExecMailTest { Message = $Message HasMailRead = $HasMailRead MailUser = $Me.displayName - MailAddresses = $Emails + MailAddresses = @($Emails) } } default { From 4135bd384152ee721abd936eaa819928bf565bad Mon Sep 17 00:00:00 2001 From: John Duprey Date: Sun, 31 Mar 2024 19:22:40 -0400 Subject: [PATCH 189/243] handle empty mailbox --- .../Entrypoints/Invoke-ExecMailTest.ps1 | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 index 4dfaf5e732e7..483594d83889 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 @@ -43,25 +43,27 @@ Function Invoke-ExecMailTest { default { $Messages = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me/mailFolders/Inbox/messages?`$select=receivedDateTime,subject,sender,internetMessageHeaders,webLink" -NoAuthCheck $true $Results = foreach ($Message in $Messages) { - $AuthResult = ($Message.internetMessageHeaders | Where-Object -Property name -EQ 'Authentication-Results').value - $AuthResult = $AuthResult -split ';\s*' - $AuthResult = $AuthResult | ForEach-Object { - if ($_ -match '^(?.+?)=\s*(?.+?)\s(?.+)$') { - [PSCustomObject]@{ - Name = $Matches.Name - Status = $Matches.Status - Info = $Matches.Info + if ($Message.receivedDateTime) { + $AuthResult = ($Message.internetMessageHeaders | Where-Object -Property name -EQ 'Authentication-Results').value + $AuthResult = $AuthResult -split ';\s*' + $AuthResult = $AuthResult | ForEach-Object { + if ($_ -match '^(?.+?)=\s*(?.+?)\s(?.+)$') { + [PSCustomObject]@{ + Name = $Matches.Name + Status = $Matches.Status + Info = $Matches.Info + } } } - } - [PSCustomObject]@{ - Received = $Message.receivedDateTime - Subject = $Message.subject - Sender = $Message.sender.emailAddress.name - From = $Message.sender.emailAddress.address - Link = $Message.webLink - Headers = $Message.internetMessageHeaders - AuthResult = $AuthResult + [PSCustomObject]@{ + Received = $Message.receivedDateTime + Subject = $Message.subject + Sender = $Message.sender.emailAddress.name + From = $Message.sender.emailAddress.address + Link = $Message.webLink + Headers = $Message.internetMessageHeaders + AuthResult = $AuthResult + } } } $Body = [PSCustomObject]@{ From a17af344fa1f9ec44e1c5cb6855602f3f7a9dcaf Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 1 Apr 2024 17:46:19 -0400 Subject: [PATCH 190/243] Tidy tenant list, optimize query --- Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 | 5 ++--- Modules/CippExtensions/Private/Get-HaloMapping.ps1 | 6 +++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 index fcf350f72774..6a7eeded0bd5 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 @@ -38,7 +38,7 @@ function Get-Tenants { if (!$LastRefresh -or $LastRefresh -lt (Get-Date).Addhours(-24).ToUniversalTime()) { # Query for active relationships - $GDAPRelationships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships?`$filter=status eq 'active'&`$select=customer,autoExtendDuration,endDateTime" + $GDAPRelationships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships?`$filter=status eq 'active' and not startsWith(displayName,'MLT_')&`$select=customer,autoExtendDuration,endDateTime" # Flatten gdap relationship $GDAPList = foreach ($Relationship in $GDAPRelationships) { @@ -115,6 +115,5 @@ function Get-Tenants { Add-CIPPAzDataTableEntity @TenantsTable -Entity $IncludedTenantsCache } } - return ($IncludedTenantsCache | Where-Object -Property defaultDomainName -NE $null | Sort-Object -Property displayName) - + return ($IncludedTenantsCache | Where-Object { $null -ne $_.defaultDomainName -and ($_.defaultDomainName -notmatch 'Domain Error' -or $IncludeAll.IsPresent) } | Sort-Object -Property displayName) } diff --git a/Modules/CippExtensions/Private/Get-HaloMapping.ps1 b/Modules/CippExtensions/Private/Get-HaloMapping.ps1 index ad4fc1e88111..8391252ae065 100644 --- a/Modules/CippExtensions/Private/Get-HaloMapping.ps1 +++ b/Modules/CippExtensions/Private/Get-HaloMapping.ps1 @@ -10,7 +10,7 @@ function Get-HaloMapping { Get-CIPPAzDataTableEntity @CIPPMapping -Filter $Filter | ForEach-Object { $Mappings | Add-Member -NotePropertyName $_.RowKey -NotePropertyValue @{ label = "$($_.HaloPSAName)"; value = "$($_.HaloPSA)" } } - $Tenants = Get-Tenants -IncludeAll + $Tenants = Get-Tenants -IncludeErrors $Table = Get-CIPPTable -TableName Extensionsconfig try { $Configuration = ((Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -ea stop).HaloPSA @@ -30,9 +30,9 @@ function Get-HaloMapping { } else { $_.Exception.message } - + Write-LogMessage -Message "Could not get HaloPSA Clients, error: $Message " -Level Error -tenant 'CIPP' -API 'HaloMapping' - $RawHaloClients = @(@{name = "Could not get HaloPSA Clients, error: $Message" }) + $RawHaloClients = @(@{name = "Could not get HaloPSA Clients, error: $Message" }) } $HaloClients = $RawHaloClients | ForEach-Object { [PSCustomObject]@{ From 61bcc5ab72f3eb3f60cb4dc4203505c2f4ab0796 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 1 Apr 2024 18:09:34 -0400 Subject: [PATCH 191/243] Move CippQueue to CippCore --- ListCippQueue/function.json | 18 --- .../Public/CippQueue/Invoke-ListCippQueue.ps1 | 23 ++++ .../Public/CippQueue/New-CippQueueEntry.ps1 | 23 ++++ .../Public/CippQueue/Remove-CippQueue.ps1 | 18 +++ .../CippQueue/Update-CippQueueEntry.ps1 | 29 +++++ .../Entrypoints/Invoke-ListGraphRequest.ps1 | 3 + Modules/CippQueue/CippQueue.psm1 | 104 ------------------ Tools/Initialize-DevEnvironment.ps1 | 1 - 8 files changed, 96 insertions(+), 123 deletions(-) delete mode 100644 ListCippQueue/function.json create mode 100644 Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 create mode 100644 Modules/CIPPCore/Public/CippQueue/New-CippQueueEntry.ps1 create mode 100644 Modules/CIPPCore/Public/CippQueue/Remove-CippQueue.ps1 create mode 100644 Modules/CIPPCore/Public/CippQueue/Update-CippQueueEntry.ps1 delete mode 100644 Modules/CippQueue/CippQueue.psm1 diff --git a/ListCippQueue/function.json b/ListCippQueue/function.json deleted file mode 100644 index 9a02219bfcbd..000000000000 --- a/ListCippQueue/function.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "scriptFile": "../Modules/CippQueue/CippQueue.psm1", - "entryPoint": "Get-CippQueue", - "bindings": [ - { - "authLevel": "anonymous", - "type": "httpTrigger", - "direction": "in", - "name": "Request", - "methods": ["get", "post"] - }, - { - "type": "http", - "direction": "out", - "name": "Response" - } - ] -} diff --git a/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 b/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 new file mode 100644 index 000000000000..e5f7a93a5e2a --- /dev/null +++ b/Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1 @@ -0,0 +1,23 @@ +function Invoke-ListCippQueue { + # Input bindings are passed in via param block. + param($Request = $null, $TriggerMetadata) + + if ($Request) { + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + # Write to the Azure Functions log stream. + Write-Host 'PowerShell HTTP trigger function processed a request.' + } + + $CippQueue = Get-CippTable -TableName 'CippQueue' + $CippQueueData = Get-CIPPAzDataTableEntity @CippQueue | Where-Object { ($_.Timestamp.DateTime) -ge (Get-Date).ToUniversalTime().AddHours(-1) } | Sort-Object -Property Timestamp -Descending + if ($request) { + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = @($CippQueueData) + }) + } else { + return $CippQueueData + } +} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/CippQueue/New-CippQueueEntry.ps1 b/Modules/CIPPCore/Public/CippQueue/New-CippQueueEntry.ps1 new file mode 100644 index 000000000000..a64351dcfdb2 --- /dev/null +++ b/Modules/CIPPCore/Public/CippQueue/New-CippQueueEntry.ps1 @@ -0,0 +1,23 @@ +function New-CippQueueEntry { + Param( + $Name, + $Link, + $Reference + ) + + $CippQueue = Get-CippTable -TableName CippQueue + + $QueueEntry = @{ + PartitionKey = 'CippQueue' + RowKey = (New-Guid).Guid.ToString() + Name = $Name + Link = $Link + Reference = $Reference + Status = 'Queued' + } + $CippQueue.Entity = $QueueEntry + + Add-CIPPAzDataTableEntity @CippQueue + + $QueueEntry +} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/CippQueue/Remove-CippQueue.ps1 b/Modules/CIPPCore/Public/CippQueue/Remove-CippQueue.ps1 new file mode 100644 index 000000000000..cce34ebaa82f --- /dev/null +++ b/Modules/CIPPCore/Public/CippQueue/Remove-CippQueue.ps1 @@ -0,0 +1,18 @@ +function Remove-CippQueue { + # Input bindings are passed in via param block. + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + # Write to the Azure Functions log stream. + Write-Host 'PowerShell HTTP trigger function processed a request.' + + $CippQueue = Get-CippTable -TableName 'CippQueue' + Clear-AzDataTable @CippQueue + + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = @{Results = @('History cleared') } + }) +} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/CippQueue/Update-CippQueueEntry.ps1 b/Modules/CIPPCore/Public/CippQueue/Update-CippQueueEntry.ps1 new file mode 100644 index 000000000000..2662d71bf750 --- /dev/null +++ b/Modules/CIPPCore/Public/CippQueue/Update-CippQueueEntry.ps1 @@ -0,0 +1,29 @@ +function Update-CippQueueEntry { + Param( + [Parameter(Mandatory = $true)] + $RowKey, + $Status, + $Name + ) + + $CippQueue = Get-CippTable -TableName CippQueue + + if ($RowKey) { + $QueueEntry = Get-CIPPAzDataTableEntity @CippQueue -Filter ("RowKey eq '{0}'" -f $RowKey) + + if ($QueueEntry) { + if ($Status) { + $QueueEntry.Status = $Status + } + if ($Name) { + $QueueEntry.Name = $Name + } + Update-AzDataTableEntity @CippQueue -Entity $QueueEntry + $QueueEntry + } else { + return $false + } + } else { + return $false + } +} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 index 3b14227b1907..2cd1d9cd9bac 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 @@ -3,6 +3,9 @@ function Invoke-ListGraphRequest { <# .FUNCTIONALITY Entrypoint + + .ROLE + Core.Read #> [CmdletBinding()] param($Request, $TriggerMetadata) diff --git a/Modules/CippQueue/CippQueue.psm1 b/Modules/CippQueue/CippQueue.psm1 deleted file mode 100644 index e9b86a3bc74e..000000000000 --- a/Modules/CippQueue/CippQueue.psm1 +++ /dev/null @@ -1,104 +0,0 @@ -using namespace System.Net - -function New-CippQueueEntry { - Param( - $Name, - $Link, - $Reference - ) - - $CippQueue = Get-CippTable -TableName CippQueue - - $QueueEntry = @{ - PartitionKey = 'CippQueue' - RowKey = (New-Guid).Guid.ToString() - Name = $Name - Link = $Link - Reference = $Reference - Status = 'Queued' - } - $CippQueue.Entity = $QueueEntry - - Add-CIPPAzDataTableEntity @CippQueue - - $QueueEntry -} - -function Update-CippQueueEntry { - Param( - [Parameter(Mandatory = $true)] - $RowKey, - $Status, - $Name - ) - - $CippQueue = Get-CippTable -TableName CippQueue - - if ($RowKey) { - $QueueEntry = Get-CIPPAzDataTableEntity @CippQueue -Filter ("RowKey eq '{0}'" -f $RowKey) - - if ($QueueEntry) { - if ($Status) { - $QueueEntry.Status = $Status - } - if ($Name) { - $QueueEntry.Name = $Name - } - Update-AzDataTableEntity @CippQueue -Entity $QueueEntry - $QueueEntry - } - else { - return $false - } - } - else { - return $false - } -} - -function Get-CippQueue { - # Input bindings are passed in via param block. - param($Request = $null, $TriggerMetadata) - - if ($Request) { - $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' - } - - $CippQueue = Get-CippTable -TableName 'CippQueue' - $CippQueueData = Get-CIPPAzDataTableEntity @CippQueue | Where-Object { ($_.Timestamp.DateTime) -ge (Get-Date).ToUniversalTime().AddHours(-1) } | Sort-Object -Property Timestamp -Descending - if ($request) { - Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = @($CippQueueData) - }) - } - else { - return $CippQueueData - } -} - -function Remove-CippQueue { - # Input bindings are passed in via param block. - param($Request, $TriggerMetadata) - - $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - - # Write to the Azure Functions log stream. - Write-Host 'PowerShell HTTP trigger function processed a request.' - - $CippQueue = Get-CippTable -TableName 'CippQueue' - Clear-AzDataTable @CippQueue - - Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = @{Results = @('History cleared') } - }) -} - - -Export-ModuleMember -Function @('New-CippQueueEntry', 'Get-CippQueue', 'Update-CippQueueEntry', 'Remove-CippQueue') diff --git a/Tools/Initialize-DevEnvironment.ps1 b/Tools/Initialize-DevEnvironment.ps1 index e8b67a373ae5..d712e396ad04 100644 --- a/Tools/Initialize-DevEnvironment.ps1 +++ b/Tools/Initialize-DevEnvironment.ps1 @@ -11,6 +11,5 @@ ForEach ($Key in $CIPPSettings.PSObject.Properties.Name) { Import-Module "$CippRoot\Modules\AzBobbyTables" Import-Module "$CippRoot\Modules\DNSHealth" -Import-Module "$CippRoot\Modules\CippQueue" Import-Module "$CippRoot\Modules\CippCore" Get-CIPPAuthentication \ No newline at end of file From 2f4d94d1f565013fe673d15e49b9f81cf251e19d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 1 Apr 2024 19:53:01 -0400 Subject: [PATCH 192/243] Check webhook config before starting orchestrator --- Scheduler_GetWebhooks/run.ps1 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Scheduler_GetWebhooks/run.ps1 b/Scheduler_GetWebhooks/run.ps1 index a36890b001df..b262f320738b 100644 --- a/Scheduler_GetWebhooks/run.ps1 +++ b/Scheduler_GetWebhooks/run.ps1 @@ -1,6 +1,14 @@ param($Timer) try { + + $webhookTable = Get-CIPPTable -tablename webhookTable + $Webhooks = Get-CIPPAzDataTableEntity @webhookTable + if (($Webhooks | Measure-Object).Count -eq 0) { + Write-Host 'No webhook subscriptions found. Exiting.' + return + } + $InputObject = [PSCustomObject]@{ OrchestratorName = 'WebhookOrchestrator' QueueFunction = @{ From f790029bcb2620dfad1b5d4085b493df3defb593 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 1 Apr 2024 20:16:59 -0400 Subject: [PATCH 193/243] Fix import --- Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 index 6a7eeded0bd5..170af1b6af17 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 @@ -53,7 +53,7 @@ function Get-Tenants { # Group relationships, build object for adding to tables $ActiveRelationships = $GDAPList | Where-Object { $_.customerId -notin $SkipListCache.customerId } $TenantList = $ActiveRelationships | Group-Object -Property customerId | ForEach-Object -Parallel { - Import-Module .\Modules\CIPPCore + Import-Module CIPPCore $LatestRelationship = $_.Group | Sort-Object -Property relationshipEnd | Select-Object -Last 1 $AutoExtend = ($_.Group | Where-Object { $_.autoExtend -eq $true } | Measure-Object).Count -gt 0 From 920a52cbce1d81cf4b0f370844a39243c4811d0d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 1 Apr 2024 20:19:33 -0400 Subject: [PATCH 194/243] Fix cippqueue query --- ListGenericAllTenants/run.ps1 | 6 +++--- .../Public/Entrypoints/Invoke-ListGenericAllTenants.ps1 | 6 +++--- .../CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ListGenericAllTenants/run.ps1 b/ListGenericAllTenants/run.ps1 index d51627ab7aea..afda8b0570d2 100644 --- a/ListGenericAllTenants/run.ps1 +++ b/ListGenericAllTenants/run.ps1 @@ -4,13 +4,13 @@ param([string]$QueueItem, $TriggerMetadata) # Write out the queue message and metadata to the information log. Write-Host "PowerShell queue trigger function processed work item: $QueueItem" $TableURLName = ($QueueItem.tolower().split('?').Split('/') | Select-Object -First 1).toString() -$QueueKey = (Get-CippQueue | Where-Object -Property Name -EQ $TableURLName | Select-Object -Last 1).RowKey +$QueueKey = (Invoke-ListCippQueue | Where-Object -Property Name -EQ $TableURLName | Select-Object -Last 1).RowKey Update-CippQueueEntry -RowKey $QueueKey -Status 'Started' $Table = Get-CIPPTable -TableName "cache$TableURLName" $fullUrl = "https://graph.microsoft.com/beta/$QueueItem" Get-CIPPAzDataTableEntity @Table | Remove-AzDataTableEntity @table -$RawGraphRequest = Get-Tenants | ForEach-Object -Parallel { +$RawGraphRequest = Get-Tenants | ForEach-Object -Parallel { $domainName = $_.defaultDomainName Import-Module CippCore try { @@ -22,7 +22,7 @@ $RawGraphRequest = Get-Tenants | ForEach-Object -Parallel { Tenant = $domainName CippStatus = "Could not connect to tenant. $($_.Exception.message)" } - } + } } Update-CippQueueEntry -RowKey $QueueKey -Status 'Processing' diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGenericAllTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGenericAllTenants.ps1 index 00ddc0156cbb..ddb0c55b1444 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGenericAllTenants.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGenericAllTenants.ps1 @@ -9,13 +9,13 @@ Function Invoke-ListGenericAllTenants { param($Request, $TriggerMetadata) $TableURLName = ($QueueItem.tolower().split('?').Split('/') | Select-Object -First 1).toString() - $QueueKey = (Get-CippQueue | Where-Object -Property Name -EQ $TableURLName | Select-Object -Last 1).RowKey + $QueueKey = (Invoke-ListCippQueue | Where-Object -Property Name -EQ $TableURLName | Select-Object -Last 1).RowKey Update-CippQueueEntry -RowKey $QueueKey -Status 'Started' $Table = Get-CIPPTable -TableName "cache$TableURLName" $fullUrl = "https://graph.microsoft.com/beta/$QueueItem" Get-CIPPAzDataTableEntity @Table | Remove-AzDataTableEntity @table - $RawGraphRequest = Get-Tenants | ForEach-Object -Parallel { + $RawGraphRequest = Get-Tenants | ForEach-Object -Parallel { $domainName = $_.defaultDomainName Import-Module '.\Modules\AzBobbyTables' Import-Module '.\Modules\CIPPCore' @@ -27,7 +27,7 @@ Function Invoke-ListGenericAllTenants { Tenant = $domainName CippStatus = "Could not connect to tenant. $($_.Exception.message)" } - } + } } Update-CippQueueEntry -RowKey $QueueKey -Status 'Processing' diff --git a/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 b/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 index 1117f95d196d..fa9490364e83 100644 --- a/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 +++ b/Modules/CIPPCore/Public/GraphRequests/Get-GraphRequestList.ps1 @@ -111,7 +111,7 @@ function Get-GraphRequestList { Write-Host "Cached: $(($Rows | Measure-Object).Count) rows (Type: $($Type))" $QueueReference = '{0}-{1}' -f $TenantFilter, $PartitionKey - $RunningQueue = Get-CippQueue | Where-Object { $_.Reference -eq $QueueReference -and $_.Status -ne 'Completed' -and $_.Status -ne 'Failed' } + $RunningQueue = Invoke-ListCippQueue | Where-Object { $_.Reference -eq $QueueReference -and $_.Status -ne 'Completed' -and $_.Status -ne 'Failed' } if ($TenantFilter -ne 'AllTenants' -and $Endpoint -match '%tenantid%') { $TenantId = (Get-Tenants -IncludeErrors | Where-Object { $_.defaultDomainName -eq $TenantFilter -or $_.customerId -eq $TenantFilter }).customerId From 30c78c1a31bb6603665802101dadae5a67e18769 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 1 Apr 2024 20:22:45 -0400 Subject: [PATCH 195/243] Fix cpv --- UpdatePermissions/run.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UpdatePermissions/run.ps1 b/UpdatePermissions/run.ps1 index 03d3c0e1cc41..9993ce590f1f 100644 --- a/UpdatePermissions/run.ps1 +++ b/UpdatePermissions/run.ps1 @@ -2,7 +2,7 @@ param($Timer) try { - $Tenants = Get-Tenants -IncludeErrors | Where-Object { $_.customerId -ne $env:TenantId } | ForEach-Object { $_ | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'UpdatePermissionsQueue'; $_ } + $Tenants = Get-Tenants -IncludeAll | Where-Object { $_.customerId -ne $env:TenantId -and $_.Excluded -eq $false } | ForEach-Object { $_ | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'UpdatePermissionsQueue'; $_ } if (($Tenants | Measure-Object).Count -gt 0) { $InputObject = [PSCustomObject]@{ From 3559fe4370f769bf746102a637de1cf3775f1acb Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 1 Apr 2024 22:05:41 -0400 Subject: [PATCH 196/243] Add skip domains option --- .../Public/GraphHelper/Get-Tenants.ps1 | 24 ++++++++++++------- UpdatePermissions/run.ps1 | 2 +- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 index 170af1b6af17..e8fcef51f21d 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 @@ -8,7 +8,8 @@ function Get-Tenants { [switch]$SkipList, [Parameter( ParameterSetName = 'Standard')] [switch]$IncludeAll, - [switch]$IncludeErrors + [switch]$IncludeErrors, + [switch]$SkipDomains ) $TenantsTable = Get-CippTable -tablename 'Tenants' @@ -57,14 +58,19 @@ function Get-Tenants { $LatestRelationship = $_.Group | Sort-Object -Property relationshipEnd | Select-Object -Last 1 $AutoExtend = ($_.Group | Where-Object { $_.autoExtend -eq $true } | Measure-Object).Count -gt 0 - # Query domains to get default/initial - try { - $Domains = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $LatestRelationship.customerId -NoAuthCheck:$true -ErrorAction Stop - $defaultDomainName = ($Domains | Where-Object { $_.isDefault -eq $true }).id - $initialDomainName = ($Domains | Where-Object { $_.isInitial -eq $true }).id - } catch { - $defaultDomainName = 'Domain Error, check permissions' - $initialDomainName = 'Domain Error, check permissions' + if (-not $SkipDomains.IsPresent) { + # Query domains to get default/initial + try { + $Domains = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $LatestRelationship.customerId -NoAuthCheck:$true -ErrorAction Stop + $defaultDomainName = ($Domains | Where-Object { $_.isDefault -eq $true }).id + $initialDomainName = ($Domains | Where-Object { $_.isInitial -eq $true }).id + } catch { + $defaultDomainName = 'Domain Error, check permissions' + $initialDomainName = 'Domain Error, check permissions' + } + } else { + $defaultDomainName = 'Domain Error, skipped' + $initialDomainName = 'Domain Error, skipped' } [PSCustomObject]@{ PartitionKey = 'Tenants' diff --git a/UpdatePermissions/run.ps1 b/UpdatePermissions/run.ps1 index 9993ce590f1f..1c6b98f6ee92 100644 --- a/UpdatePermissions/run.ps1 +++ b/UpdatePermissions/run.ps1 @@ -2,7 +2,7 @@ param($Timer) try { - $Tenants = Get-Tenants -IncludeAll | Where-Object { $_.customerId -ne $env:TenantId -and $_.Excluded -eq $false } | ForEach-Object { $_ | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'UpdatePermissionsQueue'; $_ } + $Tenants = Get-Tenants -IncludeAll -SkipDomains | Where-Object { $_.customerId -ne $env:TenantId -and $_.Excluded -eq $false } | ForEach-Object { $_ | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'UpdatePermissionsQueue'; $_ } if (($Tenants | Measure-Object).Count -gt 0) { $InputObject = [PSCustomObject]@{ From a7296ba427e405e0caf0c0e70771c14eea817ad2 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 2 Apr 2024 15:32:23 +0200 Subject: [PATCH 197/243] tempfix until functionized. --- .../Invoke-CIPPStandardIntuneTemplate.ps1 | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 index 8ab1793fec2f..9b17f9dd3b6b 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardIntuneTemplate.ps1 @@ -20,6 +20,31 @@ function Invoke-CIPPStandardIntuneTemplate { $RawJSON = $Request.body.RawJSON switch ($Request.body.Type) { + 'AppProtection' { + $TemplateType = ($RawJSON | ConvertFrom-Json).'@odata.type' -replace '#microsoft.graph.', '' + $TemplateTypeURL = "$($TemplateType)s" + $CheckExististing = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$TemplateTypeURL" -tenantid $tenant + if ($displayname -in $CheckExististing.displayName) { + $ExistingID = $CheckExististing | Where-Object -Property displayName -EQ $PolicyName + $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$TemplateTypeURL/$($ExistingID.Id)" -tenantid $tenant -type PATCH -body $RawJSON + } else { + $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$TemplateTypeURL" -tenantid $tenant -type POST -body $RawJSON + } + } + 'deviceCompliancePolicies' { + $TemplateTypeURL = 'deviceCompliancePolicies' + $CheckExististing = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenant + + $JSON = $RawJSON | ConvertFrom-Json | Select-Object * -ExcludeProperty id, createdDateTime, lastModifiedDateTime, version, 'scheduledActionsForRule@odata.context', '@odata.context' + $JSON.scheduledActionsForRule = @($JSON.scheduledActionsForRule | Select-Object * -ExcludeProperty 'scheduledActionConfigurations@odata.context') + $RawJSON = ConvertTo-Json -InputObject $JSON -Depth 20 -Compress + Write-Host $RawJSON + if ($displayname -in $CheckExististing.displayName) { + $ExistingID = $CheckExististing | Where-Object -Property displayName -EQ $PolicyName + $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL/$($ExistingID.Id)" -tenantid $tenant -type PATCH -body $RawJSON + } + $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenant -type POST -body $RawJson + } 'Admin' { $TemplateTypeURL = 'groupPolicyConfigurations' $CreateBody = '{"description":"' + $description + '","displayName":"' + $displayname + '","roleScopeTagIds":["0"]}' From 520b0dbf5ad9d0885e7eba7bc500a8ab501b98df Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 2 Apr 2024 09:33:55 -0400 Subject: [PATCH 198/243] Tenant refresh durable --- .../Public/Entrypoints/Invoke-ListTenants.ps1 | 14 ++++++++++---- .../Public/Entrypoints/Push-UpdateTenants.ps1 | 18 ++++++++++++++++++ .../Public/GraphHelper/Get-Tenants.ps1 | 16 +++++++++++++++- 3 files changed, 43 insertions(+), 5 deletions(-) create mode 100644 Modules/CIPPCore/Public/Entrypoints/Push-UpdateTenants.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenants.ps1 index 93425c195e45..0da865b0df42 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenants.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenants.ps1 @@ -21,16 +21,22 @@ Function Invoke-ListTenants { StatusCode = [HttpStatusCode]::OK Body = $GraphRequest }) + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'UpdateTenantsOrchestrator' + Batch = @(@{'FunctionName' = 'UpdateTenants' }) + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) exit } try { $tenantfilter = $Request.Query.TenantFilter - $Tenants = Get-Tenants -IncludeErrors + $Tenants = Get-Tenants -IncludeErrors -SkipDomains -TriggerRefreshIfNeeded if ($null -eq $TenantFilter -or $TenantFilter -eq 'null') { $TenantList = [system.collections.generic.list[object]]::new() - if ($Request.Query.AllTenantSelector -eq $true) { + if ($Request.Query.AllTenantSelector -eq $true) { $TenantList.Add(@{ customerId = 'AllTenants' defaultDomainName = 'AllTenants' @@ -55,7 +61,7 @@ Function Invoke-ListTenants { Write-LogMessage -user $request.headers.'x-ms-client-principal' -tenant $Tenantfilter -API $APINAME -message 'Listed Tenant Details' -Sev 'Debug' } catch { Write-LogMessage -user $request.headers.'x-ms-client-principal' -tenant $Tenantfilter -API $APINAME -message "List Tenant failed. The error is: $($_.Exception.Message)" -Sev 'Error' - $body = [pscustomobject]@{ + $body = [pscustomobject]@{ 'Results' = "Failed to retrieve tenants: $($_.Exception.Message)" defaultDomainName = '' displayName = 'Failed to retrieve tenants. Perform a permission check.' @@ -68,6 +74,6 @@ Function Invoke-ListTenants { StatusCode = [HttpStatusCode]::OK Body = @($Body) }) - + } diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-UpdateTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/Push-UpdateTenants.ps1 new file mode 100644 index 000000000000..259dc3e326d7 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/Push-UpdateTenants.ps1 @@ -0,0 +1,18 @@ +function Push-UpdateTenants { + Param($Item) + $QueueReference = 'UpdateTenants' + $RunningQueue = Invoke-ListCippQueue | Where-Object { $_.Reference -eq $QueueReference -and $_.Status -ne 'Completed' -and $_.Status -ne 'Failed' } + if ($RunningQueue) { + Write-Host 'Update Tenants already running' + return + } + $Queue = New-CippQueueEntry -Name 'Update Tenants' -Reference $QueueReference + try { + Update-CippQueueEntry -RowKey $Queue.RowKey -Status 'Running' + Get-Tenants | Out-Null + Update-CippQueueEntry -RowKey $Queue.RowKey -Status 'Completed' + } catch { + Write-Host "Queue Error: $($_.Exception.Message)" + Update-CippQueueEntry -RowKey $Queue.RowKey -Status 'Failed' + } +} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 index e8fcef51f21d..64395f3c3260 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 @@ -9,7 +9,8 @@ function Get-Tenants { [Parameter( ParameterSetName = 'Standard')] [switch]$IncludeAll, [switch]$IncludeErrors, - [switch]$SkipDomains + [switch]$SkipDomains, + [switch]$TriggerRefreshIfNeeded ) $TenantsTable = Get-CippTable -tablename 'Tenants' @@ -120,6 +121,19 @@ function Get-Tenants { $TenantsTable.Force = $true Add-CIPPAzDataTableEntity @TenantsTable -Entity $IncludedTenantsCache } + + if ($TriggerRefreshIfNeeded.IsPresent -and -not $SkipDomains.IsPresent) { + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $GraphRequest + }) + $InputObject = [PSCustomObject]@{ + OrchestratorName = 'UpdateTenantsOrchestrator' + Batch = @(@{'FunctionName' = 'UpdateTenants' }) + } + #Write-Host ($InputObject | ConvertTo-Json) + $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + } } return ($IncludedTenantsCache | Where-Object { $null -ne $_.defaultDomainName -and ($_.defaultDomainName -notmatch 'Domain Error' -or $IncludeAll.IsPresent) } | Sort-Object -Property displayName) } From 262d474b2f5b9eef612ef9b832322b710db38537 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 2 Apr 2024 11:55:59 -0400 Subject: [PATCH 199/243] Move removecippqueue function --- .../{Remove-CippQueue.ps1 => Invoke-RemoveCippQueue.ps1} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename Modules/CIPPCore/Public/CippQueue/{Remove-CippQueue.ps1 => Invoke-RemoveCippQueue.ps1} (95%) diff --git a/Modules/CIPPCore/Public/CippQueue/Remove-CippQueue.ps1 b/Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1 similarity index 95% rename from Modules/CIPPCore/Public/CippQueue/Remove-CippQueue.ps1 rename to Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1 index cce34ebaa82f..92212db7f6f8 100644 --- a/Modules/CIPPCore/Public/CippQueue/Remove-CippQueue.ps1 +++ b/Modules/CIPPCore/Public/CippQueue/Invoke-RemoveCippQueue.ps1 @@ -1,4 +1,4 @@ -function Remove-CippQueue { +function Invoke-RemoveCippQueue { # Input bindings are passed in via param block. param($Request, $TriggerMetadata) From 46e41ac1db804d7e240d8d1e599882cf8edd3996 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 2 Apr 2024 14:58:44 -0400 Subject: [PATCH 200/243] CPV logging --- Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1 | 2 +- Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1 b/Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1 index 52e790757b9b..f0f4c6badf6d 100644 --- a/Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPApplicationPermission.ps1 @@ -41,7 +41,7 @@ function Add-CIPPApplicationPermission { foreach ($Grant in $Grants) { try { $SettingsRequest = New-GraphPOSTRequest -body ($Grant | ConvertTo-Json) -uri "https://graph.microsoft.com/beta/servicePrincipals/$($ourSVCPrincipal.id)/appRoleAssignedTo" -tenantid $Tenantfilter -type POST - $counter ++ + $counter++ } catch { $Results.add("Failed to grant $($Grant.appRoleId) to $($Grant.resourceId): $($_.Exception.Message)") | Out-Null } diff --git a/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 b/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 index d508471a08a4..fafaf83a482a 100644 --- a/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPCPVConsent.ps1 @@ -53,7 +53,7 @@ function Set-CIPPCPVConsent { } Add-CIPPAzDataTableEntity @Table -Entity $GraphRequest -Force $Results.add("Successfully added CPV Application to tenant $($TenantName)") | Out-Null - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Added our Service Principal to $($TenantName): $($_.Exception.message)" -Sev 'Info' -tenant $Tenant.defaultDomainName -tenantId $TenantFilter + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Added our Service Principal to $($TenantName)" -Sev 'Info' -tenant $Tenant.defaultDomainName -tenantId $TenantFilter } catch { $ErrorMessage = Get-NormalizedError -message $_.Exception.Message From 693eb03c5793eaa514908d7b77cbb01efae39e41 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 2 Apr 2024 15:50:07 -0400 Subject: [PATCH 201/243] fix terminate relationship endpoint --- .../Invoke-ExecDeleteGDAPRelationship.ps1 | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeleteGDAPRelationship.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeleteGDAPRelationship.ps1 index b51a86b0098d..bdfe01455cd4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeleteGDAPRelationship.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeleteGDAPRelationship.ps1 @@ -1,31 +1,31 @@ using namespace System.Net Function Invoke-ExecDeleteGDAPRelationship { - <# + <# .FUNCTIONALITY Entrypoint #> - [CmdletBinding()] - param($Request, $TriggerMetadata) + [CmdletBinding()] + param($Request, $TriggerMetadata) - $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - # Interact with query parameters or the body of the request. - $GDAPID = $request.query.GDAPId - try { - $DELETE = New-GraphPostRequest -NoAuthCheck $True -uri "https://traf-pcsvcadmin-prod.trafficmanager.net/CustomerServiceAdminApi/Web/v1/delegatedAdminRelationships/$($GDAPID)/requests" -type POST -body '{"action":"terminate"}' -tenantid $env:TenantID -scope 'https://api.partnercustomeradministration.microsoft.com/.default' - $Results = [pscustomobject]@{'Results' = "Success. GDAP relationship for $($GDAPID) been revoked" } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Success. GDAP relationship for $($GDAPID) been revoked" -Sev 'Info' + # Interact with query parameters or the body of the request. + $GDAPID = $request.query.GDAPId + try { + $DELETE = New-GraphPostRequest -NoAuthCheck $True -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$($GDAPID)/requests" -type POST -body '{"action":"terminate"}' -tenantid $env:TenantID + $Results = [pscustomobject]@{'Results' = "Success. GDAP relationship for $($GDAPID) been revoked" } + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Success. GDAP relationship for $($GDAPID) been revoked" -Sev 'Info' - } catch { - $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } - } + } catch { + $Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" } + } - # Associate values to output bindings by calling 'Push-OutputBinding'. - Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = $Results - }) + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $Results + }) } From f5aa7433c8139aff8518f24a507c52ead34266a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Tue, 2 Apr 2024 21:51:58 +0200 Subject: [PATCH 202/243] Formatting and move variable up --- .../Invoke-CIPPStandardAntiPhishPolicy.ps1 | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 index 1bd6e70bebf0..0373f47819d3 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAntiPhishPolicy.ps1 @@ -5,11 +5,11 @@ function Invoke-CIPPStandardAntiPhishPolicy { #> param($Tenant, $Settings) + $PolicyName = 'Default Anti-Phishing Policy' $AntiPhishPolicyState = New-ExoRequest -tenantid $Tenant -cmdlet 'Get-AntiPhishPolicy' | - Where-Object -Property Name -eq $PolicyName | - Select-Object Name, Enabled, PhishThresholdLevel, EnableMailboxIntelligence, EnableMailboxIntelligenceProtection, EnableSpoofIntelligence, EnableFirstContactSafetyTips, EnableSimilarUsersSafetyTips, EnableSimilarDomainsSafetyTips, EnableUnusualCharactersSafetyTips, EnableUnauthenticatedSender, EnableViaTag, MailboxIntelligenceProtectionAction, MailboxIntelligenceQuarantineTag + Where-Object -Property Name -EQ $PolicyName | + Select-Object Name, Enabled, PhishThresholdLevel, EnableMailboxIntelligence, EnableMailboxIntelligenceProtection, EnableSpoofIntelligence, EnableFirstContactSafetyTips, EnableSimilarUsersSafetyTips, EnableSimilarDomainsSafetyTips, EnableUnusualCharactersSafetyTips, EnableUnauthenticatedSender, EnableViaTag, MailboxIntelligenceProtectionAction, MailboxIntelligenceQuarantineTag - $PolicyName = "Default Anti-Phishing Policy" $StateIsCorrect = if ( ($AntiPhishPolicyState.Name -eq $PolicyName) -and ($AntiPhishPolicyState.Enabled -eq $true) -and @@ -32,28 +32,28 @@ function Invoke-CIPPStandardAntiPhishPolicy { Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Anti-phishing Policy already exists.' -sev Info } else { $cmdparams = @{ - Enabled = $true - PhishThresholdLevel = $Settings.PhishThresholdLevel - EnableMailboxIntelligence = $true + Enabled = $true + PhishThresholdLevel = $Settings.PhishThresholdLevel + EnableMailboxIntelligence = $true EnableMailboxIntelligenceProtection = $true - EnableSpoofIntelligence = $true - EnableFirstContactSafetyTips = $Settings.EnableFirstContactSafetyTips - EnableSimilarUsersSafetyTips = $Settings.EnableSimilarUsersSafetyTips - EnableSimilarDomainsSafetyTips = $Settings.EnableSimilarDomainsSafetyTips - EnableUnusualCharactersSafetyTips = $Settings.EnableUnusualCharactersSafetyTips - EnableUnauthenticatedSender = $true - EnableViaTag = $true + EnableSpoofIntelligence = $true + EnableFirstContactSafetyTips = $Settings.EnableFirstContactSafetyTips + EnableSimilarUsersSafetyTips = $Settings.EnableSimilarUsersSafetyTips + EnableSimilarDomainsSafetyTips = $Settings.EnableSimilarDomainsSafetyTips + EnableUnusualCharactersSafetyTips = $Settings.EnableUnusualCharactersSafetyTips + EnableUnauthenticatedSender = $true + EnableViaTag = $true MailboxIntelligenceProtectionAction = $Settings.MailboxIntelligenceProtectionAction - MailboxIntelligenceQuarantineTag = $Settings.MailboxIntelligenceQuarantineTag + MailboxIntelligenceQuarantineTag = $Settings.MailboxIntelligenceQuarantineTag } try { if ($AntiPhishPolicyState.Name -eq $PolicyName) { - $cmdparams.Add("Identity", $PolicyName) + $cmdparams.Add('Identity', $PolicyName) New-ExoRequest -tenantid $Tenant -cmdlet 'Set-AntiPhishPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Updated Anti-phishing Policy' -sev Info } else { - $cmdparams.Add("Name", $PolicyName) + $cmdparams.Add('Name', $PolicyName) New-ExoRequest -tenantid $Tenant -cmdlet 'New-AntiPhishPolicy' -cmdparams $cmdparams Write-LogMessage -API 'Standards' -tenant $Tenant -message 'Created Anti-phishing Policy' -sev Info } From c85c6c1185244c242cbb82bd04a51fb0253a88e8 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Tue, 2 Apr 2024 19:22:41 -0400 Subject: [PATCH 203/243] Organize module files --- .../Push-AddAlertSubscription_Queue.ps1 | 0 .../Push-CIPPAlertAdminPassword.ps1 | 0 .../Push-CIPPAlertApnCertExpiry.ps1 | 0 .../Push-CIPPAlertAppSecretExpiry.ps1 | 0 .../Push-CIPPAlertDefenderMalware.ps1 | 0 .../Push-CIPPAlertDefenderStatus.ps1 | 0 .../Push-CIPPAlertDepTokenExpiry.ps1 | 0 .../Push-CIPPAlertExpiringLicenses.ps1 | 0 .../Push-CIPPAlertMFAAdmins.ps1 | 0 .../Push-CIPPAlertMFAAlertUsers.ps1 | 0 .../Push-CIPPAlertNewAppApproval.ps1 | 0 .../Push-CIPPAlertNewRole.ps1 | 0 .../Push-CIPPAlertNoCAConfig.ps1 | 0 .../Push-CIPPAlertOverusedLicenses.ps1 | 0 .../Push-CIPPAlertQuotaUsed.ps1 | 0 .../Push-CIPPAlertSecDefaultsUpsell.ps1 | 0 .../Push-CIPPAlertSharepointQuota.ps1 | 0 .../Push-CIPPAlertUnusedLicenses.ps1 | 0 .../Push-CIPPAlertVppTokenExpiry.ps1 | 0 .../Push-CIPPStandard.ps1 | 0 .../Push-ExecAddMultiTenantApp.ps1 | 0 .../Push-ExecGDAPInviteQueue.ps1 | 0 .../Push-ExecOnboardTenantQueue.ps1 | 0 .../Push-ExecScheduledCommand.ps1 | 0 .../Push-GetPendingWebhooks.ps1 | 0 .../Push-ListGraphRequestQueue.ps1 | 0 .../Push-ListLicensesQueue.ps1 | 0 .../Push-ListMFAUsersQueue.ps1 | 0 .../Push-ListMailboxRulesQueue.ps1 | 0 .../Push-PublicWebhookProcess.ps1 | 0 .../Push-SchedulerAlert.ps1 | 0 .../Push-SchedulerCIPPNotifications.ps1 | 0 .../Push-Schedulerwebhookcreation.ps1 | 0 .../Push-UpdatePermissionsQueue.ps1 | 0 .../Push-UpdateTenants.ps1 | 0 .../Push-Z_CIPPQueueTrigger.ps1 | 0 .../CIPP/Core}/Invoke-ExecEditTemplate.ps1 | 0 .../CIPP/Core}/Invoke-ExecGeoIPLookup.ps1 | 0 .../CIPP/Core}/Invoke-ExecGraphRequest.ps1 | 0 .../CIPP/Core}/Invoke-GetCippAlerts.ps1 | 0 .../CIPP/Core}/Invoke-GetVersion.ps1 | 0 .../Scheduler}/Invoke-AddScheduledItem.ps1 | 0 .../Invoke-ExecScheduledCommand.ps1 | 0 .../Settings}/Invoke-ExecAccessChecks.ps1 | 0 .../Settings}/Invoke-ExecAddTrustedIP.ps1 | 0 .../CIPP/Settings}/Invoke-ExecBackendURLs.ps1 | 0 .../Settings}/Invoke-ExecCPVPermissions.ps1 | 0 .../CIPP/Settings}/Invoke-ExecDnsConfig.ps1 | 0 .../Settings}/Invoke-ExecExcludeLicenses.ps1 | 0 .../Settings}/Invoke-ExecExcludeTenant.ps1 | 0 .../Settings}/Invoke-ExecExtensionMapping.ps1 | 0 .../Settings}/Invoke-ExecExtensionSync.ps1 | 0 .../Settings}/Invoke-ExecExtensionTest.ps1 | 0 .../Settings}/Invoke-ExecExtensionsConfig.ps1 | 0 .../Invoke-ExecMaintenanceScripts.ps1 | 0 .../Invoke-ExecNotificationConfig.ps1 | 0 .../Settings}/Invoke-ExecPasswordConfig.ps1 | 0 .../Settings}/Invoke-ExecRestoreBackup.ps1 | 0 .../CIPP/Settings}/Invoke-ExecRunBackup.ps1 | 0 .../CIPP/Setup}/Invoke-ExecSAMSetup.ps1 | 0 .../Email-Exchange}/Invoke-AddContact.ps1 | 0 .../Email-Exchange}/Invoke-AddExConnector.ps1 | 0 .../Invoke-AddExConnectorTemplate.ps1 | 0 .../Invoke-AddSharedMailbox.ps1 | 0 .../Email-Exchange}/Invoke-AddSpamFilter.ps1 | 0 .../Invoke-AddSpamFilterTemplate.ps1 | 0 .../Invoke-AddTransportRule.ps1 | 0 .../Invoke-AddTransportTemplate.ps1 | 0 .../Invoke-EditExConnector.ps1 | 0 .../Email-Exchange}/Invoke-EditSpamFilter.ps1 | 0 .../Invoke-EditTransportRule.ps1 | 0 .../Invoke-ExecConverttoSharedMailbox.ps1 | 0 .../Invoke-ExecCopyForSent.ps1 | 0 .../Invoke-ExecDisableEmailForward.ps1 | 0 .../Invoke-ExecEditCalendarPermissions.ps1 | 0 .../Invoke-ExecEditMailboxPermissions.ps1 | 0 .../Invoke-ExecEmailForward.ps1 | 0 .../Invoke-ExecEnableArchive.ps1 | 0 .../Invoke-ExecGroupsDelete.ps1 | 0 .../Invoke-ExecGroupsDeliveryManagement.ps1 | 0 .../Invoke-ExecGroupsHideFromGAL.ps1 | 0 .../Invoke-ExecHideFromGAL.ps1 | 0 .../Email-Exchange}/Invoke-ExecMailTest.ps1 | 0 .../Invoke-ExecMailboxMobileDevices.ps1 | 0 .../Invoke-ExecMailboxRestore.ps1 | 0 .../Invoke-ExecQuarantineManagement.ps1 | 0 .../Invoke-ExecSetMailboxQuota.ps1 | 0 .../Email-Exchange}/Invoke-ExecSetOoO.ps1 | 0 .../Invoke-ListMailQuarantine.ps1 | 0 .../Invoke-ListMessageTrace.ps1 | 0 .../Email-Exchange}/Invoke-ListOoO.ps1 | 0 .../Invoke-ListPhishPolicies.ps1 | 0 .../Email-Exchange}/Invoke-ListRecipients.ps1 | 0 .../Invoke-ListSpamFilterTemplates.ps1 | 0 .../Email-Exchange}/Invoke-ListSpamfilter.ps1 | 0 .../Invoke-ListTransportRules.ps1 | 0 .../Invoke-ListTransportRulesTemplates.ps1 | 0 .../Applications}/Invoke-AddChocoApp.ps1 | 0 .../Applications}/Invoke-AddMSPApp.ps1 | 0 .../Applications}/Invoke-AddOfficeApp.ps1 | 0 .../Applications}/Invoke-AddWinGetApp.ps1 | 0 .../Applications}/Invoke-ExecAssignApp.ps1 | 0 .../Invoke-ListApplicationQueue.ps1 | 0 .../Applications}/Invoke-ListApps.ps1 | 0 .../Invoke-ListAppsRepository.ps1 | 0 .../Autopilot}/Invoke-AddAPDevice.ps1 | 0 .../Autopilot}/Invoke-AddAutopilotConfig.ps1 | 0 .../Autopilot}/Invoke-AddEnrollment.ps1 | 0 .../Autopilot}/Invoke-ExecAssignAPDevice.ps1 | 0 .../Autopilot}/Invoke-ListAPDevices.ps1 | 0 .../MEM}/Invoke-AddDefenderDeployment.ps1 | 0 .../MEM}/Invoke-AddIntuneTemplate.ps1 | 0 .../Endpoint/MEM}/Invoke-AddPolicy.ps1 | 0 .../Endpoint/MEM}/Invoke-EditPolicy.ps1 | 0 .../Endpoint/MEM}/Invoke-ExecAssignPolicy.ps1 | 0 .../Endpoint/MEM}/Invoke-ExecDeviceAction.ps1 | 0 .../MEM}/Invoke-ExecGetLocalAdminPassword.ps1 | 0 .../MEM}/Invoke-ExecGetRecoveryKey.ps1 | 0 .../Endpoint/Reports}/Invoke-ListDevices.ps1 | 0 .../Devices}/Invoke-ExecDeviceDelete.ps1 | 0 .../Groups}/Invoke-AddGroup.ps1 | 0 .../Groups}/Invoke-AddGroupTemplate.ps1 | 0 .../Groups}/Invoke-EditGroup.ps1 | 0 .../Administration/Users}/Invoke-AddGuest.ps1 | 0 .../Administration/Users}/Invoke-AddUser.ps1 | 0 .../Users}/Invoke-AddUserBulk.ps1 | 0 .../Administration/Users}/Invoke-EditUser.ps1 | 0 .../Users}/Invoke-ExecBECCheck.ps1 | 0 .../Users}/Invoke-ExecBECRemediate.ps1 | 0 .../Users}/Invoke-ExecClrImmId.ps1 | 0 .../Users}/Invoke-ExecCreateTAP.ps1 | 0 .../Users}/Invoke-ExecDisableUser.ps1 | 0 .../Users}/Invoke-ExecOffboardUser.ps1 | 0 ...Invoke-ExecOffboard_Mailboxpermissions.ps1 | 0 .../Users}/Invoke-ExecOneDriveShortCut.ps1 | 0 .../Users}/Invoke-ExecResetMFA.ps1 | 0 .../Users}/Invoke-ExecResetPass.ps1 | 0 .../Users}/Invoke-ExecRevokeSessions.ps1 | 0 .../Users}/Invoke-ExecSendPush.ps1 | 0 ...voke-ListUserConditionalAccessPolicies.ps1 | 0 .../Users}/Invoke-ListUserCounts.ps1 | 0 .../Users}/Invoke-ListUserDevices.ps1 | 0 .../Users}/Invoke-ListUserGroups.ps1 | 0 .../Users}/Invoke-ListUserMailboxDetails.ps1 | 0 .../Users}/Invoke-ListUserMailboxRules.ps1 | 0 .../Users}/Invoke-ListUserPhoto.ps1 | 0 .../Users}/Invoke-ListUserSettings.ps1 | 0 .../Users}/Invoke-ListUserSigninLogs.ps1 | 0 .../Users}/Invoke-ListUsers.ps1 | 0 .../Reports}/Invoke-ListBasicAuth.ps1 | 0 .../Invoke-ListBasicAuthAllTenants.ps1 | 0 .../Invoke-Z_CIPPHttpTrigger.ps1 | 0 .../Invoke-ExecAlertsListAllTenants.ps1 | 0 .../Security}/Invoke-ExecIncidentsList.ps1 | 0 .../Invoke-ExecIncidentsListAllTenants.ps1 | 0 .../Security}/Invoke-ExecSetSecurityAlert.ps1 | 0 .../Invoke-ExecSetSecurityIncident.ps1 | 0 .../Teams-Sharepoint}/Invoke-AddTeam.ps1 | 0 .../Invoke-ExecSetSharePointMember.ps1 | 0 .../Invoke-ExecSharePointOwner.ps1 | 0 .../Invoke-ListSharepointSettings.ps1 | 0 .../Teams-Sharepoint}/Invoke-ListSites.ps1 | 0 .../Teams-Sharepoint}/Invoke-ListTeams.ps1 | 0 .../Invoke-ListTeamsActivity.ps1 | 0 .../Invoke-ListTeamsVoice.ps1 | 0 .../Alerts}/Invoke-AddAlert.ps1 | 0 .../Alerts}/Invoke-ExecAlertsList.ps1 | 0 .../Alerts}/Invoke-ListWebhookAlert.ps1 | 0 .../Alerts}/Invoke-PublicWebhooks.ps1 | 0 .../Invoke-ExecAddMultiTenantApp.ps1 | 0 .../Invoke-ExecAppApproval.ps1 | 0 .../Administration}/Invoke-ExecAddSPN.ps1 | 0 .../Invoke-ExecOffboardTenant.ps1 | 0 .../Invoke-ExecOnboardTenant.ps1 | 0 .../Invoke-ListAppConsentRequests.ps1 | 0 .../Tenant}/Invoke-EditTenant.ps1 | 0 .../Tenant}/Invoke-ListTenantDetails.ps1 | 0 .../Tenant}/Invoke-ListTenants.ps1 | 0 .../Conditional}/Invoke-AddCAPolicy.ps1 | 0 .../Conditional}/Invoke-AddCATemplate.ps1 | 0 .../Conditional}/Invoke-AddNamedLocation.ps1 | 0 .../Conditional}/Invoke-EditCAPolicy.ps1 | 0 .../Conditional}/Invoke-ExecCAExclusion.ps1 | 0 .../Conditional}/Invoke-ListCAtemplates.ps1 | 0 .../Invoke-ListConditionalAccessPolicies.ps1 | 0 ...oke-ListConditionalAccessPolicyChanges.ps1 | 0 .../Tenant/GDAP}/Invoke-ExecAddGDAPRole.ps1 | 0 .../GDAP}/Invoke-ExecAutoExtendGDAP.ps1 | 0 .../Invoke-ExecDeleteGDAPRelationship.ps1 | 0 .../Invoke-ExecDeleteGDAPRoleMapping.ps1 | 0 .../Tenant/GDAP}/Invoke-ExecGDAPInvite.ps1 | 0 .../GDAP}/Invoke-ExecGDAPInviteApproved.ps1 | 0 .../Tenant/GDAP}/Invoke-ListGDAPInvite.ps1 | 0 .../Tenant/GDAP}/Invoke-ListGDAPQueue.ps1 | 0 .../Tenant/GDAP}/Invoke-ListGDAPRoles.ps1 | 0 .../Standards}/Invoke-AddStandardsDeploy.ps1 | 0 .../Invoke-BestPracticeAnalyser_List.ps1 | 0 .../Standards}/Invoke-ExecStandardsRun.ps1 | 0 .../Tenant/Standards}/Invoke-ListBPA.ps1 | 0 .../Standards}/Invoke-ListBPATemplates.ps1 | 0 .../Standards}/Invoke-ListDomainAnalyser.ps1 | 0 .../Standards}/Invoke-ListDomainHealth.ps1 | 0 .../Standards}/invoke-DomainAnalyser_List.ps1 | 0 .../Tools}/Invoke-ExecGraphExplorerPreset.ps1 | 0 ...nvoke-AddChocoApp_OrchestrationStarter.ps1 | 26 ----- .../Invoke-ExecGDAPInviteQueue.ps1 | 42 -------- .../Entrypoints/Invoke-ExecGDAPMigration.ps1 | 33 ------- .../Invoke-ExecGDAPMigrationQueue.ps1 | 99 ------------------- Modules/CippEntrypoints/CippEntrypoints.psm1 | 2 +- 209 files changed, 1 insertion(+), 201 deletions(-) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-AddAlertSubscription_Queue.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertAdminPassword.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertApnCertExpiry.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertAppSecretExpiry.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertDefenderMalware.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertDefenderStatus.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertDepTokenExpiry.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertExpiringLicenses.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertMFAAdmins.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertMFAAlertUsers.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertNewAppApproval.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertNewRole.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertNoCAConfig.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertOverusedLicenses.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertQuotaUsed.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertSecDefaultsUpsell.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertSharepointQuota.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertUnusedLicenses.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPAlertVppTokenExpiry.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-CIPPStandard.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-ExecAddMultiTenantApp.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-ExecGDAPInviteQueue.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-ExecOnboardTenantQueue.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-ExecScheduledCommand.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-GetPendingWebhooks.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-ListGraphRequestQueue.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-ListLicensesQueue.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-ListMFAUsersQueue.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-ListMailboxRulesQueue.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-PublicWebhookProcess.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-SchedulerAlert.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-SchedulerCIPPNotifications.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-Schedulerwebhookcreation.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-UpdatePermissionsQueue.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-UpdateTenants.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => Activity Triggers}/Push-Z_CIPPQueueTrigger.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Core}/Invoke-ExecEditTemplate.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Core}/Invoke-ExecGeoIPLookup.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Core}/Invoke-ExecGraphRequest.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Core}/Invoke-GetCippAlerts.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Core}/Invoke-GetVersion.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Scheduler}/Invoke-AddScheduledItem.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Scheduler}/Invoke-ExecScheduledCommand.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecAccessChecks.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecAddTrustedIP.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecBackendURLs.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecCPVPermissions.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecDnsConfig.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecExcludeLicenses.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecExcludeTenant.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecExtensionMapping.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecExtensionSync.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecExtensionTest.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecExtensionsConfig.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecMaintenanceScripts.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecNotificationConfig.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecPasswordConfig.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecRestoreBackup.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Settings}/Invoke-ExecRunBackup.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/CIPP/Setup}/Invoke-ExecSAMSetup.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-AddContact.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-AddExConnector.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-AddExConnectorTemplate.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-AddSharedMailbox.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-AddSpamFilter.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-AddSpamFilterTemplate.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-AddTransportRule.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-AddTransportTemplate.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-EditExConnector.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-EditSpamFilter.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-EditTransportRule.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecConverttoSharedMailbox.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecCopyForSent.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecDisableEmailForward.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecEditCalendarPermissions.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecEditMailboxPermissions.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecEmailForward.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecEnableArchive.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecGroupsDelete.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecGroupsDeliveryManagement.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecGroupsHideFromGAL.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecHideFromGAL.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecMailTest.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecMailboxMobileDevices.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecMailboxRestore.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecQuarantineManagement.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecSetMailboxQuota.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ExecSetOoO.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ListMailQuarantine.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ListMessageTrace.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ListOoO.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ListPhishPolicies.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ListRecipients.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ListSpamFilterTemplates.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ListSpamfilter.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ListTransportRules.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Email-Exchange}/Invoke-ListTransportRulesTemplates.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Applications}/Invoke-AddChocoApp.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Applications}/Invoke-AddMSPApp.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Applications}/Invoke-AddOfficeApp.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Applications}/Invoke-AddWinGetApp.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Applications}/Invoke-ExecAssignApp.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Applications}/Invoke-ListApplicationQueue.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Applications}/Invoke-ListApps.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Applications}/Invoke-ListAppsRepository.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Autopilot}/Invoke-AddAPDevice.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Autopilot}/Invoke-AddAutopilotConfig.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Autopilot}/Invoke-AddEnrollment.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Autopilot}/Invoke-ExecAssignAPDevice.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Autopilot}/Invoke-ListAPDevices.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/MEM}/Invoke-AddDefenderDeployment.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/MEM}/Invoke-AddIntuneTemplate.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/MEM}/Invoke-AddPolicy.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/MEM}/Invoke-EditPolicy.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/MEM}/Invoke-ExecAssignPolicy.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/MEM}/Invoke-ExecDeviceAction.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/MEM}/Invoke-ExecGetLocalAdminPassword.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/MEM}/Invoke-ExecGetRecoveryKey.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Endpoint/Reports}/Invoke-ListDevices.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Devices}/Invoke-ExecDeviceDelete.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Groups}/Invoke-AddGroup.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Groups}/Invoke-AddGroupTemplate.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Groups}/Invoke-EditGroup.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-AddGuest.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-AddUser.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-AddUserBulk.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-EditUser.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ExecBECCheck.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ExecBECRemediate.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ExecClrImmId.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ExecCreateTAP.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ExecDisableUser.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ExecOffboardUser.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ExecOffboard_Mailboxpermissions.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ExecOneDriveShortCut.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ExecResetMFA.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ExecResetPass.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ExecRevokeSessions.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ExecSendPush.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ListUserConditionalAccessPolicies.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ListUserCounts.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ListUserDevices.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ListUserGroups.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ListUserMailboxDetails.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ListUserMailboxRules.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ListUserPhoto.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ListUserSettings.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ListUserSigninLogs.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Administration/Users}/Invoke-ListUsers.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Reports}/Invoke-ListBasicAuth.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Identity/Reports}/Invoke-ListBasicAuthAllTenants.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions}/Invoke-Z_CIPPHttpTrigger.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Security}/Invoke-ExecAlertsListAllTenants.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Security}/Invoke-ExecIncidentsList.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Security}/Invoke-ExecIncidentsListAllTenants.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Security}/Invoke-ExecSetSecurityAlert.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Security}/Invoke-ExecSetSecurityIncident.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Teams-Sharepoint}/Invoke-AddTeam.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Teams-Sharepoint}/Invoke-ExecSetSharePointMember.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Teams-Sharepoint}/Invoke-ExecSharePointOwner.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Teams-Sharepoint}/Invoke-ListSharepointSettings.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Teams-Sharepoint}/Invoke-ListSites.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Teams-Sharepoint}/Invoke-ListTeams.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Teams-Sharepoint}/Invoke-ListTeamsActivity.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Teams-Sharepoint}/Invoke-ListTeamsVoice.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration/Alerts}/Invoke-AddAlert.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration/Alerts}/Invoke-ExecAlertsList.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration/Alerts}/Invoke-ListWebhookAlert.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration/Alerts}/Invoke-PublicWebhooks.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration/Application Approval}/Invoke-ExecAddMultiTenantApp.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration/Application Approval}/Invoke-ExecAppApproval.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration}/Invoke-ExecAddSPN.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration}/Invoke-ExecOffboardTenant.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration}/Invoke-ExecOnboardTenant.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration}/Invoke-ListAppConsentRequests.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration/Tenant}/Invoke-EditTenant.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration/Tenant}/Invoke-ListTenantDetails.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Administration/Tenant}/Invoke-ListTenants.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Conditional}/Invoke-AddCAPolicy.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Conditional}/Invoke-AddCATemplate.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Conditional}/Invoke-AddNamedLocation.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Conditional}/Invoke-EditCAPolicy.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Conditional}/Invoke-ExecCAExclusion.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Conditional}/Invoke-ListCAtemplates.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Conditional}/Invoke-ListConditionalAccessPolicies.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Conditional}/Invoke-ListConditionalAccessPolicyChanges.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/GDAP}/Invoke-ExecAddGDAPRole.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/GDAP}/Invoke-ExecAutoExtendGDAP.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/GDAP}/Invoke-ExecDeleteGDAPRelationship.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/GDAP}/Invoke-ExecDeleteGDAPRoleMapping.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/GDAP}/Invoke-ExecGDAPInvite.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/GDAP}/Invoke-ExecGDAPInviteApproved.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/GDAP}/Invoke-ListGDAPInvite.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/GDAP}/Invoke-ListGDAPQueue.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/GDAP}/Invoke-ListGDAPRoles.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Standards}/Invoke-AddStandardsDeploy.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Standards}/Invoke-BestPracticeAnalyser_List.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Standards}/Invoke-ExecStandardsRun.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Standards}/Invoke-ListBPA.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Standards}/Invoke-ListBPATemplates.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Standards}/Invoke-ListDomainAnalyser.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Standards}/Invoke-ListDomainHealth.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Standards}/invoke-DomainAnalyser_List.ps1 (100%) rename Modules/CIPPCore/Public/Entrypoints/{ => HTTP Functions/Tenant/Tools}/Invoke-ExecGraphExplorerPreset.ps1 (100%) delete mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-AddChocoApp_OrchestrationStarter.ps1 delete mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPInviteQueue.ps1 delete mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPMigration.ps1 delete mode 100644 Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPMigrationQueue.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-AddAlertSubscription_Queue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-AddAlertSubscription_Queue.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-AddAlertSubscription_Queue.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-AddAlertSubscription_Queue.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAdminPassword.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertAdminPassword.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAdminPassword.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertAdminPassword.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertApnCertExpiry.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertApnCertExpiry.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertApnCertExpiry.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertAppSecretExpiry.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertAppSecretExpiry.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertAppSecretExpiry.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderMalware.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertDefenderMalware.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderMalware.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertDefenderMalware.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderStatus.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertDefenderStatus.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDefenderStatus.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertDefenderStatus.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertDepTokenExpiry.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertDepTokenExpiry.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertDepTokenExpiry.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertExpiringLicenses.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertExpiringLicenses.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertExpiringLicenses.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertMFAAdmins.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAdmins.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertMFAAdmins.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertMFAAlertUsers.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertMFAAlertUsers.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertMFAAlertUsers.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNewAppApproval.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNewAppApproval.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNewAppApproval.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNewAppApproval.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNewRole.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNewRole.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNewRole.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNewRole.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNoCAConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNoCAConfig.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertNoCAConfig.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNoCAConfig.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertOverusedLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertOverusedLicenses.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertOverusedLicenses.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertOverusedLicenses.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertQuotaUsed.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertQuotaUsed.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertQuotaUsed.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSecDefaultsUpsell.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertSecDefaultsUpsell.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSecDefaultsUpsell.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertSecDefaultsUpsell.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertSharepointQuota.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertSharepointQuota.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertSharepointQuota.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertUnusedLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertUnusedLicenses.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertUnusedLicenses.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertUnusedLicenses.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertVppTokenExpiry.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertVppTokenExpiry.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPAlertVppTokenExpiry.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertVppTokenExpiry.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPStandard.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-CIPPStandard.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPStandard.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ExecAddMultiTenantApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecAddMultiTenantApp.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-ExecAddMultiTenantApp.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecAddMultiTenantApp.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ExecGDAPInviteQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecGDAPInviteQueue.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-ExecGDAPInviteQueue.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecGDAPInviteQueue.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-ExecOnboardTenantQueue.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ExecScheduledCommand.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecScheduledCommand.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-ExecScheduledCommand.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecScheduledCommand.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-GetPendingWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-GetPendingWebhooks.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-GetPendingWebhooks.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-GetPendingWebhooks.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ListGraphRequestQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListGraphRequestQueue.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-ListGraphRequestQueue.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListGraphRequestQueue.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ListLicensesQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListLicensesQueue.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-ListLicensesQueue.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListLicensesQueue.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ListMFAUsersQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMFAUsersQueue.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-ListMFAUsersQueue.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMFAUsersQueue.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-ListMailboxRulesQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-ListMailboxRulesQueue.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ListMailboxRulesQueue.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-PublicWebhookProcess.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-PublicWebhookProcess.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-PublicWebhookProcess.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-PublicWebhookProcess.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-SchedulerAlert.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-SchedulerAlert.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-SchedulerAlert.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-SchedulerCIPPNotifications.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-SchedulerCIPPNotifications.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-SchedulerCIPPNotifications.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-SchedulerCIPPNotifications.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-Schedulerwebhookcreation.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-Schedulerwebhookcreation.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-Schedulerwebhookcreation.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-Schedulerwebhookcreation.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-UpdatePermissionsQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdatePermissionsQueue.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-UpdatePermissionsQueue.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdatePermissionsQueue.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-UpdateTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdateTenants.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-UpdateTenants.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdateTenants.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Push-Z_CIPPQueueTrigger.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-Z_CIPPQueueTrigger.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Push-Z_CIPPQueueTrigger.ps1 rename to Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-Z_CIPPQueueTrigger.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecEditTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecEditTemplate.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecEditTemplate.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGeoIPLookup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGeoIPLookup.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGeoIPLookup.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGeoIPLookup.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGraphRequest.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphRequest.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecGraphRequest.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-GetCippAlerts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-GetCippAlerts.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetCippAlerts.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-GetVersion.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetVersion.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-GetVersion.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-GetVersion.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddScheduledItem.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-AddScheduledItem.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddScheduledItem.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-AddScheduledItem.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecScheduledCommand.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-ExecScheduledCommand.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecScheduledCommand.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-ExecScheduledCommand.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAccessChecks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAccessChecks.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAccessChecks.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAddTrustedIP.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAddTrustedIP.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBackendURLs.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackendURLs.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBackendURLs.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecBackendURLs.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCPVPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCPVPermissions.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCPVPermissions.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecCPVPermissions.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDnsConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDnsConfig.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExcludeLicenses.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeLicenses.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExcludeLicenses.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeLicenses.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExcludeTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExcludeTenant.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionMapping.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExtensionMapping.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionMapping.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExtensionMapping.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionSync.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExtensionSync.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionSync.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExtensionSync.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExtensionTest.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionTest.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExtensionTest.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionsConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExtensionsConfig.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecExtensionsConfig.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExtensionsConfig.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMaintenanceScripts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecMaintenanceScripts.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMaintenanceScripts.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecMaintenanceScripts.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecNotificationConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecNotificationConfig.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecNotificationConfig.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecNotificationConfig.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecPasswordConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPasswordConfig.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecPasswordConfig.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecPasswordConfig.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRestoreBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRestoreBackup.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRestoreBackup.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRunBackup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRunBackup.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRunBackup.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecRunBackup.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSAMSetup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSAMSetup.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddContact.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddContact.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddContact.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddContact.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddExConnector.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnector.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddExConnector.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnector.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddExConnectorTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnectorTemplate.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddExConnectorTemplate.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddExConnectorTemplate.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddSharedMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddSharedMailbox.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSharedMailbox.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddSpamFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilter.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddSpamFilter.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilter.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddSpamFilterTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilterTemplate.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddSpamFilterTemplate.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddSpamFilterTemplate.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddTransportRule.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportRule.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddTransportTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddTransportTemplate.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-AddTransportTemplate.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditExConnector.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-EditExConnector.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditExConnector.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditSpamFilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSpamFilter.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-EditSpamFilter.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditSpamFilter.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditTransportRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-EditTransportRule.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-EditTransportRule.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecConverttoSharedMailbox.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecConverttoSharedMailbox.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecConverttoSharedMailbox.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCopyForSent.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCopyForSent.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecCopyForSent.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDisableEmailForward.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecDisableEmailForward.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDisableEmailForward.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecDisableEmailForward.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecEditCalendarPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditCalendarPermissions.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecEditCalendarPermissions.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditCalendarPermissions.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecEditMailboxPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditMailboxPermissions.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecEditMailboxPermissions.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEditMailboxPermissions.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecEmailForward.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecEmailForward.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEmailForward.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecEnableArchive.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecEnableArchive.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecEnableArchive.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGroupsDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGroupsDelete.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDelete.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGroupsDeliveryManagement.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGroupsDeliveryManagement.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsDeliveryManagement.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGroupsHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGroupsHideFromGAL.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecGroupsHideFromGAL.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecHideFromGAL.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecHideFromGAL.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecHideFromGAL.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailTest.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailTest.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailboxMobileDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailboxMobileDevices.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxMobileDevices.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailboxRestore.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxRestore.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailboxRestore.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecMailboxRestore.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecQuarantineManagement.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecQuarantineManagement.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecQuarantineManagement.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecQuarantineManagement.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSetMailboxQuota.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxQuota.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSetMailboxQuota.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetMailboxQuota.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSetOoO.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSetOoO.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecSetOoO.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailQuarantine.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantine.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListMailQuarantine.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMailQuarantine.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListMessageTrace.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMessageTrace.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListMessageTrace.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListMessageTrace.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListOoO.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListOoO.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListOoO.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListPhishPolicies.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListPhishPolicies.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListPhishPolicies.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListPhishPolicies.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListRecipients.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListRecipients.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListRecipients.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListRecipients.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSpamFilterTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamFilterTemplates.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListSpamFilterTemplates.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamFilterTemplates.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSpamfilter.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamfilter.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListSpamfilter.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListSpamfilter.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTransportRules.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRules.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListTransportRules.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRules.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTransportRulesTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRulesTemplates.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListTransportRulesTemplates.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ListTransportRulesTemplates.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddChocoApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddChocoApp.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddChocoApp.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddChocoApp.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddMSPApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddMSPApp.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddMSPApp.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddOfficeApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddOfficeApp.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddOfficeApp.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddOfficeApp.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddWinGetApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddWinGetApp.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddWinGetApp.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-AddWinGetApp.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAssignApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAssignApp.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAssignApp.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ExecAssignApp.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListApplicationQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApplicationQueue.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListApplicationQueue.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApplicationQueue.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListApps.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApps.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListApps.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListApps.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAppsRepository.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListAppsRepository.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListAppsRepository.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Applications/Invoke-ListAppsRepository.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAPDevice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAPDevice.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddAPDevice.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAPDevice.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAutopilotConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddAutopilotConfig.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddAutopilotConfig.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddEnrollment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddEnrollment.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddEnrollment.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-AddEnrollment.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAssignAPDevice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAssignAPDevice.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAPDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ListAPDevices.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListAPDevices.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ListAPDevices.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddDefenderDeployment.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddDefenderDeployment.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderDeployment.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddIntuneTemplate.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddPolicy.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditPolicy.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-EditPolicy.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-EditPolicy.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAssignPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAssignPolicy.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecAssignPolicy.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceAction.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceAction.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecDeviceAction.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGetLocalAdminPassword.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGetLocalAdminPassword.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetLocalAdminPassword.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGetRecoveryKey.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGetRecoveryKey.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-ExecGetRecoveryKey.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Reports/Invoke-ListDevices.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListDevices.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/Reports/Invoke-ListDevices.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceDelete.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeviceDelete.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Devices/Invoke-ExecDeviceDelete.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddGroup.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroup.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddGroupTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddGroupTemplate.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-EditGroup.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-EditGroup.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddGuest.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddGuest.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddGuest.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddGuest.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddUser.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUser.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUserBulk.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUserBulk.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddUserBulk.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddUserBulk.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBECCheck.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECCheck.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBECCheck.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECCheck.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBECRemediate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecBECRemediate.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecBECRemediate.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecClrImmId.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecClrImmId.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCreateTAP.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCreateTAP.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecCreateTAP.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDisableUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDisableUser.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecDisableUser.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOffboardUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboardUser.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOffboardUser.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboardUser.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOffboard_Mailboxpermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboard_Mailboxpermissions.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOffboard_Mailboxpermissions.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOffboard_Mailboxpermissions.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOneDriveShortCut.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOneDriveShortCut.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecOneDriveShortCut.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecResetMFA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecResetMFA.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetMFA.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecResetPass.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecResetPass.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecResetPass.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRevokeSessions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecRevokeSessions.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecRevokeSessions.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSendPush.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecSendPush.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSendPush.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecSendPush.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserConditionalAccessPolicies.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserConditionalAccessPolicies.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserConditionalAccessPolicies.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserConditionalAccessPolicies.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserCounts.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserCounts.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserCounts.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserDevices.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserDevices.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserDevices.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserDevices.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserGroups.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserGroups.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserGroups.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserGroups.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserMailboxDetails.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserMailboxDetails.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxDetails.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserMailboxRules.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserMailboxRules.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserMailboxRules.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserPhoto.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserPhoto.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserPhoto.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserPhoto.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSettings.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSettings.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSettings.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSettings.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSigninLogs.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSigninLogs.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListUserSigninLogs.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUserSigninLogs.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUsers.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListUsers.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListUsers.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBasicAuth.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Reports/Invoke-ListBasicAuth.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListBasicAuth.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Reports/Invoke-ListBasicAuth.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBasicAuthAllTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Reports/Invoke-ListBasicAuthAllTenants.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListBasicAuthAllTenants.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Reports/Invoke-ListBasicAuthAllTenants.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-Z_CIPPHttpTrigger.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Invoke-Z_CIPPHttpTrigger.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-Z_CIPPHttpTrigger.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Invoke-Z_CIPPHttpTrigger.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAlertsListAllTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecAlertsListAllTenants.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAlertsListAllTenants.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecAlertsListAllTenants.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecIncidentsList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecIncidentsList.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecIncidentsListAllTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsListAllTenants.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecIncidentsListAllTenants.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsListAllTenants.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSetSecurityAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityAlert.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSetSecurityAlert.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityAlert.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSetSecurityIncident.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityIncident.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSetSecurityIncident.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecSetSecurityIncident.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddTeam.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddTeam.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddTeam.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-AddTeam.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSetSharePointMember.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSetSharePointMember.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSetSharePointMember.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSharePointOwner.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointOwner.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecSharePointOwner.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ExecSharePointOwner.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharepointSettings.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointSettings.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListSharepointSettings.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSharepointSettings.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListSites.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTeams.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListTeams.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTeamsActivity.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsActivity.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListTeamsActivity.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsActivity.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTeamsVoice.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListTeamsVoice.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeamsVoice.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-AddAlert.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-AddAlert.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAlertsList.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ExecAlertsList.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAlertsList.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ExecAlertsList.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListWebhookAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListWebhookAlert.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListWebhookAlert.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListWebhookAlert.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-PublicWebhooks.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAddMultiTenantApp.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAddMultiTenantApp.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAddMultiTenantApp.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAddMultiTenantApp.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAppApproval.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppApproval.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAppApproval.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Application Approval/Invoke-ExecAppApproval.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAddSPN.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecAddSPN.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAddSPN.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecAddSPN.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOffboardTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOffboardTenant.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOffboardTenant.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOnboardTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOnboardTenant.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOnboardTenant.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ExecOnboardTenant.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListAppConsentRequests.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListAppConsentRequests.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-ListAppConsentRequests.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-EditTenant.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-EditTenant.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-EditTenant.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenantDetails.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenantDetails.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenantDetails.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenantDetails.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListTenants.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddCAPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddCAPolicy.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddCATemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddCATemplate.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddNamedLocation.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddNamedLocation.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddNamedLocation.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddNamedLocation.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditCAPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-EditCAPolicy.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-EditCAPolicy.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-EditCAPolicy.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCAExclusion.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCAExclusion.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCAExclusion.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListCAtemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListCAtemplates.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListCAtemplates.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicies.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicies.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicies.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicies.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicyChanges.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicyChanges.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListConditionalAccessPolicyChanges.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ListConditionalAccessPolicyChanges.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAddGDAPRole.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAddGDAPRole.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAddGDAPRole.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAutoExtendGDAP.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAutoExtendGDAP.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecAutoExtendGDAP.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecAutoExtendGDAP.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeleteGDAPRelationship.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRelationship.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeleteGDAPRelationship.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRelationship.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeleteGDAPRoleMapping.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecDeleteGDAPRoleMapping.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPInvite.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPInvite.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPInviteApproved.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInviteApproved.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPInviteApproved.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInviteApproved.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGDAPInvite.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPInvite.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListGDAPInvite.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPInvite.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGDAPQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPQueue.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListGDAPQueue.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPQueue.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGDAPRoles.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPRoles.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListGDAPRoles.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ListGDAPRoles.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddStandardsDeploy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-AddStandardsDeploy.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-BestPracticeAnalyser_List.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-BestPracticeAnalyser_List.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-BestPracticeAnalyser_List.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-BestPracticeAnalyser_List.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecStandardsRun.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecStandardsRun.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBPA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListBPA.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListBPATemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListBPATemplates.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPATemplates.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomainAnalyser.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainAnalyser.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomainAnalyser.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainAnalyser.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomainHealth.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomainHealth.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListDomainHealth.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/invoke-DomainAnalyser_List.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/invoke-DomainAnalyser_List.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/invoke-DomainAnalyser_List.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/invoke-DomainAnalyser_List.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 similarity index 100% rename from Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGraphExplorerPreset.ps1 rename to Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddChocoApp_OrchestrationStarter.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddChocoApp_OrchestrationStarter.ps1 deleted file mode 100644 index fbbcb29a1dce..000000000000 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddChocoApp_OrchestrationStarter.ps1 +++ /dev/null @@ -1,26 +0,0 @@ -using namespace System.Net - -Function Invoke-AddChocoApp_OrchestrationStarter { - <# - .FUNCTIONALITY - Entrypoint - #> - [CmdletBinding()] - param($Request, $TriggerMetadata) - - Write-LogMessage -API 'ChocoApps' -message 'Attempted to start upload but an instance was already running.' -sev Info - $InstanceId = Start-NewOrchestration -FunctionName 'Applications_Orchestrator' - Write-Host "Started orchestration with ID = '$InstanceId'" - $Orchestrator = New-OrchestrationCheckStatusResponse -Request $Request -InstanceId $InstanceId - Write-LogMessage -API 'ChocoApps' -message 'Started uploading applications to tenants' -sev Info - $Results = [pscustomobject]@{'Results' = 'Started application queue' } - - Write-Host ($Orchestrator | ConvertTo-Json) - - - Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = $results - }) - -} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPInviteQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPInviteQueue.ps1 deleted file mode 100644 index 60d7ddbb29d2..000000000000 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPInviteQueue.ps1 +++ /dev/null @@ -1,42 +0,0 @@ -using namespace System.Net - -Function Invoke-ExecGDAPInviteQueue { - <# - .FUNCTIONALITY - Entrypoint - #> - [CmdletBinding()] - param($Request, $TriggerMetadata) - - #$TenantFilter = $env:TenantID - - $Table = Get-CIPPTable -TableName 'GDAPInvites' - $Invite = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$QueueItem'" - $APINAME = 'GDAPInvites' - $RoleMappings = $Invite.RoleMappings | ConvertFrom-Json - Write-Host ($Invite | ConvertTo-Json -Compress) - - foreach ($role in $RoleMappings) { - try { - $Mappingbody = ConvertTo-Json -Depth 10 -InputObject @{ - 'accessContainer' = @{ - 'accessContainerId' = "$($Role.GroupId)" - 'accessContainerType' = 'securityGroup' - } - 'accessDetails' = @{ - 'unifiedRoles' = @(@{ - 'roleDefinitionId' = "$($Role.roleDefinitionId)" - }) - } - } - New-GraphPostRequest -NoAuthCheck $True -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$($QueueItem)/accessAssignments" -tenantid $env:TenantID -type POST -body $MappingBody -verbose - Start-Sleep -Milliseconds 100 - } catch { - Write-LogMessage -API $APINAME -message "GDAP Group mapping failed - $($role.GroupId): $($_.Exception.Message)" -Sev Error - exit 1 - } - Write-LogMessage -API $APINAME -message "Groups mapped for GDAP Relationship: $($GdapInvite.RowKey)" -Sev Info - } - Remove-AzDataTableEntity @Table -Entity $Invite - -} diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPMigration.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPMigration.ps1 deleted file mode 100644 index 7b5ce0a31a1d..000000000000 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPMigration.ps1 +++ /dev/null @@ -1,33 +0,0 @@ -using namespace System.Net - -Function Invoke-ExecGDAPMigration { - <# - .FUNCTIONALITY - Entrypoint - #> - [CmdletBinding()] - param($Request, $TriggerMetadata) - - $APIName = $TriggerMetadata.FunctionName - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' - - $Groups = $Request.body.gdapRoles - $Tenants = $Request.body.selectedTenants - $Results = [System.Collections.ArrayList]@() - - foreach ($Tenant in $Tenants) { - $obj = [PSCustomObject]@{ - tenant = $Tenant - gdapRoles = $Groups - } - Push-OutputBinding -Name gdapqueue -Value $obj - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Started GDAP Migration for $($tenant.displayName)" -Sev 'Debug' - $results.add("Started GDAP Migration for $($tenant.displayName)") | Out-Null - } - $body = @{Results = @($Results) } - Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = $body - }) - -} diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPMigrationQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPMigrationQueue.ps1 deleted file mode 100644 index bb59a42fed9c..000000000000 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecGDAPMigrationQueue.ps1 +++ /dev/null @@ -1,99 +0,0 @@ - using namespace System.Net - - Function Invoke-ExecGDAPMigrationQueue { - <# - .FUNCTIONALITY - Entrypoint - #> - [CmdletBinding()] - param($Request, $TriggerMetadata) - - #$TenantFilter = $env:TenantID -$RoleMappings = $QueueItem.gdapRoles -$tenant = $queueitem.tenant -$Table = Get-CIPPTable -TableName 'gdapmigration' -Write-Host ($QueueItem.tenant | ConvertTo-Json -Compress) -$logRequest = @{ - status = 'Started migration' - tenant = "$($tenant.displayName)" - RowKey = "$($tenant.customerId)" - PartitionKey = 'alert' - startAt = "$((Get-Date).ToString('s'))" -} - -Add-CIPPAzDataTableEntity @Table -Entity $logRequest -Force | Out-Null - -if ($RoleMappings) { - $LogRequest['status'] = 'Step 2: Roles selected, creating new GDAP relationship.' - Add-CIPPAzDataTableEntity @Table -Entity $logRequest -Force | Out-Null -} -else { - $LogRequest['status'] = 'Migration failed at Step 2: No role mappings created.' - Add-CIPPAzDataTableEntity @Table -Entity $logRequest -Force | Out-Null - exit 1 -} -try { - $JSONBody = @{ - 'displayName' = "$((New-Guid).GUID)" - 'partner' = @{ - 'tenantId' = "$env:tenantid" - } - - 'customer' = @{ - 'displayName' = "$($tenant.displayName)" - 'tenantId' = "$($tenant.customerId)" - } - 'accessDetails' = @{ - 'unifiedRoles' = @($RoleMappings | Select-Object roleDefinitionId) - } - 'duration' = 'P730D' - } | ConvertTo-Json -Depth 5 -Compress - Write-Host $JSONBody - $MigrateRequest = New-GraphPostRequest -NoAuthCheck $True -uri 'https://traf-pcsvcadmin-prod.trafficmanager.net/CustomerServiceAdminApi/Web//v1/delegatedAdminRelationships/migrate' -type POST -body $JSONBody -verbose -tenantid $env:TenantID -scope 'https://api.partnercustomeradministration.microsoft.com/.default' - Start-Sleep -Milliseconds 100 - do { - $CheckActive = New-GraphGetRequest -NoAuthCheck $True -uri "https://traf-pcsvcadmin-prod.trafficmanager.net/CustomerServiceAdminApi/Web//v1/delegatedAdminRelationships/$($MigrateRequest.id)" -tenantid $env:TenantID -scope 'https://api.partnercustomeradministration.microsoft.com/.default' - Start-Sleep -Milliseconds 200 - } until ($CheckActive.status -eq 'Active') -} -catch { - $LogRequest['status'] = "Migration Failed. Could not create relationship: $($_.Exception.Message)" - Add-CIPPAzDataTableEntity @Table -Entity $logRequest -Force | Out-Null -} - - -if ($CheckActive.status -eq 'Active') { - $LogRequest['status'] = 'Step 3: GDAP Relationship active. Mapping groups.' - Add-CIPPAzDataTableEntity @Table -Entity $logRequest -Force | Out-Null - foreach ($role in $RoleMappings) { - try { - $Mappingbody = ConvertTo-Json -Depth 10 -InputObject @{ - 'accessContainer' = @{ - 'accessContainerId' = "$($Role.GroupId)" - 'accessContainerType' = 'securityGroup' - } - 'accessDetails' = @{ - 'unifiedRoles' = @(@{ - 'roleDefinitionId' = "$($Role.roleDefinitionId)" - }) - } - } - $RoleActiveID = New-GraphPostRequest -NoAuthCheck $True -uri "https://traf-pcsvcadmin-prod.trafficmanager.net/CustomerServiceAdminApi/Web//v1/delegatedAdminRelationships/$($MigrateRequest.id)/accessAssignments" -tenantid $env:TenantID -type POST -body $MappingBody -verbose -scope 'https://api.partnercustomeradministration.microsoft.com/.default' - Start-Sleep -Milliseconds 400 - $LogRequest['status'] = "Step 3: GDAP Relationship active. Mapping group: $($Role.GroupId)" - Add-CIPPAzDataTableEntity @Table -Entity $logRequest -Force | Out-Null - } - catch { - $LogRequest['status'] = "Migration Failed. Could not create group mapping for group $($role.GroupId): $($_.Exception.Message)" - Add-CIPPAzDataTableEntity @Table -Entity $logRequest -Force | Out-Null - exit 1 - } - #$CheckActiveRole = New-GraphGetRequest -NoAuthCheck $True -uri "https://traf-pcsvcadmin-prod.trafficmanager.net/CustomerServiceAdminApi/Web//v1/delegatedAdminRelationships/$($MigrateRequest.id)/accessAssignments/$($RoleActiveID.id)" -tenantid $env:TenantId -scope 'https://api.partnercustomeradministration.microsoft.com/.default' - } - $LogRequest['status'] = 'Migration Complete' - Add-CIPPAzDataTableEntity @Table -Entity $logRequest -Force | Out-Null - -} - - - } diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index 837e63e18945..f0bf7fcf2d1b 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -19,7 +19,7 @@ function Receive-CippHttpTrigger { function Receive-CippQueueTrigger { Param($QueueItem, $TriggerMetadata) - + Set-Location (Get-Item $PSScriptRoot).Parent.Parent.FullName $Start = (Get-Date).ToUniversalTime() $APIName = $TriggerMetadata.FunctionName Write-Host "#### Running $APINAME" From d23a90654f2e43758d4ca18dab59e74fa6866f6f Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 3 Apr 2024 17:52:23 +0200 Subject: [PATCH 204/243] Fixes to get-tenant --- .../Tenant/Invoke-ListTenants.ps1 | 2 +- .../Public/GraphHelper/Get-Tenants.ps1 | 111 +++++++++--------- 2 files changed, 55 insertions(+), 58 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 index 0da865b0df42..3d2967edb591 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1 @@ -32,7 +32,7 @@ Function Invoke-ListTenants { try { $tenantfilter = $Request.Query.TenantFilter - $Tenants = Get-Tenants -IncludeErrors -SkipDomains -TriggerRefreshIfNeeded + $Tenants = Get-Tenants -IncludeErrors -SkipDomains if ($null -eq $TenantFilter -or $TenantFilter -eq 'null') { $TenantList = [system.collections.generic.list[object]]::new() diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 index 64395f3c3260..bcb9b94ef9cc 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 @@ -10,7 +10,7 @@ function Get-Tenants { [switch]$IncludeAll, [switch]$IncludeErrors, [switch]$SkipDomains, - [switch]$TriggerRefreshIfNeeded + [switch]$TriggerRefresh ) $TenantsTable = Get-CippTable -tablename 'Tenants' @@ -30,19 +30,13 @@ function Get-Tenants { } $IncludedTenantsCache = Get-CIPPAzDataTableEntity @TenantsTable -Filter $Filter - if (($IncludedTenantsCache | Measure-Object).Count -gt 0) { - try { - $LastRefresh = ($IncludedTenantsCache | Where-Object { $_.customerId } | Sort-Object LastRefresh -Descending | Select-Object -First 1).LastRefresh | Get-Date -ErrorAction Stop - } catch { $LastRefresh = $false } - } else { - $LastRefresh = $false - } - if (!$LastRefresh -or $LastRefresh -lt (Get-Date).Addhours(-24).ToUniversalTime()) { + if (($IncludedTenantsCache | Measure-Object).Count -eq 0) { + $BuildRequired = $true + } - # Query for active relationships - $GDAPRelationships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships?`$filter=status eq 'active' and not startsWith(displayName,'MLT_')&`$select=customer,autoExtendDuration,endDateTime" - - # Flatten gdap relationship + if ($BuildRequired -or $TriggerRefresh.IsPresent) { + #get the full list of tenants + $GDAPRelationships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships?`$filter=status eq 'active' and not startsWith(displayName,'MLT_')&`$select=customer,autoExtendDuration,endDateTime" -NoAuthCheck:$true $GDAPList = foreach ($Relationship in $GDAPRelationships) { [PSCustomObject]@{ customerId = $Relationship.customer.tenantId @@ -51,49 +45,62 @@ function Get-Tenants { relationshipEnd = $Relationship.endDateTime } } - - # Group relationships, build object for adding to tables $ActiveRelationships = $GDAPList | Where-Object { $_.customerId -notin $SkipListCache.customerId } $TenantList = $ActiveRelationships | Group-Object -Property customerId | ForEach-Object -Parallel { + Write-Host "Processing $($_.Name) to add to tenant list." Import-Module CIPPCore + Import-Module AzBobbyTables + $ExistingTenantInfo = Get-CIPPAzDataTableEntity @using:TenantsTable -Filter "PartitionKey eq 'Tenants' and RowKey eq '$($_.Name)'" + if ($ExistingTenantInfo -and $ExistingInfo.RequiresRefresh -eq $false) { + Write-Host 'Existing tenant found. We already have it cached, skipping.' + $ExistingTenantInfo + continue + } $LatestRelationship = $_.Group | Sort-Object -Property relationshipEnd | Select-Object -Last 1 $AutoExtend = ($_.Group | Where-Object { $_.autoExtend -eq $true } | Measure-Object).Count -gt 0 if (-not $SkipDomains.IsPresent) { - # Query domains to get default/initial try { + Write-Host "Getting domains for $($_.Name)." $Domains = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $LatestRelationship.customerId -NoAuthCheck:$true -ErrorAction Stop $defaultDomainName = ($Domains | Where-Object { $_.isDefault -eq $true }).id $initialDomainName = ($Domains | Where-Object { $_.isInitial -eq $true }).id } catch { - $defaultDomainName = 'Domain Error, check permissions' - $initialDomainName = 'Domain Error, check permissions' + try { + #doing alternative method to temporarily get domains. Nightly refresh will fix this as it will be marked for renew. + $Domain = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/tenantRelationships/findTenantInformationByTenantId(tenantId='$($LatestRelationship.customerId)')" -NoAuthCheck:$true).defaultDomainName + $defaultDomainName = $Domain + $initialDomainName = $Domain + $RequiresRefresh = $true + + } catch { + Write-LogMessage -API 'Get-Tenants' -message "Tried adding $($LatestRelationship.customerId) to tenant list but failed to get domains - $($_.Exception.Message)" -level 'Critical' + + } + } + + [PSCustomObject]@{ + PartitionKey = 'Tenants' + RowKey = $_.Name + customerId = $_.Name + displayName = $LatestRelationship.displayName + relationshipEnd = $LatestRelationship.relationshipEnd + relationshipCount = $_.Count + defaultDomainName = $defaultDomainName + initialDomainName = $initialDomainName + hasAutoExtend = $AutoExtend + delegatedPrivilegeStatus = 'granularDelegatedAdminPrivileges' + domains = '' + Excluded = $false + ExcludeUser = '' + ExcludeDate = '' + GraphErrorCount = 0 + LastGraphError = '' + RequiresRefresh = [bool]$RequiresRefresh + LastRefresh = (Get-Date).ToUniversalTime() } - } else { - $defaultDomainName = 'Domain Error, skipped' - $initialDomainName = 'Domain Error, skipped' - } - [PSCustomObject]@{ - PartitionKey = 'Tenants' - RowKey = $_.Name - customerId = $_.Name - displayName = $LatestRelationship.displayName - relationshipEnd = $LatestRelationship.relationshipEnd - relationshipCount = $_.Count - defaultDomainName = $defaultDomainName - initialDomainName = $initialDomainName - hasAutoExtend = $AutoExtend - delegatedPrivilegeStatus = 'granularDelegatedAdminPrivileges' - domains = '' - Excluded = $false - ExcludeUser = '' - ExcludeDate = '' - GraphErrorCount = 0 - LastGraphError = '' - LastRefresh = (Get-Date).ToUniversalTime() } } - $IncludedTenantsCache = [system.collections.generic.list[object]]::new() if ($env:PartnerTenantAvailable) { # Add partner tenant if env is set @@ -116,23 +123,13 @@ function Get-Tenants { if ($Tenant.defaultDomainName -eq 'Invalid' -or !$Tenant.defaultDomainName) { continue } $IncludedTenantsCache.Add($Tenant) | Out-Null } + } - if ($IncludedTenantsCache) { - $TenantsTable.Force = $true - Add-CIPPAzDataTableEntity @TenantsTable -Entity $IncludedTenantsCache - } - - if ($TriggerRefreshIfNeeded.IsPresent -and -not $SkipDomains.IsPresent) { - Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ - StatusCode = [HttpStatusCode]::OK - Body = $GraphRequest - }) - $InputObject = [PSCustomObject]@{ - OrchestratorName = 'UpdateTenantsOrchestrator' - Batch = @(@{'FunctionName' = 'UpdateTenants' }) - } - #Write-Host ($InputObject | ConvertTo-Json) - $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) + if ($IncludedTenantsCache) { + Add-CIPPAzDataTableEntity @TenantsTable -Entity $IncludedTenantsCache -Force + $CurrentTenants = Get-CIPPAzDataTableEntity @TenantsTable -Filter "PartitionKey eq 'Tenants' and Excluded eq false" + $CurrentTenants | Where-Object { $_.customerId -notin $IncludedTenantsCache.customerId } | ForEach-Object { + Remove-AzDataTableEntity -Context $TenantsTable -Entity $_ -Force } } return ($IncludedTenantsCache | Where-Object { $null -ne $_.defaultDomainName -and ($_.defaultDomainName -notmatch 'Domain Error' -or $IncludeAll.IsPresent) } | Sort-Object -Property displayName) From 032f44b645f4e4027b38356ffcc5504d957e7b2f Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Wed, 3 Apr 2024 18:05:58 +0200 Subject: [PATCH 205/243] add trigger refresh to nightly --- UpdatePermissions/run.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/UpdatePermissions/run.ps1 b/UpdatePermissions/run.ps1 index 1c6b98f6ee92..77290175242e 100644 --- a/UpdatePermissions/run.ps1 +++ b/UpdatePermissions/run.ps1 @@ -2,7 +2,7 @@ param($Timer) try { - $Tenants = Get-Tenants -IncludeAll -SkipDomains | Where-Object { $_.customerId -ne $env:TenantId -and $_.Excluded -eq $false } | ForEach-Object { $_ | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'UpdatePermissionsQueue'; $_ } + $Tenants = Get-Tenants -IncludeAll -TriggerRefresh | Where-Object { $_.customerId -ne $env:TenantId -and $_.Excluded -eq $false } | ForEach-Object { $_ | Add-Member -NotePropertyName FunctionName -NotePropertyValue 'UpdatePermissionsQueue'; $_ } if (($Tenants | Measure-Object).Count -gt 0) { $InputObject = [PSCustomObject]@{ From d352ef29107b1431e91f2806109d15f933c551c4 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 3 Apr 2024 12:28:31 -0400 Subject: [PATCH 206/243] Update version_latest.txt --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 8ae03c11904c..6ffbe8ba8ebd 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.4.2 +5.4.3 From 689f4a2e4562b6346f13cee07262e0983f8a054e Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 3 Apr 2024 22:11:57 -0400 Subject: [PATCH 207/243] Fix onboarding wizard --- .../Activity Triggers/Push-ExecOnboardTenantQueue.ps1 | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 index b6938cc1389c..cc23c195820c 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 @@ -274,11 +274,7 @@ Function Push-ExecOnboardTenantQueue { $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Clearing tenant cache' }) $y = 0 do { - try { - Remove-CIPPCache -tenantsOnly $true - } catch {} - - $Tenant = Get-Tenants -IncludeAll | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1 + $Tenant = Get-Tenants -TriggerRefresh -IncludeAll | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1 $y++ Start-Sleep -Seconds 20 } while (!$Tenant -and $y -le 4) @@ -327,10 +323,7 @@ Function Push-ExecOnboardTenantQueue { $OnboardingSteps.Step4.Status = 'succeeded' $OnboardingSteps.Step4.Message = 'CPV permissions refreshed' if ($Tenant.defaultDomainName -match 'Domain Error') { - try { - Remove-CIPPCache -tenantsOnly $true - } catch {} - $Tenant = Get-Tenants -IncludeAll | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1 + $Tenant = Get-Tenants -TriggerRefresh -IncludeAll | Where-Object { $_.customerId -eq $Relationship.customer.tenantId } | Select-Object -First 1 } } else { $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'CPV permissions failed to refresh' }) From 3469de9cf77e15f682e4016c7e916b8b702ebdc0 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 4 Apr 2024 15:28:55 -0400 Subject: [PATCH 208/243] Add Get-CIPPAuthentication step before graphtoken --- .../Public/Test-CIPPAccessPermissions.ps1 | 37 ++++++++----------- 1 file changed, 15 insertions(+), 22 deletions(-) diff --git a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 index f82b937d9e57..ac2629135250 100644 --- a/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 +++ b/Modules/CIPPCore/Public/Test-CIPPAccessPermissions.ps1 @@ -2,7 +2,7 @@ function Test-CIPPAccessPermissions { [CmdletBinding()] param ( $TenantFilter, - $APIName = "Access Check", + $APIName = 'Access Check', $ExecutingUser ) Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Started permissions check' -Sev 'Debug' @@ -20,12 +20,12 @@ function Test-CIPPAccessPermissions { TenantId = '' UserPrincipalName = '' } - Write-Host "Setting success to true by default." + Write-Host 'Setting success to true by default.' $Success = $true try { Set-Location (Get-Item $PSScriptRoot).FullName $ExpectedPermissions = Get-Content '.\SAMManifest.json' | ConvertFrom-Json - + Get-CIPPAuthentication $GraphToken = Get-GraphToken -returnRefresh $true -SkipCache $true if ($GraphToken) { $GraphPermissions = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/myorganization/applications?`$filter=appId eq '$env:ApplicationID'" -NoAuthCheck $true @@ -38,7 +38,7 @@ function Test-CIPPAccessPermissions { $KV = $ENV:WEBSITE_DEPLOYMENT_ID $KeyVaultRefresh = Get-AzKeyVaultSecret -VaultName $kv -Name 'RefreshToken' -AsPlainText if ($ENV:RefreshToken -ne $KeyVaultRefresh) { - Write-Host "Setting success to false due to nonmaching token." + Write-Host 'Setting success to false due to nonmaching token.' $Success = $false $Messages.Add('Your refresh token does not match key vault, clear your cache or wait 30 minutes.') | Out-Null @@ -47,43 +47,38 @@ function Test-CIPPAccessPermissions { Href = 'https://docs.cipp.app/setup/installation/cleartokencache' } ) | Out-Null - } - else { + } else { $Messages.Add('Your refresh token matches key vault.') | Out-Null } - } - catch { + } catch { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Key vault exception: $($_) " -Sev 'Error' } } try { $AccessTokenDetails = Read-JwtAccessDetails -Token $GraphToken.access_token -erroraction SilentlyContinue - } - catch { + } catch { $AccessTokenDetails = [PSCustomObject]@{ Name = '' AuthMethods = @() } Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $tenant -message "Token exception: $($_) " -Sev 'Error' $Success = $false - Write-Host "Setting success to false due to not able to decode token." + Write-Host 'Setting success to false due to not able to decode token.' } if ($AccessTokenDetails.Name -eq '') { $Messages.Add('Your refresh token is invalid, check for line breaks or missing characters.') | Out-Null - Write-Host "Setting success to false invalid token." + Write-Host 'Setting success to false invalid token.' $Success = $false - } - else { + } else { if ($AccessTokenDetails.AuthMethods -contains 'mfa') { $Messages.Add('Your access token contains the MFA claim.') | Out-Null - } - else { + } else { $Messages.Add('Your access token does not contain the MFA claim, Refresh your SAM tokens.') | Out-Null - Write-Host "Setting success to False due to invalid list of claims." + Write-Host 'Setting success to False due to invalid list of claims.' $Success = $false $Links.Add([PSCustomObject]@{ @@ -107,16 +102,14 @@ function Test-CIPPAccessPermissions { Href = 'https://docs.cipp.app/setup/installation/permissions' } ) | Out-Null - } - else { + } else { $Messages.Add('Your Secure Application Model has all required permissions') | Out-Null } - } - catch { + } catch { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Permissions check failed: $($_) " -Sev 'Error' $Messages.Add("We could not connect to the API to retrieve the permissions. There might be a problem with the secure application model configuration. The returned error is: $(Get-NormalizedError -message $_)") | Out-Null - Write-Host "Setting success to False due to not being able to connect." + Write-Host 'Setting success to False due to not being able to connect.' $Success = $false } From bfc5dda12eb357569f1eea32f4873fc558b79e5c Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 5 Apr 2024 12:12:26 +0200 Subject: [PATCH 209/243] temporary removal of sharepoint from processing --- .../Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 index 38d6f00157bc..0dad62fb4d08 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 @@ -90,6 +90,7 @@ function Invoke-PublicWebhooks { Write-Host "Our operations: $Operations" Write-Host "Logs to download: $LogsToDownload" if ($ReceivedItem.ContentType -in $LogsToDownload -or 'AnyLog' -in $LogsToDownload) { + if ($ReceivedItem.ContentType -eq 'SharePoint') { continue } $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' } else { Write-Host "No data to download for $($ReceivedItem.ContentType)" From 1ccd4e125e2de76975d71837a1032eeb2c397bc8 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 5 Apr 2024 12:13:21 +0200 Subject: [PATCH 210/243] correction on audit.sharepoint --- .../Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 index 0dad62fb4d08..730cbba9d457 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 @@ -90,7 +90,7 @@ function Invoke-PublicWebhooks { Write-Host "Our operations: $Operations" Write-Host "Logs to download: $LogsToDownload" if ($ReceivedItem.ContentType -in $LogsToDownload -or 'AnyLog' -in $LogsToDownload) { - if ($ReceivedItem.ContentType -eq 'SharePoint') { continue } + if ($ReceivedItem.ContentType -eq 'Audit.SharePoint') { continue } $Data = New-GraphPostRequest -type GET -uri "https://manage.office.com/api/v1.0/$($ReceivedItem.tenantId)/activity/feed/audit/$($ReceivedItem.contentid)" -tenantid $TenantFilter -scope 'https://manage.office.com/.default' } else { Write-Host "No data to download for $($ReceivedItem.ContentType)" From 827ebfbd9b8894e621c6eb89fe6db4d1f84fc7e1 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 5 Apr 2024 12:13:48 +0200 Subject: [PATCH 211/243] hotfix --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 6ffbe8ba8ebd..3238344b3b0d 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.4.3 +5.4.4 \ No newline at end of file From 088d58b60be78a80f4b64bd4bf9271610b49a05c Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 8 Apr 2024 13:31:34 +0200 Subject: [PATCH 212/243] adds optional field for methods --- .../Push-CIPPAlertMFAAlertUsers.ps1 | 2 +- Modules/CIPPCore/Public/Get-CIPPMFAState.ps1 | 20 +++++++++---------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertMFAAlertUsers.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertMFAAlertUsers.ps1 index e6401a7b117f..6af3ca798606 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertMFAAlertUsers.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertMFAAlertUsers.ps1 @@ -6,7 +6,7 @@ function Push-CIPPAlertMFAAlertUsers { ) try { - $users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?$filter=isMfaRegistered eq false and userType eq ''member''&$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered' -tenantid $($Item.tenant) + $users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails?$top=999&filter=isMfaRegistered eq false and userType eq ''member''&$select=userPrincipalName,lastUpdatedDateTime,isMfaRegistered' -tenantid $($Item.tenant) if ($users.UserPrincipalName) { Write-AlertMessage -tenant $Item.tenant -message "The following $($users.Count) users do not have MFA registered: $($users.UserPrincipalName -join ', ')" } diff --git a/Modules/CIPPCore/Public/Get-CIPPMFAState.ps1 b/Modules/CIPPCore/Public/Get-CIPPMFAState.ps1 index 73a2295b3be1..40eb80366161 100644 --- a/Modules/CIPPCore/Public/Get-CIPPMFAState.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPMFAState.ps1 @@ -3,7 +3,7 @@ function Get-CIPPMFAState { [CmdletBinding()] param ( $TenantFilter, - $APIName = "Get MFA Status", + $APIName = 'Get MFA Status', $ExecutingUser ) @@ -23,8 +23,7 @@ function Get-CIPPMFAState { Try { $MFARegistration = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/reports/credentialUserRegistrationDetails' -tenantid $TenantFilter) - } - catch { + } catch { $CAState.Add('Not Licensed for Conditional Access') | Out-Null $MFARegistration = $null } @@ -51,8 +50,7 @@ function Get-CIPPMFAState { } } } - } - catch { + } catch { } } @@ -68,12 +66,10 @@ function Get-CIPPMFAState { if ($CA -like '*All Users*') { if ($ExcludeAllUsers -contains $_.ObjectId) { $UserCAState.Add("Excluded from $($policy.displayName) - All Users") | Out-Null } else { $UserCAState.Add($CA) | Out-Null } - } - elseif ($CA -like '*Specific Applications*') { + } elseif ($CA -like '*Specific Applications*') { if ($ExcludeSpecific -contains $_.ObjectId) { $UserCAState.Add("Excluded from $($policy.displayName) - Specific Applications") | Out-Null } else { $UserCAState.Add($CA) | Out-Null } - } - else { + } else { Write-Host 'Adding to CA' $UserCAState.Add($CA) | Out-Null } @@ -81,7 +77,8 @@ function Get-CIPPMFAState { $PerUser = if ($_.StrongAuthenticationRequirements.StrongAuthenticationRequirement.state -ne $null) { $_.StrongAuthenticationRequirements.StrongAuthenticationRequirement.state } else { 'Disabled' } - $MFARegUser = if (($MFARegistration | Where-Object -Property UserPrincipalName -EQ $_.UserPrincipalName).IsMFARegistered -eq $null) { $false } else { ($MFARegistration | Where-Object -Property UserPrincipalName -EQ $_.UserPrincipalName).IsMFARegistered } + $MFARegUser = if (($MFARegistration | Where-Object -Property UserPrincipalName -EQ $_.UserPrincipalName).IsMFARegistered -eq $null) { $false } else { ($MFARegistration | Where-Object -Property UserPrincipalName -EQ $_.UserPrincipalName) } + [PSCustomObject]@{ Tenant = $TenantFilter ID = $_.ObjectId @@ -90,7 +87,8 @@ function Get-CIPPMFAState { AccountEnabled = $_.accountEnabled PerUser = $PerUser isLicensed = $_.isLicensed - MFARegistration = $MFARegUser + MFARegistration = $MFARegUser.IsMFARegistered + MFAMethods = $($MFARegUser.authMethods -join ', ') CoveredByCA = ($UserCAState -join ', ') CoveredBySD = $SecureDefaultsState RowKey = [string]($_.UserPrincipalName).replace('#', '') From 83748f713a31bc5364001a5dee0fc1bc30656868 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Mon, 8 Apr 2024 23:33:32 +0200 Subject: [PATCH 213/243] added sort object --- .../Public/Entrypoints/Invoke-ListGraphRequest.ps1 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 index 2cd1d9cd9bac..95866c41c395 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListGraphRequest.ps1 @@ -133,8 +133,13 @@ function Invoke-ListGraphRequest { else { $StatusCode = [HttpStatusCode]::BadRequest } } + if ($request.Query.Sort) { + $GraphRequestData.Results = $GraphRequestData.Results | Sort-Object -Property $request.Query.Sort + } + $Outputdata = $GraphRequestData | ConvertTo-Json -Depth 20 -Compress + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode - Body = $GraphRequestData | ConvertTo-Json -Depth 20 -Compress + Body = $Outputdata }) } \ No newline at end of file From febe1806a006802315607a702611a5ce0dcc6e57 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 8 Apr 2024 19:48:48 -0400 Subject: [PATCH 214/243] Fix bug with get-tenants --- Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 index bcb9b94ef9cc..f2e1d746288d 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 @@ -32,11 +32,11 @@ function Get-Tenants { if (($IncludedTenantsCache | Measure-Object).Count -eq 0) { $BuildRequired = $true - } + } if ($BuildRequired -or $TriggerRefresh.IsPresent) { #get the full list of tenants - $GDAPRelationships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships?`$filter=status eq 'active' and not startsWith(displayName,'MLT_')&`$select=customer,autoExtendDuration,endDateTime" -NoAuthCheck:$true + $GDAPRelationships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships?`$filter=status eq 'active' and not startsWith(displayName,'MLT_')&`$select=customer,autoExtendDuration,endDateTime" -NoAuthCheck:$true $GDAPList = foreach ($Relationship in $GDAPRelationships) { [PSCustomObject]@{ customerId = $Relationship.customer.tenantId @@ -72,13 +72,13 @@ function Get-Tenants { $defaultDomainName = $Domain $initialDomainName = $Domain $RequiresRefresh = $true - + } catch { Write-LogMessage -API 'Get-Tenants' -message "Tried adding $($LatestRelationship.customerId) to tenant list but failed to get domains - $($_.Exception.Message)" -level 'Critical' } } - + [PSCustomObject]@{ PartitionKey = 'Tenants' RowKey = $_.Name @@ -129,7 +129,7 @@ function Get-Tenants { Add-CIPPAzDataTableEntity @TenantsTable -Entity $IncludedTenantsCache -Force $CurrentTenants = Get-CIPPAzDataTableEntity @TenantsTable -Filter "PartitionKey eq 'Tenants' and Excluded eq false" $CurrentTenants | Where-Object { $_.customerId -notin $IncludedTenantsCache.customerId } | ForEach-Object { - Remove-AzDataTableEntity -Context $TenantsTable -Entity $_ -Force + Remove-AzDataTableEntity @TenantsTable -Entity $_ -Force } } return ($IncludedTenantsCache | Where-Object { $null -ne $_.defaultDomainName -and ($_.defaultDomainName -notmatch 'Domain Error' -or $IncludeAll.IsPresent) } | Sort-Object -Property displayName) From 4f5a8eec6322644c0653e822faa8876f16d58b1f Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 8 Apr 2024 19:49:15 -0400 Subject: [PATCH 215/243] Fix bug with graph explorer presets --- .../Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 index 6587c2c41822..fa2211ecc392 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 @@ -33,7 +33,9 @@ Function Invoke-ExecGraphExplorerPreset { } $params = $Request.Body.preset | Select-Object endpoint, '$filter', '$select', '$count', '$expand', '$search', NoPagination, '$top', IsShared - if ($params.'$select') { $params.'$select' = ($params.'$select').value -join ',' } + if ($params.'$select' -and -not $params.'$select' -is [string]) { + $params.'$select' = ($params.'$select').value -join ',' + } $Preset = [PSCustomObject]@{ PartitionKey = 'Preset' From fb7ed648b774339a49435b420b5c71726945b72c Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 8 Apr 2024 19:49:32 -0400 Subject: [PATCH 216/243] Update Invoke-ExecGDAPInvite.ps1 --- .../HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 index d6a5965f2055..4739df9c2df1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecGDAPInvite.ps1 @@ -64,6 +64,8 @@ Function Invoke-ExecGDAPInvite { } else { $Message = 'Error creating GDAP relationship request' } + + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created GDAP Invite - $InviteUrl" -Sev 'Info' } } catch { $Message = 'Error creating GDAP relationship' @@ -71,8 +73,6 @@ Function Invoke-ExecGDAPInvite { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $env:TenantID -message "$($Message): $($_.Exception.Message)" -Sev 'Error' } - Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created GDAP Invite - $InviteUrl" -Sev 'Info' - $body = @{ Message = $Message Invite = $InviteEntity From 8cfca646cff132c4319d4feddaa9ded7ca951de0 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Mon, 8 Apr 2024 21:06:30 -0400 Subject: [PATCH 217/243] Update Get-Tenants.ps1 --- Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 index f2e1d746288d..2cb51e4d929a 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Get-Tenants.ps1 @@ -129,7 +129,7 @@ function Get-Tenants { Add-CIPPAzDataTableEntity @TenantsTable -Entity $IncludedTenantsCache -Force $CurrentTenants = Get-CIPPAzDataTableEntity @TenantsTable -Filter "PartitionKey eq 'Tenants' and Excluded eq false" $CurrentTenants | Where-Object { $_.customerId -notin $IncludedTenantsCache.customerId } | ForEach-Object { - Remove-AzDataTableEntity @TenantsTable -Entity $_ -Force + Remove-AzDataTableEntity @TenantsTable -Entity $_ } } return ($IncludedTenantsCache | Where-Object { $null -ne $_.defaultDomainName -and ($_.defaultDomainName -notmatch 'Domain Error' -or $IncludeAll.IsPresent) } | Sort-Object -Property displayName) From b19db2084dead68d861329fe82a897691312dd6c Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 9 Apr 2024 12:14:26 +0200 Subject: [PATCH 218/243] add sort --- .../HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 index 5c83df245e5f..c5969ad1d8ae 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListTeams.ps1 @@ -18,7 +18,7 @@ Function Invoke-ListTeams { # Interact with query parameters or the body of the request. $TenantFilter = $Request.Query.TenantFilter if ($request.query.type -eq 'List') { - $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups?`$filter=resourceProvisioningOptions/Any(x:x eq 'Team')&`$select=id,displayname,description,visibility,mailNickname" -tenantid $TenantFilter + $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups?`$filter=resourceProvisioningOptions/Any(x:x eq 'Team')&`$select=id,displayname,description,visibility,mailNickname" -tenantid $TenantFilter | Sort-Object -Property displayName } $TeamID = $request.query.ID Write-Host $TeamID @@ -37,7 +37,7 @@ Function Invoke-ListTeams { Members = @($Members) Owners = @($owners) InstalledApps = @($AppsList) - } + } } From 996c4cba51aae16ef595cb29c5ec5ee75a1aa7f0 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 9 Apr 2024 12:21:44 +0200 Subject: [PATCH 219/243] add sort --- .../HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 index 51f31ef28b70..48f3f8badb80 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Teams-Sharepoint/Invoke-ListSites.ps1 @@ -59,7 +59,7 @@ Function Invoke-ListSites { # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = $StatusCode - Body = @($GraphRequest) + Body = @($GraphRequest | Sort-Object -Property UPN) }) } From 5b5d9a78fad186250ac2156e5a417414adaa93b1 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 9 Apr 2024 12:33:36 +0200 Subject: [PATCH 220/243] fixes potential issue with arrays becoming singular items. --- .../HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 index 7ff48e0ca1c9..0e632d4fba35 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ListBPA.ps1 @@ -77,7 +77,7 @@ Function Invoke-ListBPA { # Associate values to output bindings by calling 'Push-OutputBinding'. Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK - Body = ($Results | ConvertTo-Json -Depth 15) + Body = (ConvertTo-Json -Depth 15 -InputObject $Results) }) } From d9d493f9a883c8872f7c2a92d6d6be52403985e5 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Tue, 9 Apr 2024 21:17:59 +0200 Subject: [PATCH 221/243] Module no longer sees this as stopping error, made sure to catch. --- Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 b/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 index 6f03e28b64e2..befa8155df6c 100644 --- a/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 @@ -9,7 +9,7 @@ function Add-CIPPAzDataTableEntity { foreach ($SingleEnt in $Entity) { try { - Add-AzDataTableEntity -context $Context -force:$Force -CreateTableIfNotExists:$CreateTableIfNotExists -Entity $SingleEnt + Add-AzDataTableEntity -context $Context -force:$Force -CreateTableIfNotExists:$CreateTableIfNotExists -Entity $SingleEnt -ErrorAction Stop } catch [System.Exception] { if ($_.Exception.ErrorCode -eq 'PropertyValueTooLarge' -or $_.Exception.ErrorCode -eq 'EntityTooLarge') { try { @@ -52,6 +52,8 @@ function Add-CIPPAzDataTableEntity { throw "Error processing entity: $($_.Exception.Message)." } } else { + Write-Host "THE ERROR IS $($_.Exception.ErrorCode)" + throw $_ } } From cf9e895b98b08310cefb6819aaa2dc783f037aba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= Date: Tue, 9 Apr 2024 22:47:14 +0200 Subject: [PATCH 222/243] Add exclaimer domain exclusion and change DA to use TenantGUID --- DomainAnalyser_All/run.ps1 | 1 + DomainAnalyser_GetTenantDomains/run.ps1 | 8 ++++++-- Modules/CIPPCore/Public/Get-CIPPDomainAnalyser.ps1 | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/DomainAnalyser_All/run.ps1 b/DomainAnalyser_All/run.ps1 index c9f0b989c04e..9ab5f2d1f85a 100644 --- a/DomainAnalyser_All/run.ps1 +++ b/DomainAnalyser_All/run.ps1 @@ -36,6 +36,7 @@ try { $Result = [PSCustomObject]@{ Tenant = $Tenant.Tenant + TenantID = $Tenant.TenantGUID GUID = $($Domain.Replace('.', '')) LastRefresh = $(Get-Date (Get-Date).ToUniversalTime() -UFormat '+%Y-%m-%dT%H:%M:%S.000Z') Domain = $Domain diff --git a/DomainAnalyser_GetTenantDomains/run.ps1 b/DomainAnalyser_GetTenantDomains/run.ps1 index 4e0fd71f2be8..41cffd655051 100644 --- a/DomainAnalyser_GetTenantDomains/run.ps1 +++ b/DomainAnalyser_GetTenantDomains/run.ps1 @@ -9,10 +9,13 @@ $TenantDomains = $Tenants | ForEach-Object -Parallel { $Tenant = $_ # Get Domains to Lookup try { - $Domains = New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/domains' -tenantid $Tenant.defaultDomainName | Where-Object { ($_.id -notlike '*.microsoftonline.com' -and $_.id -NotLike '*.exclaimer.cloud' -and $_.id -NotLike '*.codetwo.online' -and $_.id -NotLike '*.call2teams.com' -and $_.isVerified) } + $Domains = New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/domains' -tenantid $Tenant.defaultDomainName | Where-Object { ($_.id -notlike '*.microsoftonline.com' -and $_.id -NotLike '*.exclaimer.cloud' -and $_.id -Notlike '*.excl.cloud' -and $_.id -NotLike '*.codetwo.online' -and $_.id -NotLike '*.call2teams.com' -and $_.isVerified) } + foreach ($d in $domains) { [PSCustomObject]@{ Tenant = $Tenant.defaultDomainName + TenantGUID = $Tenant.customerId + InitialDomainName = $Tenant.initialDomainName Domain = $d.id AuthenticationType = $d.authenticationType IsAdminManaged = $d.isAdminManaged @@ -57,11 +60,12 @@ if ($TenantCount -gt 0) { $Filter = "PartitionKey eq 'TenantDomains' and RowKey eq '{0}'" -f $Tenant.Domain $Domain = Get-CIPPAzDataTableEntity @DomainTable -Filter $Filter - if (!$Domain) { + if (!$Domain -or $null -eq $Domain.TenantGUID) { $DomainObject = [pscustomobject]@{ DomainAnalyser = '' TenantDetails = $TenantDetails TenantId = $Tenant.Tenant + TenantGUID = $Tenant.TenantGUID DkimSelectors = '' MailProviders = '' RowKey = $Tenant.Domain diff --git a/Modules/CIPPCore/Public/Get-CIPPDomainAnalyser.ps1 b/Modules/CIPPCore/Public/Get-CIPPDomainAnalyser.ps1 index e39e6d5953ba..fc4ad53915a1 100644 --- a/Modules/CIPPCore/Public/Get-CIPPDomainAnalyser.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPDomainAnalyser.ps1 @@ -6,7 +6,7 @@ function Get-CIPPDomainAnalyser { # Get all the things if ($TenantFilter -ne 'AllTenants') { - $DomainTable.Filter = "TenantId eq '{0}'" -f $TenantFilter + $DomainTable.Filter = "TenantGUID eq '{0}'" -f $TenantFilter } try { From 3547d95096cecf271a9f47e47b57d6a6b567e6eb Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 10 Apr 2024 14:00:28 -0400 Subject: [PATCH 223/243] Partner center webhook support --- .../Push-PublicWebhookProcess.ps1 | 4 +- .../CIPP/Core/Invoke-ExecPartnerWebhook.ps1 | 46 ++++++++++++++ .../Alerts/Invoke-PublicWebhooks.ps1 | 12 ++++ .../Invoke-CIPPPartnerWebhookProcessing.ps1 | 15 +++++ .../Public/New-CIPPGraphSubscription.ps1 | 61 ++++++++++++++++--- 5 files changed, 128 insertions(+), 10 deletions(-) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecPartnerWebhook.ps1 create mode 100644 Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-PublicWebhookProcess.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-PublicWebhookProcess.ps1 index 4d321a825f4e..639860b0c1af 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-PublicWebhookProcess.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-PublicWebhookProcess.ps1 @@ -6,12 +6,14 @@ function Push-PublicWebhookProcess { Invoke-CippGraphWebhookProcessing -Data ($Item.Data | ConvertFrom-Json) -CIPPID $Item.CIPPID -WebhookInfo ($Item.Webhookinfo | ConvertFrom-Json) } elseif ($Item.Type -eq 'AuditLog') { Invoke-CippWebhookProcessing -TenantFilter $Item.TenantFilter -Data ($Item.Data | ConvertFrom-Json) -CIPPPURL $Item.CIPPURL + } elseif ($Item.Type -eq 'PartnerCenter') { + Invoke-CippPartnerCenterWebhookProcessing -Data ($Item.Data | ConvertFrom-Json) } } catch { Write-Host "Webhook Exception: $($_.Exception.Message)" } finally { $WebhookIncoming = Get-CIPPTable -TableName WebhookIncoming $Entity = $Item | Select-Object -Property RowKey, PartitionKey - Remove-AzDataTableEntity @WebhookIncoming -Entity $Entity + Remove-AzDataTableEntity @WebhookIncoming -Entity $Entity } } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecPartnerWebhook.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecPartnerWebhook.ps1 new file mode 100644 index 000000000000..d529d55b1f0f --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecPartnerWebhook.ps1 @@ -0,0 +1,46 @@ +function Invoke-ExecPartnerWebhook { + Param($Request, $TriggerMetadata) + + switch ($Request.Query.Action) { + 'ListEventTypes' { + $Uri = 'https://api.partnercenter.microsoft.com/webhooks/v1/registration/events' + $Results = New-GraphGetRequest -uri $Uri -tenantid $env:TenantID -NoAuthCheck $true -scope 'https://api.partnercenter.microsoft.com/.default' + } + 'ListSubscription' { + $Uri = 'https://api.partnercenter.microsoft.com/webhooks/v1/registration' + $Results = New-GraphGetRequest -uri $Uri -tenantid $env:TenantID -NoAuthCheck $true -scope 'https://api.partnercenter.microsoft.com/.default' + } + 'CreateSubscription' { + $BaseURL = ([System.Uri]$request.headers.'x-ms-original-url').Host + $Webhook = @{ + TenantFilter = $env:TenantId + PartnerCenter = $true + BaseURL = $BaseURL + EventType = $Request.body.EventType + ExecutingUser = $Request.headers.'x-ms-client-principal' + } + $Results = New-CIPPGraphSubscription @Webhook + } + 'SendTest' { + $Results = New-GraphPOSTRequest -uri 'https://api.partnercenter.microsoft.com/webhooks/v1/registration/validationEvents' -tenantid $env:TenantID -NoAuthCheck $true -scope 'https://api.partnercenter.microsoft.com/.default' + } + 'ValidateTest' { + $Results = New-GraphGetRequest -uri "https://api.partnercenter.microsoft.com/webhooks/v1/registration/validationEvents/$($Request.Query.CorrelationId)" -tenantid $env:TenantID -NoAuthCheck $true -scope 'https://api.partnercenter.microsoft.com/.default' + } + default { + $Results = 'Invalid Action' + } + } + + $Body = [PSCustomObject]@{ + Results = $Results + Metadata = [PSCustomObject]@{ + Action = $Request.Query.Action + } + } + + Push-OutputBinding -Name Response -Value @{ + StatusCode = [System.Net.HttpStatusCode]::OK + Body = $Body + } +} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 index 730cbba9d457..9f843768ab9b 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-PublicWebhooks.ps1 @@ -54,6 +54,18 @@ function Invoke-PublicWebhooks { ## Push webhook data to queue #Invoke-CippGraphWebhookProcessing -Data $ReceivedItem -CIPPID $request.Query.CIPPID -WebhookInfo $Webhookinfo + } elseif ($Request.Query.Type -eq 'PartnerCenter') { + [pscustomobject]$ReceivedItem = $Request.Body + $Entity = [PSCustomObject]@{ + PartitionKey = 'Webhook' + RowKey = [string](New-Guid).Guid + Type = $Request.Query.Type + Data = [string]($ReceivedItem | ConvertTo-Json -Depth 10) + CIPPID = $Request.Query.CIPPID + WebhookInfo = [string]($WebhookInfo | ConvertTo-Json -Depth 10) + FunctionName = 'PublicWebhookProcess' + } + Add-CIPPAzDataTableEntity @WebhookIncoming -Entity $Entity } else { # Auditlog Subscriptions try { diff --git a/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 new file mode 100644 index 000000000000..7cf9d8bb15cf --- /dev/null +++ b/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 @@ -0,0 +1,15 @@ +function Invoke-CippPartnerWebhookProcessing { + [CmdletBinding()] + param ( + $Data + ) + + Switch ($Data.EventType) { + 'test-created' { + Write-LogMessage -API 'Webhooks' -message 'Partner Center webhook test received' -Sev 'Info' + } + default { + Write-LogMessage -API 'Webhooks' -message "Partner Center webhook received: $($Data | ConvertTo-Json -Depth 5)" -Sev 'Info' + } + } +} diff --git a/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 b/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 index 6eac507448ec..9f6da599425b 100644 --- a/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 @@ -11,7 +11,8 @@ function New-CIPPGraphSubscription { $EventType, $APIName = 'Create Webhook', $ExecutingUser, - [Switch]$Recreate + [Switch]$Recreate, + [switch]$PartnerCenter ) $CIPPID = (New-Guid).GUID $WebhookTable = Get-CIPPTable -TableName webhookTable @@ -76,13 +77,57 @@ function New-CIPPGraphSubscription { } } } + } elseif ($PartnerCenter.IsPresent) { + $WebhookFilter = "PartitionKey eq '$($env:TenantId)'" + $ExistingWebhooks = Get-CIPPAzDataTableEntity @WebhookTable -Filter $WebhookFilter + $CIPPID = $env:TenantId + $MatchedWebhook = $ExistingWebhooks | Where-Object { $_.Resource -eq 'PartnerCenter' -and $_.RowKey -eq $CIPPID } + + # Required event types + $EventList = [System.Collections.Generic.List[string]]@('test-created', 'granular-admin-relationship-approved') + if (($EventType | Measure-Object).count -gt 0) { + $EventList.AddRange($EventType) + } + + $Body = [PSCustomObject]@{ + WebhookUrl = "https://$BaseURL/API/PublicWebhooks?CIPPID=$($CIPPID)&Type=PartnerCenter" + WebhookEvents = @($EventList) + } + try { + $Uri = 'https://api.partnercenter.microsoft.com/webhooks/v1/registration' + $Subscription = New-GraphGetRequest -uri $Uri -tenantid $env:TenantID -NoAuthCheck $true -scope 'https://api.partnercenter.microsoft.com/.default' + if ($Subscription.WebhookUrl -ne $MatchedWebhook.WebhookNotificationUrl) { + + if ($Subscription.WebhookUrl) { $Method = 'PUT' } else { $Method = 'POST' } + $GraphRequest = New-GraphPOSTRequest -uri 'https://api.partnercenter.microsoft.com/webhooks/v1/registration' -type $Method -tenantid $env:TenantId -scope 'https://api.partnercenter.microsoft.com/.default' -body ($Body | ConvertTo-Json) -verbose + + $WebhookRow = @{ + PartitionKey = [string]$CIPPID + RowKey = [string]$CIPPID + EventType = [string](ConvertTo-Json -InputObject $EventList) + Resource = [string]'PartnerCenter' + SubscriptionID = [string]$GraphRequest.SubscriberId + Expiration = 'Does Not Expire' + WebhookNotificationUrl = [string]$Body.WebhookUrl + } + $null = Add-CIPPAzDataTableEntity @WebhookTable -Entity $WebhookRow + Write-LogMessage -user $ExecutingUser -API $APIName -message 'Created Partner Center Webhook subscription' -Sev 'Info' -tenant 'PartnerTenant' + return 'Created Partner Center Webhook subscription' + } else { + Write-LogMessage -user $ExecutingUser -API $APIName -message 'Existing Partner Center Webhook subscription found' -Sev 'Info' -tenant 'PartnerTenant' + return 'Existing Partner Center Webhook subscription found' + } + } catch { + Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to create Partner Center Webhook Subscription: $($_.Exception.Message)" -Sev 'Error' -tenant 'PartnerTenant' + return "Failed to create Partner Center Webhook Subscription for $($TenantFilter): $($_.Exception.Message)" + } + } else { # First check if there is an exsiting Webhook in place $WebhookFilter = "PartitionKey eq '$($TenantFilter)'" $ExistingWebhooks = Get-CIPPAzDataTableEntity @WebhookTable -Filter $WebhookFilter $MatchedWebhook = $ExistingWebhooks | Where-Object { $_.Resource -eq $Resource } - if (($MatchedWebhook | Measure-Object).count -eq 0 -or $Recreate) { - + if (($MatchedWebhook | Measure-Object).count -eq 0 -or $Recreate.IsPresent) { $expiredate = (Get-Date).AddDays(1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffZ') $params = @{ changeType = $TypeofSubscription @@ -90,10 +135,10 @@ function New-CIPPGraphSubscription { resource = $Resource expirationDateTime = $expiredate } | ConvertTo-Json - + $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/subscriptions' -tenantid $TenantFilter -type POST -body $params -verbose - #If creation is succesfull, we store the GUID in the storage table webhookTable to make sure we can check against this later on. + #If creation is succesfull, we store the GUID in the storage table webhookTable to make sure we can check against this later on. #We store the GUID as rowkey, the event type, the resource, and the expiration date as properties, we also add the Tenant name so we can easily find this later on. #We don't store the return, because Ms decided that a renewal or re-authenticate does not change the url, but does change the id... $WebhookRow = @{ @@ -108,7 +153,7 @@ function New-CIPPGraphSubscription { } $null = Add-CIPPAzDataTableEntity @WebhookTable -Entity $WebhookRow #todo: add remove webhook function, add check webhook function, add list webhooks function - #add refresh webhook function based on table. + #add refresh webhook function based on table. Write-LogMessage -user $ExecutingUser -API $APIName -message "Created Graph Webhook subscription for $($TenantFilter)" -Sev 'Info' -tenant $TenantFilter } else { Write-LogMessage -user $ExecutingUser -API $APIName -message "Existing Graph Webhook subscription for $($TenantFilter) found" -Sev 'Info' -tenant $TenantFilter @@ -117,8 +162,6 @@ function New-CIPPGraphSubscription { return "Created Webhook subscription for $($TenantFilter)" } catch { Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to create Webhook Subscription: $($_.Exception.Message)" -Sev 'Error' -tenant $TenantFilter - Return "Failed to create Webhook Subscription for $($TenantFilter): $($_.Exception.Message)" + Return "Failed to create Webhook Subscription for $($TenantFilter): $($_.Exception.Message)" } - } - From b38ed7f6aaa94bc1521f34578f257f00caa1933d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 10 Apr 2024 20:00:12 -0400 Subject: [PATCH 224/243] tweak partner webhook --- .../Public/New-CIPPGraphSubscription.ps1 | 37 ++++++++++++++----- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 b/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 index 9f6da599425b..0dabb10544ba 100644 --- a/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 @@ -86,20 +86,37 @@ function New-CIPPGraphSubscription { # Required event types $EventList = [System.Collections.Generic.List[string]]@('test-created', 'granular-admin-relationship-approved') if (($EventType | Measure-Object).count -gt 0) { - $EventList.AddRange($EventType) + foreach ($Event in $EventType) { + if ($EventList -notcontains $Event) { + $EventList.Add($Event) + } + } } $Body = [PSCustomObject]@{ WebhookUrl = "https://$BaseURL/API/PublicWebhooks?CIPPID=$($CIPPID)&Type=PartnerCenter" WebhookEvents = @($EventList) } + $EventCompare = Compare-Object $EventList ($MatchedWebhook.EventType | ConvertFrom-Json) try { $Uri = 'https://api.partnercenter.microsoft.com/webhooks/v1/registration' - $Subscription = New-GraphGetRequest -uri $Uri -tenantid $env:TenantID -NoAuthCheck $true -scope 'https://api.partnercenter.microsoft.com/.default' - if ($Subscription.WebhookUrl -ne $MatchedWebhook.WebhookNotificationUrl) { - - if ($Subscription.WebhookUrl) { $Method = 'PUT' } else { $Method = 'POST' } - $GraphRequest = New-GraphPOSTRequest -uri 'https://api.partnercenter.microsoft.com/webhooks/v1/registration' -type $Method -tenantid $env:TenantId -scope 'https://api.partnercenter.microsoft.com/.default' -body ($Body | ConvertTo-Json) -verbose + try { + $Existing = New-GraphGetRequest -NoAuthCheck $true -uri $Uri -tenantid $env:TenantId -scope 'https://api.partnercenter.microsoft.com/.default' + } catch {} + if ($Existing.webhookUrl -ne $MatchedWebhook.WebhookNotificationUrl -or $EventCompare) { + if (![string]::IsNullOrEmpty($MatchedWebhook.WebhookNotificationUrl) -or $Existing.WebhookUrl) { + $Action = 'Updated' + $Method = 'PUT' + Write-Host 'updating webhook' + } else { + $Action = 'Created' + $Method = 'POST' + Write-Host 'creating webhook' + } + try { + $Uri = 'https://api.partnercenter.microsoft.com/webhooks/v1/registration' + $GraphRequest = New-GraphPOSTRequest -uri $Uri -type $Method -tenantid $env:TenantId -scope 'https://api.partnercenter.microsoft.com/.default' -body ($Body | ConvertTo-Json) + } catch {} $WebhookRow = @{ PartitionKey = [string]$CIPPID @@ -110,16 +127,16 @@ function New-CIPPGraphSubscription { Expiration = 'Does Not Expire' WebhookNotificationUrl = [string]$Body.WebhookUrl } - $null = Add-CIPPAzDataTableEntity @WebhookTable -Entity $WebhookRow - Write-LogMessage -user $ExecutingUser -API $APIName -message 'Created Partner Center Webhook subscription' -Sev 'Info' -tenant 'PartnerTenant' - return 'Created Partner Center Webhook subscription' + $null = Add-CIPPAzDataTableEntity @WebhookTable -Entity $WebhookRow -Force + Write-LogMessage -user $ExecutingUser -API $APIName -message "$Action Partner Center Webhook subscription" -Sev 'Info' -tenant 'PartnerTenant' + return "$Action Partner Center Webhook subscription" } else { Write-LogMessage -user $ExecutingUser -API $APIName -message 'Existing Partner Center Webhook subscription found' -Sev 'Info' -tenant 'PartnerTenant' return 'Existing Partner Center Webhook subscription found' } } catch { Write-LogMessage -user $ExecutingUser -API $APIName -message "Failed to create Partner Center Webhook Subscription: $($_.Exception.Message)" -Sev 'Error' -tenant 'PartnerTenant' - return "Failed to create Partner Center Webhook Subscription for $($TenantFilter): $($_.Exception.Message)" + return "Failed to create Partner Webhook Subscription: $($_.Exception.Message)" } } else { From 93046537dac6b68485584dfb46609b3807827a37 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 10 Apr 2024 20:03:27 -0400 Subject: [PATCH 225/243] cleanup function --- .../Scheduler/Invoke-ExecScheduledCommand.ps1 | 93 ------------------- 1 file changed, 93 deletions(-) delete mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-ExecScheduledCommand.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-ExecScheduledCommand.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-ExecScheduledCommand.ps1 deleted file mode 100644 index ce73476b5c97..000000000000 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Scheduler/Invoke-ExecScheduledCommand.ps1 +++ /dev/null @@ -1,93 +0,0 @@ - using namespace System.Net - - Function Invoke-ExecScheduledCommand { - <# - .FUNCTIONALITY - Entrypoint - #> - [CmdletBinding()] - param($Request, $TriggerMetadata) - - $commandParameters = $QueueItem.Parameters - -$tenant = $QueueItem.Parameters['TenantFilter'] -Write-Host 'started task' -try { - try { - $results = & $QueueItem.command @commandParameters - } - catch { - $results = "Task Failed: $($_.Exception.Message)" - - } - - Write-Host 'ran the command' - if ($results -is [String]) { - $results = @{ Results = $results } - } - if ($results -is [array]) { - $results = $results | Where-Object { $_ -is [string] } - $results = $results | ForEach-Object { @{ Results = $_ } } - } - - $results = $results | Select-Object * -ExcludeProperty RowKey, PartitionKey - - $StoredResults = $results | ConvertTo-Json -Compress -Depth 20 | Out-String - if ($StoredResults.Length -gt 64000 -or $task.Tenant -eq 'AllTenants') { - $StoredResults = @{ Results = 'The results for this query are too long to store in this table, or the query was meant for All Tenants. Please use the options to send the results to another target to be able to view the results. ' } | ConvertTo-Json -Compress - } -} -catch { - $errorMessage = $_.Exception.Message - if ($task.Recurrence -gt 0) { $State = 'Failed - Planned' } else { $State = 'Failed' } - Update-AzDataTableEntity @Table -Entity @{ - PartitionKey = $task.PartitionKey - RowKey = $task.RowKey - Results = "$errorMessage" - TaskState = $State - } - Write-LogMessage -API 'Scheduler_UserTasks' -tenant $tenant -message "Failed to execute task $($task.Name): $errorMessage" -sev Error -} - - -$TableDesign = '' -$HTML = ($results | Select-Object * -ExcludeProperty RowKey, PartitionKey | ConvertTo-Html -Fragment) -replace '

25<5 z$3)rAPHz?k3kfy`+D#IQy^=w8P>?xCOt8iOM8>u`h#Bn)s^Y|nJyixTc+O|GKd_se zoy^ZOr~68toW*Oi)6sGyaOD0>F=bNU4j#kY=;S#0Bg&fCFCNaMLZ_4}U7cP}j5l_P z7%u~}CA16IU2A76yHdFzKfFz6D$yBoekF+3BFmB|XU-hy!$sr;SvE&cyV6@uLA_b; zT&Cc*$i8bqHm&{0m-q~9_yk+}IgyzLXM`!50D)Aj6{ef1>$Fa6B$5Z% ze_DY9cvv`#E83RM&vDYFG{pR82oF|v@q7^~p5FYM+A7#dpiTmxs8Ygjqwqs=Of}=H@4yp2g&(H} zqyE!ylm~+FyMWO-l=o+dY4c^{CrJU;bfiifpM=$}k-hjNYkOIZt?{zP8 zrVrOna6gKIOtciRqF|16$LeOc#Yp52K8Da;=E7;NAZCLdXTlSNKR^zJHM@4yLvZ0D ze+?7^B;r|wVX6H&fHnucA|)!r10}G6hLQE$Gx+IrqA}D41Ib3j-0?$1`O$Sm1%j%~ zeePZp@4*DJ@45GEj`W@b7cHdY$R7R>^t!yU^TAkb+Rq06%RMgkYN+$7&m-^xvY`i8 zN6r`@Q&OR%*z{r|m(TTH`AZ1KP$Bv`*omd?=ud>>Y@VK4 zP^z7%aiB1RJsXPw{pN&0HkyHuc;#F0T(=uS`LR}z2vR==s@88Y=dlh!oxz@;0Ih$D zAFk`aDA3VA6PVXO7dUEy)g04L=~FM^$IQ<#E?UbHw0hBO&Uro^h9j^7UO<{ZIxD1D7GhbavBJg0T$*<&NEC5!V zaGD>h1P7;iawrA<)r(7wGDL z3e4-j3LG`j)Ue?-eTLV#8>OLYxrGbsoW|?h3Gl`O3^`deWGEL88BEA8sQ9c#lK$nq8=?G<$@t;n04HtFi_)6UAnN+(Z!T2;Nb)>ip}Hd~Mw=(9wB;uI?4+ z=^lY-jDk4wx>Mk&Nv9T@g3@OS%JrF}k;hTU!ych9Ifd{-PSWiW3SxOz1LI}q8S%0+ z&hnd8W`Ktvb!sh=#7oJ~CYO>i=A45d>HB8gYimozXJV+{{sw8O{vAJ}?EX>reSgae zPX7}z(bFdgs;}Tz!(7PVQWn%y3tUErRc$y;+!$|CI8}!MlElc;Ebst)01t@7RRI^E z0uz`yU}zVj)MgA0J^YyQaQbBF$|)r983$H}p%1OKIsNkVIG!X3m;i_r;QGX1UYGS_ zj2xs9t~2;yKgtSpbgRI;ZWB0ag4Ir@x#?5W@Y5K>k4@0(kTkZ=33PO)Kv#DO%N97r37sST{9kGTuCQXvGSOErlj+mP8`?5onIUOxJyW2gX9;xmfWW*S6gX<4DOeYzNuTK| zr@+=^qn1-}P{xXY(pWfXqPGG9Bhc0ao_-wxdf_$#Jv{`-5r?q|8I6$f2pNx1;@y!L zdmQubSXN%-F&jY`q@3>RY^I=WdGbaTY-OBfOAKV9b71ShjC!@Wg+|;2UB?>ggT!^)k$+7VPfCJy^qvACZF`6#uXhzVYSO7aO@Zh$f?OL{PD$jkpCqyMK>{7Uzd%?lcWy;z{5cM|C8odxFgB7vhO znu4Xv{zspAgGSn@0Gg+Pro9fv98bStFJpUfkP~)ZmSf!*XSKwEp%=$l_%FrT8a;c6 zioamvRBik_2gtjCEC6!?+&h4z=z>LX6z%Gc1PoYQ3)sm7>|6`jr53QO3D~U`u%s5S zy9wBX0Cj1RKDY*T0ogqn3Ad=!UT{?RW)${Dj9UFTdkOqfqE_J@IGC6HP)Ym1k8@G` z5)Iu#FJbJjVksUk0U+J}bl|ALQg9sa6C6PA|Gj;ed^wMD^?z^Qp$}J&z)wwIUWI;k zy6NA`*}o5j;81VBL7<}#66orK1$z1rfzTn#jKkB18i%hBGmbzXZX79ngmI+xa^t|$ zdg93I6#_?1Zkz^DP0-hP`z~dD3}wTbQm(oZ0X*ou3ed;#ZjIDr{`JmCmqJN^hgomgEiWBn#AJE>WJL@1aTvS1ms`~HZKoA6ISg6fICnL`6RB^0&3LHbWJ{4fXKMlXt)%d~5mNftfKOF$!X8=t2 zXX3Yd7Jd*O0#I+5w{Fg)4h+`<7oLqDJUt2PGJ=bXlbHK*ak2_;cWZYW7FJ=WL%+bW z4vwCkz5@>lB%zP0g7Z*NAr=urCKN0A%B&w45QzG&+%KUMLo>k*|jmGf`s z(pWeGUybHqOtWwJu~IkOqX@%u0};qoHQb;iHCTxIKrwI zFiX5mA`$TbAiQ`3L|p{fyW&-&BqE?3)Jyd>A$2iG*zJM7gwXZmzJ+HlR9p%aAAu}% z%YGmqj>7dK2PnV0yZRRR__h>Zk4s~WTaTFzz2W7=)jYC@Q}bMr43V`S+%{$!Ib*}c ztJrr9O~1Nt1C!xt0*Q$W*Yrv~jJ+O$uaMHKfYxur5B15_0$$)_~$Kgb^+g)r}7j^WJ)v%GN|925RYT;6ymQVfkV1QS(S zhf}1zqdD!#jkF9=*eRJh?FX9Ep2D>6l6)D$M}?khHc{MQzs_ ze!d&D^$qwTKi?zJ(eD-L>Kg@m`X+(U&+ju1Pv2}DzP`mc0)4AE^7{P(M-54Zm3Z== zK6N{O$g@BWcbv_B;^5s}m?c!3DRTe?D_f#0eLkuiRPR8VY`b5X8DKL#TaR0U*Qmx1 zAj0fG+R?R^pk95X8}HNclvbBx%dVTN?nG2^7M*EU@_8E<&ypseaDfz>=XhMM)?tN$ zbEywI(0ZgjiV?(B9|W<*Zvzg83g9f~?7r%U;Lr?Rbgl$^*aS>Z1RN~^ZRkkm@sph0 zlL&<+ZrOzdVh#}_B#A@ekp7Q=VlY8%&HRtu@m^HeiLRqYd=AQRy1E-^?(7!viqbuB z^HL#X#+*2iWk7W=(87z3mPOyd?64lQU|!pS#+fut94~q=a_d+3fl9?4IHcqa;{1xG zJ}Q}|Oj)4)GiKAaqot{W82xJX>6xrPA7y>U?jeIe#$v)?m$!NH!+Y9_?5wb2WZxte zyPql8$fy|F&9ak>$NZ5sHA!nb(UVn`RIpZr5%A-1?Kd!Yj?-IeNswY#EG@`r1L>L; z>Yb!UCKuGsMldUktqDF`t3C^CaaHe? zU>dgH2Ik&4)HAU7#&OD_+^snbwX34b~BPp*8%=|7JI&@E=|v)9^YXS2P@b=UKd-#L@#_XVWNmUa%phnZihg57N? z%@^S<4aND(`6618*x!IX`Xz+PE_1g!7#%8Jjs484mucVQYGvYUf0ngw(=t5*%69k_ z{ANq@g7B+w#5}oe!^-!;yE2&Yip*k0VvK zv?>Up))M7-0zN4RO7JAy%{;@MPBJhKdrh3XY3dS#-yP^UczN!WF;nLKMQDa36I*10 zgrpurfPWap=5kDspYuI{3)6SSM zSnK~==sV#?6a-KIs~@t&eRlMHDM$_bJg}~ErN}RA5_3Xg*07D3MK+h`szabBO#4w* zv07|lvX!g;7-TR@cJ)t48*jP)6tMate$+CgU_;?end{h4BB6MGTaMaxbL|LEX8#N^ z`6l;<6prC;hQw*P&5^%GS7?g4D>XOCd4?SPP2nVu1qe(&6Oo7^b8J z9=3grw$NAr8l#k*Um~K&&adF0?7UnfVq^!&jp(%33&H-`kMylbPaR;M%apg#e~rYo zm#(BAtIgwe;Q@-@FcX~X%3N?Z%wU{1GDk=Xn6G;l*10X+OnaFh&F+Aj_$|^E(6xRC zSSk2p_tPdNa$qlDe-B3)$A7ASfa3xvqyAFC^`jzF?g#ER@RB1VaKn#0#k$0%_1V_- z6W91flm8KPWeG!;b1&dhu27@Kw)TSoQSf_LH*sv1A5D_ z?E5EVo+<4RKX!oXc7T6Qzp*}ztXY1et`OK@M6*Z@5Ex2onFG&AO3^>$X5SkG;CZGIQkU= zSL3LKL?)Jrh$f8j^2G@p^cwp#N-@d(IgvTr8U&9yFUG0lj6e1%#Jy_u+*Wb;?;nSf zC<+0QtH%(Rf3vO}N5D|wb>g$)8+Eq{vS%`6?_|j7G16Kh7xGNu63B5@N-7jruV z#>G<|6+e0qLRFOaAWWGYc@xI;Z`A@J=oyBkhqExaDM1?ywo&vYq_H>Lg;qkJWto+%NdnjoandR&|N$qS=q;l{#f@cccQ=6JtvpW zn`TA-q+hfYj^RL2oQ>>pYDX*)LF4ES(69%U4;PB=`Jfh9X-*w)BGRB$4Tc4+@Z zmaLepWuso?krTav8OZ6*w5@Qg2l+SB;6x8bo;VFw-{Le=TztuvFc(-VJjR_D92o+w zSH1J%aX;J|M_KHvR`)(V{m8y&WHyQS27vGj3P+AIc;o<6wA9<%(gUU8z)uZSZY<@} z19QcF?2RQaJ+RB16rRm&O$7_S>laehEK-)R7)IR@`%M#XCC05(mr)wK4LfQ)@ZByHFJkOLcl{Zvy`pPt|Rm$EQIdmzGyL zGydZ57$5I{mD_UZ+v&(IdcXts z(U`Q@Z15iDl=scy2paVZyn8w2)|}^XQ<>iFu^z>a1!s}>m{>-cEdwz<7s!Op5z`Wg zlpP1O;Sz z>NEv}=UgNRXQ2Q^xi#ocdTa2en4(^JC`##4f)-0Iv;*tV!75!ma?ZO-k4=$r$BWY;E= z5M8rNkkkW25~5=Uf~2A#lCUdS1S1*6p_U+$5S`H#N$14vOHt&6@d$h+b!2)o)AeOr**qUK%gx%S2167OU5PRmVOoR_&6hDK$vOOWSoq)VE>_*jSp`+Bm%Mb#!2T zcpJcSs~vR|upuh4Y~wBMArmbKXB$V#w4seF<#C)$xUC7whRQfvjTLe@BnVlx8Q&4& z3%S&oYY)MmOji!~+H>J{NYvG7cXp~GT(ZJPPYE7bXG0VWBALo}Hn!$+|(p~Iahp{@AvwTr6DsPV5 z56QPcJyC#(%em&8DgSJlSFvHTa1=e*o^_^ibG*a(iTDk``dGQ?h1?lW4gkRM{F?KHdI2hP;FBgOFToQd4{fz^wWRbXz8~gWXEoYg~;)_j+`eCD&35=rt zVghjrSYAc-aA6-W!cb>s{>$kNJ|rMm%vLed?j)0McDd z*XH-F*51o%V~0;Y%{NPOxIWxF2V1sfy!LIk`}$Gvzuo2A-vPdbvlqx?t{d(R=pU!Q zjzD{aQOfhMV;7>XV_$_&Ek(HLT$$(&7Iq&X!hP|BGk(XKbS6G;FyNMzi|u8vx*pr$ z{5p;ZABh)NxqLvADEU$#hT##!0jHBV^H~=OXqs!7NadNXY-E)4o*UwDBR`cvf_VBv zk{sGZ%TxFuug^zkOs4!;u&2g=lLAO>OdWB$lJ6NM3ZllDv>A0FQFzuSS%r&2?fm&e(xSGR|fx_VKui zU+f#hm_r_q3tS$39!(T=^q`$E>iKGnkx&kk*7G~ zhuz{g?sl>koM~hgT8UX>-Vw;XLJYS!@6WUq93Ps`L+N-U9n{Ay@{Q1|S*~yeklYJdDS@@HYb0z{9Cl%ue!ClOmdU{ibt zY|8%v3*s-sTnwkVw*Pggu(I!{Ybjg#miq#WQo}qDK!;|3b4o}7}jz5i^0?1QEBHR4N;zyD1 zb<7vvq(fN7?^dS)mb1~f>ecbX)j(yR+=%WVZ@NaO_M!x9fNaI=`%278TiObEhh$;S zGkWNB1aRn>I>SbBgVk;yJP z8Bqc;#W+&X5R1-cUAPvrcwYq8u$R@bG|0K%%E$n;*W}9?vAZq34tlM>vdqkUEBmFz zsIDBHURQvnT{*%`%PZ%n*P#e4i=jxY^g49emc{Q8=UsGuP@DsFVoA?h^jZAWGF9(I zdqwX-fh6BWw`>-6UoEVbq*l%YP-#h23Tr`z+Lvo7O3RxAeoznCr8(eN^?+@r3dlym zbaVlE$;9m1FTNTtCN*t8qp7UjXV9LsxW;Rp2kzovol$J?^R3OJ5QsGbyc-r&&jq_X zTB5r^*t~$?gy#WehtkBHG`5xwPRXRPEiEzloP{rsBT%vm^XEIAZtZjmAI(XeXR*`a zn?ON~g>?1JaE9yg6F(>W!RGgnMi@MbA55MOMu~ANUDKE1@=dBM0Wp zI@=}+FQ6eeol%%)^ur60)OKpTx(L4TV*JboJ1+rTd^;sZJ{9?664?f#@vI%OJ9f5& zmm)@ahd>&vJlCMjZ-P6MFu~*+Jq#%_xfN^o^)V5ZJFnzX2LJg-*?c$tpMX}zmA?9Y zed?HFfX7N2^z>yYOZ6@I!PjrmK^t3QPo4)7q9?<*A~=g@1OQq~-Kp>jI0AnB86TiZ z%W>aW)_#(dH7aMbwz0q(jNjJk$Ntm1kT?G4o`g+n6mcWda05t}4^ziu#)_uO$}ax zUzdZyJQ0ae8K)=tm_$b2v&#B%Xhgm;crUPB9v%m}4~{mxYvq`Ct^5GbNqh`A0D0Gn zpCmjQlNs}_6;@XfChuC|Fd$6$_+6`@D@YptIUKw+^V-*2!>5{NwK0o5dA%v`0^8`B zKcJ*&0mB-29cxZsq18Gqcg_T2cvRJ(HQb(jOmL#GSIZe9u6Yqe#a!8R(n@k zMgsP|QfC}wqD#xiDPlhZ?1FT_A_{I5gNH!wyb z|JOICe`!nkPnP}c+f$)|BL4Q@v_;Z=^1SUe-br;37l+1 zu9PN9f~J>6Q#p#0NcH;WR2X_T5t!SF+Q6SgD(tBz^V+ky)$0ONAKDX1u@0V0`pf1F zx0v)T%}Lp*6E!R*Wo>XAI;>%MB=W}=O)`J%kt8ep8j0Wndy)t>N^?ohLA}hbgDJ`N z6g@^ul;o4mM1J+EC7F!KIn6{Q+uvZ!P}1QGF;5b??%AB+*Ud$zm=GmXr$j1jk0&d< zpt-C}MbrlVBvO4BjnL35;X9~Ks>p1bD4Kd zgue&j_-JY=ebwro;h}Wl29s&O2j`?YmKHWrKY2$p;hMUvz86$CFtAb59?q+81Rit0 zTQK~N%OHvipZkFMm}%d^A-Q&t#dz^N(w)R&$>iyHO+kwT2yn`LkV70`0_Wja0JhLQ z@$R5}FySRyj5i@mC(88IoHp-<_~HAA4sXVc;em zH`j*b{X|(u;ae~`3vZ8*SRv$5dOz9#Vg)&t=|@+?9o>wd9ytK%NB0uJm&^NGYBsd%d~dKAB$_;H~t{9){bk=0C@r(?Fw|YFVNG0K)g>QaMVOs$3kMU zCqbY35XhK4%hllL&7jS9yZ1uo@pBDWc)ky%z|t|I_**7#*Y7Z+rsHf7A7&f<5$kb0r}Za+j{dViSN}y|Uc;_I z_^64djyG*XpSru=HkX6;`^ghW-JfU-H`y2;+O#pS@NEt6+Ksyo(mhzLd32|Btj?1d)vUO|9a^r??FwH*dqwjJ(J)jLvC+u_Pwb4QxG?Z&7VHfg(~ zn%eH9f4%J*W5-5xasBl%@*QvjG2OuKbfRV#7$kM1|NSq zNm}BjPTO3@rnrx7+SXf$+c{&(`n)(vnTUI>WonB1DrIVlyM;2rO4+PG5%*fl)D-u? zP3sQZ3v<)gW_vN>=C;?*iQUZh!s5VWw%1E0FW*|yV)487uq&Cq$@bcOj3%+V?S&c` z+siF4a@BJ#^d8RTe+=5Pto-P`2zJ977BhAp%$+D8D|1%Q3;=Gq=qh~t-N&_4GmQ87 z(T62z4coBN+;ShDHAdtz-lKg$BGFf)guoxifsaTaeJ0SstGvER)Z_2HQ$o=bm4)Av|k7Wb1>I z$rj$3`eu^>n8gEk4dDu+4Pd$vF0Z_!C&EPu5#ib{5aIGfxQL~2u}LwVK` zSeD+jnG+$+&5YT>gGgB}CSsh0wg&!_%uTkT&>TjVMPw2&n?)lLAhU$gn#{;eO*8?I zayoJZ4BtDvNM;De{#=1Jzstzer;w{|7df$Yhd{gqDbUq9fu8OZi0g7);=m((0!K|c zb*d38`qXDY4|k1S>r=?%L&$@3h0mj8^|^w_i;1*xM9gr1cA_K<4~lsGRTT#Vi3k>xS<>ezrUOq>8nJ&$5>wbZb?i1+h z83H{$Qy}DJmN@ddSKz2gr&b$zp-+9@$cty4jXdtAyhLsI7_G`8j;)@CJVeialnZ$ zw6kJ6&$IgCcRTs5gL#KrZ95{!#w(|L9dGu8c-QVS#J{E9=1t?;lTE6JYYGk3<41p! zYVhW$kI_P4)IO`Gj+#b}#*DH)a5T>-yOB=Xk9N2@D}Ik@pD(a|UMK9f^^ibEZzIsv zvjyh$)&fUOG_}Sw2Yu>`Yz{dyf$m}5%l1J3U5M;z{a3vJF4lT)Q|J8xnbm zwlUQ|9ocMQs&D3s1#9V1jsC?W5e;6uyd0G5UPJP6f#%u%{{Y7ub9k&naGgc^L{WHZ z>#{&cmjt@HA~3JF6F6$3sWS}E=`&pbJa?@#QD4&s$Z=(3Eh_EQT7X>Bqdkat^cu|^ zhyOSZr%8x#dQG@ToA3lw%!}i@<#s>17>IV)V4C{6*nDPLu-@6tvY>=CYxgOwL?e^v z$vn43nfwyCiYlz1BE^WI+5H@7GObnUN09bVV=K zea7N|TEM#jQ^@iYlgaWDn!!_>tgUj;rOkXhMLygn2VDZ3dE!AAoSfXR_60Y7utsJ}uYkWbp6GxBYg1Xj3NH;vo<9q)uJCcHRj zaP=y{)vI_uQcK4RTmd|sYBkRG>6XKuY-wdbqK+H|e9-8~M?qHKDhkflcL;R!`vtoC zHi4eLT_AMi2aLnhcN&MUKWH3*zRNgL`a|N#>sthl8rlj|F^=-|smG8f=JP3@^S3_v zZ|Tf-A0qQ|Qg5b`HUN&4ZfV*Op)gyRHpF{OJ6ro)WXADV?L&_@&C>p_5B>k74`Cpt zUHmxv&|xC(wtk~PM;|WG)kg^Q^m2jdLo1BK(<_a`*Q<;p&_^0aN*^VTygpRmsG+T@ zrVr7lo=EngPyhRU2+#I3Y>%csgeU5@)Q8Ub7yA&$?1dPIrm%&#yv~t0J5itKHAbP= zYzuqMwy>8Rg?!8h{mJKpI5Uiy7{*pvy~V=TW{bD~t}WZJab@%|>-jR0O={p$cS8uQ z<ITl5)2|M8wuR2z2zYKv(13BUY$9y}dxl-9qE=^djT%^^V37=*8m5>-hpl4N0}m zh#P(CTNF3U%L1MqvOfDS$s2AnW~0AsX7+;He@F^nkW}CgZCUuv-LmkRb)WsLeXefk z@9#qPK8JEA=3xyRsCh;8)%ACMWg)g_lIL?^R_p{jf+B-PG}{0*d*(Il1N{5;3_iVW z_5l*+iR=S7Q|<#KVm6zN?e3(8PV;sEAKox8Z1Ms+R^7$WNx{%b8AB%>hvWHDUT888 zO{QyxPMkJ2bc_!%8-`ANM}US7j--L8EVkG3G=`2jrUXOBwD}1whkd+Z=Ws6gkm)Pm zW?xw<@@?yV1>#!|0$shIKu_;45PjtU#^LKXh$FA@$_tOp7)t6q(?#f0Pe~V% zwTnFNBm{+G+SK=SrOJOP|lMWv^J>h5n$GXVV^CcS zOma#uKGK&Os2v|_8X_i{*EKK3KZ9A4S&XO7KNw~Hf|28=DaX5t5ZZc)Ku7N;5Z|^D z=;=KK=JhTDM@@9~W+SZhsb@r3d1vND(0+I_Sygz9tuCfb=kL&Cn=J#buq}BDekMEh z)d3bXog7+L{T_0MghsEg2Ynxy@CQVDrJkG@K1-*cb8(aNM6An&&%qD$5Zbu%JoJGF zec;sut#N*AJw+{;^86UzLO1(wZ?(4h2%oy54E0zKf3Go43`1Vf%_biw9)+kk_6Gj5 zaUx|7eKsVdN%M33-(&^XDC@dmP!|zz#|u!8MyO0l>!EVIlh+jGfM>+kkTb?!xY4kC z1{nFnnB5X5=bMJ%DbO0vf3PXfC8nH5#`l|RlTD+8e{OA;Yv^F^^L@$4?(@h+zguJy z@97J4^bG=C{a%5dzEL1_@J-^#>vstpHR;rd5n}q(k3diMg|Q7}eR(n&_V{vOU5K0a zg|l0pBVvyH8s><-);`A?+2Prtg($}(D96|@aoQo{S4w@)PfQz>k!Ux$fsBEAtucTbo65}#HZ=oB zH6kSJ8+43`0<`;P#~kV#*Y#zZcqbaKJ79SdwgdUTJ?aZa=__cYk|%53;*573*NbFqvf~(kRir(@8ZMr{t#3ZIr~d8T zce9RskkxmZl|d2lx7b<~)%G5Ttpm@m?LC^cu&x%@A8rteYFb54ypV_EwoNxTK^uXqGh{R2O zZm*FRw}Q}no6{0Eby~*V3*3Qn$vNaUb$M({D zUhM5VwvXPEV(+YDXVH5`>>cPhcA$fZ<7cpk1aR-9qs^5V7ZuCnsT23j{zU%JZI?<*7 zidMlZIDcp3;5Dg&QfM-D1@r|U8150ToNJ^G{)Xw#?*aq#J<|1TeXl@A-zU)39~GF_ zcMBXf(bPqzYtm=FpD1}@O6seNsShPDdh2;TVevdv~2wefsTGapsODgnAi6U z95vC@B_=QW)bEj;BQQQAB_nZ$Ps1svS^dC&U^^W(*fUGD@BkoN0%1fe&%(BU9;!{sPWNtG2=rgHbfI z9)lX^OG}YI|40b$qmz&u9q*u#dQtv=mF88P1Xt1R@%=2JXFZ6%{!Q{py+~d_f?T`$ESy8?TllTw9!w_O$RLM7(kq?l3{+P} zC^x!_P70o*)`Kj$dIsRgpUJNm;L^Bp3;y!A5~#~i;!B4E^zQVY!rtpGvT|kGr z!z>%3J4_SUd`r*|aY@V%+sG7=RGx#wqJ;IWf4L1Qvg$2p4llZu&bPve9t9c3W0Tdr zkb_!=pAI|G#?&|U28qksXk@Hd#%;Jsdv`RqH!kV7yNTxVqK8ocOfya+ONLm>soM`% z?&_`Qo7M{wjRz`?*276eoP}odrTIBSU;l4wJ?aY23T(^z_P^hLlQ)`aN!9L_w{fa1 z5bhzc2J@awXu}ga`1$u5x!zH|=1#pyBe$i|$d!3Up2H{5J=AviDSKX*TiQB-u0jcC zsu*;91f(Gt#+h@o?a4kJY(XY)z#(u<~a{w@6lwI{xc&bneoWPP_$*EyTj)uF0|wTzF0Wss`U zmzW|r9LO^9OrhkB{RIMs!?KjK&6uNLn`I(ix{1~xlOTK^%s~gg1<5?OiY>+dQ z;rS_!p*O zNXN~C8jnButp<-D|6yYuOddaz;PI2fOIv?aprc_#VP2fqPY4_}!D@ryF@1F&JJvy< z^}Pm@4oZi}Lr6#RHZS9tF(l=~ncSH->_<%`y*XBBW-_$|o z@=r@yZT($=j($d9UOy#p)C8+5O&#cq&rMV2IFI;2f>t{khU)^;1UkIe0>9j60nGD0 z3m~tr0H~`BP5SC*u>;Ptt!F{giS7qW)F2``@_H5@Wo_fv4|hgy3a5b|(Zh^!!4xra zjPYzOM%-;*dKEUm4a6X?!|AVy6(buCE8J~fCC zJP(V)^fVPl=5s61K0h@1ZiRTf(*QCy?>+#^od-adcOU>g-hBW>zT1i;ua&@2lTN+e zQtSoI<*tWqnS8r7R2`WTO4C%&$kvEEVQ;aNE|yjLqV(binXYve+&a!@&`^h zN_w$C+{)%+b#s%45%14jyjC~ZA3z{a`vZW!wg&+7+D8DiT>`)XZ4v-ZIPZE3NyKGK z<+?L>Hm%rW(Eh)X>%pz3c1QX8OY=jv4K~}5OsYS@r>P<-M)k!oexO>ANIn`|Tk`w4 zCNv*Dh2#h9hv2cq3;)-N^E6g5*u{v?k6r{@(Pez{SJR4m?rj>)B3)E^{#r-lXMN_& zb3Z?LMtr8|)ZE{XozY7%+q{8f`SDD7?`q}fX-$yw^tFZv%xmosSkPJ`5IJKJ5yOBM z5rGpfT<}&`@Uppr*Zgmja{u|{a!<2-awC?aC%0TYJgAK!!P}r7w_?|BQrd-~rQB~~ zx}51hDJ@0uoaNl58|mIlUfEn&QtG|aG*Jp@%(s4Fu+U<*jrfW8*UnIAJz<7{*5d{z9D(2#mjKz~p2M|M(mQ|a;yaRz zXgz76yw+0&{npb42U>qHIN_Z27LM4FEjXHB((Uth_TzWZie>ueo62;i8S%TN=u7MA z?9fAV8n_$-sZ#h7zQL`;z!9MN+z`s8jnivCS}aZEe(Ax9{xdswz_E$`oE7EeD zRZxC;t%^avHQOM^pbZYRW*VGu-n8N%K4nY$+d}RX^6U?7J{N5>wS&yIU4B=-%_(~f zo>3>X5*DAIyM(vx_HOgG+hLA3rtZ}|Xn}+K1KRW9PdZ+0{gWeA#_Jq|ervA5d~2S; zf!3hG3Fj?%m*Z8obp5lKV--VVHtw!4VCT}dvx8`piiGwj?EI<5t{ zUBsodA$6H+Z#A(wC)`>iysoH)hlX|NnYmEZUB<;lH>q_}>@b7$ca=uM(GB`PjDJK05@(IJ><x$~5iRf2QnF|@_(U?z#7wrL} z(#RX$l%}cFJsoPZ-;X31=v|ttrV7B z2Bt8y=idNv;pW=~kPp+m*DREp@eVgjt^$bjf96bg&xX_g=-%_sA_KbNS!aDSGN8jH zUG~h}{|}LCSAG{SE2d+FO|-&NJpEViEQ}S4fu447bAQtJ^qbQ-lVTXL=W+(a(~I6raKa*+FyOI7k&pG#<*<%0YUDEbeQP& z8LX%q($?QyyXEKhA`PtPSG;O>7$&+OexR zbd$XgIk*F}Ej~8q`3yEKoP)=fdKWM6%<4<3`w!XUkt2h{i{7zD6kXh2ZYgnhEAHSG z1oVd%7yUVl%e7h2E6EN{ZAF(E?22wu#d!_g!9`xN#ST?l+wBqLb&-}CSgAD!>69pG z_RE%?ymjA-dZUA=6p;+PZ`&aN9w5P|l6}oFf$EZ+U8*(MPe_kW1?s>TmjkWYX&cA89 z{z3SB{|Z#RXwJ5b@Xw<>1|_-0)^7BL#iqVv-O$NL3-CY;4i}w=?Jb+`L2qy zD!2rj&>gy2cQu7lUd`$So8au-n#*u)oTuuvMpy`4Da?g@Mj|CMCarf2xNz0-CR~Mi zg@1UQM;3L9Cj|3DRV&Pg2}WURZxW-a+&?8p;rYZ-E~@=G_NK1YbMRdXBXFz(G*ljg z9pME)+k6nN!W6!W4^7{z0l|fQw5Nav!YYNii%Yfg9F`Ub=JG)WL^nc4W$_2KcF;pK zo!b|U*(%pkv4woT(;#`EiKlC=@f$kUo=b9jsMe59cGOh*X>}Fh@Z#{zG*&z!kw)KL z8eG!fF=r|92?rG#LS9Kb$i+XF@0h!EcgJUs-O1b$?YW&A!RL&gr+Psbv%Ps%Hzq=+dvrq}tgm)0FCkqAqBKe#?ujv17bcbomxK zqne?RAq!aLm>GlDD#-rPlMvscaT!Tkqc+8*%g2wnPZ`2bRFcb#(>tik79 z`}jKL5Gt6UT`YmKb!Zcm%g_teB0-+Uws$dzaz50=bq>i z5xW(>dQt52e0*x=S;GrAmZtdhN?d<%gHm){Y+%~-4cN)bYlMDPqRQ~R)JMtWTG4M@ z2~#a4Us_-Q!I~Ku>^lP;oHKkNG2D?DEb$8U!36W6#PH$7@DUkI7aAx3QGi&N*}D?~ zl`fR8FK`T@)VLRpx{Ey5$-s!zBAk{j>?=3sPV)Tr<@q`+TeSP}t*+k>Z5I8rw5JgE zO^auj-s|Ca8S`nhIZu%VUHNrPh-DvT7%i>4mTb+uu+U$$cYSq$@+v~x%L>)}Iu%sL z*Vd(VU85n^B+X z-c){ty=c`{^Zc$-xi&o6@oakzD{=IEx=3GJPy4M5Wa6&p<8X zxOX;j`)p#74qwcns^-|$Q}Ns|@J*1v=67Tso5IIguVkxvH?JFA2fA;lGPLYY)b7eq z{B(3>$euyz8Nb6}M|dWMXXb})mw}h8Kj_eZP+15q19Ls^bLi2;w+y^y{T_$jHbKk4 zlWgyFXe&?=k%1SjZ+2+rq#SJ-`Z~wo=Frq;hn9i2tx>gXo3RhhN?z0R9zNMEH= zSGDn8K+2gaAumP=_WoQ}t`oT_;Hx2==OTf^%QFOQ)&}x3#h)Qt}HC84?;inD4;gd}Tr zw?p0RP%7ftJq}f%eni*NbePtP|BK|<>l|;v|0GAP*F|r^_w1P)2USegxwPMcC%mqf zir$SEQ|&9WR!`VSW@vPE6T`;hj1ryIJ0Lu=MlQj})KuL--I_#&(#TS&gxt(qUfr5Z z%4?I7%d?O|fOFCNl;+viJkJeo6!(xx(GZENO;uA^>gurV3)ZhSkvX$a=JsS@7swo5zAd%4!Z1FviG zL0i3dbOaQlyZPArz94oO192N4he*ynF!NDO^*1kvsvqz5r}@c`@e(oZ&6G|4a`Bq_ zYBHuKc#Q3ZzlR*j?96xl#l0Yv=7OzHKykQ<}D`8+Fb3<1Nd(5 ztIdpbMQ7mXrcSDAvkRu{#q?2aH;4XbC)3ZS{VF(0P6>!q?1oU)*l1~4*7o9Jo5qW! zYb)AU06K_G&jqB10h$`>w=DNF2LoCvpmeu*cEi67UpXLU16K3q zO4D*tHz(AWu&GM9iQaAH9Pe@!Me}5}-Q>_{^mWwOXDL@+0j+ejRP^X;sf4u9;q!6Q zm{g6Q11|&`Mt5gZ=JvU7qu@<_nM%5XjNRlgLuaM4r@s%9>0t%UMbs-5cYvcW?^Oy` z7TGQEECf9JmUp`uYa`909a-p%k1Q134re+`reEErcUI6a&o0ONo6By0^A^H-O#@AN zXN^Zb-LBu^XLJ1+^U1A6Q(ehR3u~@h;u_2GdK%l(e=RSnCUyoP-#&xDyfRxri&ieo z_Nt(=BEXCSBH#vxn=1l^R0Imje2GB1i`|cfVRMU@RW;TSl&V-%&D?JTJ@=G+EIZlF z>x{VIw6IwR9GF{3%Q`;b(3vUfcrUvZbwMj&m!g$0n`!48{?Cir+J*vc16tRA**2tQ z{X7M%%Cdy51OH7OFQx@t^eROw;Ot=(S6-W2!Zb3QSHk(RrG>HC8R2yE0bB4uLuE9B z&YW=QsQI)*m5!cC2Vgp%tMVi8n+Qa5Udbvy6EAk;#YBR|JXTXpCgL+M|Hm@%;D6IY zP@mP_XgmLds^gp0tyD*K_zf+IGmA0}%GAf2_}=O``T6b;+9kBc>~?THy)|prR3$B+ zYq?!>V)7-_PL>2OrN)UfX(d* z+a`CzXWM!E@dqa7Ei1!m-d=5a=e4di=(nyhm~Xw&;6UpQ1}B`i;7*sfvZZ+0yN`-eS;i-C!`^ zdaJ>K*7XJ_oVVapjxX8LeSG=c$;b?AZ?dJl`S$JrtNRIW+w8DuLtwnM_a=6P%+9Fd-vM)6XC&eO47Ay&I7K?AXVjht zOnDvKzs>7GC$!6P5AvK%2IBQY#L(h&mDT;54f?HH3=XtzG&td$gU>o1WeYw+FgFh% zS_}(C>!YIeE(_ze-fhrttu;8%dZ)n&=Nx>_(UL9rxY5$ygL9$9+zZzO4~k7t%yj|a;L=; zZTeFrsTk_(PNE(*-=?QW2BTk-4AvG|Q=AjMd`Fq*7HxR7c4S_(sslvuX@Yh6tB7v~ zYY_b%)>^X>O6_z<<1@Hkq?w&Mu`+Q#F$N62NG>x$Zx%mbzeKJ5^l(c)S#EklCA2fk z6;EnA$ggF)+|xZo#m48A(leN9@WV6t249f9llZjm6#iCTxkiTF>}B-Y?G>@+bn-cl zYUNm8)Ekn&QMfM>jwUA`jm~1YYjdgG15k$S6F9eT;9j_dJCcGA8NJ|1$aCyWWJ|#y z`eAppBkm4k3&|1diNZq-xNR7bSF z@@RAxmN{|J6e$*%wSM4&ETULB0z+!Ft7AjGE9g^Zei=u+UW++#Wx(b0z0;JHA#1kD1@$(O>{s>FyX< z$`eI{hE@4(96XpvT{hR|;?fcPi~v)e{7yC$Nss;}b0P~!Bm0^P{VV+NDm-(yg2C`E z@?wk>G)&eHeW~j^(0N1<}>pK<>k3K*$k|hBxM}%MDQ|XAls^l?K&n5A-POU@`-`LIE zt;u%bH)wHS8{8hzss#?qw|?fCXK-V4aoa6l;ilBaJ&;>5)U%;)L%IEA)dqibLvFCz zS=|dEXX-<`NA4`37ASgw`U%g_E%$T&Z=Hf)0q&*XKE=O`Ir(jY;XUBK!r#ZNO%{^v zEium{8gF>HZ7gCh=8iKxZu?}TPuUN?N+PTNz)^#0s=p=+?cNS*etkLa@9R_kKGJt=JEOP1MN3eOy|f^!3ag@zhSC~m`{8FU_LEwq?XfR;7Det0hl z@U0d0!>?lw)D-*SH~5C%)MpWiW~sIq1{l~QC6|)(Pzvvpk8klQx=Sh_+E6L3TIJe! z_PtuM(Z4B-6}|;nrKK}&fEns!nM=7re^<#jzKtp1%9o-Q7!8y3H!rt+u6CSl@gU`| z$St`w=PRFWIrn}-DAV>7n>6J!>1t`p%?f(2$!N2J-g`3Itf2Rqj5aIieJ7*M3VOfE zXtRRee=^#vHaEdIF~{hJIkyAIM$et4ShJMXgbT4>)Y_eZl!>-P1zc$Z8*Ve&3}eZ( zfxvg>ztH!L&5GT%S8ndc8MPThtv!rHu$s_8!Mp}7nM*SFYg|E_ttM5+pqU?ut|a>K z>qKAQ(JMCC$5J#;UQm?LRy^i-UeJLpnHeRzn4oLRgDw!&o4lsd-yeKOg;^oYEYQ}~ zIL6GGZr$NuOqAL|Vs4bP`dmaJhhm)E5!Mtl^)0<1uLy0MPJhzHIHc=Q;4M|;~+coi8lxMOE&c+~Y{s3z96l?EerdYu#Ix)Xf#9Yf*wMW6fW_Ai!h zN*#84hud%7-N9zhr4_ENyD9hq9{YoDK%zF7B07eggW=O#?e3)b*@NumT0ka1lk%79 z$64e1oe(>TfvX z54zH^9sn|n8Mgs`^oT-TsWONUE`_RU;f{QC>;C`15BHNjfiLsw)+1TcGG9C4%cUts zj0>?fpTx%th1fEKSR%yS3}UGe^D_tpvKVZeK_qGU5os}=6XMI|b2~n2e-EItN~dm_ z0mO?Egc(2_m>|pm;-Ca!1`sb!5M}^zaDp%ch(i*D89*GGAk3gKz?N$7l=HT;%nX+I zK+Z3~Gl$r`V0$qf%o9gv@!=%Lg2dcq%Ji_?hr7LX_cSq~mk%e9`N50Q68fXEdW*F{_ zs*Et4V&3g{1iyn?k8^eO8$YHTTws@AmsA&x7iTix0FznDV0GxO2i;wc>!wv&DtoxXygsv2|FEz;ZLtB@3+%J3AvLz@jQUgLPlaSs z3go;L$wX{!e1;(xrO59KDb=Mj8cmVk5%NcTJinx?7t1C;LC&Z$y<#Xt~hBDyV~}tRnk{m zlv*W(?9@*@OBQS1AoDjJeyQIEZ^+wEVR89o|FJO{4+1mxh0U1ypUPT9^UEISIlHAYPFm%mCut1YrgcuS^hT01+k# zGk`cRL6`x=`3b@dAfg0e1`v$|VFnNvBnUHrSd}2mAoXNxx>6@A+RJW2)3?LSTpgKV zMSEJ^Fi+j{j5FVI+zvkd0f9VX`3k%Bl&u~rX=rB^Q43@pF!S32}hPZ5LE%zV>ox`Uup4mAZ>eE;{bBOcwl{tL6=kY0Z z23v>*2MY_Qlskr2+QDW*F8NY?UdhjG2W`u<$=NhEduDEm22{1Os@}tG6jxCsgFBQA z!8Nuz31b5|KRb-eyKy)fqPew;s4G>quc0*`u*2Ch-=;ER)GNqfZxu?7$0SK~tFl2l zy3Q|}Z#9MWK|lJC`Lc%b3{bJF8aC^ig2zM+e|MU{ z7s!i7qp?3V=#%|@-u&%6#h)5*=7KXrg?K`FaK~;xx|=Xb%+?hoynoY(8OrgvOmq|1 z2h7z_&efXN#PtW}YAENrOBxn-9yV7)rR@Co1xHiJS#VR>DZM<)GYrBwo%%RA)RK$m zly|e6kL5buZtk|CrE-_->gNULDuw6q8Dqxpm8pffBDq+55Iv@Zo1@unjis9LP<5w8 zp{F^RU4U-Bb}XK+9ay|&GG80~oMd`M=2tW)Vzx#|M39q9zq43foeLdw$%?;9U9yh6 z2ogAWwE_$>PiAS#-|GWk&N<#b9r zS7^dzsUPZK>=tUgSI_2{1#9OYZM`h@J_iXVs|6$FL;NYn*Ckz=89-c~Aj|;biUeT> z5LYG$Gk|z~f-u9p#%qZN+QF`Z-rkvkMz!c`uMyxb zm8L=N2{l;ISyS+(;1VEfI6gDR=$C3Q{9t!*{?tKJZG7s8Df%VCW36d@W}^98eA8>b zV|Ou`G+FI+b4YV?`<>`iUCHk|l#W!-Ek?gH3B8acxke(mNJdvJi_ss=)lgO~1JmIW z*MFL;p`5E}V2P`@vt-{;&eim`#I}nrh4gdPN^I*|zqFB^VJKgVb+r0+H{oyaDDi_?xFxJ-`v6ZuD z`&$+(p5O{_^lpA|r5wFgQibb7o*jnM%|}-e+z!Ld%GE}^Rg47Z*B5%X3u>n9QR0~5 z4O$kF>Nmp{`wh>#W+8+}2G=o;b7$jFm)89OoSm*iU0A0y#+KnZ>uzg1&0WX(RN`;m zx~1qevA_B4(|Anzw2$;L&$EvHH3_rDx?DTf;m&pRmWk7Fc^%{W)Yi3*rY5y@uiKch z^{ng2`0QQB;4}3(a~(5WscqJ}H5s?cI-o7x7}?VbrY zxNcs?ZD`$xGj4PH*H)LTrc38E0rRnT7Sqd(lJja?2g|j2UhzG)uII4}x>wIr+duvx*Og)RceP`O*t;Spajzny;Yb|43Yz&uI3WNH#b?cvV&XI#KO1}muY(s@Zp zmO>PgGbEuhkNahCd1^9+OTDI2F*dmF(xkrn;nVoBbF36BW#sN-W;TL?ms8toaJ^R0 zhK8&i+|%)uZ?B9bLo(a z#b^)Ofv}|GRz7I`I4+x8R3`0`aQe@Q_ zxQB)Fl%yl?N+Lt6enghm4rvm1iP8UoKuBLxjt)-UhM7m1KE=ViRL~jnW5;F5e7@hN99bp7t${th7-ibQg_%c~~(e7T{q#s6Qq+M0}*n`Zyz+{R& z3)Xy$#%)C*cL#1e;kNpXBxX+BC%gJff1J14x;D%e)MzAaWr;9H^OvsvqS!3E{#){2 z%-8qzZpf;i;Rf2qpa?blByBP${kEhT4of(2v4fvq%u3Jo5am6A4sg|I-OW<- zpCX$h?}fSZhJ&CJ{2FDNdZsrCYSGOMquS&}fsS&^w;z@j+Xo;P+{VY3daZtq>&6Uv zHrv{|4hmkQ3%{-FWo+u(A9gGDCEA5ek9P-OT@Vo5DQol1_^8hhdhinMPNLX3qES&V zb|(wmGHGOdBSSbP%ArE;_#}N!$6QHXs{J&9^j*C%f!x(^*Z!fUi=EBYdK1WUu|C&p zD(SAFw9O=Liop6BwP0KupmuK-eYDEU4`&hcs+UWg7rC@wX=xWaRHK$*fZVGHt#q>v zpL&U2GM==1JH=>gRBqI`YU?cKCNS&Jp=V^e0ne}U_%K;Gww3E)hs%rS#HOyry^f)D z3!O`Wby^=yWWY5e)ohARPgB(A2t?$*)cpFnEdICaf;3aC35c=VIcyb{ z3|(a<$eEl6H+4$feN>V;z;UHPyDE62pw2Va+|5f>vI;_dnxS(Z_Vf2+B%50j|5aZ4 zAM-r_eR0=>r~Hlb7maKfMhUq^Q*Z}iPc-7gW48om!)g^t6RG-V@iLFc|JqT}pOB_% z^e_9)SSEAHzT6~_nX^=U=h}DJz9aS>v+qv!-OaxH*;kWHOw`i09)R3exmTLLZ;7u> zp}x)S$muf_IwEHJ=px`U@_2PW89Ub37yy(nmZjJq+)cKRnoD(e|LPs-N%QuF=4s9@ z!n%q_ZjS!E)o($BtMgW~V^QF34!qrg8y&dGftww;#esJ?aH|9F6maeG192HQxR1EJ zM%u!DfVwnv41nQr!uNCcK3xZM-JyQ>Yj7l%0?GGAT9Jt z*IpEdw{-@#dhJ+@=EAvGx^CX-0dpDU*h_*Po_TTx?XH_(B!6E@BVM0*tJj_?aHFq^ z*PgmC3{#BKv35oNb|GzUE~#8>Psq3qaJKK+JW}v&xLaX&6{BQ4fJN1#*q(}U-skvs zVF%Y24kWj9tQdcodRS~v%{ZTZKAv__F*DCoUNQbD^R&<8ZX9yDvt%;4H<-_jlYPz- zx%4)a6}7X9?TH%~q50S&jj(n=u{}ZLd~`u0_^$Y@p*`G>p}v)GjKm3OU)hmiPx*-M zLz7Hirui6f`8anYc%#K~JL9=PSK3PtdHOq&zhe9ma=$$wj-APJyIUxj4~Z4ypOv3< z&Mf1{a0|@O4f1nGk|VL7KIjPN?nGHJ&f;sXT?!dOHfgrd2)$T-(s{FtAH!{7ewfP2 zwP({}Kk#Jz+lq1K%X01MwG0WHavL@hKc@)WBesm6C&j}e^K-ZSq@|qkV>s>yCvR?% zpL7x~_A?W{4Y!s2)S7KU$at_>y{*l|ac!B8Jye{`cljkdzOthB!l_fH?dlZ=;Tg^g zG&?sKZev8}N}=YIZP!KkYbmdoyiQ>5|92XrDwvxjfEoo*QGo zf4pn?J{m*%o$ok6-yz#~1#AuD$B1loiB>aY(v%wy46hT?^d7C3?1qf`tKLgbqV*C% zt(RE9L54C-#o*g_Zt!uYd36Pza3f>>=wLPJW(~zE@C46}Sp;j8BzuL-S(UWtKv;2B zOJdS-GnQJ1vyG+90OETI!VDlDOb})O@%;p0hH3KV2l6m)^^Y9*v4CX?>SdfMGR2v~ z{J48dKzXve<;nZwJP}l$SUAfQQTChqw(~@`DS2WESZ%McHAH`nk`i5~Ofah@DcRrZ z2h0g*3k)+NT3}%=%=TYAL>S8%GdMlwW2A8prP0>yqK`r`yp@K;)AUhM6Y)Q#r0P{a zx-W6^+iseykDg{*PH-mY`26r)7Lo~}Ng;oj37NP}ACh5GvA)oc9?ygjE_?xm9eMY) zcJWHmz9(tdGPRZuwDCr;zuU9a>O#PBcpD!MD9oPC#x6_hi6k}nGb#5XrL65s^SSlD z*)uBnO*|?=8IQUbql0@fMyY4r#ZpIuIZeyrhm$Ne1ETel1YriJm(dZ~&ncUJG%*k2 zm!LED7NUPBqOV}4CuEXMrO41!rO1fdmdTj^02TsfJ1k1tc~`1tAj*=C=6QwnD5bKpx5-L> zSATbZ4_8immfTEJjB6q*)+%_BQk-#3WJRvXijtghO=M+T zTvJ&o!U~{>e%5G-EQc|+gFE`C@`;4XGar~*m)oyn%G+4Nl z8*J5HqL*8HiC#G$w~yhbn@T?p>>gi9AWmF-0*iK)UCez(`QhHib|fIE@~O|)V-s@K zdBqQ62x_3qwz^Z*7Ydk@b8cM?uV8_dDWk>_co4@U!O?E5%CL(n2!7h>zumxI>Mljf2;qwuP*x zl^>ynSxj=d2EiSCyhYE7^lFC?V~*rdWG>hqKc(Ov8i59r3B~GO2h%>l;a~Y{p7l_& zvKOeI@So%VdH#(lc+JS11CF73>c1^Ezjk8tn^;_AmDrfwwN0-g{JwGDN*n7Xn_9i- z;z@$b{$Z}(?+6!D;Q|H>T=jg-BoB1G+jW|=siEjd^-kMB#ij2(ozXv}Jg7%j=c~(^ znUW|@r=C8cG|pT72M3;X;3)yq#L$dmO-!a(6H|KPwpO~>e(>Y35;xLM1*MBwNYlj> zh2PY-t&7PvMHjP_d_H;~Y&I0b8l@@vcxqMJqI*-Tr7_V@uTN|4pYcV_eOjQ<`lA5n z5dH+T^UCOrx&5D`-dg=-!>~af0TYbtu~kY{WUh+kz?EvARRQ*IUi@;^~`%HHkY**&+ecZO9Pq+D4pX;+>LTAl+{B071h89A@L@zDAU@2C5Ut#HecM)I<(+lMZQhyOCt>>5l#9tGH89@9kL72hysYs;WI!tu& z^@vcci!Xt0@HHADDaTm_Ob(Me*fP4L>xjMJ1#)aFU|z6XWWGw zpGlkYq!2q>2t{1Mn{1nCVM@EZXW;XaW?F-S zfLBD~%-+J!R+x~?E|Uv#4|yO8z4m?rv^!{IqTKqIh_+kWe`2MY8{0r+seK?K)b0bvU8SDB5B!??z`az4?(Fy{bKCsLb!8sw4d4BjGgF-C zMMbTL*i(?I_BxXF?>M6k!nMxJuO_b#e2%aYf#X4%eE0+dK<|#F2%+{icNKFHU3}xEae`TtFG-(v3Av#(4DBe zq_$nmq(**Wrb8P<1+;uYDb5rqA(Sm+_ag7C>1@(Lxs)V*(Kfj~PIv64nmye{xy99g z`Ai41LW0cGrUHfFXaV#C^F;fxQJJC+#ta~yNf2fLfp+M8m;r9?0<2=tX(e5jfUWjcW?4WW?v|W>4h{UjS%`wq-O?n}@(hG@|Odq9Q=!gd0DMOe_ z%!h@2nEoRC37@{s+EAr4d_+dBOR1ED*~$Vmh%#u_=gPF3-OL=6uo}PIP-^|zVfeE* zyS&`na@%}COWfT5;q;Y^-r}j?DQ|;mePP_7HMoC3mB z4H;}UGCSb|znVAM8+ce;zMj!*mw>&Ak*F7%&1^d{65;d4(#o~J`U{b zz%k`1IIY<5(ic~ zaI6D7bf9RDci;pE7{3X5k^?6@aEb$`I&hi;r#tXc2VN#%!?#;h8n(J1Q#^b-Q^>f? zHGVr>ZPqGAyf%Il)cDPU+W1Yy<2UtfkKbgQGJX?^`JfrO?`Z(dFKQu@4aK%bMH_u3 zwW^4t-=tO*bu_Sh;#ox=?UhprPfq7|K!S|wu9CsV6LE&5Sv zmB>YZNv#sSXv@74$`Zk7pVTT*j9!*nC6dwWQ>#QXx-Yd#M5Cuut3)-LyLUoaA{*_M zS|z&Cb*WV%9Nm>#CCbt7Q>#Qe+HRkOlteo^I<-o~qgSU^iF)*&)GCpWewbP%`q4i7 zCZtpaqAOCXszUVb)T$~GjqI0rR@I0asZ~`Z`b=t7Rf)crT2*DDCsV7cPSm%5LP}LA zTAEr_m7)Vu>&viaIs>|99s%{5g5j?8F?tQn-HqVqwnFw-P^X-;UQ=Rdqi3J55INfo zRt(>TW77v1 z1_Lxbo2U$4j6tg0!N9Ryy}^-kOHq0qtwRJR4&^(WD~-NE$PGtw4GH#cZ$e<>07HZM z-as4#BB(#*t_^cJ**d(@k+JYB`=FbZH}p?Nm!uw*<2N-+xsQH2$L^!t3~oGBq`nk6 zyQ4$13tZ*VL_sS1je9wtNSEq%9bIG>H=^p{@D(|DOL&7e63M&C*;oH+}BFH0FDI&FJ-5Mx;qsodXi_msgAO8xr}hZS-5W)Vw>*9)}`3J ziP!Qi2FDX(L*HaUbPl9`m(iCVsOIRJSm#QR&T~fEvzd|hTei5oqMB6- zLn|#O9mZu>_-XQRkK36ok4yc4cB#`bY;LLV>dk$wByTuzb26#Fr4r&wyN&Z`7mBJA zmh&b+Oz^*yEOS+*jSgN0vYOlL1*$3Bi^cz~NZ9B2`#M$bEr70K{k-DPE}HD{nm2%G*UnP#BS>^RbjKjKhIvhR%ZFd3$eieC z`AEYDtA?5CrwF{x*4qRo-prScNx^-pe*a?;$)U%a5Xe+Ng<=S<>Q`!>Ks5_5C8qj? z8H-CyoQ}2#Z<>x>Jyo1%O~-~6Uh{bqk#r75#n_;8XbV9b?Sw%0r|74$UPxZo_-D#m z*$|g?JPM=HL@OsLm)5PJsO!>rRD zUrRS-faeCD*M=AH9g3fFtrXS)W&rG9>?$J^L-Kks&euK}A6^|e!T)mO$l#D%GIXjIVcW8>H&`Bbp; zO(ZSn`F?nbeD(8|E708%&=I^AGtZ9u;bpPo>!x#*%mkP7sh;NfLwe3Zc=D45ulO4*f6 zL8Y^LOo0Q)Z^7h;Z{^D^($Jy2^E!u|JC5=$=xO_K9cV6|4c?9?&Jx|Iun)A)WJbS3 z76TsUDX$UN>&{MUq`U9f9K-?fn)r~*O%`U5P?~AJTkvh%Bo9@uc{8w|?T^au8I}&Z zY~+r42#uZoPE>K**?fnBoW$j*3d3Zr?B3wnty_hEB?!ak&F)Rel?!%An=WCM6Bjrb z^t}lM3E!!3(VQ10F`VR_wH3JPyaex(7xG5)-v2{;e7x1sWiS9AI|I6k%RY&FNw=Ao zwFO2O_reH0>W+Ntl~Qvlu(21P?)6Pblyu{3c`PUm>5|uSsnpyRFm(3HmSAjcp#0*W zY4)5qK}9SF?`GYlYc+bXrgugBI>NRB!Z|AdNW^r)) zGV6uK&R_{49${wi7#Fy{D)z?;Ic!;U-$MlKvhDX0)|SBEhhc0l)Aq%`UK@KqC~smX zY_qwi=s|+4zf+Z^DF-yr3Bip6C_!!{sBkQL+ySF^zM}B zHa%JG7>$$fLhdW1=LD1QPoX+d5T5~{ubxy2SW;#1^jYksCT!;i9gv2K=AG40wW=xw zRnrEi0OM%`QDl7hd4Y*f^VRt92NbUqLtz;l3S_iX1&IfTD292Jol&vi4Cva5VH+Kf z4k!Q{OZVn3zagDBP^_^&$XNP6TATJ;pCXAg<_rOJ7x0W+i9E3OrzzA$G@SBLwRMnQ z%J)RepD#g*{N*IxU6{P)-S+(oU#)L4ufv|#fT@6@Dh@A`Lc;3OXE7*)J_n2k&LV~8 zeviNeqZQNKf2f+YR!M2f0nJ@t;{c`ODw0A$=L^t5&uF0w=>5n=Zz6?Dx-k4%hAnEN z7$vn!7GkJ_+rEFOBcQx%T^p8g#lJHJ9UYCe2wCHOd^AJTp}e+)S&G<@`9&gfGc;{< zDfkjtNVvQ%+&bd^6M?!H?VunZ|d828}mDA2&?>tcaZ{D26xM()#k6r zpkdTK7~=L!Y2upo*0+q(*Z9t+qh#n*ThGEMr631Ha6)k7z!mUp^A`#SrLRG0{PRi? zPe@uCZ&l*IjVnAZrd!D*v?+A>PCRT*>NKc&j?{g~vf=qtw_y&AKfRyguJiPUrNLIi z=uKsDxoESK;k%XFotz~AKg6+0%V2Zr+EC5dOlU50ZLXzpLODlcdoTInq@|561z!hS z)wmr|$UV*fO8&1Qd*=X?pX%SY!9B=7GnNx!Klp|ywA)hF8}uGZQ?T((xwYrW?!!vG z{+6(6YY%|#$;cm@a+pb?Y;e%~UiTaHTi-F5Z#`gep!HpY6V98)<$B*sw%{$=qhk8N zHl*&^ zptQZF5@SW&y-adj83ETi6Z%?Jon2j4b{8KQc=IbplAH^J;s|J@X z7IA~C&8=#1`?M9$T3n~Rh@e*~wSFczv7Ybjk{3Lrd_;2~ALW2lPY7n(T!n*@+T5Pb zQu7ibo?W0p2^FpOa0r7^rjwFDG5y8y1&3!-wfcg0rx82B?EzJ0Ei%Ik}pDrVcBo{on`k>B^WR@w$Hs{pW`u=}%AWZ+w!7 zsYuw_6FhJ}9%+bvgjK2I-7nRVA7eF*^dSt=Gad%UdWI;WXZ%E9;t{^mGnkODvbyCaQG(5<1t$I=GO)QmW>Z+$6v)(51%Zg_XO;?fZ~D+*lesOb zoxPJseFFL|1Rt1htv5K(LTa&3IB&sE;U%^OPY~Sop$q|XXIftVgP5oR{|3;`uVhar zruwT(P38f~)c;@$uanGds#2ReXF{{P4NpZ%>fA=biGT8yI`^nD^KABdVV5o^n8{5A zqG%*GJ+;}BqP?DIdpgw~+W6AQ8`(*^P8*%{dGQ$J?e9(NjM5V4@#03Mm@BS%2246n zvK4CzU#1nV%D~iG+4kFglsux9rv31I%cDGiJUXZ}LbDm=!sg ztq4r?@D;O<$IJ=~vjQ1r6(qx~b$Uj|!cQvLHhPL&Uv_=Ut0K+tn$PWwl7F_9>uj9h zwI2Ylr=Y)~crXd}b}P~W&|Y(pZ}?kko~zuylSyN>-^-v{`3DT~SWWa)x#tT`^zl{Y z{yE&PM*%|(l7s5E;Kl(ejvF#79F(4fQV*Fm7pn$mJ9rZ^22X+Kc_wFh8cX+jHZZXM z>@|nvej{Snn&$$Ijw<9irRLkeCWe4p7D2oX$XKiq5?4MEWoP}dZZ=5ld z|07;29o-vViE=j~hEVEW!;aI9^U(Xr0HHPxvZCO*?UD|wJlZ%&O^x3#=k(_n&r%Baa61RNjZV<4@Rw1_m;-W?*f!=n zlSt6yX|EPB4n(dO0w&2d$pF2DeTVsme^S|4r}bxy67VJF=G0Z&LL+{c!h|1pg;!^ke0W@1z|7;MC=N$@i=XjeNIb&3&*@__4rWHXHHV!h>Oe#XR zB-?m4>Kg~-<_K<#D}oBM(w(UY&+k2{2uVFa<+XR3?k5K;vHVKjRX+;g*7Hx~J*fvr zgZonkk5{V){{q*Er%XLi3e$R^@%QKO3nR#R4^9Yl7XUdwD%&r6&2F&403RpdKPGcb zz#qb(PAW4p6CLEUNY;B3Wi0BXenWX`=-~DAjh#5OfNoA_Su) zV{{f4G5SQzsIV|9kYQ9oGK^YpY-A=Be$o)MjZPU&=DJs3o${$*89obK6qCy_Q30Rx zae~hw0DPXP-U_4FoXfY=yxDr?d6=I~(VD7ki=Nu84&!$ao7%14ieKi(g;k>^nCZ3@ zh(^nl?NV?Rw$9*p1WAk8s7{F5q+)KPW9}2)Z&;i1u0R>y{oL>2omK|k$7${vuN}qf zpP1_Bd(B;dUUOHzK_^LcyKFQDJsF|X{n@sL;pX2I+AFno6PQ@WcQy~CLAwS= z@poo66SlE#Ga)HT#&}=2C*4n|RQql}q2^!;xqE2~SkEGFcE^cy>-w9w!Qg=y`)Jkb*$Q`8!**IJ>2I=eB7~#uvaOz_7|MkgYRsPx1iM| zlk0L|+GRp8BO?k2B~xt*H72h!QO{J=Y#`xoL1DvL$~c%X3*#y}IOdC3I^74?;9^?; zv5r#nHiWx25F^)sw94JsS4vXMVkOUflQ5%28Kro`KtV1Y_@~> zy3zRam%j+B{0|qLIFPT(|EYHQ%R%KYm??jSn^gXps5K&w%U{^=P1sfbW_cr)r2G%T zb(8Wp7OninaZ>&=r{yoUH@Ey9+nucygo)Xv{GX1?Us#pDV5a!W_YgxqQ_n za6d(D!x?lp*wrNnW{O*Zk}knT9nJ$arC%`8MsiZW&_+Ldzo2wv`UTe~I^O5w1n&y~ z3GWLrqsH5Jm~Zf<&Es99#QP$_i7okx_dmtF3oG6QGrTKMn|DPWPS+=bcO)nAZZTR+ z&(6Ej5%V7L7N!XKt*r&}t!)Gftr0-=Rl^$_qZmfK*0utED-g)Hwv#JCt3ZO*1oExA zK%q4zM+IGsfuP$9_${_iDd>)JWz{Z@b&0HO*cbG}rLrM|+JiI%Y?v&X8*_(lEuAB6 zF^M?#on&R>^!(gC(9BXLR#aZ2-XN(*sH zi!PX2uSXmXa_AR3^uYr8)*%9g)}esv^1;SovU;thhX>)hMc$1Yf-@kI!W79nE}K`Xsew($%naT!+dmE z>S{dd)7>%cX^&3Ub{0r_s<{RG=ePw|^A20*b~w_yR+|q$3|EHHnh&R&|H)x?peqa5g~dkfzhg zTjb1zv5e=C@|WUitT&hmk^JF)@G`7%CXSU$DW=gP`Q4Pw=YT!61*G)znELWah%&sA z56=LEXY#>~uDm?<6L9+#azr&K)?X z%}(Py0yoa*ldhYny`P+>2xlImwC@G>U1i@_+4t4Z5ej8uqyA)T*O?=YgFFNi$StCN)tMazkUhu8f(C{F5%-f-S<);Yz|GUMGYr6onAgNB^oeLT>-{ z_BV0NWXT%@Cax9*CQJT`q_1bU4r6LLFkd2&(U%ko8P?FSn+>o^akI@{CTZal$P*Rd z8hph5+FWleUJJVMMt$DIr*)nAx}NXyHzNOB1#bu=??c@fT zGz@%;44T7yD~5PHXq>X` z0ZQc}lU0t_NN0W%0G*lnV$Nt`zs|nb^9?UcHRc<|ou&nDl0g&SH)DwB2Si93^DUsf z3C_)##{755z#Uc!a*)z2xN+dkN!}L zH~`!g@~OK=133p&{Brt{cc>`Zjd&*BUlTT>YT25KJ=?} zK1v+ zpD;M#oP&QL5a>y=#d?y`ekimiOdgdPb!IayQ%JiqZ*tl{35LT_!JR9(xWakZyBkZ>FCMNC#7N^na3TKm3}$!M~wT zdmxfL0r4Mfw18H)3Ztd{kRovcOfsQ~EK)9okb@ltl zPzBxI`RVXmIEA#DK-HCw-0ie~msq^_5-)SfFQ=ofT37XT5bX4|?>G6jdy3863NDKD zh4%?ed`lGQ3pc{}`Xv^D9Ow%LGJT;!(P|}q;r&?Iglu1>CFudbW0(i*`(3_`b$nXi zGy8*lmtRHBu$R^lO8&^$be-MzadDlUt@Wt0(^`*pcDC5#CO?f8I=df;oa2Sg?iqO5 zaF*8;R;zJ>nN<+uq-4uI6tz;)#gPu{?2KN&ORkZlm-`_e+>wq=TuZ_K;7B#j?PX&) z_8VYkuc7vug2 zD}1$SEH{H(Ug0%`Wz(2IW;sGZ80%;`f(<=(s=}yPa0XoMQx$D=e5xW@YgyCY1E@IT zGZjuh2*}^p8lPXs2|m9GfX^eTChTm=m4ZWUOnx8e@DVcUS&zi)vI)_Ezi$gne1os} zn*o38wI_gW?4V##Aj6_U#VnSZcax#)-v`BpcD~Pb4&R+&e%45psm~i@lBq_;(mW|s z+h~`mNuK`xU#Y$zJ}2erm*5p$3fZ|IC-U?G0C{>`DL9qP40mK6pwuKsVDY;+ac4i@ z=Vny7D{AEK_XH-s!&kZM#nK}zSu2pqS_PRRJx0ZXPhzx<-sDWqrEf}kRje_u9JP56 zo87`@1|DhlNlZ%?j$f`{06Xm!d)831$pmDHzOo>J1)yrPj~m3dAS9- zD{pJ-Evw-TwYL)8ru{9-(=ziCPXI@YbHd*m%!j`N7V66i#!pvmLCLu3E>iTyjOUp7 zy}XwkGmmU2m+HKiu??I(;&MtE{s+9Ylx+@G44(uc{mSMR>bc-3>yoXF)V>6C^9oYP zkgM2I;khEL@8)3m6rslk(C*~cdPpAn&0l}j;i7xsE84&(wA77LacC$^OqwPoP02=o z__Qcdv}`uVUM}v(YzDI(yv)phl>a#YgZS50dePzoAv(?{U`SuA?H^+fN--~pF)LHd zRx##`6f-NvT$o^BLn&%7vrrsy`O{U>^Y142A=4AtJcvt&V;+RjwVF%^&*%sq^41mFQipJmr{2k zz7VjW&nfwAD)PaIx%h8I(JQc$k_(QY0lDu2oduhoJm^kN zUj|E)XXnG+8j-Ln8=bZ+hIwp_g7c{JUc>l*PJdUwmsXR(b5JCZvnZ~TNbJvUWMGJr zSPm|u38;P~S_~83`3hv7gQsZTV{bABm*dy%7i2(gp_hYE1RaWiy;k#6y3Ba;bi6dn zV?2f~C!veAenA${pZ#1pk>T|!%YQj)aHCBroEO2?U?wFF-UY|WHYzBNnele`I8gNkrXp&GM=-<{0)txMw*X&Ptb zwj`dbEgm^49@{W8(`(9?Hqi7b^iU#G8n<1O^-n5-cfw21FMlR?&+ca+_A?_lHhsJt zR!rj6_8G64q)Pg3lCNsroovXj(tHagIL3=&RsV2DpusFkG5E0ZSd0%6FBvps(c3su zd|zvP$W1hOg}pom-|{p)-|S1EF2(-EH&3>ggL!<~d{6IZe(cBbJx#puoy6<-PEy4) z@zd}vznkzaYQE9RBSRC05}L-4bJ|)#$bZjzXjg`bw@GCvWQG^lp6x(9Z&De!_0x?-X10or zZSbl|xTlZ>ZzdODj(})AEnBhmM*s~|)1cx-amz6~%RXuO?+@~5sLTS;zAA*ueU#wE za9h5TH_a6>$C6{i3T6Li{2-KnmDl*3=-)60chVNL{(*^!NoG+;@OSRdj#P?q*9u2(6#rg@x1qN^>m9Ayi3DaQ?z$2n|Ka16`^|pg6Y_JLu$AMNq*<~$eAsAGFoD4F+m*jC){U?J&uiTVU8 z z%9BLOQvxmWlxikRd+Az2o^?a=ye!n?t@po@C)*JpwJ_xw#d`_VQjw<}973K>IFM%s zZeoTHm(X-T8|csa@jM8L*s=`B&+fT`9{8*smpJACfLAMMmPL92>?6@(l8kImumHew#Qs}CkSHwKi@ zbg`2|R}Yq56-Dta`sEb82G!HkdAzMro zK*Dk_9gE1B3eRX_t97AT=FgBde8|<{M2ONbyjraaH(S(8fag_sT5|EM**gH141DbJ ziP6T!3up;z;=K;7p6Y7?D91gT(!+he&EPSPdq_1BJi#=Ut?Pl~9?`7Fmr?`+c-(_- zQOa)f^_^72<896?F)qlq4R2>y6>R=vR??tS4ey8=J7<5aHiAfx# zp&Moc=5|bq4a6i;p(Ri&bSVxfQiWs@ES3`_PpJqFgtP#A`c>+cB6++m5vMk)YTh4& zu|ehu*eIf~%ppInEOfx1qWu~F;(GrVXr&N|b0I_TsS*xvE1h|T1}?rMQTd|3Wf27Z ztpEph>RP+MJbc+W197hx2bePOj_WO`L-t3|X8mR)SQ!zZwAh|bpS&djTAk*MX|eZF z;57m(G0HhAR2BFT?>1A(iDPC4_^;n?kY}iSI-Ni{<^Xkv2{7OCG63pM$MSZAsm!+< z=SFBTk_n2Du3m5A%LLX7hRAw?ha~IENqw=6Fe1^-^Eu=OQqQth zj6lzUobJURy+-|xzg3={fz#L~LS6}QDNn|StG>p+8tCR(9iXx}mjPOH{5iig|Nqk?8%HV!ReUh!ImuZL5ge{WSrv zc7$Sy9HG2)1JwXILX`@SPz>M*Mb~1km@YIzu~^+HkAf>qEkgut!fBjjgbLBUcbOwp zh-4k1NTeo6pk;&-Zj+_jnpr4DJ4#pXD7h@u<89AYHs^;;!3M`C%2?AHipC7!IV=JpJj}GS_?stQyn zl&_1wrEiieOW*W}U0*JJGZR6Oc~dx$dBE;(1Ycy|^f%U|)8X#wzfP0Bwvd`=(r;lB zw1BzUB?Ih#7C)n5ucyG~fczG(E7%e~YnLaE4U>RZ+vQmicKKFx0}TP$I)5hX}>Ge2DIyXme>d z7V7cdC>_@9^H@xmK0gR@w(1M}{2idNPgjB8=<{q1hqrUM&!0y)cJIPAw?+`;-xdz! zpMfpO@I}fWVk8lpLjk?G6T%g251&Ph$;$pE{T)4T5;tCP8xL!mPv|R}x&;Q{-41?zLe|+W3p8xyjyo;3qoJ03y z^TRcIbpT7}#ut2WFBMMM;3W~hG@1~NNf+*!cKNWnjoXs+%cYOb#mnRm8+I{d^DtHri zBfOU>6p40!7lB;`b`#hg(2I*>T)`gjLB)zcw~&l4HvnGca|;>5U~vnbKqo*B7GKUBU*4R&n;4sXyds>e<&B9 zrqa94ODC4rU(Ah5jMJaBi^V5%WA!)f$|RQ2Upr&0ZFnlVrcpwI2gKd*hd!BW60DJL z#auyuGB;L#8Ewb8MD&N!iLutNqa|RUYq5spM-R{?N_uiCIVPT*LQ=4H9unDkBv5yr zcuth15tBu=@Z=e7pdwZ}C$tKh*Me=xW7KOiI1ezOt;V7DY09>3zR*7)=BYiFC zTi|vAVtt;v1vIMMbo`6kY`k4jEAY2GPf=AJ-doH*7On7P$a^Kw$9f?Ms?#41Y_<-hj0G3E^Ry0kr#cEgh2SLUy0U>i&pJA8GePgkr;Vi0&P4TH6rGsxTx{ zVI)v1jI13Ax5-j%%`ArLUepwsnO_!)(?(ie<~ThaGUwc!Lt1f}4*+c>{#6ie*i|-% z!`sJ{d6bHWPT)-eWIhx@koj$JXjf&5eLE1le>k8QcQv|#cfec1lGVyqraTa@}U}_iulS#)SA*KqOOcts|^afcQ3DoWn5iP?rr?=J+ zF_0d^K*C0lZ>xc%T@(Y!4eJ&IDNJJz-<>Q;bB#TGN#vRmz_||u@X4F5#Xt(%Zfzj3 z_M{hfI>^FKF{ZsEMTdsT*zUsEZhVo@!o5|eSXt_nR9fqlYz`DglSNoCLQ;mXi#>w< zs9Iu#t`y1R?N9A6$MZWO56<)Pjxxg5WPnCl?Zm&h-f^9$5PyrUp^P2g0jA!$)pgLj z)uMN!5d^&(3&$AG?}9hd*uadCX!qYO@E(Caf%gJ>zoZ6a!&icGl5F>n1H4M*BtuZn z@pJ-X0I8fjl7Ug8BuyV3ct(>orwH%;!e~5UQa)v{SD<}EB8s!wGp_~&~ zlI9x9iPH(Dax#F*N!OyB!gg`xOcUiS#cVh1AbC@Gq{PXF>Z0e~W%n%ntA1uzuolPK9|X z?BYZOK|lR)sGq~_{>ku0>ZkucO|lM#Q#2`ZFl17@#J2kx!R`+T3<7$;rm9SXuLLb7 z+3ueTc$HdAwxPw-=>#SLQj1fm4^C7KXMaF~7Spk4F;j)Ln1yOBK1J4Yf#OV-NwjEj zTePM%M6}qlc22&nT8s&*HnGLl&V^~Lo!`%rG}l-=#~MV&*_)*Z25{}1u0@N5ZDZ}+ zrRShDo)C0Q67QpUoE}aypP;7{=AfnY9F+6Yr_5O99MlbB#2nNlSR;q$prs<`prs<_ zps-xUn$3%4Qp`b1F!G_6we}+t*^eYp_oFhLX-ZQii@Km6Ng2{$31z%PLjCAUkv!g^ zW?0!cilIvq0AVMFqr}QL}%= zsHc&yUb~-xAoQ=fa4^@r(e9rGpJh$ZKbtsvmUlW@&hDQ>oZU*}#@hZAJV+aBhKmpZ zT?lLY^qFght+-~$yzP>s&IjN863Tpm3j{6{_yC~yJF5MI@FBax!%^ zI^|+Iftkz!ow6*|dmGvlhsQudr=(+9S7a)5N;%PBuKAM*ss&x2Rtp$+*0~Gx2*>je>~bE0pf^k5KySw3?ITXepbZ}a0oJ*)%Ut?57x@{0Z;k<8 zr3qyTkXAmOz!E@8s~n}(1zg}8U?4$SbSx&6sZ0|p%!mcm#`0xw*!EZ;z5bsoUGcG38EsvYFrb(Y;+X=VcT(MqF6Y$9u z*v%Yl9&k<3jjl%uQm5!cD#ETb90vDMC|n;C43j$vR+=NXsCBre(l@A>1ZQwKcOa6n9Z5 z@}zlLsK+~2WYZX$j>@#hpHDeh4~ppLlo=FIdGW6TzacX=hQoWeDKovcuwG=g9zl@V zW;l9n;Su;EW#-?gN!IDqCQXW*PBAGydn1q$aLQ5OqXM@I+y>~yoz<@34*0ARCvNv| z2fSK|lXpt|F}i^bfRs4if0+_z03}Y>B5|e*Nu0%MiI>(A4-twh4!#ey z7<%F^O7i19F$C}S{{gqfV<6%~5g=cb?ITYhuAJ5LWh2LAGk&T!2Pi)NgWx(obZ*A; zc*ldt?s=shCi=o>vH^p>n@(UCAPxF8klwjrc0Z}G=5#EQV-mxfXOs>VHvz?&*FQ_9 zk{hh$AeagLh0ZX!*!^>H>g9Jr=Y7b8BYgjyOK~Rsh_u;L2tq}lhEvK_Q@NV!b&S2h zMSHTZ?S?}b*8zAR!uz|@?&uusd5Q6k!vTo2g0u&4EC3%`t6YDzZz8xYN(!>M6QjZ{ zEIECR)#8#{cpnO?lY=TV9*#0e6T=i5P0Ym+F^ard#JJ{-doIZ~KZUiQZeR}}KZR9^ zjXVY)M*`08V9~X-G7}*iZsN&^3m3^|PK!NPsb(sVp37HwBzwsglaxa`1kl00{0F_N{{aWdaHt(@)8mN>e+Jo9DUQ>Q~f%%RkoN;T?gZYxt*O(o@Pm12FdQnk4FPn*>!a zsY#-fobDu-2Wu|6Wjx$WCM^@4fU|1}&IFG%4nGT8ta(5PwGaH^2Et&CyR%j3V%}m6 z1pPAG=is~H_Br)MxP5+xzCSAMvk1)&`|=7G2cU@K&crIo*Cc)H^2$MllJuU{Kd7ktIlv*|k+7PRPXL z!}lHVVef|+%teZ&^l<2Y7#`z(4mKPo0r_+T%K$kEsDa|nE|*qh04D)-i&Bo5vv8(E zPRrr=lEF{xx$eAanN7qi^ONMotdy(6jJ+T%8*gXB`?N}q5_)Fq4)*Zl z=Ep<$&xS5opUn<{b{79-pu=0JZ}n%>5$WE$ZZ42|TQwV}wUV~$mOTDmM-awF+ z3w>r6+l;bt92pc!q7KT(*HmKA9Ca&C#a&)eIpt|ibqpV#A!BN!`7Xe!W;mz*hTzgy z5UV#9QM0RHS7!DYun_ITC#=x>)`NAqKw$$teENC>9z&q40&h=!lWyQNS;Fn9*HWNA z2$u}t?WuH&Qt%!^-=@xV$Y~?9q{YR<2rdzWCx{tP6>L>ejT$CI$+VhhG<>DOnkJV8 z)(w^M7I65QMz9>9jw8V{MeArzec+fPnYw{{Oxb$awr|~iNm7Jv$jch3k3=_hgLT3K zb67V@juO@lzN_J{8U77W5x%pr_Ul@p-vZiw_!sZj(?NR>e@nk+`4;_&Qs^yeyXemu z1VMk^hGW&dDU7eQKo=rjBEfJpoN4uf!N&*l3(EO2%=3Y>QriM;hC(<~Bm_V?%n z-U8&D9Z#DXXP2N_IB^ORrtNer(q<~;Luu2@V#Y~!ptM$jkQ5;h{i!QZb#zl8EERM6 zu$dK}Bu8r$)69nY>h%5LzPkQpv+3j1>mMnzuQF?k4RwiK-XU%MK7!EJn3%Dx<^EaB z&+x$dp+HR1;QtuV+Z!!u^qR{WQ9t-FFEk=1aHtyQe$t4w(1^Tio>a6T9ZL%`NvH+O zp#`yoAlXQIw4^kLOuob9P!ojieVYDY=vjy5TI%XixYCtl3hdIS2tr-IgoC;^#dp8p zv#$AmLEN(DtH+ZpJp33_gKrQ)>m7Zj-NNl5%6kCKQx`{ACC`*7oP=M4E|1gDn&jP! z@E`;2ekmq03Q0N&eRltOK(713B=SDSp)`U?_5jI6sU*t5;f(lc!w_Pjl*S-vouh;c zj1Etk_2}l44U69*N7M*+#(xE0ooQ~r2a^}OpL86`1k|e*a^bYBQ*pIW9?57jE$dWl zU7F1A=ms#O7n50=eJBQ9+wNxoO(tE-QyJ4CCwVHvml7{4el<*}=0_e##gg)iesZXy zUNk)1?bQfpK*_Vj!8chT?hvY1F%s}8DPt=;L%5V7G4xUfrbrZNu_+Qs5q(#tNK#XY zZgx!8He!lYa+Hwb-Y^0U0r-{dY~7#u}whh zfWO7Yk}XSLh*BMp7Vpy0INu`(&H4iztBw6E^bi;P2|-%d=`(HY@JRjo5ka{1(`7t! zxNxh+A7X4baRlVk`(_ymVRg5_V~nmWoYSSB=>{$Ua=Mg3RngNW25`DWwRx$ zk9Rv_)HdfzYu^sr-)GO8Vu@2f6ou?BGj@1)FcoBu=jS&dN1RE493BG^a@Yw6a*%IQ z?SdbxSb$ixe?pKa0eyAQKB>Ol@X9@_Ptn8X*aHu4JLIwmb7RBqr5kt}kPTaxCU_*4 zSb(!t=@zA&Fk6+0kj;KLXw?I7qV-i_-%6_*-)5AoB})ua2N6jxiG<1cTrsG4Hk225 zacbG7kWD5d4(}lemiiw?{U4Y59|jS%eHIStpT+ynkHByD9|Z*RoFLBwTIEO~6Ea8LU1{6jqK=V+P;_RDiB!Lc?^(iBm$1 zLJj{7SJB`~z8c2uTk^ah0~lXC{y#hx3Ep0^U#HQ9^#cLosMLA&#lViZZSPl}Ng zVfN(XVNx-PZkjz-4j&8?MVE6}B}Xxp-h2)?gJzh8@r3W}tz%Rn=$k;l3-sb+R1Rp| zH)*_}Xasi`~LMIRpNTZTTMOY?^zyJtA z+nY;k;s!ntxZ96&)K?CMWiO9Rd_$xszK1%=nD#zAZ2k}68lM&>18DvVbOP8iCe4q1 z0AkZgMcdOUN_pFCdnQ39XORhQx;$@5Hj*CwW)woSO%Icex5QzazV}#Y{9>_|cf&5W zjlzZ=v`<9@p?xaBvFhm0;b(^G2+}%ApJ_JPOYHv2pk&wYj-|{-sFB9Kjo~dF?Zp{~ z47{-Hi%@;{P|i89ofL(y$6bO|#Hu&WVj{iWpU!-T(t2RwikgpA@kF<=mgV+28G`e@ zRS~VueMSu6)qwllVFA!?Q2??rKqR1FK(mT=Y}v0tH*gJLBDU-|0efe6N-Y?`E&FsW zVqiLKa-|rOJQ*p)3igmIEP)v7lWdz}lW&qDI)+TXg`0qc86AThVe&0P75i0k6jQ*a z{o*=C9OT#uf2;lCItJzpa*m|9{Td4T-S}JV7fZM3Mzq4m4b>jejSo?C=*CBIxTo)K zJV?W9UHK+{g;i}!P_Y&3z$eUw=hM8fKsa`+A5#~Fr|zF300JvMJMnzAgymx(LJdK17HE@ z6s5dxS^%a(KHtFcwxIPrJ1kV`7XP2?{FBuATd>9tlzP9Thh6V`c<_A0Z#hb(G5NRv zl2L0+KAN%C`yep8p8=eF&@D7QTgsp_HoG&_B6}u)7Wu-3NUyKWdIk1+ z3KsoEN6>++k4#jXh`uM^Koh97bC>aa;s%`o-5_afuyjdX zvDn~6FltmR*6wY=it%9<*CnxH=uC7iT~aC*8}5=xQ5jXNeUkDl-X{~HI4H*11JnY{ z%&i@hq==3w+jNCHiEegGHa#}!hC61-QH+jh_Dh%q^&8}bW2h1R68BNc`LH)j=$Cjs zrm&~n+AmqS(J$-eD7SLu`Y}p|_BwPeW6R#cNzY#HB>5eYYnMPWHyoJzBA!OS#>Rp_ z5IvaV!qfu$BF2mB2u=_;C73O4KnHtULOR$NLCpIXOOZVm+!ukfBcZ%-52)ldMO;S^ zcZ~v%3gUW6xG6zg2nsi#qj_8DJc;Q%O*XNv;Z#o}@BLzbrlZ1s>_>^pehf9$PtfMR z2yBaID7I}xC7T-p?gvG0gGiPg5aA6H5*Hg6qH=J7S&ZzSu={5)`g<5jO1XVSsG6@m z-VM2Zm*_nMvfHOTXxrA{HuhZ2(4G6bU2HP5`iYxHw7A;hX{IZPoMexiTBHtt$x3(bGhvOat%blc66k=n)l1( zjO%*y=>}#2a$Tn%ll=f!vooBs6|Qdmk09wGC4QiFJm{ZX4lXU z{kEAAB213FZ5Ea!v1xM1R>a%plB1Y!6iu7c85P)pKh}oi{!p!Vvd2@s2U-&3Q+yuI zb#uH}QkJ;@OSimFbgH)yeo*AP06~!JA~;&E55RZ1TyF`>bul7nxzcA2#Ph(7xe)ar z=+<}8rK9CFZmRElbW$yU?A}MD9PAQ}`MX!pe2pS2P~75XS%D(g+~Sr;H?RY`m+oXwEoa%+6BCyrd_~k z0uZsWpFvmoewr-cF$g;XpbHNH@-e6_bzvQ2{~jZ1-E;er#t%i?0GPVg=CY+aph7 zHVl@s{%5C$Ces0r@wSS^()g~S8^HDqF}_eObNzz>G`@6;Qt*CG?*(Bx zB8zm9#Rd?I$zq?#A{xbsEMn+k3zmY%kOhmSEH=^&tOMjg*e)y!22d7si&D;;vS2#o zR2n%!7Eg*Sc2gGEjb_S%Y+gwg47*$w!c9QJjI}6o1X;wP94(8Iqj6pD7ERHPij#Q4sMNAV9QtXlE^UEj=j` zNkF0UpqB^_*JqO88tXGG8-{5+oxo;58m9JP!^8j>COSnaI1a1322&xQWaQ)B3Nf%Z zU@Ai9!c&pR-oUU33CJu&ikEa|Zy*nlV%RX19K~FbzSUjK5$h)cykB89%{$Y*-_lbrCxwqZI}n*4;KjZQUUd8-QN;0KPen}a`3`*n zKB*303fiHL+u^N%boeTUSEBH_XE2QW5z5$yO)D{#qZ`@nwe4QK#n14jB8_hxCL77V zG+PJJf64zOu}(vfEboq~)g`Zh9D^^`(>0h!WMXxz z2wOCmg~N9Zu$mcedzwz8BfEwP<_J9|_OtUEYZuz?6myOWo`zF9CRN^{JJdz!|54F@ z1aqzDRXC{sFszkug5+jlAfFI;67Xt2jmP|GWGaD8eC7rijZ8->^&Aw6)qVuf$k4TX z8jtBfo^=;ubCy(_`Y8az0+7~Aek4Xv_`Y) zrp7|#dVJ78ThEfCgunZDLq${-KkgmoJ4e2kvCQe%Dxq%x@($_J2!Bp==3VF#l;eFk z&>0-h!H+9)_?$%hVskU* zY79pEUJFr{a#j8_tD_UeV0(7N?u3grDP*{xq}OUxU$Y(ZPnGVI>DCoSN_we;n@|;C|qA@1^c<7Mr>azCL!m#_OUpAFPT{y#^q^IiJv3N(1(_U zaooknVuWdLYw@-Lga%v>=UgLhu>8A-sou7TR~vV-!Aa9d_pOl8KoM_lvJbY7RXi|KJswkx!8Xccr*IhuDQDRMvAXYV}3mF<2`ixgsphoBI z#t<#TDD^zbe?iJ;40M|MXmr>|mn*H_M0`U$B`7KV-4Pn`;}$#md(xjKMWuzx)M2_?FtOXua@j2;sf8tn zr|#-h%8dEcF0Y%=M76H+JEAX!>WPLeYxlDuw62!IWJc;4laZ8~QxC;Z|JW2k0{C$) zbWD(3z@JG!tLx&-r5DQ#H*{~HMnm^ui0E#V8jtc{lJXe=4bcmk8139e+F26fLNf#h z`vG8Ku0I^RpNMw=fYH=$JVgpE3$)-s#z_k@wKSb%qtoDIOH7@8(lCr=X&6DJPqAHI z4)LYig?xwGMKY9j=?Ruuf3hAVfWJ5WF9xE2qW=1 z6YucUE5ZjuQR{BVEIf{I`=s?Z6$q{tLsX0-*c+wos$^{U4+A-P8vvT{b~w0vOyF=p z?+5@sW2Sna##}*$f_?B%bN9oo+g^qQ$tgN`2h(u}GdWLmVBM}OM}$}w=w~1vbm&+v z)nH2Gbr5+O;}*F*i|4sCZzym$t zrRA(c%jq41@H){hN01tj(W?x;F~$f&ubWuLRxD;5@?yA-UJXWyn8UjUmRVXC;nLu1 zNnoBX`4$w%L+r7IEoU{vcw5FNHdn}Mi#{oDHyNKKghm_V6aAL)NuwNmE*qaHUk)*h z5+0v4W{yvSMT}43*fKu-ZFF;d!W_@2lVyAgRna;=iLivD5^JiNm7zFte9{uX3pIgx z7|V+B-P%IDV>~5glZ0;E8DfA<_#>;M3r#%+D)u^D>kqezpl9BV=&%cENH0B#$K9}lBX@o5!fmw;L=x)SE=zl=mjF8xmsJ4f-v1L!%|y4K@$$2BU=ShQ>_0Ay|an z2*(z?@wd@UyYX76P8PetR+lPT?FKun=BUJ)8bPe8wi{Sv!%KY{i%FpId6wU(ZwI$L z)~M`$Qe)&H)D2oG{2>;VV)+v%y|y}s@03kO{14PQ+-!IseaMjS#qFw|vNynP2K?+e z1!-@g{j^QJk-_UyKbD1)MYo_6#=1LVJCa0t5bg#1Q)AB7MpVqB84pHi3LKBs2$3Mu zyV4%m6Jm*cnE)fkB8XpG0i_HfrYf zcK|N0KUTp&H|LWXrXGx>gY^7ky5w4Ch}+*9A({4-kN_jlK+=xtl9Dc?2U zkA(I>e_(vq+=GMIXfo$#00%L;ma}_I2kktDvGH74ytTsDepoio)(H=K2uThSX_n6_ zgsWK>>pHAs2Ifz!Rub@VC2$)0S&q1W&pS6u{tfTE?dNKEhg>N?Z$GdRd#*P}a>@uV za;#ggNQ!s^fqqw{i^mO#2-K;}7ZGel9I!slwz>8nV|u)Wh)COIo(FM@w0tM&R0DW-) zfA@5y4_L4`ESJxe7Tg7duaIu0?k!b(vXU+2B}WMf$tLfNTB<2~%(E5E)S^Oj=#Nt;KM1`uV%8DuTo>(p zM%wuRg3wg^;7B|Bx50;Y7B}|nmqt5p0ads2EL2Cgb8oYq_ao5v1_0-#sor;tKI6qI zueKgo$2DJ`vOF$T&qg*l9SDp|)wi&v`Edzs{Xqbis_7P`3^!LbnGVAZ7O-P*|C9GA zpxmH{rBO13cC$7)NfAvh@9CsyiEcJIi^r?W=I!v#*9ocHjY4gH6hUb7!*EJ!a~zHn-43_;0_39G94`s9Za<5}IHm~b zTZquBXnB^(mVW@z?SVtU*z!HYEzbb9JY7r6GhN9oPqvD+JV}?gyc8XfFykFHi;rme zlB1X{Z?^k_!f?Ce%xkFKKm0D#?#$WJ?rxs(XQrM zo1=mcf~a3q(`O8l&7Xu+j0AYIhoeVKE4T3I?S)2|0~-r0S4`m|W0a;ZRdV|mGl|?Y z<@V>%kDCbOz|0aL7-sNlMRq&8lW{^22k_3ztM7*x$j85>^zenv!|)iJ5m+ZmH6J9q zzKjb}?M11|Gmf7Dlq%h#lt0Y=#B|7MIjGo-uz*bB9Fo4XDmr{8Q*`)BCU!RrN^Fy2 zgAz#*LYF~FIFsmRcjM(?7>!mSy6$czNAY+I5JT=|N1H3WmXmKbwTB$7`}FI9UK6xF z_!l2*27|_jam#x+7Vhw_WX}5hGxz4bEqcLQ$DkK8;QXCltU_9?7xbBW!3i=``!*s}rn!`f?#dHURg@_;*p27bB{TS7;zeSFS zvgL{$5hW=?d*q0ya2Jp;!(@;{Y(x)hPsvdX?ZF%d&&B*vf9gQioJ1DaA1skv?cO{V zZ_yv8%zxey{mI5gZ0HX+f*blX6)!G}@4OC9M7Y);`b_=dW0~782`a;O7@M)({%Ob} zVl%eg&mHEbW=H}wtYt^G+n>uc?~2h_BjUllcr86N8tdROj0PE|(U?S6?^K7;Ku5|r zD|385186kp7Nr!KMuX{)(+1=Oqfvwwkv-qh;XU8c);-??sXeT#F(cB|Ou*S;z4cpf zF=K=X`OExBSd_%3_23qIj5d#;aBV$Gj^godL=5zCtNhQQk-1;jx;K;dBNnt4_!qYy z?Lfnv#A-iSyu-Um=gnud2N161&)xZu{}ecXC;uSAwfyNb<-asi{f)WG} z{C`CW$TgKa;SVv;TwyD$}yFr(Y^ zltYBrOO6r}dxYFSMMbc^?6Q83QCgm9ip#w@=v=3?j2kRJB=>f`yFxV(0l!%MCpNCv zpkAW}jWV%###=YX0)DX3rmEp>P-kogx$_0Auk{|EJ^G$eIgIi6SiAZNcBxw5-fHoF zyWBHh?Z&=cIv{Kv@W{+?xt0czPwY%Zukid zV-9-M(m=wRgVrO59#bo?b*b1}2~Q5Jf83?I4`j|;w`IWy^&gPG#HH>*xh}P4 zFk!`Eq`$nG@ccl5eF%FGA>1`7Yf_AQIpzdbM|Q`P@?H!nHM&rM)mAft5=MAY5$47aVlkJzv(XZ#^hsTVpQGrC;G;yQT?edPR9ErwRzP5;j^hp;D4-P-N)HQR5lfB7AN~s#NuP>327#sugirlTuZ`Si&I!*MkzH-rYbBI~`_=wH!}A59Y8v$CoBQ zwFa{V?inx;1J}Gk11H3&)*Z-g2HM%B+9Z682lOK|sRP%}BAjtQ;mfzi0yZ4LvrO_v%gT+I_5IB|r0-ZhzNzZ%0srUz|Ex#nEcNG$j z??m{~RKn-83BTN*zvNT9*1EUR7hLM#LiUuW;7?Qq@S~Nc5w;W9Zz}ouBXDdCZiWz@ z`Ap#TeriPpz^1l%ylboG(0P`V{&oL6^7%?G)9w=39KFw_K88O=U3aKfFZAy2?1?M) zvtF+~Lrvbcj`TZXne*Jc7=OfELi<4l>y+XnT#4Qtqh47c`oD+d-MZRyPdNcdi)vo*5zyH|I$a8*PSp2w$Y_#N^30MPyeku z3D@PZZBHlBUyw_En=kQep%=udKXR!9J=!yL$>2(m%Uv^n4aTXLp!0Fc4jp!>V-kPw z9>xjmsf>x8eb%oS%Xj7z){wLb5~tn+3>_;xyz>CdZ2`@JEc&v=vZNhaiUl|z{B+A> zp1*d#fciS-6OP_VxMm%7ax|nIqZ;-njGjvgel7Z0QOkN3<#l>0;p2S?53VPyDJ}V6 z3Ugj0@Hf~rm+IA-yq)Pzu0Boq`G`vmn?$&OmGs1otLM(;z1WXauFN;|j#I&TY z%4NDu(S5VjwZNtWJG*)xuv)5xq+tJYCc$+E!a}<`b`;gX~sdWw@7M z&b>u_YS|j9k%ARIS=1*1*j<990lP)DRG46)gkMS*^~qAL)GR6ePV~ks++Y5X#IzkM z>NC!Ey+X%82_p^@Yp3`oJ6??%Skz}UzVuKa*lk0Jbx^A$&m&`*OGmX&p( z@oK>k#_Xc@DGy4&h_UyK>Z*7$IbK!3sGMLMfDHh-z-|%FZk5x6@hX549#umX=cDoJ z+^xihsV@W@1#C31^Mc(jCETXI7Hsrj#vCs1?c&v=5_X6BMZ%JW>ydH~c)W^5%+cyj z`67M1`gIVo(dtiWmz4Re!x&X0*t(q>yCk)Zi`7^RWErojB@nw;?uw6B8Zgl8sd!RXb*rebAg9XOpGQ`84DReUFxShwyP z8zfi@0~;*qMy=85ZWUg71~oQ9Izg~}QJ)~bzmp>|(>F0}v3#33UM(A6)aN%~LCJGm zfFysc@4(3?me52b_7u(+5Zfy4`INdO*ii#3V`o?kX|tzPO~I;Qc9*60 z$hWQHRdGcD zJ*0#9B)g>%b_K;dX2XoS7RiX zg_v=lQODIih>7z=Yijk%Qm?9j#2j>t*a?*@xfHA>_NKyjw@`ZdL#y(~+1^x(B`oLR zRrw5iNU)n%6FZ}p3D$6v##Rc}+z4AG*w!^VY_*gZJ8xC~e56}rw}H<+C?N}98hAv) zRy{)O9kpGsk%GOe9uw@n#~AjW+9lXN2|K3_2=>(mhJC1>5p2yyVjn5qB@(YnOU#ee zQNcbH>=U{BAYMH!F+WwuCG2j&K2!KiE7ILBF+W$Y2v$MDzEGzG8zk75>J7oZ70%A9 zw*NOsx*nYYyYbJtvDZDPO!S0 zS%-_NqQuOS_PnUlC2XOTcTrUrtS?&d2FFEJ1CQMCYPE#@sp<%}bp5LQ{q|VfD2aJ+ zEb}a58!LIfFC~<-&3D+qiw~S-scV3dv#bY*RkH1obWtMrO1Axy=Nu`alI5b)RfsYCC{DaiQY`hCOUMj4-Tz^r_T6 zsMgzFmUIKkGwcyy}}_hE*;Yx_a4c?HBiuw4}FtM0@;wz-_F!`A-9zOW@ZDWm&m z5<71z>tyRTd6ap6ZL26@T_-W@N1Io$Kk|tEV#CrO(v`_4cG1>KumzIm@3yvr1^ZQ7 z^^E;bTSvhfFJjEUY+WRmj~^yhWa}Z=xFy8w_AJ2;&m-or-|FP-DfbvLr+tKQR;n{O zbJ|Bq%uPEOHqyS%$+o^8bHyw*%KnJcfpoaq6ZY#K`$oYy5zK-u-7Hvr!GiWj1;dsp zgiWir7`9b`#xMQ9IyJ!WX$FE1J0Si4hpu?egrXE*Q=?BA1Q!v(6aQb|EH-XVez^hZ0ssINN6bT(BPLjQNE9OTnfHw%h)l zVA0rmbw=&6|Lk;vm(MXJ?xhaef03|mQujml-vk>5DV~8v{vDW7-*!?es9v@IDRo~Q zU);5~hC-x}8Mhf<&-6dEC*7(k- z@9ZAI7D@~LWRG!C4xL|M3BTE6C9D$Uenwri$GO7tyJU}-u+Q3`bSLI!G>= zj_QJa1Nog%%^WoayIFE+yg3T5kJmMH9Sbr(K(2--o zUUf_mUXluxde{ECW0GL=9$+qSIHp)Q`^YiJ#lGT(mP6|t^98$JWb~;<&^8TGAWonRXU``)oxc;WHfEcJt9hie8( zZ&jYy&yHPE2W*^1y8js114+dGa6BPl--*uKqjp>B5EHdW!v2)rSUPIIU{fSr*{Fkp z9hFw98g)ppd7^c-qMjA(dC}I)sH1`SBy4EZ zOM(?iuNocoieL{*o)e=^2=1ZyBAxXOM;t&ch**cjn@ zXVlw*U6Asgih5VDL!uK0qTUzmj9`bO&I#rfJ$o+dW5MjwW-mp3D%kCk%c-c(1v@Ei zeJ1Kl!RkxQ_oKcNY`4VxH0m3{aMBZ;eINCmU<;*$|3qC7>_fr+jQUZqOM*o?e-`W} zscjkOFM@q9?UL&JRj|#HXGP~l!AeWIn$AB2Ya{)=f%7jHrrYYp``A~SJ1<%Er4=yR z&rHl-Au(XHfWdujCg$w?5CwnH`Kts z5p5lArpsg42m|X?Kx_=Ku-)|&17`slou)b+ZenipZFSz53aB9#@+GJ@SBEw~n+ZDO7&BEL<}BwU*suLk5`XCB7v6gMUYY9{I)RF65! zx@kY_g6mn17Y*#;MZ{imR&>umF1k0q>a6UZftVjpXN^t(qs{8qp1GWGrb~J6A*{3W z6tEbgs?4e1PPwK17j`(YpUi`)3UrR_)%LxCI6b-~u?4D9KRsMR)^p@*dBJGRUv5r3o z+|z)RKU%j$d?oPK7UcY;*6&ruWpa>yx=It6kX?`4AU1CT{GfU>z?e~l=MSs|>@)f# zOmm0l?<{RoGxk-D%T%6c&L^a+I)FCy^@{6JN@3hhfD@Jv@6aA zqq8T&6y}KbUY_TRjZWIloZpw+G$pDrwZ*Fcx97Dj%RG-E&qo5i%J$4%3+;k_KDYqw zQv)zlo!+wu{vQ{S@}9s#K%07g+7g5w+RS#-oZQ=*ZjiOlT=NIzY5Z%KLS(Ek}MInM-DKk3`432L~&3hG<%8P30F?!cQV zos+OCJ#+WZ%8yD_o7?|5HC4U2jqu(bzW~0lg|O@KUr?i8@_z>$R@F8wUH$Yt>wanb zBIK#{?X$IR(0>uA>$Pt;b#ld%v7o=WK4F?oZAOXd>csB)PMca>D;1ROfVwZhhK%<^ zpI;Swo^xG&XV2V}y;TtB+Z&kA{Ko7fbFZrb%JZ$*$CKNzg%fTdJ*!ni&<|bTEY=~V zB&g$0HJR2k_Z`$LQ(ZXFa$4`)Y{pB=kw6(uOHv8;AzhtX$vW0(Gyr+lZFei+pvDt2 z%w9jH+JI^Oa_e;^oYjG_V-{fxp*#eNO?}#SZF@6*+pb9&{c=}yNXoFO*ld>AU>w_| zR!^3DaUbFPdpJ6<si<^ zU2VOKIX^G{1Movnx{O7fH|Np+;EjZjt|biirKGMw`)8^hun#5=lRJ(>DN*wYw{9bR zXaf1Xni_oq9kZ!lWp+`%E&WUC6Ydtsn)b|n7uK?8?wx42p1IcnrmK&xPiq8z>Zdg_ zd3dYpER;K@8e#eX!j4&l4^5ag&5Sd)*C_gHG3y0Yp2jso$I)^ai(hD zd?RAsEAV}RqneSjQT(L@o)OA=fybLNw4wNahd)Uj^z94r|LeBr!1+j6af~mc8(*)7lfd_>$MEv{2KS=z0#Q%uE zwF0jZ`W*td3+1rD+k{dUuxIY670kIdENbuEDNe!zPY{kkFX)~7960Qq+wdScnS>cp z@7%5ehY2i)9??5@qs*H6pk6(5pBhGZhrmUEnQDIR9%!Fx0tWy>hugdW*tx~p_LwtZ z+`(L>1vNzH(CSX+Pzx|q^}jwAX`2Ds)CK4j``T;p&lX5cv#Du~*k@Z|1jl$G{>&TR zN1TsZF?4ZD!mZLP=Lz(+b4-$U*a<=kwzlJF#qD zzhw+yJYc%|ymcAC+D*%WazN(ry>6%kif*Ms;qW_wW2MD1#otr>$)m{mq}vFaiCmr* zf40yc8ZNaHxLM$Qp|6lQLxl34_{&P3e~7=H#Ho$e=$Tta;6;h~y!daqo%A*0e@s$! zl+ag&pN^9DjKtY5Fkhfw;9mmY5uN#2U>lvMlv_(+lH^uhVjd9xD#>}2P-cmLr@%WP zwM_MG<7&B?s%cxoO5)GIp8m&M61J^F*s&eqa`885L;nx;2~P?v(}4bgLcd4i3>Nwe z;{UJ_Lx*@}*0eS0yXq0n5ja3#rogua z&dXrv;{r!X{-uS7_k?m$;w+a^21>cpBB)_0ol zTFhaZsBg-4&rMZNI`Fg;Dt8q8EU_l`J8r>FniugL7Y-eZQ1>JcD1`;%;QxB^L|B71 z@mtaFj=3kG2R)O>as1PyEmN8Q6y$Gt6C?u@iR5rGD&ls1$ZO_9iSWIEp8= zxcPS@Pd-(p%M(_(Mne(5u;6Y$)&=`$(`n!8$G2?B8chPEL~QEKCw5uI0~h^b|#C2LBmL%VRCTM(agldEuiJSWC)K|3FFdxqK6 zlZh9Ggh%k9Q~CTw7zhx?0j8^W2HY_iu+ySeeCp{{HnNn$f*s(ebT&1FbvI?Yw9Fl% zKb~RX_)j3Fj&F^5%x&d-4^E2y7&7wng4W?2!l7j*oWDXG*8Ru8L6l|YV9h@q z8ks|fb|uwL^I2GMBqBFz=5f)?mjUOwUq-0e@0fpK!MhRh|9xn2-b%_L+=gcVEi<8Z zGRB}X=OEu%iAgt5%ID$V5nsFo3JZ=UMat{_GT*cfr#b}xj`-_u2$##2*Qv}_EiM-w z8p(OdaWv=TwqzO6hUhqT@%$T(Goe^J>o{RqV~5{v=2=)U5AASGJo_EBi*>Q;A!THy zH6?YmX>~iyLk?O?b%|!1SliheldWAmX1Z!qaTcDMZxUE;44Uv6wt>FB|3=y~9|)t=cnndcWL# z`v~9KL)hhB!Y7_jMTyi9TO`ces~0lj8j-p#R%174LPy) zDLoR^K%C+u5qeOo+SAk3%{Mj%oYkp0U@3W;@U?FP|KkN*sc2W&e!5NFCUE`K&hYao z*rt3dZ-Rg8PR{USvIsxIlO}7_AFcYCZ7_1UrQ3hIrmIa4R_~Usw3fQMj{@EF_ps1c zg#0fos3*FNl&)vbX$e~4FZ79RhVN#+Vqpeo!67nhAoiTM< z-FHfA6P99)`A<2=-EYR9`7HCFb40lEh0D@XxV)yUW4L{;3FV_X{3qEpE-}7t)hSpL zE4gjE-d}Rt-W;DNm8RLXt%T+O|nPtOBZw)W9s~MeCwDVX~(Qqq9STh5?2i@wObV8+*;O&ZL2^xwX2M! zrYHUf@h{K0@c}+1g?ZDn6q_<-RJqF>kcgg}uXwxvn4RCjY}qjPuz&jMJ>@ zc)&gaFK^XjZfn}GUTG=lvL5f86q2CHRfPfUk9Q4-)DWvq{%tB_M)YA^6|BeBPN_02 zRZZS~ANbr-&=9tI3uX>3^-YClvHfzN#LTT-I2_;u3Eh><*ehgt}_xg80Q z781U7fcdAuDuVxq2&)OaX*vDBJxa)T1if?5&0Yi86PBTOZmPgcfv4{#VSE(;^k8 zn3h2-4BFOA6={nuvolwWd0CIRs+j9S+(wqW3v`piqgRM?+7d_GH`XyPpYyuN+&)3e zoay-E409%5Yw~|*^vk_=7~#NY2zSmVTq6E)J?WpeT|&nb&hJimsutmcDTHxl2u~*w z9+S{#@20<|Ntr0{ARoxUKY4)z(&#PgOh1+<|Lbj=6{8=?PES z-NW(ABW+3 zXX(8GZR*uBgn5Zfb<8~*kTNy%DJh4uf0M&MrTxBG+HcB`H&csBu0^|57lxEvm*TnU ze)PGlg)(Q>$T}yt=Ffc{Y$dks_h=2Rjp0-_H76l=s7*PNW&xV@((?h9t7C@aglnN! zu9&B8=L52)r}NkIf4!#kZW8MiIgiz8PeHPgy~A3I8?bq_u;B7I)-|GV9P2ugIkH$| zs-Da(4v^f2N6$gGg=-X!qjjlxOgw8>U4V7Ym$C>u3f#Pp{xQ`E(+3b{2y70k+b?$` zEKk4O)-o`tn;-7sZ{oTaBYAyX2#GiwA$Nh4bihpuP@*FjvaO*b0!(FYqT2Fdq zYrx3XXa|a^&*3;)2a3nMr3yCRso9=uZu(83S8A+m-@GBv%{v7vR25gPu4GrM4eZAo z*E=2R83ViRZimC6?AYRjT#yd;;i#AhEHQ-5pBbfUhp=y)Q3}iYMmmOd4q>=ONA(Y3 z@xVrE%=2?+hr_AvF|f50iA^-HEfeE$nienlj6CBN&J|nIxmCU;om;K3q;sn+p>!!Y zvT?`=i$3OX#Hiy2*0w6K69zW97qK%2c7HGIidE+fEOooXQA&MbVCmcAapw1efmK8< zvFcX?t6ddmN0q87TzjVa9gfnK(#X z&rDXML)fO7scN>yJRSQw9Ocv^1It_X*vxV&-@p#`DxX+Rtue3;Js5Mdfqi!~v7H8X z&op9t4Jjc%?O+M*vdHpRi~!TW#(g#&6%o( zg|MS@a#cYHduPrJwM{Vghi6^0)Qf@@dj1;uxtgtBF|a|yegpQ7#?*-ZE1k2|M+U}T zHCvq*Y=*j_3$dtcS-S3HvsFvM3O$#ecpB;28(66)4*}~g*fEtoCk1zh4l*!1uz6~X zf!#6ZGv@+zpMgEI;+r`SsJRB#Z%(1>LG_4%RR*?LJz-#fZuoUho;oa8p=Sm(IZqWD z*fMBxo;sy5#X2le-x}EW{jp<3eQ(6{Ji6YwME%#mYV~8xA_F@!@i&CIysT}Z=gWyd z0*f~=miLgVZ(uC%A=O&2+3HPvziz4OWMD1&#p9Im%?5Vx$#0zb>edj36U+FVuauz3 z*>ZKi5ym!Ku9k%```iMx!@$^rtJJ509aC(jHR?wLW4o+XRcbNMV~VZ2R&_Tpw(fd0 zMzB1!eMRZHkElt4X=!d$4+>VOChy%9y;0>G*p$tW0$XQb%`2zP-K0JhEKk+!UuEuQ z^@CtKmo4hI2u!Za6n%-uY3Q=G$r)p&s7KW*!SYnrbJxz@rp9J4EKiMj?seC8wNS9x z>cZYSbGNILf)(1vR6FF{p*{^^jpjb49Ces(x(beOG_&#>X}NHn(bDd1)Hw=0o$Wi8CadWZfh^VE@vx6D1D0tR+>r2%uFQ5yv- zRKa^4o@dp6>g$+U_ueu0h_W>hO#1Cn)j%-aE=N`C5EieFs&0Z6D%R*Zb$bYFH1~Nm zQ^!Qun7PN*<`8z@+!xiGg0Z&q=Dw=1X$e1F!fDkbggMn|HCbbxy2n<`eNE*V*!`2A zN_$OhGcfhkdgp8ENx`Oj5}tCZ*VO-E?>)e)D!zu_*?o2rAXF&{MY{AN0-|&Xy+c5% z^cZ@V2!w<{LMX`zp(H?hp-Bly6Oe=m66sQu7U@N$3Mj%|Yi9O72SH!|<=*>#&-1~v zC-a-NW@b&FUC!RSgzRKiymo>d5OkT*SxzK5L?S1Mjt~07FDP%p4;)XB7J|BDCC)oZ z`U_e#p$O=Z$L&FTG{R^V>LCR%;(aNf6vc_)Y?DuVDhOwk{8Ih*F_jR4GfF|}GeI~L6_(};!WpcH zv_cTh-bJM}K{!hllTI;;AnC*M%qu44av9VhJc%gXwkgNExb%z@Z5ne8-rgrQ!rUXs z@v@ylOGuuKqRIU(-GF>->J#cE#o07Cw4_uNUjRu^b987K>6A^=L(5AU_%aeE3k!Wm z%4lp+OlVE%Y!iz%guW+LX$B-kkdOT`LmNwj1Z6Zo8roc%Cg^jZmQsYEo4((Lww5v& zMU$kp7ed=f*+@`^`@Wq*J4h#m=EoDS0Kw}>;9m%g{+pp4rP4P2652^>&nOUN8tEc= zwBVXw!Cttlw2)CY!JTneX^9}*HFuR_8S(u@Hz|$BgSxIdubZ@AXyOXgT{fGj@y(Q09s2M@dcljfc)xH%LM5oA-m*Lr}_kGu%KJ8Oih&h1x2OQsXj@XC@3za8oUqSGfpg(DN=|{o@9!& zNNAo|Rj2w?X{jx%My5(BLbfGDQKm^71hr0X{Pr|yo2^+qY?_oKWIuIQliSXwq}&2cDlvAGE>RjVAi!x8dR3jyAm$7AOrA6qo&8Sdetr zrWRpyB#*W{UPg-+VRNObf`+ea8x|_{6*Rw1x3KxrGC`Ni4+vW%?G^NF((tfI>5!oC z>>tf2>7<}SlgEZdOZOOsu$}R8sct*WkN1M*Qfr&~%gdz^oXCaY%L=ZLvIL#=b~KKW zinhmif#lZkCkmB~HN1T+!i06zqg-jv;xLjbMGKi<*=b>^ zQj#EC!_%Zqf-+-6!qTKef&ykc!qTN&K?VFm!q!U9IGJa*#B1v$&rWE|b+f|$Yh;~N zkrV9CD(UN_dV(VM4v{xV9R(He8zO%$4HI->cmsW-6vD}@Hf2wq%~GnMdQ&RtTcmA_ za?Q@^E67%9k07_@NkG{`Gd%r3o~=@@pe4&&%Uh-Ai~`B?{i{G$rZd{cj|F^tbYEmxkN)GS3d_Q?AKsey22t6KS^=o|KXnGQxH^ zA?=jX8S!@5DQyxmzq0-1ozh-G*bcj-96_0}L*!l3RY3u>{p8)!b3s^xd!#~Lc+F!w z?3Jnr!gkmzHRB}B^?NMumHG(s+uAtqK53+&_30YfFNKMC)uwbeGNrYG>P=~!H%mIk zD3A=<{%+oE=`kY*S)f({Vz1_6qaz_KTN>FFZOI}fdpvCRwKR?qUu6zSA&hVxD-3V$ zSivZej4ms|*YvU&@tyc#=`HxRscX+`m`U-5^`{V zPUO=&^S$Mw1CXG_#+fBb$yWvC@qRYHwA^GMmrdPfhL@AqF@hX?J;Te(V?Rb&1o4<# zKD@G=Cg@hH8sSys>Vuh#on_UO`!k9rmxq5-vZg%4rl#Sw2-cBCD2>T~p&_UkK27yVi<7$}qBm^<#|_UeP=5jOQ*@UdlC9xMaC-3$L^ z=fT{E$wfyXg+LjOG#e%l7F0RycC!)kL_t4$9ceaF-e=Q<1)s=;M)G*1*X?Gb$7#iV0j-S-YRqC+k&t}bL6Ky9@{g_kxPHV?4)=#ZH_#U6G<-FtLPkg zolPT)&Xw7#p`j*f&itfEm|WJMm#^l`ygu{g`iuf0-ot_mccmq=GzwEet49`ECRbv_d%;S%rXaL>rCeVS_JWmi6G3S8O4&yc_KB5pXGYj3 zY61las?nos!8kch&_%zH)`{{d9uIO)TaYZn>sR1k2(-%Q3sPhcL8RBg1#4t)TXufI zdbzSKd%R$i+(=MzNpoR_yi8EdnN=2Um$Ph{&%#}D=`lQqnlt?t?v>j!!aAF~aKF6K zruccSK94>sLf zcv8-_>4JGmzG2hjh2O~!1-+N~eBo)?V;trlP2S6VYtb3Gyr6*XwHKY0KeVaMqI0sZ zpuFt{F8W>$wrTvLALIp$uz&WK&&x@iSUn_^HO`r3-d{q!$1y>c%2|ONN1$S3E z+f*l{kdk53xDapUks!PZUO`zr(TaB?q_)y&5+}S0{(&+^5MBjuqAX?EwC2F7M@WhtX* zvTf_hMSYbdK^wgvE*hv@7Ibb%k;NkvuW6Vc?mX%)9;5gQs@hEnKL zu35WH!s5A#Kcfh;IQ5&wi4~MFNs!?IYFJl zm1ku=BVN19lq^Ot`rG}uc$rdnCeLqtyL*e5D+dLY&U~?Wh0=KzmzB=U6A`1Rftid7qL}QXLDQp%1(;dt`xRuR>W?ls!ib$`;>V$#YAK(aW=Qo1R5nPQI}OL>5%1+q63JEj7ZXwUH&%M4P^d zEUoSq^s-`RWH}W&Bm9ddFDrf*Sy^o&=)&-uku}s2Ha(22t;X7a0EygxBl3s(I(5 zCcjhBUG)-#XHq@Xl8mBh?KLO#9%^|`a6S2Q-5zRvn1OTt-VR_}no z(NPKNEI~%gDN%{)b4Ivo&xlG^7cJvu7*PHiS*tGPM5^^E475RzNB@OU>(zs{EGp`A z^*2GY#wSH>R`V@qsgV9#C9+k0PtfsB@D5+Kt)RFrTt_P!HJTNp`B|81X*1OTG3A-DMO_jn?NT3d8GXC;rl?)&?_5Sc8?&v{ zZne+~W+#+=ThwkfjS~%qvVWy+}pRooQyo!XWW@1LjDu8jD-y3^`Z5%1#m((}%! zn;ALC%WnOboK-I~iXhD+hAcU!-m_`klJC_GE73Au_Vem)Mh=p@KXA!;HF!1397K>Yu=Y2gyU7?Yi(Fe%DEg+Fuoj7z_Kv!S5x4V>y3Lm5c;8VEFv31x zBl@oT1DDYU<*vco_O1weQ7*^(XZ5b2>uC+6e^DO^`X#M75Lt)$R z)_mC^`hj|o5!$j>f2f}2M3+oclt-$%-m-JA{zxsviOC+TO&A5y9g#hwAFDpLW?!HT zE+d`37!mzUP20dyAr(qZiT+(xKj+jl+7bOi4QCWY>VB~%TGHBY=kV z<#nFLQto@ic(OE64ZYm(mt1X z1+`-?@d|0rUE&qeDsAKWVZ1_GcTOz7LfQ}^!~RlOTP$d12c+GMcn>M8W!driMiC<`LRz9_S- zxt6pa2{xgn>MZloyfQfjE$OkWqjr^15J~!C{Ic#^_XAwEx^(ce-dc{J2Yc5n8=y7% z8fBJ0%(LYg+F3yl4pd#SQ=9l5*Yx|M&x(CorPEwbES&KoYBgiM;Sc# zwykc=Ic*=KZ0W(?wlP0w!52`LEv+s+Am)nZagk}V@o-1;;>5=0UCqZuc31Otk^Q7$ zEJ!8Kfjx@iq|~E6ix0Lwd{HEPt#B=yvyT`~u!bcs9`CS`v8FNQE8uMJ+Xw&JK zKQt{DWjx*sEssqXVqR$PGs+_A@I;TKw-uBLPn^kmcSeCEed6^PMNbv7-EHp0X!J1dWGhN=?1Lpi^Vp7d7=^ zjL^;^5HHE5(y{LPuQpYS&8ru`VwI?VY<|75O@&Eey}eDXV&Bp|uUVR%VvFm?t|Q@2 zpkHiB{pwANM#q-bpWH&?PfS$RE8RxQmcr-FiLI*p+7uC6U7shYif>G8O})|`t~uB{ zJ+_uUQP9_^F|oDv@Vi_#tyFq!9sR7Jmc4H`tE+eZiOZII?~Z*}j}>&h^f$5f^m~HZ z9{3@)zJB#*u6gsojo5~I(O)0ZBbnNp_Ss?qu^L8%AYtQxOJF$yC4C-z!3Sy!KM z&08fuSv6hnEU4O&pj83-RY75;qgQ>V*MG`2EALsiYNo!AQ8e*e@a3vN{h&=pSIyRs z3C+1BPp=Bn%RS@q`px)t)f|1gpk?Foub!*N+T^`DR1f|QH8YjcB`d5B(;qPkB*xkf zs~72o{y9x&&b(G%y1yTh0pzDm)%k=Gx9OSL$!9e+5qRc^>C(d8JTyG?(z_iHK zD|C2V4E|**zeKKF9jhlY;xof4eLEu@0jaB3=}$P(J(<_wqggKnoz2YgUaeDjW*>So zP4`#e{okI995gU~!|FJF8>0~VbZiFD9zh=C_OFiDzZSG0<`0sf9~HDR=J@Ia{Vby( zIxO`XNz^Y3nx2~Dov7auv}l*2BKs!TcO##JB=+pX;+!P60q0bq|fx-2KJkHtAOxMUa4uvT-&9tHu^SX&E*J1rbLAY`q*1HJ8l`BW@F9=tz9DST1T)Dp0 zX9&WT>sviq5UyNDbePXs4!Ck1(Z6QI*MOt?F`EjLqxub-R>vLJ;nNNfFNDO6GE1D$ z^9rh3Volsh{VhRz_a9VG>7@l#n7S$MJH4_X-!8l2PV2P=1+4u#?u`DvptsL6CdCTXEm(Jq3MR@L}8!`ankbd{08j^Lmn?%ftVOyQuHBNsYgxN4fJh z>ebCXK3Cr-sC~DB@mKU(@M|=z>uOV$mAt0EFR0#>gp$|wmV(05i^bp6yE4i(yDWbj zXn>I6Qy({Ve<9oP)irWcpT=eI^i4v^n|hF-2zZM0wjLpL&k{0x9_1JPxRCXX{UH7q{gR-3vwh<4=|2lf9{EB11O2%m_r*QpAL?cv zEFXX3<)L1bQ8cOIdvw)9-H{(<4iYf*iu)ry*`^`!kM->~Nye}G4~(Mep#z&sJ<;z9 zn#br5M!fet(X|4YCSTv5=$?$SOwzOjX>G(p1ub}MG7vc*Wae_8wK8P=B+_Ysz zLJ4DF2_A1#X32z-##uqxrQb~`V|4biWW5r~83zT8YdbBWqA}H*%MN(WOQ>w*2-=uB zEuo5Wsw9{7D>W~nno+3~r_b8PCe$$22|DeSl2FSarMawU^wxwr#ymk4N_~~^u5n%v zTm?vY&zM+-YZfeZIibF>Ptc)~4-*;~9&dBmyhuHVJaaMdrwQF zJflE*ZA5d=mPTzs&qmzQS{hBbCbVr~(#q(`iDbg8=wl3F6hzJ!HcPZILKr#7$R0ft z+Zv1Pc>NRG8*z;IRk036qw<)0An84AXkterict`m*xEm_lc82XSv0vcY(ipZBaKlu z`L$O-VprpGC6q;wCOdzx)x*eBnUw)7lSnV4Fef^o`=Z2NhPR-`2bKVp7lbo(FQcX% zF9u{CZAwn;ZG0j$`|WHP-Pf4FD2UG3*&Haq*4&)f&+vH%bH{#Nt9E~*E29t!H(`~5 zMjt_WyLgg;#z;YHw=2pZW1OIj?Ve%t?}B&#ymk^Z`H`h#!^ApMuUyjf@Z_@ z-ND8NLD}$}>JVd_pi`aUtB=M3iz0R;4mG|NbUtD)(0M@vGZkf+aaE9CrY9L@JmLf; zYLb7r@m&>GyCia4`=TR^=ZyGM_#+InD#`-MhH-GG!YCx@>e!Ro2*aZq${b{HhhlLf zjNy#<4CZG{w8@kB8HK8&CQtJdVnW*TN~UUs|=Hq$6BsKC;)Ni&VN1z}y! zG~N+}wL8*M2-{(% zF-OpQ@C(YBMl>T_Wzgz4o2rAI_3L06P}VLf)bOZ>#A_nVsLCjUIJ)#q3Nt!#V*AMX z#&ky5>-r_lHxg|ck+je_Z&Q=}5k|H8yq2&gB8_(iVXuocJ`{xY;xJkX!d~YvItjvh zi86W#!d@3;3>1W=U1E%2#CzQmW1Ns-okbhd1Yxg>Hf9UL8eD3G3Bq2t)Nly$hU=Ki zj2J;xI(U+0Mv|c4G8ARGu}+ZZR!_3r*ea<0Rz+E1d@0BWWGjqpK~c>VCB`@+D6JWM zW6wAvCdjE0fZVMuHA3Nl98~?Eiqv z8iub-+F(3n6hg0OY)sl@{4QuhGbH6hRwC$i+knb5f?suJ?@QWZ)Mdm=lwmApgulf4 zIw`|AD`Z%{t;QdMuzcH$a*Z*~XzF(0NYXZ=x}YLJ+l@wyu1j9AXOngsyBGz*FVGcb zmysz5d&n*$hfxSE3+F()jZ=aez-qtSxFG05xR(Bvz zbj*lr%4@#l$a@Qq8OH?m7-b|MH)u01`_11-K52|)6hR&=&zt<6aj`kdBFHhHLO^#J zImrE%#gk7PC0j5VnLq_~4C9)l%2$n(e=rs@!Y344C7(Ce zGYX67$OAQzzGG#VC-h z3Y?PsqcMU}1lbulBl(JvC1~!}ddXLf_N{q|TFq&ke9aikD2ptebi2-VV=<#3a-sL_ zIya0{ZMf#o^X4YsG_DFN6tOt@wn5r*S^kLC$v+v}8Nn~HKHZpn-*~GX$^yyJ-n)|@ z8t*XT*HIoDtr>+-zfp?v*yto^`Y8Ceu;I%nh_vv{PX5*Sm{ArPSNz-LC&py133Vos zr^XCM{EXqLk;ceDij4|h{nXgXD2Nmo^+WPABbQM&DY7oO&Tod=9xdag{oNQL2G!*+OSNS!#*@H@$bs*ECt+^TW1L_HY=k{8XglVutp zsD%?H!K6+4|>p9 zjNoqWs9-M-`m3Odm1s&H>eU@J9R$a1UOEInAP4j#kSCo5PcGoN{iOXB_X2bmBTUni z6r?8^MbocJK_w0fhYcdpU~H zYK*WQ%BK{kO@$0+;S#jFAp9+U3EGzt9~~v=d`7(NC8&cFJ(6BEr38%;bT0ippd>*H z=QND=qU!`j&uI>{RnQk}6vdla@)rg#=w%+byLW^9r95rQ2CA0y$njJNY`_sJ>b0@@6fG+hQNC{-l6*#@n-?5(11R? zPdxu}a!NJo`4JLaeVx*zM0HwJkT!K%Om$jD&eD@f zK8JYq>DPj0e;Jn2fF2bT{pDhyvy6CY8`4>Qd1+^?Senv^HtNSp3s%Rad_dzl(VSRC zX-3lpU5fQ2&FE%9haHO2obD8K(cwv&(@a5$35wE!9u~AM!IQM0rv!}#Sxb6eP$0-! z(rbc7IpVce^e0Q^&`2x#lo7YOHC@-ATYa&8dP*BQYyc8p-`mn@Hf>I6OBXQ;p)E=% zN_)Cg&_@F^Q`*xwMh>#7*9oAFgRE43Na;Yc8HG@qb}gk7Jt8OrcH5okSw;>rCHM}= z`h0BFnJ4K?$1{qiAB}vJ(uGbF)MF0PEI}{YBFz=#cHlRl2th@Fy3tjFF0EBld(bpS zd_44|-!j7S;GWux<_Z~(2VeR~5RM05`kWCT55Ba@V5@xaejr-MrUI$H)R&QiG@epC zwJ*&W!Zc|Xycee*-7V-WJPY2BW(k@HztrtVa~Q$zKH+X)KYEH2n+y8UD>mhL_ookd zJdl-59YEh2%Ib`rrw*p21mSoXOe+b(Cwhj^nu73&o*}e>AneyeX;VSiuZPn1jCc+9 zV`w}hp2|eJj*)|m?>RMfBJJ+yj5mq)wF#~)&`%hJuy-s?rV|;#ImyDn)X6l-rm)m0 zw8>(r%1!963^_(y3fVANZxE2GCi8UifVQ3Ki5aa%<{mG(u3@$X!4y1W}O9 zpb3JCgKP#}E2vb;{?wT?gAs4BnKa5DZE=v(OTJAFq`{+{<(o~zZ91Jgo5nB-p$XG3 zqz2I>Mh-G8@(R!?E`u`MO%0}xg(m)v0eY#R<7GTyM%PEPveWOse3Uwu<`s13%in;C zGUAraqZ1i9$d*tkEsXAG6ivoOx~0vh-w2u=Tre%1o)pw}N~yGk^dcj^gNUTRav7~M zrgEBt{vjxPJCZsEZHcCt!;#zt)y_aFAgD$(QZYfT$|02&bT%8QqM%?Vt1jqVD$3p! z6xJN6k)TP8nhT0$)K<_v7O#t-;VeyGK>?L9l>vfMm~5D!{DV+7N>KL-ND~DOVP%*u zs6<4ayb^%I=1=RL~`s<|;uROqMKY|7g@)Cuj(>bBiFaohaKWXnY*f zSArH+LOLjD0;8jXx-dE|=siXk1bMI=t_oUF7E`$+D1*@hL7}XC&jjUXbq23KVC{Z~ zX&Qpcur%`u%3!4}EGV`m=HMl$#tx*if(kLq-VtOnSuH_L7}XaPKNaIO7Sx6H$X0^f z4%7fyXF)}Pme78JF0E~lwv>)w#Mh%`bO9q=kD8<{r}09D>(L6DAqdx_6?8Wvz8&S%7}PNYj+G!yA+ zp}AWbn3hO)GvbydQP0Uv%aUkGMrc``dC9b{kYO28>A-1D%~U#?5idg;oy>^mo1M-q)FS{j14*@n3JpG|8J{7+ zyT{;dA{*&bLHMST&2;JvCZlh|JCC-|d7L24at*i8<3ffzfed<1(7NDZbu%a=2>-J4 z;9KdO^fl~howNgXu{LS#{jwW4si)ub24B!zmL~SInQ1$zJQHoXF5Pb(k+z%Vps;o9 zv5H^%CPaZdetvB?Hr#8|(6+H@`)vBCZE9NPEAg^ynP1!7hS@d^ZTorJL7P5myE`q1 z;6SPWpgOhZsAgq_ubQL4sL(b6?jCk)kN55wjM9OL1+|SX6T*iKJ z`#mLryfyJxec#gxoWSb-^7r&Zo1{EH&_0~tzI}iB0u5xupYy*+V;S*Ycai1e1hdq!xBMlR7?LiPik17D_h1@+l+4Jc1Ai)U`#xWTwg3v-gHu9ZkG^%Am0oBjZ* z%!sG?BdsqqG0iKqkswU-3hgK2mE80cXsD23npdg6kYSovX@DIMzCKC&&T*FE8uep@ z`5n%8oz7yE&3=t^lR7xDUn6`Rmh%=R&^sFG1-J(T9ow8fB0wc_!{DRx` zT}J$!0e5IKTNdT{6ZN%accowGI!3(aAJC^^&NLrTI-e8f_mG|scgh~pyMj>mh-NKt z${x{Ef>8FDu3PAoJ*K+_q3l;0wa6*^l_m*7*%KPD*eQEL!x&-tj;B4Pv5c^MXVae1 zdqNZA{Z22#4&3TJztf)?@qYcB{>BJXk;ro@N1|pBaZ~T6J*V!1B8|Igf6zjVc)h%! zmjz*ud_nKI$X?PMhcmyI^t>Rng_zr;oHAk_6ofL#9J|yhlgwF+utawy*<8wq+o_px zLKEX@=F}C=c$zs+5Xy9OV2o3yn_~r`%rJdooifAp6@)Tswpi(uQM0=sl$qwhRZf{{ zjunJ5H*;W|Q|4xl6@)T(b6|o~=5CG^gfb7aZ=zG?VfqU~Ssv3j$tlZY4r7Eh(dMnZ zW)P!nay#ltT7EO$mVH&Ept;AERcKMfJa5aUC`HXXLKX=p^2N;Ow&s(x;%2F2%nx&z zqIj9r8D$fEZ;ZG3zM$Jt6P4i)Q9Q zLAgCYZQ0yZ*Kp09J~R8bHscua-qXfRV-!RpwTZ3Tn6+W%vd-1onT;3)kzHDmBJIp< z7g-1Mh>+#cqKb4d&%4Mvn^%SGzFOd|&gLUVe5`ac7jM8E`0U-yj1z=y+uc0%xl`8N zyvhjeJXo}cS#KlC_^-u#o6QA%G;qJs+iWKYe;?l4^c94^9q(-p<;3RC-sVI>_-par z=2b!XYwc)tGt{iK1yg~iqv3rQ!_0P!_}nwx?8S(;%5ZZaqaZR>?vg&-oGR#h zpb_RmK~0oC=_Ac(K`}snW*j44*PobUw_<+0u0JtnFycA*n<0#XNTxcigul6*5w~TO zne3uD%3Lor3(C_AjWr7i zLfJU;o{Map`GQdh{U~N|`gl_Z4d|bAXv}D!e4L<%c#;WbS(`phpJ;aGL{j_`N=`F_ z83mG!GeXm+n*(>UR0#eSak}|jQ2(uwZD*K;zC>9dX$Unr!)(eZgy1g|XP85TtU`8V z+nMGeA;aG(&NOcc`mTIb`Yf~99-agKYH_yNh*2O}54HrG;f(m+Cd7Qmh}V3G`I5(j z62UigO=B;n5=4HMV$(y+LX5EeQcKM>NoMp$$ z2b!UbuEUwlH4P zm-bZn`t)$KHYbpkC>3t{*s_7|FEmHnvRb7UnsaQ~mh{EuN?Z0N&_+&lJB;E;^D?9B z(z=RA+eMn{SD4>*DFw)3R$>%F>aCYZlsSY^AUXHhi*`|FG?#%b)7vdE(>Sp-mzrl8 z@idp3&jn$c%goaId5P++e@d2{eHrmImzxW@4AR`(ZiN}giKQ89e#3~T8Eak=glVoc zA8}2v^C?+nR?5U2c$%xszKpOwzfNCmF5^Tue|9`Q-i#BP<35A0E1Rbn@i7)}MjgOZ z_y~_TlLX;7N-&3f?UW^$69u6x(JXYxDN8ipX2knol3AS*pC^*cdW?d|X8BBdlIbJJ zTRD@SZ1!cuZAmdba-3^VnwfFbDN8f61feY5OgrwBrJLIY zp=^zrcG4+ZV{R9OvbE;Z@0_x=COypwW$Vno=bW;2roSMRtv5UW;FPU52MR*j2J_$r zr)-0HRuIZQH%DA{%04%z3PRaN^WYVyY@>Nr5Xv^0(24E#+hlqQLfK|hz3G%~HVX+t z*%ovAEvIaYc~B6_GR$>%oU#maw;+^lH80H{F+1PqIbeQYnXwO@ z`F&-s6NIw;X5Gh5*?zNyAe3dA6Q4L`nP#vclx3NhpE_k(<~>0uJ7DHKbIJ~w=LMlG z+dTW+Da$r*3PRb}=D-(D+1KV+K`1+D4t(j99W=)ZLfIj+J(2CUJ!JM3gtBkU0L3Z$ z#tavPvco3PoU+5Fry!K&n5A{6EXS-V2xZ@zji^)ht=V1>%8r=Z-JP-{=0QOyJ8E{$ z=ad~a`!nKm!7sSmGYwu`%9TM=gjAf`22F-%qr-#^SpUV5SHPBsTOg{ zE|`S`q3og={+3gA(To*@vP)*sVoup5vyvc`T{e@7J7t&63_&Q%H7j{JWw~ZOM!ZBn znm&x8$<>ISi9ecM81eeNYW8Ds&J@G2%~zTsN2Tc%(@0ddW9T z;*I%XyvA#8n)x`9j=t^J+%ju2;_+^qpa%ak^LaJzv*wN&!DRgDjXUOYJC)tZcg)Wj zWxAo}Pi6)qUe`aFXG=ND_mg>35SIOCvrrkQ>}T_BMp$-@{9^hD8EW1$o0N5G-ZNVW z>a}R#n)_ykpkGQ&lOCF7%P~!J^v3aP9+_1*NxRntta)rU5Y#zsk@TzCT2Qfy(b5yM zw;+9evh=$-LeL7(d~Qw_G!!)dFy{%XH zty09Th#+j0x7;cT!d5Ba7RHEMUBWF%$k1vpw|Ui_R(rXH3#wmwn&j>FJ14U{>|0B^ zDK)qz+F8mizaX@;v|A}bXlEI>T7uBd@@`E8p`8`nItoHNE4mF7gmzYO+s}yGS;g&? zkYQ_9b!$?S=Z>ve)ophzq(E{!FUn2}iq4O8k5R6P*AA|r%M^<%vDP-8vRoy&l zTWLz9n%kqgoUr|>xvB3uW!2sK)^p0LyZH;k8m!@V>^-NfhTCO9D68q_)4(aK>EYjh(VOZW{%mtghR#rcPO1H+WS$N$P-Z zkCANp0ta4U+r|oc)n6owz*^e=ZKo7t@wk@Ty9b7#E0g=(o&Lcc@v8lcP8hOpsZ+}R zu2P;RhD)UKHq>kiE?obgPv8qf$07;Q$bhZ{z8ci9qo=1q&hGfL<^-_w&zgi7#L<}$ zN```K!dJ8Y)mWaMrpPP2r_-u`FR%Zz%ffq#L_#NFJz#H9;2Yyu=U5x?Z4GE6{8Bg8 z`I6#T=MACtO;-PIQ2(Bu?xH6D^As9;p$#3qJUtcijvuz^>mkSIq0VuClyd)1V_)?v zq~b(pNb}Fof1($i(n+fyHqUq^<12( zx#o^3zd2v7&&RK;`!gGf=*ncqe$0`(eYZPvM@yiV;4MDf9?Ne`!EioaxW8op>bQna z8iP8kcVbWADR60bHa4Ap1=5ir?haP}T*@tR)`OKVw+HLQO4Bvu7|dGgYu3UH1Nt!b z*_?JCdZX2X=Q2D!B{FmicQJe@t9j{wbKb)imr1cMnB#SrZ6tDX7}oRWdz}8=dt{JS z8|LY$lBSC=yc6^s8S=#**c{%^V$GQtZu!f%L_hBd$NfEF=Ur$K>Tg_#>6}}RR$+(? zA*fj_1=EDjJ3(GNWK;{Mo#=;mv9+-JfHfX5TqfoSF11{%=WuC{k#LU##sci3z<&5@ zA*7EXJ0o}q<~U?4)?q;y(Wr@O7P2itYq>s#4}t5BR$Ppwh*+=oWXn#g-#U9WA0w89 z7z@6a$VO1-81(PRYq>J{H2Uhl4Q$U719-#m0RvGA|E? zcM<>I4?7~b0?l=-(zS<`LLuA7p`Dnc2KzKmPn|4pjXUbx!I5e$KBvfa4Fjpnxw#|n2S#t%!QX7_Vb9)gZiUxt9_`myZCfSfI<9>Z+nTqCQwL|x+xwik@V+q`cD%3lQfG)2_y1o_ zUQ1|$LeRE1wep{(R!^=5>zY-%k~6UnxVpS2yzWk%$a>4)x~{RfKJHOv_+C2Zi1Xq9 zy;7mDbN~NsS6!@L{hwcF_|H>#{kp`TLo93g9ssXa!M++?D||OQN8@M8e7@zYGw$l0 z>o~tMhO6!12sRIh)#|VO*n9I$vi6x)Uas>MpA-6ep*>e%o>$rR982@{9S+XGxT8Qz zaED{CD@E4c19!O!TQ7JzuWSDANtr?&V*UKnGFtkr;C=y~Q#j9Ya1N0PegVun(9w{+#>&6po{~-5T5yo@)3lqA{^IctIoZ@LQPzS@j4r7Zd!q(pfmV2GPXIc z%RDu#E9+XyoBdW>tYJ0d-WzA6X3H>r{Hmx#KJ9|;nhj{7JDk@@qwaUHQQf?2T3~JTKQBAYQ*xNi%juU+R0Pq;cxO=Z3pL5d(o1BeK=-$xp*wzniKY-Jpuc09AO#tS91KHbTF4- zNM9jyA$^tg7H2N5Qp^QY`*SY;s*W=ktY@8k3$8%|;Myj&>%=upr+z`Wuc5OsXxR1O zs_C?_;25ljPob4j)6L=&N1ui#}VxuDbAjTa{~5ZtlNME*wd`B{IBV|&YZ3@zpKAI zw75*xF+2OOML)j+a4-rj_hzebG|c}p2?ZCP!Dj0S4^Ll>A;Z}!#{K+m^;S3!Rmj6k zUiMdAYpvvKqSLj)kFZ(s37ct;z^+DyJK#7&x`t%K9ImiC<8bei=~y9Hhg_52S;lZU z%k#%{vSGG=Q#xxWIAgh{HV^L0tKu#ewUW6l8A>YhFDQap2HR1QQOo}yZ)j7`U5^2lsPvMy$|0l64%zTc*8360^ z%rw-*`N7h0oh$yzzdi=7EzRy~iRYmF@e0+M3{34f^LK?irwSRk5JUJKH10kfhjoHu z3huMR)hhT^37kz>xxWMZe=b!Bg)2EKISj5wnt+{e(m|>EiWF0`?l>px$J9E33%{eW z{R-1pNm>?$^BDlsxAw`em)hzrsKd_$7w$v*L(3u({Wo&(qgq?tG-+ile+Tqq>IRJpbyX5iJNcT(do_+bcp?r~6KGlH@)en{wt(G5Ke6Js-BgWS(^f!gs%sPvCecb(3 z2%kxK&*7yT2rK?S>n*8l*7~cI|0S))#OtssJWnN)4s3S9XR9nfpS}6hP+Sw&UwF!{0$R)0V(u1Z*Som167ye! zI)q;evK`|~I7@m}pFh9H*vWX%yID7m>O^K*F%QDop*l4 z3|rY*!>)c_C%m3rOXTY3Ql85{=|8SG~zH4psE5Ik%x#3mlEh<^T_Io@ver=OqvE(&_ zeudnF{hRuib@IC9e=e6qUN6g=Ezy{!buE;yecU$gx_yE*&?geDstT@3DzW*>HAn7$ z-KwpuSMYR>SH^T2zz*ltc6l`xuKQc3qkAb0XUGFn(9f@CpXiFK=T$f(ustS= zelB%w3p{I(*wr~}4)=m~f%osgc{l&Z{W598W&^%kn?DzIxF)~WfoBs|$O(48hD-VN z?FH%tRXb_iTc2OF$seR1aD&+fX0Tl#!nLVYX5b(Y{`c_Uo$gVt$*>7b^S zPHpI8a2^CwNz8bE*0lOLw+HJAo-u=1>MOD8vNRXWw(OM2Nf@*6rZ5<@s@SVLOJv#k zy5+7oYCI{cuE7pN6Bum+g4}UYhtB>hp5} z*H}ECVp3J;?hoj^6at z7N%hRf(h@S87vls=UBLH7z>~K;w7@Kt2jg8?YmG?ne2rAY1OJT#L~Aya5v7c0rJ_5 z@6va|zFi@A7ULeE5v&?`-v?J!*EDxWIMa9ak11~1X65b-d9?@fr+V+&BulC9Rrd9B^KiDI2_f0n7XyT*z@1_6DLf7;0GfOdFzOQ~|cm3L#h3g)` zwd}Z>@O&-XtWn7srF`AzF7_^&c*07juyB>Mhh5n})A{qtW##yH;s0OS=9-sf+ke08 z|E!g*HY!5$lIo-a9Phw^|8u447cs?jp!|?+g=i#^j$3@bIT!O#3aQq0z6*#WKaSh^Jhrc)AxCzHCIBvsn z2adaN`~=6(a6E29PhwU1&*q4RD+{B95vvm2}dnBYQs?nj=FHX3r9UTTEpQ3M;kcW!qE&e*OPpuT!43Mv>@T>E5Kc{Jc;B&cpVro_-?dA3cmTlpWr*x4k`FvwL{7V zc#A_U3z?>33Y);K17G{Ww?XER;qVTN940*l?*l`8DN2K~mbY=7`) z#ts2DV74E)1^kA{jU;^cWEaCLcCp;WxDQ|R36M@zJ|b^o^%E?WS$9PahIb-zMJV}NmYE` zS97GCc^$wFoiq^Ku5E^b`(txIa3^F<2lrUyTyO_;4F`8g@d$7mc8mts(HY&L%ssnf zIrv}tu2Qq4{#)b0Z8BktYO1+!?FZL?8GLmZa+Js^>9~J1`0Hzz)$u3GUA3--3Gz zzD0@p=d@bV(79K&-q5~xz<*=%eQ>{<{8VcyV^8y7sd>oQrh!Jlc1JtKg~ip3x-yQMGOToUW%dRY8NYKJ z$WpE1| z?s-aD$oRg{Ml5AhEwgUF+EhN&JI81$CwrfQls_A*P*Z)l#iT7Hti2X6UMlJ7#=-2o zw7pzAv<$fUGvHZe*1qj!0`Dl_WcXxNpxxz5Yd@r$jL4~-XkYLT2hFLCSE+rO{q1G< zkl7I89SUa$pg)&sMnlNutaxpQ(P-xynr=+-+em9kA17R+5r*n}LO%!Xcoou*oO%cJ zy<#7OdoQD)xyhL8SJoUNk8k-dbDKiQy^P-Aj-E0a+!p&kgYY5;7K4jzk;`f?SKhfT z%`7H)ZTsB31+}3ll{Ng5>U|l%P&vpr1T8hl$R4%dyhRe*e+`=DzCLOWGM2YE1MZCM z3*c@`|Iw_h;TKnnNp-%yX+jM{PirAzTMU9)idM02BtSZI{YtoDYURP5>sQ4s-Z;{t zp_@NglA!yu{^`&9sz2+c{xZ%&6G8e|J!Ie*Ib`(T0d-684gVQ3&N;_fcz)J5us=X6 zu==U2;kRkQzqqLTZq|Ql$@qTwTF};tlEuoNBe!bX+&xFuly2^)SS~s8_^itOA9!5FzK<6CGSvHlsTV9h)S+fGP>jQAE8%(}!2=H5o+kHE(=j*-IT8PO{g z^SDJk;Y+!yl7D=4k6T92f?6J`;x@cK_`TM>5B~1|4_)s9-&B?LfA5o=T-v4=dI1Ur zS{g3Jaw#nWQZ%7Op%fJ;0%OHQf(jG`sRCos)CQHYph#6v)D(gWR1^s+ST(f)!B$7d za??7dLwH8UdSR%e%-}QcZ>_9(9^e1_e?NRazwcgauYEcD?6c24CnZ_(iNR*1H8b7V z{^+f?bmP%ymqVxJOo0Av&3#Z>18qjSifu+(19js!ho7_2O7a3~=(JCOs+V@zvW)ro zHg-GR*9`ea$E#Q+xSzUlLH+kO@@t9kuS!kaV4!c`EHcu!w->`dF0u4~(z6oF;hB|K zY%FcPlhgQr{d~u%P_!Zy8&ig!L#YCNBVsOp@B;L!C-x*(D7vC66y1X=6y1X=6rKGF zMPpT==ss1B8it$864{i!$7+^FZCTrw6P zUXoM~|3bqh=)Fmr?%wiHQYmKFaC3u^#<0OiW3`=o6~Hdy7p#PIMbr9rBI$y*c-h&6 z2ChF&|F5N;Nwrv||C+SH(lhsQa})fRlbVb)&U6h9OQur!$&?5tNk)&<%l z<>@K3K4@xz_WM13Qx@pBqM`ft4@`0EbVa-Mn_YIq(A-#{)7_zik9~pWY%WMyf_Tz> z`|T+mJbFtc=C0=PDYSafZ&t@2nT!@+PAh?aoOXT6N`2Cn*(trOl-tQ?r_(sH=@%76 z%?&Btd|cgpT-|(JnZ`kf-b%?d#vgeX+MBii-EXDPn!GOVf<`MUVir)$yKldhazS&f zG#aOC|DHCiSEli+J#VG-G8`!x+3SKfe0~v>eskMx>5X3HnP%*Dz%zIAb-kQ8%h#vW z>X+s%?^Ubk?6ae{_7B(ga$6R^YBYADZwn1h!_EgELY;?8jK*%Pb-$<{?(Jo)4+nc) zHeRS{h0@A!nOBA$K8hYb3SFldU8fjbPrmmXC`IZzts(o>!HRyV1x6Zk8_w_WRGWTg z$PLgZa&JvtY07EZkeUVmLW3PjyNmIyud)Z}$=(Py zha){4S%sJz)2le9iesucw~BM~_1g-cHs$LVM^3Qi>&vbnJy!UMAz!Z>?@7^jw5#>I4vavWM!TBpso`VvaiotUeTWRF`8d+Ykv@*B=g0<~R;}%<0UoOW z`?sUTAsJ2VY5E_}wHZP71f}fU&5JXd+0*<#o`*8R>a=^0>a=^0>a=^0>a=^0>a=^0>a=^0>a=^0>a=^0>a=^0 z>a=^0>a=^0^3ippeob|A4c%NrH<#_^db+u6H<#_^vfW&^Tc_`)??Kt0^vh63Z{0NJ z!DYQ|{7hssU6bWSn!ckx9iE@`ENDw_JLlSwdkJa!mim0oErL$(Q=t8O{|kL`OxJ`1 zeTq%jt_k+phMM1lp2V-FY|{rIg_e9=svhumEQm-O|R=<294wLkiN-zwA5XZJ#BR#%y5 zrd65fy7rjp8u6Iu8mUI>$NJVlf6{%d^;|;(YOrTEnCPrEnCP4~nCLtY84P1Xc*I&=|Z%3Vu-ZeU%3+(KUR%8ZDbY16}_OzZ;0pu<;^Q%rnt?m}g3wMQe4|_Py|Yco6q-?5I!o$ukAtPCR@J`_0hTSWv;bc zniodQf8X5>t!_P)=`kEUdQM%?_O5?gr?oT%Ez-Pl>aR58f4G?F9_rK!kq(;ZUf(R9 zfw$u+1MBUOeg)R@rK9^f^%wDtCSi_g=a>!?JwZ72D{o9u9VU8?aO%qt)5$SWj_Kx@ zZqCiY4EeMl)!Er^CGJ@n%4u~k|F)mTx)#qt-}bw}nq#`Fxg@2)KT+(1Ra}IZ02>|ykhbvhGMe^D|~=w zbt(Hx&9p+6BDXqumMN=bLDowB>%F%^X*5>qH*C2+g~ntBJaw~HXU)P`t;@o`2)Wa( zH!bsJO}GA``N=Fd?&i-UeP8pdSr;$|-bDPRdG8@|?w-%GR`LkbQ?rI=$t&ht1~_pA zr9ivxrkQYQ`1L7H{lwBnlT)YXXs5nuaf+fR(-m2@mKh(6LF6mVxMs~XLn_U&IkR|i z3H)1cf2bFo*_{IxXqJawV~+_nY`y)>0h;y7e($p91J)0rQ*LjEZd&}=fGV!1+Dx;k z+D!Au!}Zs&e+ka1(YVC)?cSaNYq1;o*MRBV+v(iHT6pjlT~9jYd2#wDcLc z(zN@@0Rz{X;;~Ol*GD$xBE5Roh=H}1yP6A;e)nmlO_%!38R+A->bb2Arr?}@sT)j_ zUtWR8aQXcMH>34mRio*f0M<9tBGk4Y^ZChv`%M>*ZXLKE&n(Xmw3(Ndy_dM(WcqN& zz&!oe>#*Wkt$3rd!8$wdqk#=(+MjR3n5U=)GwsZ`nRw5J>-y(`+j%wy%=By(;91uM z?LR08Ef~~n?x>$NC~T(h#ou7)s9!SZyotWcza9SCK^^R00ROf@m)PHlQZEnMY#ncZ z13K`YHwQ)G`AP5Q`fd0{uJ;nptM+HU7<683-h6pbjye8_DSMmsrd`R|1?H*snb7-R z9h{wK-bwo$bLem$JZ~Nx2TeTefZo?{W_F{st-Lb38#QBBqtTPaWivgY&>q#KbbcDu zEwn$+*XVh~2G4M_ZlPn>E%m#<$WFI>^+Zp0mWAezZi&Uv?mE+OX!f|I!8C`Lu&x-~pwXJ&%h0*v@xj%WE9UQk(mkl!LQj`9?5SZ-4SPPb{$+5l zTp#;=?Dw(1-onpK7HYA9a~n9ffpfQW?sm=%aBhHe1Ds2H?_zrs`}h6Cm_1?kgxS;1o_6-Mv!{bS9qj2~PbYgi+0)6MD0`ypiL$4gJ>Bf-W={{# zsN>e3U+OdLGM{DLN;9X&LVF3DmCk!Qd$O!Fl37+7$t)|4q#f(S8^i243wKz%kUlgl z(-42;%VGH(na`2=9C;pdAZd6JVrbt!ziH_3S$uwHX*X~1Af4B^ba*Z1{L10QC_70n z=CZ{odjR*-xE*v?opcYLVbR-#hEgld=SIYTKD^O<%~M|tFSk-}7w}cnXntVB_wc{; z*iX<*dYg2}+_9p(?*&|0DXP*+XSvc!_YM#D-@|?I zaR1#}{E@fwW@&$1^Fbc1?Z@--bb7y9Wo>`dJfg~a^w|`s?dT_lDl6}NthDpl&b_VX zI%~N88czGT{(6+%G@_o%)?0n=KdskW9|@6uyk|T7R8KwEvS%<*As+THhF5#~~1E*0id?Rj8JO@S%?$lW6gOk3`~ z_lop5T4~ps%7(NLSZi9&Is&@VbUgh0$V*nwQ+PvY>N>b{WLDe(cBgF9?A&&0|?5SZ-4SReX@8kFj+It5ZO<09i&^W)j zyS9MdK0Q(}EAHgrj|R?)JHB9Z!2-1Pt;rqt{N2wLtkioQeyv~$JQ@56LW*)4s4(9s9M9)gEPkFnP|qkEp^!QxGkwm>FxLN6|S*vOG?v{v9)pc zPCJ`W8}|~lK928be023ZJ}dS3Bd?6Ln`x(E<4;2xc+R^m6?o@kH`D&1A&&M2EA{Hz zkB-G0*wY5>jZ&A)RkQmPUNT>rmsNOPz4!2>!T{?0NiQ(3o^wxO6Vf}(aeRM?v-EEA z6~wk;i?g&nd>FZVK4>p2Fw@?Ec1m9sPQ<ji zedgZ36*?`4OD+~}vle8XQ%+0&moF6t<7lrE#3)r*3e3M&Cl)y^u08t-3yfc4x7o|m zfW2089KDU~W%;yZY*B&vpNJ_iPhLa%H%=FD`V^qUroD zt3B?|Q(r7<=d%0bnx?-})XZtB`F*69=6Vc=;=Y@6rif;Hg!LTj-&ilO{)6>jtZE!Z znpoq0^0;pHcca~fhA4YF zc|N4`Gd`7Fb0s}*mJI0ONIjm8T92pr%N%cGPkKD9kXiAxTd=do&N2D%G?((@>C6_z z(|xcgo}Sr@;_11*D4yQc6vflKnxc4m#xIJer~aaNdd4q`r|12mczRb;6i@GJisI?1 zzc~KWy;&1V<2&jnPAHG(PY2?|mbnv(;^|#bMSSD1-@{Kk`HJ}bTK|NK_>xx_8Y<%H zw+brb=@VE_JbltyB}$*DR>$)*Q9L~p6=1EyXN3kT>o%0&DZp)@vKtJa?ma(Y8=eAw zoY2UhO6)dJTa5;KQphnh5B&Fp-CSxnm)gyxIt}&fTJU)d{pxT{JiQ0*G)&l0I`O=^ zxAdHn7!v!=j@#m zX}`S}rRXd;jbkvk^A-J?Za)8RZoA>!o^L1SEBZy-may<`a!nYN9cxl&+&VTt^d)RBEDeG(0}^D)TC*aoh(~5B>VFFTQc?y9vJd*?80F zi{DpB+Nb`Cs|w7wyfg-SU%%q3>f_tWe^I{p$W==af9WyGUA8tayFvWFT=h8o^ee&J zz+NjILqNkJCP+KQXk&)938%@iS^Y z=^Z>9J9#!nxvem_66IFHTxXc;40D~+wL7zJE?$7SbVqT4-cf&7@kE{GaF9z)#NS%r zy%3iQa;YGf>c+WPXy}PQeeI^=p7W`ifwmddjPoTH-26u`F5_;&NbM%hWrHD$>%4~eKtRVcJf*J=>c1=DdKjE zx!qE3w=~vD0-g8r1iDj~C(!RP7jt|C$5(Q^hvTdCu;pEchf7uIUnYO+sN%9!T((FL z&Nn-&^!2G}&T1}O!)1L^wkhQrr;p3x%{h*Gf82rTi=0*5Vg+h`Y;q;52UfPGG@`t8$#dXYjbjta-Me84*vRS9!@Z7BD;debZb8VY-+GAWYW;9=%QqQAQ zpFr>7>v^o|6X-pBJ&#pA#;O!C{JDwZXH1T7;P?i_htnE3zJcQ#IKF}7oB8e5_Jpgm z)|YHgn8}*C^u>}u0zI<_P{V6T=dFEO409d=T+pAx-f? zj&DxbvF`hla030MP&k2pFScDgwC0Bs=vQLH36I_Mv?-i0{LNyd9d9nx!wL6bRSzeu zf2?Y34g>2A5NHvRUNh6xCnj^E4ALF(XKn3a2~TUDCw&j?&(7F!C7eUqDCb5wx0}=5lBOf-=E!gY{a$T2fqtj92V;0+dJo6+B+SS7 z^dua<=V`r%+v?%7a5-UV+4)l4M!Vu5zfYjg!bVNCu_xU|PoU{G+JA-<=+|zuZ1mZL zopWpWbHIEX-Rbgebf?R=(LFBTM)$jX8{OmbZFG;zx6wT=-$wViFnYer*bH55EaI|7 zT(*eI7IE1kE?dN9i@0nNmu=@##Wwofp_Kbjj`XG86`ZcL(Y2p%qcyYA=C>@kwvy|w z#X1zJ<`Rkf& zpUvBS-Ddrx9HX(xM!%SQSAPhh+W2S@-FM$WTW5I zrF7D?W*e<(VZ=M9g*iUV@nMc{w$WPGY@@ZVonzWLrrky>WIIQ;b0pQdZd!+puKG?s zx+wdjd@iCq+EE_)D35s*wb?VfZ8RoPK2uR1|0tiYsEs}isl-mt(L0Lq-`h9J<9}Jv z_(w6?k4^5j(YSTnXxzGOG;TdMdT)Q3XT@b3y`R?;$>Y?!2dtmIAGP6c4xt)!Y3`1J zwnR#&C(>U`WhK(CZ@*=u7awwDcqBuyv=)H2uc)-}KV(bo1x3 zS*Bixzk$C1b?!IOyZ1))FhkiBZ=CUuviw9^<%-ag=v|s7CG^Gu+x&IHE=a{d#Pp zfqsp(BJsoelTfOsCXud%ibVRw*qTI&sY#@mnnb!Tsu5`|ujWV}M^Ep;= zcz*mzcWZk#4l2(y)6w<9J9GShSPRXT8VjBG8VjBG8Vj9wANzgm_p#r{{%ZDDv%i}C z)$9+jzgC|=;Bt9Ak46KJz;^D{cJ4!fO9i-8fJ-%TsV4R}vA>D^LG}mPA7p=!{hjRZ zWPd07JK5jO{%-bnv%j1DQT9jKA7y`({T=M@V1EbuJJ{dA{s#6pu)l%*&FpVxe>3}= z*&k+qnEhe)huNQRrBOX^oj>5a8v;BUO*|Sw9*rQ6M!uECJl{%Vo^Pcw&*D;9?9XC< z7W><|m3D5Wom*+=R(cuga7}H-ncaM2tvNX8Iq0)*zJ8+{e{1)r8;iNNVy>;2Yb)m3 zniJ{GMmVwkQ8g=^c=XvMDBaz{iM0MVC-Ul)NN+saIi{Us+7n0NF4@kJ?Ht(wf69oC zM0z9Fkx1|2IudDB>`bKfDw=rPjt?xIiL}q@=J;-o?@pw5gWZWclGB{s9N)v^bD76S zPoml0ofx)UKf4>Pn@8wLG|z2GbbX~K(KVIDF`n31aju7t(Zk2+;bXLOd_Kn)aeNU+ z7PG&U{pGQ?xSn#(?dE#Axt?yWry_~Qq#}uqv?7V#zE&jB+t-RDdjDCGM8{jnb$YnY zDz394DQroeTaiR>ZmW}MCRB0#>AZidPNMT(okZuoI*HDE4YyLmt<-QUHQY)Kw^GBc z)Nq|OsPp3yKCaWp_4v3RAJQVEl zx%FJLjwh`5%?*4++xdtBd_)26e-rzI>~Cg&bL_bI4M3P%4|D6`Bs$CCBz~jIEryfm zZE%>|ZRdJAxSmd~CyYMypC3ja%p*Fv&M3!pb4-uKG^H$?-^00=xvk6G)@5$%GPiP> zTe-}wT;@72bDj8GGn8G4_krK`)01ib>&Z0F^<B%%>ZOJravyy4P*^_C$ z=H)Y|WnOaIFtfO%93xnL}Aon)N{S0zH zgWS&`_cO?S2y!2S3H0lv-CU}hOLcRp?u2iX>4|_>#e~v%_bd!29G>ijo+5W@AO#TeLlSjaf|Hbg! zqz3$JTruDO( zXHEytoKBuOVXXf*yPFef-gffLX-=fM(VR$gqdAf0YCG4~&XG~Bp_^;y;TrU0D%-3oFxr!ZzZ@S6O*bxs_BHyTS;iMp&rBoLJPT@6wZ_q&RJ9RleBX@m%5_QV zRd@_)zj5a6N$Mbb4#AV8!p85R$Ba3PF*3$ci_tf|4?LCn4e)sM+n{&qbZ?~#Xb!xFgr(-#dQdZTe)3HQ!I*(C34KY7*Ob^F6OcYsaqR43`iYYhIxxUdv z=eoi~XL-KqN%Xni)E8y9a{P9V_j7yzxvA>3iAUHp62}rTO`ujdvWFvo;Yj=q6lzmu zngdod_0wji)>F)VFb?_VnYX7ZH~gvizZ#VLsQCueR&TC=K4Ja_+F+h_N0QoVeipjj zd=~0A@4wTi0%kfpub8`$ZZiJ>ecep+A!z>lofsMOC1|txzo8+saS2A)Y=s^(CqmoJ zsnAc&eV`rYEa+)-F0|7;0va(FK%?df&~MDwK)cOTpg)?YLwn4#p}&|{K`)!1geuE6 zsBYN-wOS4=!T&P1G$Wm2c^{f?`2gD2a%4%W%CyjkWm%5FlWqADI@}V4=39m>O;Tel z)zDd%iI^u97COK4E$=MF$e>gz-hxxvCd+BWyl&}&1}!~H4Jy$}W7x||xqYn(%TT}d zdT6$FBh+pULWf(whUQ!GA3M}Y#G@^1VO6Rs;8I1_s;VS4!MY7vZ0&$Lte2pr*7W5` zYMON%wA?xydZTqMw8FXvI^TL6T4_~x;Yzd)gLVW?cnsw>|;=)OrBgVg1vpROO7L zQJu;O5XLkFb8m+QnrraN3kYHDt2pu});2&bokg3F|u6jjWBVhoGtI`CfDs z_okArXZ?(|3u;imrc(V{+DxnuacLB@mUTVr1=gQfe`VFuDJG6Jk+m0V2I~OU9M&PM zd92G>SF+yAx|VevYc1}sqA87K96vlG59vHk=Vz?K>M@ejV=~I%FW_`h#$u$$ae6|=!>FM+<2iUHv&WIK z4{0Z-OEW%1dMc-Vri=~H*E539V8(gq z+Zp|Sj};)J02<1;9vaSA1U;7V0JJ@0FZ9!lW6+L_i_p^<>GxyJ&p3L2s``rCjbwa@ zbQhvYxythcbbSr@Y| zVSS2q8|(9|`&kb{t?F$~AL4X#Z(12by=i3#_okKMSZ}(UxA&$y{-?eB)nHf9dk}hl zg5yv3z8Sqe!|Bf6cKE;IbfkA4(p{X6_8x`wIZl7myAU;W_nrXHckKDG_hh6maJr}W z6r_LR^e??#sQD77FZaF<{$Dw*`jn#vz0WMDwa-mZTc4Yeo7jhrC8duG>0X>p@3R=W zefunhCzCx{eeOnj0MeN4tmD`}fzuONovc$?r?a|Qm$0s7UB_C>x}J3d>o(TsSsPh* zvF>Kg>r3s9W1YpinDt)P7SsPGjSTC^t#HwZToMG+7n!%dGIs}Su zBg?F=F{&|{tD!}izlTo9T!+z^$hpOtUZf{;+L2j@+|ta4F?v(s!TmaO19GQxx;%4J z4er{RTaY`8Jr$YHB6lvQ=Vvw|w=(k;s4Md|#JJh-$qXW9F{kg$JcQh;%=e%xGFuU| zlKs`0A0g&mPOr)Q47oL#r{P)09&hH?NY`@Oml;KRJ*OYdJdeow%B zgOJ|O>0stiqz@vEU47=rbw<^Ual_s|a}4|~923qgMEVHQsp>P<6RhW0&$E8VdV%#4 ztJaU=d$DG+PGr3WYE^6d(LLfgdusbrSTnN7lfycfbph)wtZvrDtV>u|vfj(O zju0QISifTJVm-%tp0(Ei>gRIS;{z!@axiHD z>p0eltdm)ttW#rYJ4H@qoz6O!bph)wtczKfur6o4mvt@c$E=Hoa35G#verU#@HHSf^^I`OKFYsBz57~>j{U?h^rkn6 zh3W(5Bo%*v>=HGEIRoFWPxc&jJM(7sCUcQ$XD(A(kn&fl4Cei6Dzi@21s(A3MgQ;v zJL)-bDp;l}d@k`X5TmfCseCK!|B%X)eL#JC@(4)%KhE(D!7hnA z`x{a`*#}hWsdFG5$9a&BOVeWQ5vhJ7I2(Q<^^15wO*~}+%hW1g8v8c|bC?ZGDwhkJ z$`Pp?k;)ALshpGj4M8Hsmw>ZzoJ5Kz9#A)&nhH|<9QJPtxjR|r>p*Ic zNbx?fOr1L6m;3nQ>7sFdk*_I1zjMuw}|u2r#+m1>Vy~MbY&>LpUWcD6AOL5eE@>HHEYj!5G)RqQ!TT$doldq8S$vE;9k ze6QsDIRDg%^-Pyn-Vqau# z3YyHZdeWF!w?OK*UF;!}Unq8|aE@>hNbL}*KSa9DJ(9mz{Hw%XFZLF({a~AVHnp-gC z$NBG{SkL*(eOs8Df&uoQI5oV$TtK5lC@Fs-H;n#UuHP#lK4II*{Ut6i?*& zCH79qCsIC<@&h2vr(NO?fjpl;9w+gKL7q=yM?i`@3sM}B>OChk#>f0b8pk0Ze)=VG4)x!-JK z{QxOG3es_2WIxVxf*c1(^`>=v>hxz^qysYDTeZqh+0=B6E2cuw_T65Bv92=KXuuR=@a*^0+ zDO4Wo6-f8bEo^TJ9tT_1zfN?Ct@VnvV`5@I3(|2pgj2yX^?+}&a6L%pW0&xV@SM zUh%I7so#FF8#({%iCyA9BJ5(~`3|J|&WZmbb5l@DkNNSndt6_R*h9p2iak|qx7drt zUN3AE|1Pmx#BK#?ypD+foY0sN^P50A4t$jZu8Zo^L&Pp&`{C15#a_hrmeY&Hu4Og^ z{U9CJPR?&U9TK}0q;`orEC)|_fiz#wvin zEF;e3h@A^ky$-RRAk{mEiSPZ8sU%6rzitPl;)DI_0n0Q_nzZ;}-i-caVO-*^TPV7eEPLRgo z07&(>h`&|*pNqds{Abz5eop)sg+_dTH1`waeu`ZpTqLX$HVStNTS4l_S+R{-vHEg_ z4q=JVC0r!*fYh#6>^h+zF&oSbUi2tnEYCx<#qc9G<%Chi_T(R@mUh;)Q>=L0% z=oT&#dWCgDzi_9pRTvST1!@1H21-9bva`j`726?piP(!kntvW9jvu7stpn+N_=P)# zt->%!;}sG6tS~D6^WasMd%sYFq(8!3p+i^#Qa=}oy$bxD_VO2AvFn5(kowgs_Hpnk z%OhW$6+22c`fJRNwWot*=Zb9?yF~0#v8NL)Pk*sU{2uYwfqY$pbY1NfyA`ByISX=o zIWcB~)W2M@ogl@Ph+Qgli=SS+Qu#WePv{4!y+)AA?-YMP7~=fpK4P1?|IHSV;#wuY z3*`H~__e{Ye4{W&m@9M&ON4IWB4MqtPPkLpDm*JR=EmB|6_yAW3G0MAg{{J~LZe;E z3rmEHgmuE5!dBr~p>c?m7nTU!!bL(a*k60+O(Kn3t*}nGQ`jmzE7XR@;*G)_VXn|A zEDZq{)t?W`soGR)Yi9%v`_O3L+n5E7LoiBAwDd?@!)+0 zNaYs^>x6#J-xMTLxt-zH1CO2K1bLh z)W*jA*IqYJ(4ttqRhZ`loMHpfKFNeFt)(T_gb&&37Ibu77ZegvkQP?63gS3u! zi5(SNFN*o?V41q@j00>_rSFuoJ@<@@?T6p-h#g}4*gIji?>ZAlE89tQ9s210dDcB6gQh zn;fe*M`#Brt`uxl_n&crZEEkk9`Uz;)Q>Kqc6H3o2HTW+FGp;ruoR^F++uq`nwMUX z#{_vXARVV){2^gPsGPC(vV{(zOXwB)K(0sZkT4=d zCLc$(&>?gQJs_3$itQH$#2*qnB2*<(pU@$63B5ue$o&#Kz;;70Bz8ooN@MluAU_X? z?GUtsHFbRWnO+bMJly@kHuctfPO;s>TA>f5@oE%108)J+kj5#@`Kx>pvDM6& zKU-)AY5Y9G5crV#_Pq#50v%=>Vf32`l80LJ;OR=>ZV&${J z9qQ%xbHsKE-C&u@JLw0h-H9`!=4mH1}6r|(!h~LLH<^f2@9bmh{7ZN)n zjEY~)l5r3^gf5|1=obb+y1qkVM?l(V+h@nd!zTIeP^h^d40{w`Z=htLhu z@p{Fs727X%0HpB_iN8yzRm95aAm!(X?G%=RG+u78Js`#T#SRI>;*W^k#rFFr)ZAG8 z8p!o9u|F3EK&meS@;nj0b`!fgzP2D%-YsnWUCa)F)bAFtyM);{Q-AVXognqY%eJSr zQS26Bg#9nH=2XV|;{e;#>DE%V@i`7ip;TE>9JgIIW zyF9FcR9c~a|Adcu>O>>wFZZqY1Txqr-4 zCn6xN4_%V47RBrwkmonZ*B#pr_&j3QO1@9*7AF4Qfc^M9PV8(?tUia(3G(MsVtYWU zzn1+|PWr@dWcvYMm^t@Mm)L4CjgR_J18IKQK{|g?qr~-`!5-@%#r;KkPy$`ycSR*~Z^vv5n(m;<~>h7Vi=IgnqD1o%}Ei(&vd0wr$6{ zI3N4DJ1KwWu^f>557Ot14))g_^MEu@h-K>aGqoVa`8of+V=e5*ddK#qV^Pj;2&yGi zZ}IVL=7Yy`K&~I8=Li@3-#zXYe~VCCO6}l1HrS^Ab-Yw;7u(}Ma)VTlm+kvLsukM@ z(zrE>9pe1AJ|g~I|HnsR$&ZMwEsM2dXFlL_fNg4gn-iq^-9j%&n)S9*~ zkov1t5pOuDGjZQx-g45-Tz0aSx#naTr1Pql%Y6hSJ6r4=kgf-Z*iN?bcWh$&g^ldT zbq!Makoa3bI$y*x^}@-B_@iuB_|#pocC&>Jp-bo$`h|@kjcWkpcEsPpHr7+IyTsP+ zrnu$49HCR_7S;-VOgxu@e18*vSnMvbwG~pI&?$5aYlS{0>I2Kvl_x_W-^bX_I~fsM zt(0*G%T(6MY_W6LuJAcQKL5g6p^u6B#cmOH3AKBqpF*dw5v2aKFtLs^^G@chBL4$E zCrIrz3fmrz?9i*pKFgkAsf|2|gE3%042wpx(xhmFDz`;G1De#*bGJsYI! z%)$1P?L@M@Y@cke1!-LTZ1?*(BKfK&7N>zU4mn_%di7)oq<%Xeh|w<$2_r(sgRy*< zP}RlkY@tKw5_*MxVMrJe;=g%wyV=4Vkk$u>*e;=0=of~B5usy!?6_P)FG!#7`h_8( z_He9zJ4n~3{gK!>2bg#t@@T9-Az?(QHb_5(4xvlv75arCVMM6@AmxP)p-bo$`h_83 zM5rE<@2w)2wg(2&@T)LBSQQ){@8gJYEQ~}2dUjskj_tZON_3DnBN1E-z#=hZ2hU2-zW4u zEjCE|3;mgx9T0{gA3q%$>z~jLmZ=M89AdkKUSUWW`A`1y(w;E;1?ivAFANDI zLiM7=30*?3&@T)LBSPhu{t6vJmoOq!jS?qx2wg(2&@T)LBSJjH^SJnhAz}7T>9^1? z3<)DbS3t%^=-L%4=N0;eA)(`?SiVc>75arCVMOS7S>lC$VMyqBMe>D_|Jb`@ezhmY zY@tKw5_*MxVdy{kdt>E7!iZ2cNqs`~s@Ot@&?WQ={lbtiB2@dNywD+Z3B5wUFeHo! z)oW5-=n%SuUZGzY5=Mmh@{ibcA#?~`La)#-3<)DbwO`5$9YUATEA$IP!iZ44A?1Y* zp-bo$`h_83MCdvo^Y1?l#{NH5_QBZa4fv65{{K}jVfI^+|8}fhhtPSL)&o56fOKE? zgS@T?Bf>7p#~=N1z6SF1gV;IEvGPuk{EcFVz`a;6Tf~lt-6ghqHhX$Q z%QoI`iyacG_hRKWkouo3c8=H%v7KUj#clz)|L@1jJ3%V%65B0ytuO+%sf8bRiJcvi zav+xz+YM5^ez6-RKO%OQ*jkJ97o_pY5!)rU7o^XP{2)Gm{*zk3DyYx6#FgWPZSSNOCK zDIR}E3zFXp-mEoz;%EN#lSaNR`kaR^PxYgW3kT}vVX%i_0b<4Vta+IQPebjo^A{0je;kWWG z7lwopq57{_xon|B=n{H`eqltY{wn2!4xvlv75aq{q54M32^~V0&?^iHBSL&tU+lUR zI)pBvSLhdpgb|_oo0J#2gkGUv7!pQ=*u2Nu6*`12p;zb^hJ=ppSUH!_D+~$Mcd>kj z&?^iH)%TJw^a=y`kIJ+ThM5h)sMw|H{yqkzc#qI0)Ca`;c3~8x zb+&Y%#0!1GfG{kK3O$2j@nK<9sAo(4!cvgx4~QKWMumEg#0yJ>9-&Vd5Qaf|pBQD{ za?(DS%5MsKz%sS$q>qXBiQ+HKjpYY~QK4?9`1eoPnWs*KL4FPudWOXEeaurQ0wBFV zB+};sr9)%!K4BPa)$sp%#P$rMxI-ty_}v6*N6(AJ+rct*^%ovtK&X!(|MV|BAe}d# zu=EP@ukuBiIIsC+gCi-fAy_K(F!A}%s91Ts(8t8*IHP0j`-B0Io|ipiV*aquH&)~K z(DuR@!@}s5vHsb|$LM2T{Y6+MsJ5WBt;vmi~b>FFa!V*v4^+ ztzQ$13kbu)Qb)}10ja!C?65E@e%%?1D;0V`o`+(G*3jr) zVWGWL$_b-FeX5ib283Z@RH$DYi?b@TDqp9Rrj)t~Y6jy_GT zV6Pi`J<@Aqucv#R?DcamLuyj$^whgjy{TWPew+Gpsxd7&ZByE=v{Pw))2~inoxU~w zrSy-|Pp1DR{rhy4@npuyjK62p^-1XaKwnd4apuCzZ!-U#Ii=r2{XXhH20uOc@Ziq|e=+#y!9#OPa&OPwko!{Z@!TJB zZT2ztY4%&}ciT7E{q`pNaeKF24apgD>yXEX>>d&t^2Lw~LlTA#9y)jEeM1ipJvDUd zunCZvOH7AM*c|-+Sbs zkynhY8@XrX*^xhv{CVW%kwZq!8FkC3HKR6X@6x+%aa=m@Q*o9J6=K@i8aH#1-TgOfFbmu%qB$L32TC!HELHSnJqHW1VB? zjGaGr)!0YIzA*NUv0se+ud$cLS_^Xv^9qX!XBTcP3>LN)o+ykK4lT+rsw%ptXid?^ zqN7D07yYTI_qeQagU5{=H*egEanFq#bY;Pnx7@s%(hVhS$Zy4V= ze*gHl#y5{|pYW#%2@_XNJTS3i;?b*2lfskEO}eW1nd0W+FN+6Her@u5UQHZ^&wYwCAX2V8gPy8pUv;Ix~k zJvnXvw6~^JPQQ2hGt=LkKD2CJ+19c@m5rP+Z$@aw@flyw=$VmOKD>N<`5ooYl)qO# zappZUU!M8N%>LIuaQ&|9f4qLu4SR1Gd1J+m_uqK<#;zN4W=)>uoAt)5hi0eESw82v zIY;OGW6tXpj=2qUFV0ks^IvX`uY94h zr}Bea+Hd*qThbQJSm;@}Y2ns|Jqxv4vu@41_32yp-}>IIf4Q}vtJ3wE>k)SkzVt%F zx1<_yRqME-&A6Iv_?N0uRGR9gGLY({daM4bpUQ^jsDWxQ{^cq={tdyup=ucZ<*DIn z1T-Hy68}cw-)Q_BuO{K&Wc<5YIn_0)1bUq+Rprp@)eYEx-l*o_-&|FJHD*5kgyLps zrCNYL9{3$TsJ&U;4(krJP~C}->6a*%TB_V?nYv9?DUVu?h`SJRHzHObXC-p(foBy` z)zEv@T6LfLy;`mAR}ZKM@vlyK)x-F!ppD9>o>uGCR#?xe4eELInDWEhs2*3ZsLkqi zeA7;|dJ2zhTh&L1_*89IpQ#tspAhxAdI?+bm$6-bMV(W-)nC;f^*8Lue!z>Z9`&mF zhuWupQLo|uc)qUwt@bOU_6B~F;(#)1L1obnDy#OUvT1MOn_v&AWbLrJM*C1Xv}4Mt zwW({hkJSwAk7}m&sk%Y?lbWUdQ_a?N?Iz8t&C_h!0xePdotC8CtR-ue+HCC>twLLf z)U8Olkh%>i4^oRYw{|-g?!e62J$PE3{xI~d`$&JAP7IT$bTH{_vq^{SB^||{hWjZ! zeJ*M6nLj|ksdyavyX(nw;RaIgga4bW-O&Kg^-HM5yaQXI&v8AcUU>oO$v08txA*P% zAAdpk6{H_t^9D2{NHM>JNu#XsQz`!8TGFY{QOzH}O05rE(G30J9`X-cMf%+|@_g_T z>B$#JKYf_|f7{gpy>KI?|G|BZ^)P)X)i$479Pt6AZ&>{yGB9}8H~?v;BIp}8A-L4T_616?$PdNuUA0Z2c}Y5UL|qywBb?H-2o#NX3c z#q`}L$NV3jkL>@O``gG^I+pus#s3*I=Y8_r7W!ZR|JPGDlX7D%_D;JJ?apL1DN28G zfN~3e)3;cQtGQ+`*X&(ijL62N*Fn>&XF}iM^ZqQ)QtLf);OT6o5qPzVYFpp90G^bU zw?bQ=TMm8jWy)=ShjL$db|pLqg5-HHcpuXLe{J2cx(2zg?5>5rzx5B$*t~MKP}z@< z&}i4Q#(MSJ{>0M1-nj)a4^(W0nvT8zjUB~9hv|$Ao<;q6`)$&b2kGjFl{(Ew_t(t< z#O!aS-1__WARV{nb!c=o>Gl`N|NH50B7J-VrRP7>jP!5M-TY@hfakYmpXKq1)$lN< ze_O-D*HJyOnpg44@Y}Ngf9(eN{H7nIvgNEzQz-ps)>wZQ9{dtx&-nt{>Pq_HEKx`5`u z$-$(@IeqxuB$PV4ooe{Y7Sh8zNY}@73!UF-{mFCvl5|9#dLUmjriE8{-^#4@Wj%wJAz?Z2|U+7IUPEXHTR_( zkbdd@-$7$5PyTx@q(|Rpm?tCuOgsf2VbtDm)p z{mVGUn@72OIGy39^!%ZucXFMB$|!AO{c$>_Kbk{&mSa*lee^Dl=X$aaQ~EwX>661r zSF_G#oy3~LkuT&@?%S*zx&939!w>8k!ZB}iEB>hzS$K%FFV~RB=~C8RYsf#BN9NoC zI*&v7{t`PQAzu}8V|ULso)7Qxe0Xc)J@9|9@qzzq?r-lA<6rv&Voa~oO11qpTJ2-$ z*qZ;J`vR@}u~MYpj*urenFE za3B7+C$x(+Vi%dHOwc4{ft?IBU=JAwO~t-a!;Ufm=?p{}u%}Fh_Cda;`a%sV6ZsnU znQ2J(M-+b55o%Ba5T#+?*#~Jmq72w|_JK66qVD2JAscL+9YXwHdGrErfqA)PViyIHc!64eAl>WDV+3 zH4(Z2J6cWs0cyamaWb?X?HJUv*xMSgPb@+1^H762j5ZDGEcUwiMFyxreWRvB|E6ZZ z^DWe%y46gizk?dEgS-LhAE5?yLCr$??@)vK3B5C@pV2P^c9!#?|HKa2pe|#7Y*6vq zEzmyNtxf)3FZqlTeSjFNT-bhx$znx`#;j?k7v$7**&Cuu98#o8*UL%SEH zoKSc0tD(UWQ(2 z*bQ}Hdxi68coph4yav77uphe4Z~*;(0E+$_4nkiryanB5I0XMoP=k8e@D9?iK+!A1 zyU=}x_o1&DTA=S3TA}Y6jzHftdZ};s9!T`=-!Iz+49xV1+NQV3V0b@ z@Vame@N&3i_~nc^+?wz(+}dywZe4g3Zhbffw;{X>Zew^HZc{h|cXfC-+~#l&?z!Pf zxNE|D;kJjTkY@+nGP6FsAMggaWu`NHCEyF;mYI#=gMho>mYMGG)qpp_Ei*mgYXJAc zEi;?L*8=W?3oaTy1b6^$nHdbf5%3ncW#*#rb%3|R#m)ZV>j7_rTV}S0Zv=b^+%hvB zz6owRd^6mA;ah;8f?H;;2;T~LKio3&n(#XSUkSI&90INS%qpM?8h_|tG7 z3V#;v!{N`t{qOMIaK9412ky7S_rm>7_)Bmf3*Qg-C*cQB%1_~znV*Fp0{kT0GV}BB ze*=CBE_hn_tAL+@3n~qN9quo~--P>O_z~d$02j0x{x;x0!v(E|9|QbXxS-hZ_W=Jd zT=4wx4*>rYE~q#BIN+Dzf_fuA2JFBE^+tXII0U!Mlt+FB_$av0@kD+Ocoy6;QxSO@ z@X>HFYe#+oxDqZnOyrk<=fVXii98SY_{gu|o)GyB+!G_egS#m5BHU9Ve}ua@@+Y_} zB7cFqGV(XLt0Mmkw<_{axV4d&ky{;H&}YOcb4&wV&}SqBxCt(3G7T6d<<@x*%4U;I1U#)FtQkKDsn2^%Oj`3-4$5|cPz3T?s()Zxar6WxS7Z*xD%0c z;O>spz|BVL;N~I?aPyHSxRa4)xO*aN;O>o_2X|lOe7IAQDBLR|t#J28+Tp$?vL5c0 zkxsY=A{*fzjC8}jD$)b@>d0oeuZ{G>y(TgU_jQqr;9eWK81CyM+u=J zM&fYa6d8tlT_g$j&5=>K*GE!tZ;0%Idt+oA?pq=mxHm<1!+mQc2lwX4B;2<}_QJg- zG6nbTk^OLQja&)$y^(`(zZAI|?){N#;C?xBE!+nphu}UKc_ZA1BG9+AhswVRH&OmbS(T|R zi$a6BsjL-lZ&^De#LIzMZ@wSe3w>i>&kK(t(Hbd9>Eb{rb zc@FtJW_}O&G4lt&-^Fi-HNgEdV3gaJQpW&r+?ISTNP%q+k^Hb(>g zv8e?7gqaKY33DvqpO|@oe`1aY{4;Yh;GdaO0RP;a3HaycY`{;Mm4KfzRe+y1)qtNi zwSb>7^?;u-jewsuYXLuN)&c&dxd8AlO$*@XOdH_mOb6iS%?7~Fn+pNIV7dUmU^W5% zmFWfiE7J$~*Jc3lugw;~zcE_@|Hf;t^OxdQM4=QV&AItKtR zbglw?g7aFyCpfPIe4_Juz$ZFy0DO}3Ccq~-Zw7p_a|7U$owop93kXRna+cN&vG6He3tVSz-K#O1AMmg4Ztg$ZvkH6JPLTF z^Buq|o$mr(<$NFTD(8oQtDGMJu5z9Le2()|z~?wm0zaQ+Oq!TBrTM(6K<8=ZduUhf=R*#LK5Ws}+9 z91nPdvk-8nb0XkQ=VZVaI;Q}>&{+a_qq7w7M(1?EUCtSRyPPutZ*w{TZ*w*P-tJro zc)QaD_!6fVFm(D14^&xOu-$g z++{9xF0br_J65?7Zn|Ku0-tn7#TFzOt4zJfXrIbTEmL(Vsl z|FH8dz{Ad?fD_Jl04JR90!}*L2b^?%2zbQ#5#SN$3BaSyPXUiQPXZouo&r4PJOg;# zc^2@v^Bmv{a3w)6_MEcVQ+h3q4}8qrW&YcIAH2nJW;(|>Cpf1%XE`-avlDeL#O}

', "$TableDesign
" | Out-String -$title = "Scheduled Task $($task.Name) - $($task.ExpectedRunTime)" -Write-Host $title -switch -wildcard ($task.PostExecution) { - '*psa*' { Send-CIPPAlert -Type 'psa' -Title $title -HTMLContent $HTML } - '*email*' { Send-CIPPAlert -Type 'email' -Title $title -HTMLContent $HTML } - '*webhook*' { - $Webhook = [PSCustomObject]@{ - 'Tenant' = $tenant - 'TaskInfo' = $QueueItem.TaskInfo - 'Results' = $Results - } - Send-CIPPAlert -Type 'webhook' -Title $title -JSONContent $($Webhook | ConvertTo-Json -Depth 20) - } -} - -Write-Host 'ran the command' - -if ($task.Recurrence -le '0' -or $task.Recurrence -eq $null) { - Update-AzDataTableEntity @Table -Entity @{ - PartitionKey = $task.PartitionKey - RowKey = $task.RowKey - Results = "$StoredResults" - TaskState = 'Completed' - } -} -else { - $nextRun = (Get-Date).AddDays($task.Recurrence) - $nextRunUnixTime = [int64]($nextRun - (Get-Date '1/1/1970')).TotalSeconds - Update-AzDataTableEntity @Table -Entity @{ - PartitionKey = $task.PartitionKey - RowKey = $task.RowKey - Results = "$StoredResults" - TaskState = 'Planned' - ScheduledTime = "$nextRunUnixTime" - } -} -Write-LogMessage -API 'Scheduler_UserTasks' -tenant $tenant -message "Successfully executed task: $($task.name)" -sev Info - - } From c4f4732a2382fb6cf906d983a714157a6fbbace3 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Thu, 11 Apr 2024 12:51:55 +0200 Subject: [PATCH 226/243] adds name based options to templates. --- .../Conditional/Invoke-AddCATemplate.ps1 | 22 +++++++++++++++ Modules/CIPPCore/Public/Set-CIPPSignature.ps1 | 27 +++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 Modules/CIPPCore/Public/Set-CIPPSignature.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 index 7fc95e0d7af1..666784adeff7 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 @@ -40,6 +40,28 @@ Function Invoke-AddCATemplate { } if ($excludelocations) { $JSON.conditions.locations.excludeLocations = $excludelocations } + if ($JSON.conditions.users.includeUsers) { + $JSON.conditions.users.includeUsers = @($JSON.conditions.users.includeUsers | ForEach-Object { + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $TenantFilter).displayName + }) + } + + if ($JSON.conditions.users.excludeUsers) { + $JSON.conditions.users.excludeUsers = @($JSON.conditions.users.excludeUsers | ForEach-Object { + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $TenantFilter).displayName + }) + } + + if ($JSON.conditions.users.includeGroups) { + $JSON.conditions.users.includeGroups = @($JSON.conditions.users.includeGroups | ForEach-Object { + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups/$($_)" -tenantid $TenantFilter).displayName + }) + } + if ($JSON.conditions.users.excludeGroups) { + $JSON.conditions.users.excludeGroups = @($JSON.conditions.users.excludeGroups | ForEach-Object { + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups/$($_)" -tenantid $TenantFilter).displayName + }) + } $JSON | Add-Member -NotePropertyName 'LocationInfo' -NotePropertyValue @($IncludeJSON, $ExcludeJSON) diff --git a/Modules/CIPPCore/Public/Set-CIPPSignature.ps1 b/Modules/CIPPCore/Public/Set-CIPPSignature.ps1 new file mode 100644 index 000000000000..5bfa8c174d8c --- /dev/null +++ b/Modules/CIPPCore/Public/Set-CIPPSignature.ps1 @@ -0,0 +1,27 @@ +function Set-CIPPOutOfOffice { + [CmdletBinding()] + param ( + $userid, + $InternalMessage, + $ExternalMessage, + $TenantFilter, + $State, + $APIName = 'Set Outlook Roaming Signature', + $ExecutingUser, + $StartTime, + $EndTime + ) + + try { + $SignatureProfile = @' +[{"name":"Roaming_New_Signature","itemClass":"","id":"","scope":"AdeleV@M365x42953883.OnMicrosoft.com","parentSetting":"","secondaryKey":"","type":"String","timestamp":638296273181532792,"metadata":"","value":"Kelvin","isFirstSync":"true","source":"UserOverride"}] +'@ + $GraphRequest = New-GraphPostRequest -uri 'https://substrate.office.com/ows/beta/outlookcloudsettings/settings/global' -tenantid $TenantFilter -type GET -contentType 'application/json' -verbose -scope 'https://outlook.office.com/.default' + Write-LogMessage -user $ExecutingUser -API $APIName -message "Set Out-of-office for $($userid) to $state" -Sev 'Info' -tenant $TenantFilter + return "Set Out-of-office for $($userid) to $state." + + } catch { + Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not add OOO for $($userid)" -Sev 'Error' -tenant $TenantFilter + return "Could not add out of office message for $($userid). Error: $($_.Exception.Message)" + } +} From 5e044ef19221828267752901ce85ebb713315b26 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Thu, 11 Apr 2024 14:13:28 +0200 Subject: [PATCH 227/243] add ability to replace users & groups in policy. --- .../Tenant/Conditional/Invoke-AddCAPolicy.ps1 | 5 ++- Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 | 31 ++++++++++++++++--- Modules/CIPPCore/Public/Set-CIPPSignature.ps1 | 2 +- 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 index ab6635459e4b..547828a337f4 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCAPolicy.ps1 @@ -16,11 +16,10 @@ Function Invoke-AddCAPolicy { $results = foreach ($Tenant in $tenants) { try { - $CAPolicy = New-CIPPCAPolicy -TenantFilter $tenant -state $request.body.NewState -RawJSON $Request.body.RawJSON -APIName $APIName -ExecutingUser $request.headers.'x-ms-client-principal' + $CAPolicy = New-CIPPCAPolicy -replacePattern $Request.body.replacename -Overwrite $request.body.overwrite -TenantFilter $tenant -state $request.body.NewState -RawJSON $Request.body.RawJSON -APIName $APIName -ExecutingUser $request.headers.'x-ms-client-principal' Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Added Conditional Access Policy $($Displayname)" -Sev 'Info' "Successfully added Conditional Access Policy for $($Tenant)" - } - catch { + } catch { "Failed to add policy for $($Tenant): $($_.Exception.Message)" Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Failed to add Conditional Access Policy $($Displayname). Error: $($_.Exception.Message)" -Sev 'Error' continue diff --git a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 index 1d749a69bf76..38f9a89b4ba0 100644 --- a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 @@ -6,6 +6,7 @@ function New-CIPPCAPolicy { $TenantFilter, $State, $Overwrite, + $ReplacePattern = 'none', $APIName = 'Create CA Policy', $ExecutingUser ) @@ -101,19 +102,41 @@ function New-CIPPCAPolicy { $index = [array]::IndexOf($JSONObj.conditions.locations.excludeLocations, $location) $JSONObj.conditions.locations.excludeLocations[$index] = $lookup.id } - + switch ($ReplacePattern) { + 'none' { + Write-Host 'Replacement pattern for inclusions and exclusions is none' + break + } + 'AllUsers' { + Write-Host 'Replacement pattern for inclusions and exclusions is All users. This policy will now apply to everyone.' + $JSONObj.conditions.users.includeUsers = @('All') + $JSONObj.conditions.users.excludeUsers = @() + $JSONObj.conditions.users.includeGroups = @() + $JSONObj.conditions.users.excludeGroups = @() + } + 'displayName' { + Write-Host 'Replacement pattern for inclusions and exclusions is displayName.' + $users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/users?$select=id,displayName' -tenantid $TenantFilter + $Groups = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName' -tenantid $TenantFilter + $JSONObj.conditions.users.includeUsers = @(($users | Where-Object -Property displayName -In $JSONObj.conditions.users.includeUsers).id) + $JSONObj.conditions.users.excludeUsers = @(($users | Where-Object -Property displayName -In $JSONObj.conditions.users.excludeUsers).id) + $JSONObj.conditions.users.includeGroups = @(($groups | Where-Object -Property displayName -In $JSONObj.conditions.users.includeGroups).id) + $JSONObj.conditions.users.excludeGroups = @(($groups | Where-Object -Property displayName -In $JSONObj.conditions.users.excludeGroups).id) + } + + } $JsonObj.PSObject.Properties.Remove('LocationInfo') $RawJSON = $JSONObj | ConvertTo-Json -Depth 10 Write-Host $RawJSON try { Write-Host 'Checking' - $CheckExististing = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/policies' -tenantid $TenantFilter - if ($displayname -in $CheckExististing.displayName) { + $CheckExististing = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/policies' -tenantid $TenantFilter | Where-Object -Property displayName -EQ $displayname + if ($CheckExististing) { if ($Overwrite -ne $true) { Throw "Conditional Access Policy with Display Name $($Displayname) Already exists" return $false } else { - Write-Host 'overwriting' + Write-Host "overwriting $($CheckExististing.id)" $PatchRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/identity/conditionalAccess/policies/$($CheckExististing.id)" -tenantid $tenantfilter -type PATCH -body $RawJSON Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($Tenant) -message "Updated Conditional Access Policy $($JSONObj.Displayname) to the template standard." -Sev 'Info' return "Updated policy $displayname for $tenantfilter" diff --git a/Modules/CIPPCore/Public/Set-CIPPSignature.ps1 b/Modules/CIPPCore/Public/Set-CIPPSignature.ps1 index 5bfa8c174d8c..fa2de7dc415b 100644 --- a/Modules/CIPPCore/Public/Set-CIPPSignature.ps1 +++ b/Modules/CIPPCore/Public/Set-CIPPSignature.ps1 @@ -16,7 +16,7 @@ function Set-CIPPOutOfOffice { $SignatureProfile = @' [{"name":"Roaming_New_Signature","itemClass":"","id":"","scope":"AdeleV@M365x42953883.OnMicrosoft.com","parentSetting":"","secondaryKey":"","type":"String","timestamp":638296273181532792,"metadata":"","value":"Kelvin","isFirstSync":"true","source":"UserOverride"}] '@ - $GraphRequest = New-GraphPostRequest -uri 'https://substrate.office.com/ows/beta/outlookcloudsettings/settings/global' -tenantid $TenantFilter -type GET -contentType 'application/json' -verbose -scope 'https://outlook.office.com/.default' + $GraphRequest = New-GraphPostRequest -uri 'https://substrate.office.com/ows/beta/outlookcloudsettings/settings/global' -tenantid $TenantFilter -type PATCH -contentType 'application/json' -verbose -scope 'https://outlook.office.com/.default' Write-LogMessage -user $ExecutingUser -API $APIName -message "Set Out-of-office for $($userid) to $state" -Sev 'Info' -tenant $TenantFilter return "Set Out-of-office for $($userid) to $state." From a335fad6d32f364c0b215771fca01b0ca8160047 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Thu, 11 Apr 2024 15:55:00 +0200 Subject: [PATCH 228/243] added if statements --- .../Tenant/Conditional/Invoke-AddCATemplate.ps1 | 4 ++++ Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 | 17 +++++++++-------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 index 666784adeff7..3f4b8d651650 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-AddCATemplate.ps1 @@ -42,23 +42,27 @@ Function Invoke-AddCATemplate { if ($excludelocations) { $JSON.conditions.locations.excludeLocations = $excludelocations } if ($JSON.conditions.users.includeUsers) { $JSON.conditions.users.includeUsers = @($JSON.conditions.users.includeUsers | ForEach-Object { + if ($_ -in 'All', 'None', 'GuestOrExternalUsers') { return $_ } (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $TenantFilter).displayName }) } if ($JSON.conditions.users.excludeUsers) { $JSON.conditions.users.excludeUsers = @($JSON.conditions.users.excludeUsers | ForEach-Object { + if ($_ -in 'All', 'None', 'GuestOrExternalUsers') { return $_ } (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($_)" -tenantid $TenantFilter).displayName }) } if ($JSON.conditions.users.includeGroups) { $JSON.conditions.users.includeGroups = @($JSON.conditions.users.includeGroups | ForEach-Object { + if ($_ -in 'All', 'None', 'GuestOrExternalUsers') { return $_ } (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups/$($_)" -tenantid $TenantFilter).displayName }) } if ($JSON.conditions.users.excludeGroups) { $JSON.conditions.users.excludeGroups = @($JSON.conditions.users.excludeGroups | ForEach-Object { + if ($_ -in 'All', 'None', 'GuestOrExternalUsers') { return $_ } (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/groups/$($_)" -tenantid $TenantFilter).displayName }) } diff --git a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 index 38f9a89b4ba0..78f3173c2aee 100644 --- a/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPCAPolicy.ps1 @@ -109,19 +109,20 @@ function New-CIPPCAPolicy { } 'AllUsers' { Write-Host 'Replacement pattern for inclusions and exclusions is All users. This policy will now apply to everyone.' - $JSONObj.conditions.users.includeUsers = @('All') - $JSONObj.conditions.users.excludeUsers = @() - $JSONObj.conditions.users.includeGroups = @() - $JSONObj.conditions.users.excludeGroups = @() + if ($JSONObj.conditions.users.includeUsers -ne 'All') { $JSONObj.conditions.users.includeUsers = @('All') } + if ($JSONObj.conditions.users.excludeUsers) { $JSONObj.conditions.users.excludeUsers = @() } + if ($JSONObj.conditions.users.includeGroups) { $JSONObj.conditions.users.includeGroups = @() } + if ($JSONObj.conditions.users.excludeGroups) { $JSONObj.conditions.users.excludeGroups = @() } } 'displayName' { Write-Host 'Replacement pattern for inclusions and exclusions is displayName.' $users = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/users?$select=id,displayName' -tenantid $TenantFilter $Groups = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/groups?$select=id,displayName' -tenantid $TenantFilter - $JSONObj.conditions.users.includeUsers = @(($users | Where-Object -Property displayName -In $JSONObj.conditions.users.includeUsers).id) - $JSONObj.conditions.users.excludeUsers = @(($users | Where-Object -Property displayName -In $JSONObj.conditions.users.excludeUsers).id) - $JSONObj.conditions.users.includeGroups = @(($groups | Where-Object -Property displayName -In $JSONObj.conditions.users.includeGroups).id) - $JSONObj.conditions.users.excludeGroups = @(($groups | Where-Object -Property displayName -In $JSONObj.conditions.users.excludeGroups).id) + + if ($JSONObj.conditions.users.includeUsers -notin 'All', 'None', 'GuestOrExternalUsers') { $JSONObj.conditions.users.includeUsers = @(($users | Where-Object -Property displayName -In $JSONObj.conditions.users.includeUsers).id) } + if ($JSONObj.conditions.users.excludeUsers) { $JSONObj.conditions.users.excludeUsers = @(($users | Where-Object -Property displayName -In $JSONObj.conditions.users.excludeUsers).id) } + if ($JSONObj.conditions.users.includeGroups) { $JSONObj.conditions.users.includeGroups = @(($groups | Where-Object -Property displayName -In $JSONObj.conditions.users.includeGroups).id) } + if ($JSONObj.conditions.users.excludeGroups) { $JSONObj.conditions.users.excludeGroups = @(($groups | Where-Object -Property displayName -In $JSONObj.conditions.users.excludeGroups).id) } } } From 3462e3bad4369a9843509cc7c4da6505238ff5ae Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Apr 2024 10:05:59 -0400 Subject: [PATCH 229/243] Update New-CIPPGraphSubscription.ps1 --- Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 b/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 index 0dabb10544ba..c36f9cbe8e06 100644 --- a/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 @@ -104,7 +104,7 @@ function New-CIPPGraphSubscription { $Existing = New-GraphGetRequest -NoAuthCheck $true -uri $Uri -tenantid $env:TenantId -scope 'https://api.partnercenter.microsoft.com/.default' } catch {} if ($Existing.webhookUrl -ne $MatchedWebhook.WebhookNotificationUrl -or $EventCompare) { - if (![string]::IsNullOrEmpty($MatchedWebhook.WebhookNotificationUrl) -or $Existing.WebhookUrl) { + if ($Existing.WebhookUrl) { $Action = 'Updated' $Method = 'PUT' Write-Host 'updating webhook' From 8ecb758fb43258417441fbfc46ef4d4cfc488b12 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Apr 2024 10:14:18 -0400 Subject: [PATCH 230/243] Update New-CIPPGraphSubscription.ps1 --- Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 b/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 index c36f9cbe8e06..e744232e9e60 100644 --- a/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 +++ b/Modules/CIPPCore/Public/New-CIPPGraphSubscription.ps1 @@ -113,10 +113,9 @@ function New-CIPPGraphSubscription { $Method = 'POST' Write-Host 'creating webhook' } - try { - $Uri = 'https://api.partnercenter.microsoft.com/webhooks/v1/registration' - $GraphRequest = New-GraphPOSTRequest -uri $Uri -type $Method -tenantid $env:TenantId -scope 'https://api.partnercenter.microsoft.com/.default' -body ($Body | ConvertTo-Json) - } catch {} + + $Uri = 'https://api.partnercenter.microsoft.com/webhooks/v1/registration' + $GraphRequest = New-GraphPOSTRequest -uri $Uri -type $Method -tenantid $env:TenantId -scope 'https://api.partnercenter.microsoft.com/.default' -body ($Body | ConvertTo-Json) -NoAuthCheck $true $WebhookRow = @{ PartitionKey = [string]$CIPPID From c92bc80219c40b86b7ecf6e1eae8e02cb4ddc0d1 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Apr 2024 10:35:18 -0400 Subject: [PATCH 231/243] typo --- .../Entrypoints/Activity Triggers/Push-PublicWebhookProcess.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-PublicWebhookProcess.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-PublicWebhookProcess.ps1 index 639860b0c1af..fa4872195b0e 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-PublicWebhookProcess.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-PublicWebhookProcess.ps1 @@ -7,7 +7,7 @@ function Push-PublicWebhookProcess { } elseif ($Item.Type -eq 'AuditLog') { Invoke-CippWebhookProcessing -TenantFilter $Item.TenantFilter -Data ($Item.Data | ConvertFrom-Json) -CIPPPURL $Item.CIPPURL } elseif ($Item.Type -eq 'PartnerCenter') { - Invoke-CippPartnerCenterWebhookProcessing -Data ($Item.Data | ConvertFrom-Json) + Invoke-CippPartnerWebhookProcessing -Data ($Item.Data | ConvertFrom-Json) } } catch { Write-Host "Webhook Exception: $($_.Exception.Message)" From 12738899aafb6b6c90ff99c39a8371a8331b3837 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Apr 2024 10:54:28 -0400 Subject: [PATCH 232/243] Add audit log collection --- .../Public/Invoke-CIPPPartnerWebhookProcessing.ps1 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 index 7cf9d8bb15cf..30469dc0066f 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 @@ -4,12 +4,17 @@ function Invoke-CippPartnerWebhookProcessing { $Data ) - Switch ($Data.EventType) { + Switch ($Data.EventName) { 'test-created' { Write-LogMessage -API 'Webhooks' -message 'Partner Center webhook test received' -Sev 'Info' } default { - Write-LogMessage -API 'Webhooks' -message "Partner Center webhook received: $($Data | ConvertTo-Json -Depth 5)" -Sev 'Info' + if ($Data.AuditUri) { + $AuditLog = New-GraphGetRequest -uri $Data.AuditUri -tenantid $env:TenantID -NoAuthCheck $true -scope 'https://api.partnercenter.microsoft.com/.default' + Write-Logessage -API 'Webhooks' -message "Partner Center $($Data.EventName) audit log: $($AuditLog | ConvertTo-Json -Depth 5)" -Sev 'Info' + } else { + Write-LogMessage -API 'Webhooks' -message "Partner Center webhook received (no audit): $($Data | ConvertTo-Json -Depth 5)" -Sev 'Info' + } } } } From 9ec3b79a91227f4c4c535b1d1a86219fdfaf8ea0 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Apr 2024 11:49:26 -0400 Subject: [PATCH 233/243] Logging improvemnt Add Get-CippException Add LogData parameter to Write-LogMessage --- .../Public/GraphHelper/Get-CippException.ps1 | 14 ++++++++++++++ .../Public/GraphHelper/Write-LogMessage.ps1 | 16 ++++++++++++++-- .../Invoke-CIPPPartnerWebhookProcessing.ps1 | 4 ++-- 3 files changed, 30 insertions(+), 4 deletions(-) create mode 100644 Modules/CIPPCore/Public/GraphHelper/Get-CippException.ps1 diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-CippException.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-CippException.ps1 new file mode 100644 index 000000000000..92c4d936dd22 --- /dev/null +++ b/Modules/CIPPCore/Public/GraphHelper/Get-CippException.ps1 @@ -0,0 +1,14 @@ +function Get-CippException { + Param( + $Exception + ) + + [PSCustomObject]@{ + Message = $Exception.Exception.Message + NormalizedError = Get-NormalizedError -message $Exception.Exception.Message + Position = $Exception.InvocationInfo.PositionMessage + ScriptName = $Exception.InvocationInfo.ScriptName + LineNumber = $Exception.InvocationInfo.ScriptLineNumber + Category = $Exception.CategoryInfo.ToString() + } +} diff --git a/Modules/CIPPCore/Public/GraphHelper/Write-LogMessage.ps1 b/Modules/CIPPCore/Public/GraphHelper/Write-LogMessage.ps1 index fbef7fae41bf..8dec84538272 100644 --- a/Modules/CIPPCore/Public/GraphHelper/Write-LogMessage.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/Write-LogMessage.ps1 @@ -1,14 +1,25 @@ -function Write-LogMessage ($message, $tenant = 'None', $API = 'None', $tenantId = $null, $user, $sev) { +function Write-LogMessage { <# .FUNCTIONALITY Internal #> + Param( + $message, + $tenant = 'None', + $API = 'None', + $tenantId = $null, + $user, + $sev, + $LogData = '' + ) try { $username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($user)) | ConvertFrom-Json).userDetails } catch { $username = $user } + if ($LogData) { $LogData = ConvertTo-Json -InputObject $LogData -Depth 10 -Compress } + $Table = Get-CIPPTable -tablename CippLogs if (!$tenant) { $tenant = 'None' } @@ -27,13 +38,14 @@ function Write-LogMessage ($message, $tenant = 'None', $API = 'None', $tenantId 'SentAsAlert' = $false 'PartitionKey' = $PartitionKey 'RowKey' = ([guid]::NewGuid()).ToString() + 'LogData' = [string]$LogData } if ($tenantId) { $TableRow.Add('TenantID', [string]$tenantId) } - + $Table.Entity = $TableRow Add-CIPPAzDataTableEntity @Table | Out-Null } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 index 30469dc0066f..e7d6a279dc2f 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 @@ -11,9 +11,9 @@ function Invoke-CippPartnerWebhookProcessing { default { if ($Data.AuditUri) { $AuditLog = New-GraphGetRequest -uri $Data.AuditUri -tenantid $env:TenantID -NoAuthCheck $true -scope 'https://api.partnercenter.microsoft.com/.default' - Write-Logessage -API 'Webhooks' -message "Partner Center $($Data.EventName) audit log: $($AuditLog | ConvertTo-Json -Depth 5)" -Sev 'Info' + Write-Logessage -API 'Webhooks' -message "Partner Center $($Data.EventName) audit log received" -LogData $AuditLog -Sev 'Info' } else { - Write-LogMessage -API 'Webhooks' -message "Partner Center webhook received (no audit): $($Data | ConvertTo-Json -Depth 5)" -Sev 'Info' + Write-LogMessage -API 'Webhooks' -message 'Partner Center webhook received (no audit)' -LogData $Data -Sev 'Info' } } } From f40d30bf07d15aba5189fdc7052ea31998ca44cd Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Thu, 11 Apr 2024 18:29:13 +0200 Subject: [PATCH 234/243] added standards templates --- .../Standards/Invoke-AddStandardsDeploy.ps1 | 2 +- .../Standards/Invoke-AddStandardsTemplate.ps1 | 32 +++++++++++++++++++ .../Invoke-listStandardTemplates.ps1 | 27 ++++++++++++++++ 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 index 567452b932c7..a97bb06cf6de 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsDeploy.ps1 @@ -15,7 +15,7 @@ Function Invoke-AddStandardsDeploy { $username = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($user)) | ConvertFrom-Json).userDetails try { - $Tenants = ($Request.body | Select-Object Select_*).psobject.properties.value + $Tenants = $Request.body.Tenant $Settings = ($request.body | Select-Object -Property *, v2* -ExcludeProperty Select_*, None ) $Settings | Add-Member -NotePropertyName 'v2.1' -NotePropertyValue $true -Force if ($Settings.phishProtection.remediate) { diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 new file mode 100644 index 000000000000..27c8774bae3c --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-AddStandardsTemplate.ps1 @@ -0,0 +1,32 @@ +using namespace System.Net + +Function Invoke-AddStandardsTemplate { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + $GUID = (New-Guid).GUID + $JSON = (ConvertTo-Json -Depth 100 -InputObject ($Request.body | Select-Object standards, name)) + $Table = Get-CippTable -tablename 'templates' + $Table.Force = $true + Add-CIPPAzDataTableEntity @Table -Entity @{ + JSON = "$JSON" + RowKey = "$GUID" + PartitionKey = 'StandardsTemplate' + GUID = "$GUID" + } + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created CA Template $($Request.body.name) with GUID $GUID" -Sev 'Debug' + $body = [pscustomobject]@{'Results' = 'Successfully added template' } + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $body + }) + +} \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 new file mode 100644 index 000000000000..acc984d6e0ab --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1 @@ -0,0 +1,27 @@ +using namespace System.Net + +Function Invoke-listStandardTemplates { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + + $Table = Get-CippTable -tablename 'templates' + $Filter = "PartitionKey eq 'StandardsTemplate'" + $Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object { + $data = $_.JSON | ConvertFrom-Json -Depth 100 + $data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID -Force + $data + } | Sort-Object -Property displayName + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = @($Templates) + }) + +} From 32e798b512c6d78c3e2c88bfcc36542522fc1d46 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Apr 2024 13:04:11 -0400 Subject: [PATCH 235/243] Add exception objects to logs --- Activity_AddOrUpdateTableRows/run.ps1 | 13 +++++----- Applications_Orchestrator/run.ps1 | 2 +- Applications_Upload/run.ps1 | 24 +++++++++---------- BestPracticeAnalyser_All/run.ps1 | 2 +- DomainAnalyser_All/run.ps1 | 16 ++++++------- DomainAnalyser_GetTenantDomains/run.ps1 | 6 ++--- DomainAnalyser_Orchestration/run.ps1 | 2 +- ExecSchedulerBillingRun/run.ps1 | 9 ++++--- .../CIPPCore/Public/Add-CIPPGroupMember.ps1 | 14 +++++------ .../Public/Entrypoints/Invoke-ListLogs.ps1 | 10 +++++--- .../Public/Get-CIPPAuthentication.ps1 | 2 +- .../CIPPCore/Public/Get-CIPPBitlockerKey.ps1 | 9 ++++--- profile.ps1 | 5 ++-- 13 files changed, 58 insertions(+), 56 deletions(-) diff --git a/Activity_AddOrUpdateTableRows/run.ps1 b/Activity_AddOrUpdateTableRows/run.ps1 index 6bb7e218b987..adc07df73e23 100644 --- a/Activity_AddOrUpdateTableRows/run.ps1 +++ b/Activity_AddOrUpdateTableRows/run.ps1 @@ -3,11 +3,10 @@ $TableName = ($TableParams.Context['TableName']) $Table = Get-CippTable -tablename $TableName foreach ($param in $TableParams.Entity) { - try { - #Sending each item indivually, if it fails, log an error. - Add-CIPPAzDataTableEntity @Table -Entity $param -Force - } - catch { - Write-LogMessage -API 'Activity_AddOrUpdateTableRows' -message "Unable to write to '$($TableParams.TableName)' Using RowKey $($param.RowKey) table: $($_.Exception.Message)" -sev error - } + try { + #Sending each item indivually, if it fails, log an error. + Add-CIPPAzDataTableEntity @Table -Entity $param -Force + } catch { + Write-LogMessage -API 'Activity_AddOrUpdateTableRows' -message "Unable to write to '$($TableParams.TableName)' Using RowKey $($param.RowKey)" -LogData (Get-CippException -Exception $_) -sev error + } } diff --git a/Applications_Orchestrator/run.ps1 b/Applications_Orchestrator/run.ps1 index 9c8457ff91fc..ebf60eb55628 100644 --- a/Applications_Orchestrator/run.ps1 +++ b/Applications_Orchestrator/run.ps1 @@ -17,7 +17,7 @@ try { $Outputs = Wait-ActivityFunction -Task $ParallelTasks Write-Host $Outputs } -catch { +catch { Write-Host "Applications_Orchestrator exception: $($_.Exception.Message)" } finally { diff --git a/Applications_Upload/run.ps1 b/Applications_Upload/run.ps1 index a92637a42882..b1aacdc41318 100644 --- a/Applications_Upload/run.ps1 +++ b/Applications_Upload/run.ps1 @@ -1,14 +1,14 @@ param($name) $Table = Get-CippTable -tablename 'apps' -$Filter = "PartitionKey eq 'apps' and RowKey eq '$name'" +$Filter = "PartitionKey eq 'apps' and RowKey eq '$name'" Set-Location (Get-Item $PSScriptRoot).Parent.FullName $ChocoApp = (Get-CIPPAzDataTableEntity @Table -filter $Filter).JSON | ConvertFrom-Json $intuneBody = $ChocoApp.IntuneBody -$tenants = if ($chocoapp.Tenant -eq 'AllTenants') { +$tenants = if ($chocoapp.Tenant -eq 'AllTenants') { (Get-tenants).defaultDomainName } else { $chocoapp.Tenant -} +} if ($chocoApp.type -eq 'MSPApp') { [xml]$Intunexml = Get-Content "AddMSPApp\$($ChocoApp.MSPAppName).app.xml" $intunewinFilesize = (Get-Item "AddMSPApp\$($ChocoApp.MSPAppName).intunewin") @@ -25,7 +25,7 @@ $ContentBody = ConvertTo-Json @{ name = $intunexml.ApplicationInfo.FileName size = [int64]$intunexml.ApplicationInfo.UnencryptedContentSize sizeEncrypted = [int64]($intunewinFilesize).length -} +} $ClearRow = Get-CIPPAzDataTableEntity @Table -Filter $Filter $RemoveCacheFile = if ($chocoapp.Tenant -ne 'AllTenants') { Remove-AzDataTableEntity @Table -Entity $clearRow @@ -54,11 +54,11 @@ foreach ($tenant in $tenants) { Try { $ApplicationList = (New-graphGetRequest -Uri $baseuri -tenantid $Tenant) | Where-Object { $_.DisplayName -eq $ChocoApp.ApplicationName } - if ($ApplicationList.displayname.count -ge 1) { + if ($ApplicationList.displayname.count -ge 1) { Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message "$($ChocoApp.ApplicationName) exists. Skipping this application" -Sev 'Info' continue } - if ($chocoApp.type -eq 'WinGet') { + if ($chocoApp.type -eq 'WinGet') { Write-Host 'Winget!' Write-Host ($intuneBody | ConvertTo-Json -Compress) $NewApp = New-GraphPostRequest -Uri $baseuri -Body ($intuneBody | ConvertTo-Json -Compress) -Type POST -tenantid $tenant @@ -79,8 +79,8 @@ foreach ($tenant in $tenants) { $AzFileUri = New-graphGetRequest -Uri "$($BaseURI)/$($NewApp.id)/microsoft.graph.win32lobapp/contentVersions/1/files/$($ContentReq.id)" -tenantid $tenant if ($AZfileuri.uploadState -like '*fail*') { break } Start-Sleep -Milliseconds 300 - } while ($AzFileUri.AzureStorageUri -eq $null) - + } while ($AzFileUri.AzureStorageUri -eq $null) + $chunkSizeInBytes = 4mb [byte[]]$bytes = [System.IO.File]::ReadAllBytes($($intunewinFilesize.fullname)) $chunks = [Math]::Ceiling($bytes.Length / $chunkSizeInBytes) @@ -89,15 +89,15 @@ foreach ($tenant in $tenants) { $Upload = Invoke-RestMethod -Uri "$($AzFileUri.azureStorageUri)&comp=block&blockid=$id" -Method Put -Headers @{'x-ms-blob-type' = 'BlockBlob' } -InFile $inFile -ContentType 'application/octet-stream' $ConfirmUpload = Invoke-RestMethod -Uri "$($AzFileUri.azureStorageUri)&comp=blocklist" -Method Put -Body "$id" $CommitReq = New-graphPostRequest -Uri "$($BaseURI)/$($NewApp.id)/microsoft.graph.win32lobapp/contentVersions/1/files/$($ContentReq.id)/commit" -Body $EncBody -Type POST -tenantid $tenant - + do { $CommitStateReq = New-graphGetRequest -Uri "$($BaseURI)/$($NewApp.id)/microsoft.graph.win32lobapp/contentVersions/1/files/$($ContentReq.id)" -tenantid $tenant if ($CommitStateReq.uploadState -like '*fail*') { Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message "$($ChocoApp.ApplicationName) Commit failed. Please check if app uploaded succesful" -Sev 'Warning' - break + break } Start-Sleep -Milliseconds 300 - } while ($CommitStateReq.uploadState -eq 'commitFilePending') + } while ($CommitStateReq.uploadState -eq 'commitFilePending') $CommitFinalizeReq = New-graphPostRequest -Uri "$($BaseURI)/$($NewApp.id)" -tenantid $tenant -Body '{"@odata.type":"#microsoft.graph.win32lobapp","committedContentVersion":"1"}' -type PATCH Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message "Added Application $($chocoApp.ApplicationName)" -Sev 'Info' if ($AssignTo -ne 'On') { @@ -108,7 +108,7 @@ foreach ($tenant in $tenants) { Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message 'Successfully added Application' -Sev 'Info' } catch { "Failed to add Application for $($Tenant): $($_.Exception.Message)" - Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message "Failed adding Application $($ChocoApp.ApplicationName). Error: $($_.Exception.Message)" -Sev 'Error' + Write-LogMessage -api 'AppUpload' -tenant $($Tenant) -message "Failed adding Application $($ChocoApp.ApplicationName). Error: $($_.Exception.Message)" -LogData (Get-CippException -Exception $_) -Sev 'Error' continue } diff --git a/BestPracticeAnalyser_All/run.ps1 b/BestPracticeAnalyser_All/run.ps1 index ddd92560ccda..6e90102a161a 100644 --- a/BestPracticeAnalyser_All/run.ps1 +++ b/BestPracticeAnalyser_All/run.ps1 @@ -107,7 +107,7 @@ $AddRow = foreach ($Template in $templates) { try { Add-CIPPAzDataTableEntity @Table -Entity $Result -Force } catch { - Write-LogMessage -API 'BPA' -tenant $tenant -message "Error getting saving data for $($template.Name) - $($TenantName.customerId). Error: $($_.Exception.Message)" -sev Error + Write-LogMessage -API 'BPA' -tenant $tenant -message "Error getting saving data for $($template.Name) - $($TenantName.customerId). Error: $($_.Exception.Message)" -LogData (Get-CippException -Exception $_) -sev Error } } diff --git a/DomainAnalyser_All/run.ps1 b/DomainAnalyser_All/run.ps1 index 9ab5f2d1f85a..981afa4b7bbc 100644 --- a/DomainAnalyser_All/run.ps1 +++ b/DomainAnalyser_All/run.ps1 @@ -117,8 +117,8 @@ try { $ScoreExplanation.Add('No SPF Record Found') | Out-Null } } catch { - $Message = 'SPF Exception: {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message - Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -sev Error + $Message = 'SPF Error' + Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -LogData (Get-CippException -Exception $_) -sev Error throw $Message } @@ -180,8 +180,8 @@ try { } } } catch { - $Message = 'DMARC Exception: {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message - Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -sev Error + $Message = 'DMARC Error' + Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -LogData (Get-CippException -Exception $_) -sev Error throw $Message } @@ -198,8 +198,8 @@ try { $ScoreExplanation.Add('DNSSEC Not Configured or Enabled') | Out-Null } } catch { - $Message = 'DNSSEC Exception: {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message - Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -sev Error + $Message = 'DNSSEC Error' + Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -LogData (Get-CippException -Exception $_) -sev Error throw $Message } @@ -227,8 +227,8 @@ try { $ScoreExplanation.Add('DKIM Not Configured') | Out-Null } } catch { - $Message = 'DKIM Exception: {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message - Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -sev Error + $Message = 'DKIM Exception' + Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.tenant -message $Message -LogData (Get-CippException -Exception $_) -sev Error throw $Message } # Final Score diff --git a/DomainAnalyser_GetTenantDomains/run.ps1 b/DomainAnalyser_GetTenantDomains/run.ps1 index 41cffd655051..6c4b8b0d8110 100644 --- a/DomainAnalyser_GetTenantDomains/run.ps1 +++ b/DomainAnalyser_GetTenantDomains/run.ps1 @@ -27,7 +27,7 @@ $TenantDomains = $Tenants | ForEach-Object -Parallel { } } } catch { - Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.defaultDomainName -message "DNS Analyser GraphGetRequest Exception: $($_.Exception.Message)" -sev Error + Write-LogMessage -API 'DomainAnalyser' -tenant $tenant.defaultDomainName -message 'DNS Analyser GraphGetRequest' -LogData (Get-CippException -Exception $_) -sev Error } } | Sort-Object -Unique -Property Domain @@ -91,6 +91,6 @@ if ($TenantCount -gt 0) { # Batch insert all tenant domains try { Add-CIPPAzDataTableEntity @DomainTable -Entity $TenantDomainObjects -Force - } catch { Write-LogMessage -API 'DomainAnalyser' -message "Domain Analyser GetTenantDomains Error $($_.Exception.Message)" -sev info } - } catch { Write-LogMessage -API 'DomainAnalyser' -message "GetTenantDomains loop exception: $($_.Exception.Message) line $($_.InvocationInfo.ScriptLineNumber)" -sev 'Error' } + } catch { Write-LogMessage -API 'DomainAnalyser' -message 'Domain Analyser GetTenantDomains error' -sev info -LogData (Get-CippException -Exception $_) } + } catch { Write-LogMessage -API 'DomainAnalyser' -message 'GetTenantDomains loop error' -sev 'Error' -LogData (Get-CippException -Exception $_) } } diff --git a/DomainAnalyser_Orchestration/run.ps1 b/DomainAnalyser_Orchestration/run.ps1 index 34848e03284d..e8d51585ffa7 100644 --- a/DomainAnalyser_Orchestration/run.ps1 +++ b/DomainAnalyser_Orchestration/run.ps1 @@ -33,7 +33,7 @@ try { Write-Host "Orchestrator exception UpdateDomains $($_.Exception.Message)" } } catch { - Write-LogMessage -API 'DomainAnalyser' -message "Domain Analyser Orchestrator Error $($_.Exception.Message)" -sev info + Write-LogMessage -API 'DomainAnalyser' -message 'Domain Analyser Orchestrator Error' -sev info -LogData (Get-CippException -Exception $_) #Write-Host $_.Exception | ConvertTo-Json } finally { Write-LogMessage -API 'DomainAnalyser' -message 'Domain Analyser has Finished' -sev Info diff --git a/ExecSchedulerBillingRun/run.ps1 b/ExecSchedulerBillingRun/run.ps1 index ff93986817b2..3ea7e6621fac 100644 --- a/ExecSchedulerBillingRun/run.ps1 +++ b/ExecSchedulerBillingRun/run.ps1 @@ -3,20 +3,19 @@ param($QueueItem) # Get the current universal time in the default string format. try { - Write-LogMessage -API "Scheduler_Billing" -tenant "none" -message "Starting billing processing." -sev Info + Write-LogMessage -API 'Scheduler_Billing' -tenant 'none' -message 'Starting billing processing.' -sev Info $Table = Get-CIPPTable -TableName Extensionsconfig $Configuration = (Get-CIPPAzDataTableEntity @Table).config | ConvertFrom-Json -Depth 10 foreach ($ConfigItem in $Configuration.psobject.properties.name) { switch ($ConfigItem) { - "Gradient" { + 'Gradient' { If ($Configuration.Gradient.enabled -and $Configuration.Gradient.BillingEnabled) { New-GradientServiceSyncRun } } } } -} -catch { - Write-LogMessage -API "Scheduler_Billing" -tenant "none" -message "Could not start billing processing $($_.Exception.Message)" -sev Error +} catch { + Write-LogMessage -API 'Scheduler_Billing' -tenant 'none' -message 'Could not start billing processing' -sev Error -LogData (Get-CippException -Exception $_) } \ No newline at end of file diff --git a/Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 b/Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 index a4c66a07cb7b..b29972bcce3a 100644 --- a/Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPGroupMember.ps1 @@ -1,18 +1,18 @@ function Add-CIPPGroupMember( [string]$ExecutingUser, - [string]$GroupType, + [string]$GroupType, [string]$GroupId, - [string]$Member, + [string]$Member, [string]$TenantFilter, [string]$APIName = 'Add Group Member' ) { try { if ($member -like '*#EXT#*') { $member = [System.Web.HttpUtility]::UrlEncode($member) } - $MemberIDs = 'https://graph.microsoft.com/v1.0/directoryObjects/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($member)" -tenantid $TenantFilter).id + $MemberIDs = 'https://graph.microsoft.com/v1.0/directoryObjects/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$($member)" -tenantid $TenantFilter).id $addmemberbody = "{ `"members@odata.bind`": $(ConvertTo-Json @($MemberIDs)) }" if ($GroupType -eq 'Distribution list' -or $GroupType -eq 'Mail-Enabled Security') { $Params = @{ Identity = $GroupId; Member = $member; BypassSecurityGroupManagerCheck = $true } - New-ExoRequest -tenantid $TenantFilter -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true + New-ExoRequest -tenantid $TenantFilter -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true } else { New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($GroupId)" -tenantid $TenantFilter -type patch -body $addmemberbody -Verbose } @@ -21,9 +21,9 @@ function Add-CIPPGroupMember( return $message return } catch { - $message = "Failed to add user $($Member) to $($GroupId): $($_.Exception.Message)" - Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message $message -Sev 'error' - return $message + $message = "Failed to add user $($Member) to $($GroupId)" + Write-LogMessage -user $ExecutingUser -API $APIName -tenant $TenantFilter -message $message -Sev 'error' -LogData (Get-CippException -Exception $_) + return $message } } diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 index 319b43a00995..a3963bd0bc94 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListLogs.ps1 @@ -12,7 +12,7 @@ Function Invoke-ListLogs { Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' if ($request.Query.Filter -eq 'True') { - $LogLevel = if ($Request.query.Severity) { ($Request.query.Severity).split(',') } else { 'Info', 'Warn', 'Error', 'Critical', 'Alert' } + $LogLevel = if ($Request.query.Severity) { ($Request.query.Severity).split(',') } else { 'Info', 'Warn', 'Error', 'Critical', 'Alert' } $PartitionKey = $Request.query.DateFilter $username = $Request.Query.User } else { @@ -25,7 +25,7 @@ Function Invoke-ListLogs { $ReturnedLog = if ($Request.Query.ListLogs) { Get-CIPPAzDataTableEntity @Table -Property PartitionKey | Sort-Object -Unique PartitionKey | Select-Object PartitionKey | ForEach-Object { - @{ + @{ value = $_.PartitionKey label = $_.PartitionKey } @@ -34,13 +34,17 @@ Function Invoke-ListLogs { $Filter = "PartitionKey eq '{0}'" -f $PartitionKey $Rows = Get-CIPPAzDataTableEntity @Table -Filter $Filter | Where-Object { $_.Severity -In $LogLevel -and $_.user -like $username } foreach ($Row in $Rows) { - @{ + $LogData = if ($Row.LogData -and (Test-Json -Json $Row.LogData)) { + $Row.LogData | ConvertFrom-Json + } else { $Row.LogData } + [PSCustomObject]@{ DateTime = $Row.Timestamp Tenant = $Row.Tenant API = $Row.API Message = $Row.Message User = $Row.Username Severity = $Row.Severity + LogData = $LogData TenantID = if ($Row.TenantID -ne $null) { $Row.TenantID } else { diff --git a/Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1 b/Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1 index 0d3092fc54c3..9b1885d5c465 100644 --- a/Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1 @@ -30,7 +30,7 @@ function Get-CIPPAuthentication { return $true } catch { - Write-LogMessage -message "Could not retrieve keys from Keyvault: $($_.Exception.Message)" -Sev 'CRITICAL' -API 'CIPP Authentication' + Write-LogMessage -message 'Could not retrieve keys from Keyvault' -Sev 'CRITICAL' -API 'CIPP Authentication' -LogData (Get-CippException -Exception $_) return $false } } diff --git a/Modules/CIPPCore/Public/Get-CIPPBitlockerKey.ps1 b/Modules/CIPPCore/Public/Get-CIPPBitlockerKey.ps1 index 7d886ea2912f..a80a5d3b002e 100644 --- a/Modules/CIPPCore/Public/Get-CIPPBitlockerKey.ps1 +++ b/Modules/CIPPCore/Public/Get-CIPPBitlockerKey.ps1 @@ -4,18 +4,17 @@ function Get-CIPPBitlockerKey { param ( $device, $TenantFilter, - $APIName = "Get Bitlocker key", + $APIName = 'Get Bitlocker key', $ExecutingUser ) try { - $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys?`$filter=deviceId eq '$($device)'" -tenantid $TenantFilter | ForEach-Object { + $GraphRequest = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys?`$filter=deviceId eq '$($device)'" -tenantid $TenantFilter | ForEach-Object { (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/informationProtection/bitlocker/recoveryKeys/$($_.id)?`$select=key" -tenantid $TenantFilter).key } return $GraphRequest - } - catch { - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not add OOO for $($userid)" -Sev "Error" -tenant $TenantFilter + } catch { + Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not add OOO for $($userid)" -Sev 'Error' -tenant $TenantFilter -LogData (Get-CippException -Exception $_) return "Could not add out of office message for $($userid). Error: $($_.Exception.Message)" } } diff --git a/profile.ps1 b/profile.ps1 index f30159db12cb..ec6aa4e19b86 100644 --- a/profile.ps1 +++ b/profile.ps1 @@ -15,9 +15,10 @@ # Import modules @('CippCore', 'CippExtensions', 'Az.KeyVault', 'Az.Accounts') | ForEach-Object { try { + $Module = $_ Import-Module -Name $_ -ErrorAction Stop } catch { - Write-LogMessage -message "Failed to import module $($_): $_.Exception.Message" -Sev 'debug' + Write-LogMessage -message "Failed to import module - $Module" -LogData (Get-CippException -Exception $_) -Sev 'debug' $_.Exception.Message } } @@ -32,7 +33,7 @@ try { $Auth = Get-CIPPAuthentication } } catch { - Write-LogMessage -message "Could not retrieve keys from Keyvault: $($_.Exception.Message)" -Sev 'debug' + Write-LogMessage -message 'Could not retrieve keys from Keyvault' -LogData (Get-CippException -Exception $_) -Sev 'debug' } # Uncomment the next line to enable legacy AzureRm alias in Azure PowerShell. From 0f60c734ee66e5fa4055cc41c45dbe828e5c690f Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Apr 2024 16:17:22 -0400 Subject: [PATCH 236/243] Webhook improvements --- .../Invoke-CIPPPartnerWebhookProcessing.ps1 | 71 ++++++++++++++++--- .../Public/Invoke-CIPPWebhookProcessing.ps1 | 14 ++-- Modules/CippEntrypoints/CippEntrypoints.psm1 | 7 +- 3 files changed, 73 insertions(+), 19 deletions(-) diff --git a/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 index e7d6a279dc2f..36c6cd85f385 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 @@ -4,17 +4,70 @@ function Invoke-CippPartnerWebhookProcessing { $Data ) - Switch ($Data.EventName) { - 'test-created' { - Write-LogMessage -API 'Webhooks' -message 'Partner Center webhook test received' -Sev 'Info' + try { + if ($Data.AuditUri) { + $AuditLog = New-GraphGetRequest -uri $Data.AuditUri -tenantid $env:TenantID -NoAuthCheck $true -scope 'https://api.partnercenter.microsoft.com/.default' } - default { - if ($Data.AuditUri) { - $AuditLog = New-GraphGetRequest -uri $Data.AuditUri -tenantid $env:TenantID -NoAuthCheck $true -scope 'https://api.partnercenter.microsoft.com/.default' - Write-Logessage -API 'Webhooks' -message "Partner Center $($Data.EventName) audit log received" -LogData $AuditLog -Sev 'Info' - } else { - Write-LogMessage -API 'Webhooks' -message 'Partner Center webhook received (no audit)' -LogData $Data -Sev 'Info' + + Switch ($Data.EventName) { + 'test-created' { + Write-LogMessage -API 'Webhooks' -message 'Partner Center webhook test received' -Sev 'Info' + } + default { + if ($Data.EventName -eq 'granular-admin-relationship-approved') { + if ($AuditLog.resourceNewValue) { + $AuditObj = $AuditLog.resourceNewValue | ConvertFrom-Json + $Id = $AuditObj.Id + $OnboardingSteps = [PSCustomObject]@{ + 'Step1' = @{ + 'Status' = 'pending' + 'Title' = 'Step 1: GDAP Invite' + 'Message' = 'Waiting for onboarding job to start' + } + 'Step2' = @{ + 'Status' = 'pending' + 'Title' = 'Step 2: GDAP Role Test' + 'Message' = 'Waiting for Step 1' + } + 'Step3' = @{ + 'Status' = 'pending' + 'Title' = 'Step 3: GDAP Group Mapping' + 'Message' = 'Waiting for Step 2' + } + 'Step4' = @{ + 'Status' = 'pending' + 'Title' = 'Step 4: CPV Refresh' + 'Message' = 'Waiting for Step 3' + } + 'Step5' = @{ + 'Status' = 'pending' + 'Title' = 'Step 5: Graph API Test' + 'Message' = 'Waiting for Step 4' + } + } + $TenantOnboarding = [PSCustomObject]@{ + PartitionKey = 'Onboarding' + RowKey = [string]$Id + CustomerId = '' + Status = 'queued' + OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress) + Relationship = [string](ConvertTo-Json -InputObject $AuditObj -Compress) + Logs = '' + Exception = '' + } + Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop + Push-ExecOnboardTenantQueue -Item @{ Id = $Id } + } + + if ($AuditLog) { + Write-LogMessage -API 'Webhooks' -message "Partner Center $($Data.EventName) audit log webhook received" -LogData $AuditLog -Sev 'Alert' + } else { + Write-LogMessage -API 'Webhooks' -message "Partner Center $($Data.EventName) webhook received" -LogData $Data -Sev 'Alert' + } + } } } + } catch { + Write-LogMessage -API 'Webhooks' -message 'Error processing Partner Center webhook' -LogData (Get-CippException -Exception $_) -Sev 'Error' } } diff --git a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 index db62dae8b160..86e7e8a41c3f 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPWebhookProcessing.ps1 @@ -82,7 +82,7 @@ function Invoke-CippWebhookProcessing { { 'UserLoggedIn' -eq $data.operation -and $hosting -eq $true -and !$TrustedIps } { $data.operation = 'HostedIP' } { 'UserLoggedIn' -eq $data.operation -and $Country -notin $AllowedLocations -and $data.ResultStatus -eq 'Success' -and $TableObj.ResultStatusDetail -eq 'Success' } { Write-Host "$($country) is not in $($AllowedLocations)" - $data.operation = 'UserLoggedInFromUnknownLocation' + $data.operation = 'UserLoggedInFromUnknownLocation' } { 'UserloggedIn' -eq $data.operation -and $data.UserType -eq 2 -and $data.ResultStatus -eq 'Success' -and $TableObj.ResultStatusDetail -eq 'Success' } { $data.operation = 'AdminLoggedIn' } default { break } @@ -130,7 +130,7 @@ function Invoke-CippWebhookProcessing { $key = $parts[0] $operator = $parts[1] $value = $parts[2] - if (!$value) { + if (!$value) { Write-Host 'blank value, skip' continue } @@ -165,9 +165,9 @@ function Invoke-CippWebhookProcessing { $RuleDisabled = 0 New-ExoRequest -anchor $username -tenantid $TenantFilter -cmdlet 'get-inboxrule' -cmdParams @{Mailbox = $username } | ForEach-Object { $null = New-ExoRequest -anchor $username -tenantid $TenantFilter -cmdlet 'Disable-InboxRule' -cmdParams @{Confirm = $false; Identity = $_.Identity } - "Disabled Inbox Rule $($_.Identity) for $username" + "Disabled Inbox Rule $($_.Identity) for $username" $RuleDisabled ++ - } + } if ($RuleDisabled) { "Disabled $RuleDisabled Inbox Rules for $username" } else { @@ -211,7 +211,7 @@ function Invoke-CippWebhookProcessing { } } Write-Host 'Going to create the content' - foreach ($action in $dos) { + foreach ($action in $dos) { switch ($action.execute) { 'generatemail' { Write-Host 'Going to create the email' @@ -220,9 +220,9 @@ function Invoke-CippWebhookProcessing { Send-CIPPAlert -Type 'email' -Title $GenerateEmail.title -HTMLContent $GenerateEmail.htmlcontent -TenantFilter $TenantFilter Write-Host 'email should be sent' - } + } 'generatePSA' { - $GenerateEmail = New-CIPPAlertTemplate -format 'html'-data $Data -LocationInfo $Location -ActionResults $ActionResults + $GenerateEmail = New-CIPPAlertTemplate -format 'html' -data $Data -LocationInfo $Location -ActionResults $ActionResults Send-CIPPAlert -Type 'psa' -Title $GenerateEmail.title -HTMLContent $GenerateEmail.htmlcontent -TenantFilter $TenantFilter } 'generateWebhook' { diff --git a/Modules/CippEntrypoints/CippEntrypoints.psm1 b/Modules/CippEntrypoints/CippEntrypoints.psm1 index f0bf7fcf2d1b..02651d9a2a3f 100644 --- a/Modules/CippEntrypoints/CippEntrypoints.psm1 +++ b/Modules/CippEntrypoints/CippEntrypoints.psm1 @@ -50,7 +50,7 @@ function Receive-CippQueueTrigger { function Receive-CippOrchestrationTrigger { param($Context) - + Write-Host 'Orchestrator started' try { if (Test-Json -Json $Context.Input) { $OrchestratorInput = $Context.Input | ConvertFrom-Json @@ -77,9 +77,10 @@ function Receive-CippOrchestrationTrigger { } if (($Batch | Measure-Object).Count -gt 0) { - foreach ($Item in $Batch) { - $null = Invoke-DurableActivity -FunctionName 'CIPPActivityFunction' -Input $Item -NoWait -RetryOptions $RetryOptions -ErrorAction Stop + $Tasks = foreach ($Item in $Batch) { + Invoke-DurableActivity -FunctionName 'CIPPActivityFunction' -Input $Item -NoWait -RetryOptions $RetryOptions -ErrorAction Stop } + $null = Wait-ActivityFunction -Task $Tasks } if ($Context.IsReplaying -ne $true -and $OrchestratorInput.SkipLog -ne $true) { From 47ad9b151c45c45c3522004ed4e8525d4b2e9106 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Apr 2024 16:45:11 -0400 Subject: [PATCH 237/243] Webhook tweak --- .../Public/Invoke-CIPPPartnerWebhookProcessing.ps1 | 14 ++++++++------ Scheduler_GetWebhooks/run.ps1 | 7 +++++-- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 index 36c6cd85f385..5a16c69d530d 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPPartnerWebhookProcessing.ps1 @@ -17,6 +17,7 @@ function Invoke-CippPartnerWebhookProcessing { if ($Data.EventName -eq 'granular-admin-relationship-approved') { if ($AuditLog.resourceNewValue) { $AuditObj = $AuditLog.resourceNewValue | ConvertFrom-Json + Write-LogMessage -API 'Webhooks' -message "Partner Webhook: GDAP Relationship for $($AuditObj.customer.organizationDisplayName) was approved, starting onboarding" -LogData $AuditObj -Sev 'Alert' $Id = $AuditObj.Id $OnboardingSteps = [PSCustomObject]@{ 'Step1' = @{ @@ -51,18 +52,19 @@ function Invoke-CippPartnerWebhookProcessing { CustomerId = '' Status = 'queued' OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress) - Relationship = [string](ConvertTo-Json -InputObject $AuditObj -Compress) + Relationship = '' Logs = '' Exception = '' } + $OnboardTable = Get-CIPPTable -TableName 'TenantOnboarding' Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop Push-ExecOnboardTenantQueue -Item @{ Id = $Id } - } - - if ($AuditLog) { - Write-LogMessage -API 'Webhooks' -message "Partner Center $($Data.EventName) audit log webhook received" -LogData $AuditLog -Sev 'Alert' } else { - Write-LogMessage -API 'Webhooks' -message "Partner Center $($Data.EventName) webhook received" -LogData $Data -Sev 'Alert' + if ($AuditLog) { + Write-LogMessage -API 'Webhooks' -message "Partner Center $($Data.EventName) audit log webhook received" -LogData $AuditObj -Sev 'Alert' + } else { + Write-LogMessage -API 'Webhooks' -message "Partner Center $($Data.EventName) webhook received" -LogData $Data -Sev 'Alert' + } } } } diff --git a/Scheduler_GetWebhooks/run.ps1 b/Scheduler_GetWebhooks/run.ps1 index b262f320738b..b55b57d1f05c 100644 --- a/Scheduler_GetWebhooks/run.ps1 +++ b/Scheduler_GetWebhooks/run.ps1 @@ -3,11 +3,12 @@ param($Timer) try { $webhookTable = Get-CIPPTable -tablename webhookTable - $Webhooks = Get-CIPPAzDataTableEntity @webhookTable + $Webhooks = Get-CIPPAzDataTableEntity @webhookTable -Property RowKey if (($Webhooks | Measure-Object).Count -eq 0) { Write-Host 'No webhook subscriptions found. Exiting.' return } + Write-Host 'Processing webhooks' $InputObject = [PSCustomObject]@{ OrchestratorName = 'WebhookOrchestrator' @@ -16,8 +17,10 @@ try { } SkipLog = $true } + Write-Host ($InputObject | ConvertTo-Json -Depth 5) $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5) Write-Host "Started orchestration with ID = '$InstanceId'" } catch { - Write-LogMessage -API 'Webhooks' -message "Error processing webhooks - $($_.Exception.Message)" -sev Error + Write-LogMessage -API 'Webhooks' -message 'Error processing webhooks' -sev Error -LogData (Get-CippException -Exception $_) + Write-Host ( 'Webhook error {0} line {1} - {2}' -f $_.InvocationInfo.ScriptName, $_.InvocationInfo.ScriptLineNumber, $_.Exception.Message) } From 32ef9bff1187bd5e73c3841faa3ed487eb0bebc2 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Apr 2024 16:58:52 -0400 Subject: [PATCH 238/243] Set logs to debug --- .../CIPP/Settings/Invoke-ExecDnsConfig.ps1 | 2 +- .../CIPP/Settings/Invoke-ExecExcludeTenant.ps1 | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 index 067da939c2ca..41768a704af5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecDnsConfig.ps1 @@ -88,7 +88,7 @@ Function Invoke-ExecDnsConfig { } 'GetConfig' { $body = [pscustomobject]$Config - Write-LogMessage -API $APINAME -tenant 'Global' -user $request.headers.'x-ms-client-principal' -message 'Retrieved DNS configuration' -Sev 'Info' + Write-LogMessage -API $APINAME -tenant 'Global' -user $request.headers.'x-ms-client-principal' -message 'Retrieved DNS configuration' -Sev 'Debug' } 'RemoveDomain' { $Filter = "RowKey eq '{0}'" -f $Request.Query.Domain diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 index ca63f9f20afa..ca3e85feed9a 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecExcludeTenant.ps1 @@ -17,13 +17,13 @@ Function Invoke-ExecExcludeTenant { $TenantsTable = Get-CippTable -tablename Tenants if ($Request.Query.List) { - $ExcludedFilter = "PartitionKey eq 'Tenants' and Excluded eq true" - $ExcludedTenants = Get-CIPPAzDataTableEntity @TenantsTable -Filter $ExcludedFilter - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message 'got excluded tenants list' -Sev 'Info' + $ExcludedFilter = "PartitionKey eq 'Tenants' and Excluded eq true" + $ExcludedTenants = Get-CIPPAzDataTableEntity @TenantsTable -Filter $ExcludedFilter + Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message 'got excluded tenants list' -Sev 'Debug' $body = @($ExcludedTenants) } elseif ($Request.query.ListAll) { - $ExcludedTenants = Get-CIPPAzDataTableEntity @TenantsTable -filter "PartitionKey eq 'Tenants'" - Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message 'got excluded tenants list' -Sev 'Info' + $ExcludedTenants = Get-CIPPAzDataTableEntity @TenantsTable -filter "PartitionKey eq 'Tenants'" + Write-LogMessage -API $APINAME -user $request.headers.'x-ms-client-principal' -message 'got excluded tenants list' -Sev 'Debug' $body = @($ExcludedTenants) } try { @@ -31,7 +31,7 @@ Function Invoke-ExecExcludeTenant { $name = $Request.Query.TenantFilter if ($Request.Query.AddExclusion) { $Tenants = Get-Tenants -IncludeAll | Where-Object { $Request.body.value -contains $_.customerId } - + $Excluded = foreach ($Tenant in $Tenants) { $Tenant.Excluded = $true $Tenant.ExcludeUser = $username @@ -41,17 +41,17 @@ Function Invoke-ExecExcludeTenant { Write-Host ($Excluded | ConvertTo-Json) Update-AzDataTableEntity @TenantsTable -Entity ([pscustomobject]$Excluded) #Remove-CIPPCache - Write-LogMessage -API $APINAME -tenant $($name) -user $request.headers.'x-ms-client-principal' -message "Added exclusion for customer(s): $($Excluded.defaultDomainName -join ',')" -Sev 'Info' + Write-LogMessage -API $APINAME -tenant $($name) -user $request.headers.'x-ms-client-principal' -message "Added exclusion for customer(s): $($Excluded.defaultDomainName -join ',')" -Sev 'Info' $body = [pscustomobject]@{'Results' = "Success. Added exclusions for customer(s): $($Excluded.defaultDomainName -join ',')" } } if ($Request.Query.RemoveExclusion) { $Filter = "PartitionKey eq 'Tenants' and defaultDomainName eq '{0}'" -f $name - $Tenant = Get-CIPPAzDataTableEntity @TenantsTable -Filter $Filter + $Tenant = Get-CIPPAzDataTableEntity @TenantsTable -Filter $Filter $Tenant.Excluded = $false $Tenant.ExcludeUser = '' $Tenant.ExcludeDate = '' - Update-AzDataTableEntity @TenantsTable -Entity $Tenant + Update-AzDataTableEntity @TenantsTable -Entity $Tenant #Remove-CIPPCache Write-LogMessage -API $APINAME -tenant $($name) -user $request.headers.'x-ms-client-principal' -message "Removed exclusion for customer $($name)" -Sev 'Info' $body = [pscustomobject]@{'Results' = "Success. We've removed $name from the excluded tenants." } From ecceda84e2ab6b8e24641c60edc2a782676c0ab5 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Apr 2024 17:57:49 -0400 Subject: [PATCH 239/243] Onboarding updates --- .../Push-ExecOnboardTenantQueue.ps1 | 60 ++++++++++--------- 1 file changed, 33 insertions(+), 27 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 index cc23c195820c..221068716478 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-ExecOnboardTenantQueue.ps1 @@ -215,39 +215,40 @@ Function Push-ExecOnboardTenantQueue { $OnboardingSteps.Step3.Status = 'failed' $OnboardingSteps.Step3.Message = 'Failed to map security groups, no pending invite available' } + } - do { - $AccessAssignments = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$Id/accessAssignments" - Start-Sleep -Seconds 15 - } while ($AccessAssignments.status -contains 'pending' -and (Get-Date) -lt $Start.AddMinutes(8)) + do { + $AccessAssignments = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/$Id/accessAssignments" + Start-Sleep -Seconds 15 + } while ($AccessAssignments.status -contains 'pending' -and (Get-Date) -lt $Start.AddMinutes(8)) - if ($AccessAssignments.status -notcontains 'pending') { - $OnboardingSteps.Step3.Message = 'Group check: Access assignments are mapped and active' - $OnboardingSteps.Step3.Status = 'succeeded' - if ($Item.AddMissingGroups -eq $true) { - $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Checking for missing groups for SAM user' }) - $SamUserId = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me?`$select=id").id - $CurrentMemberships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me/transitiveMemberOf?`$select=id,displayName" - foreach ($Role in $Item.Roles) { - if ($CurrentMemberships.id -notcontains $Role.GroupId) { - $PostBody = @{ - '@odata.id' = 'https://graph.microsoft.com/v1.0/directoryObjects/{0}' -f $SamUserId - } | ConvertTo-Json -Compress - try { - New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($Role.GroupId)/members/`$ref" -body $PostBody -AsApp $true -NoAuthCheck $true - $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = "Added SAM user to $($Role.GroupName)" }) - } catch { - $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = "Failed to add SAM user to $($Role.GroupName) - $($_.Exception.Message)" }) - } + if ($AccessAssignments.status -notcontains 'pending') { + $OnboardingSteps.Step3.Message = 'Group check: Access assignments are mapped and active' + $OnboardingSteps.Step3.Status = 'succeeded' + if ($Item.AddMissingGroups -eq $true) { + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'Checking for missing groups for SAM user' }) + $SamUserId = (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me?`$select=id").id + $CurrentMemberships = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me/transitiveMemberOf?`$select=id,displayName" + foreach ($Role in $Item.Roles) { + if ($CurrentMemberships.id -notcontains $Role.GroupId) { + $PostBody = @{ + '@odata.id' = 'https://graph.microsoft.com/v1.0/directoryObjects/{0}' -f $SamUserId + } | ConvertTo-Json -Compress + try { + New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($Role.GroupId)/members/`$ref" -body $PostBody -AsApp $true -NoAuthCheck $true + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = "Added SAM user to $($Role.GroupName)" }) + } catch { + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = "Failed to add SAM user to $($Role.GroupName) - $($_.Exception.Message)" }) } } - $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'SAM user group check completed' }) } - } else { - $OnboardingSteps.Step3.Message = 'Group check: Access assignments are still pending, try again later' - $OnboardingSteps.Step3.Status = 'failed' - $TenantOnboarding.Status = 'failed' + $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'SAM user group check completed' }) } + } else { + $OnboardingSteps.Step3.Message = 'Group check: Access assignments are still pending, try again later' + $OnboardingSteps.Step3.Status = 'failed' + $TenantOnboarding.Status = 'failed' + Write-LogMessage -API 'Onboarding' -message "Tenant onboarding failed at group mapping step for $($Relationship.customer.displayName)" -Sev 'Error' } $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress) @@ -298,6 +299,7 @@ Function Push-ExecOnboardTenantQueue { $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress) $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress) Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop + Write-LogMessage -API 'Onboarding' -message "Tenant onboarding failed at CPV step for $($Relationship.customer.displayName)" -Sev 'Error' return } $Refreshing = $true @@ -357,6 +359,7 @@ Function Push-ExecOnboardTenantQueue { } catch { $UserCount = 0 $ApiError = $_.Exception.Message + $ApiException = $_ } if ($UserCount -gt 0) { @@ -368,6 +371,7 @@ Function Push-ExecOnboardTenantQueue { $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress) $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress) Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop + Write-LogMessage -API 'Onboarding' -message "Tenant onboarding succeeded for $($Relationship.customer.displayName)" -Sev 'Info' } else { $Logs.Add([PSCustomObject]@{ Date = Get-Date -UFormat $DateFormat; Log = 'API Test failed: {0}' -f $ApiError }) $OnboardingSteps.Step5.Status = 'failed' @@ -376,6 +380,7 @@ Function Push-ExecOnboardTenantQueue { $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress) $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress) Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop + Write-LogMessage -API 'Onboarding' -message "Tenant onboarding API test failed for $($Relationship.customer.displayName)" -Sev 'Error' -LogData (Get-CippException -Exception $ApiException) } } } catch { @@ -385,5 +390,6 @@ Function Push-ExecOnboardTenantQueue { $TenantOnboarding.OnboardingSteps = [string](ConvertTo-Json -InputObject $OnboardingSteps -Compress) $TenantOnboarding.Logs = [string](ConvertTo-Json -InputObject @($Logs) -Compress) Add-CIPPAzDataTableEntity @OnboardTable -Entity $TenantOnboarding -Force -ErrorAction Stop + Write-LogMessage -API 'Onboarding' -message "Tenant onboarding failed for $Id" -Sev 'Error' -LogData (Get-CippException -Exception $_) } } From 0022382be9ee525a947fc31dd1b9dd6e2323bff9 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Apr 2024 19:13:29 -0400 Subject: [PATCH 240/243] fix explorer preset bug --- .../Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 index fa2211ecc392..f04c365c5ccf 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Tools/Invoke-ExecGraphExplorerPreset.ps1 @@ -33,7 +33,8 @@ Function Invoke-ExecGraphExplorerPreset { } $params = $Request.Body.preset | Select-Object endpoint, '$filter', '$select', '$count', '$expand', '$search', NoPagination, '$top', IsShared - if ($params.'$select' -and -not $params.'$select' -is [string]) { + + if ($params.'$select'.value) { $params.'$select' = ($params.'$select').value -join ',' } From 619f332658c2b00146845f35499ad4b7cb510d14 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Thu, 11 Apr 2024 19:15:08 -0400 Subject: [PATCH 241/243] allow for editing schedule --- .../CIPPCore/Public/Add-CIPPScheduledTask.ps1 | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1 b/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1 index 04c5d358d599..8cd5b159d458 100644 --- a/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1 +++ b/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1 @@ -18,8 +18,7 @@ function Add-CIPPScheduledTask { $ht[$p.Key] = $p.Value } $Parameters[$Key] = [PSCustomObject]$ht - } - else { + } else { $Parameters[$Key] = $Param } } @@ -30,10 +29,15 @@ function Add-CIPPScheduledTask { } $AdditionalProperties = ([PSCustomObject]$AdditionalProperties | ConvertTo-Json -Compress) if ($Parameters -eq 'null') { $Parameters = '' } + if (!$Task.RowKey) { + $RowKey = (New-Guid).Guid + } else { + $RowKey = $Task.RowKey + } $entity = @{ PartitionKey = [string]'ScheduledTask' TaskState = [string]'Planned' - RowKey = [string]"$(New-Guid)" + RowKey = [string]$RowKey Tenant = [string]$task.TenantFilter Name = [string]$task.Name Command = [string]$task.Command.value @@ -46,10 +50,9 @@ function Add-CIPPScheduledTask { Results = 'Planned' } try { - Add-CIPPAzDataTableEntity @Table -Entity $entity - } - catch { + Add-CIPPAzDataTableEntity @Table -Entity $entity -Force + } catch { return "Could not add task: $($_.Exception.Message)" } - return "Successfully added task" + return 'Successfully added task' } \ No newline at end of file From 5a336f7830344e31c1a004612fa948be61ccf0a4 Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 12 Apr 2024 12:38:52 +0200 Subject: [PATCH 242/243] fixes universal search --- .../Push-CIPPAlertNewAppApproval.ps1 | 2 +- .../Tenant/Conditional/Invoke-ExecCACheck.ps1 | 58 +++++++++++++++++++ .../Invoke-ExecUniversalSearch.ps1 | 25 +++++++- .../GraphHelper/New-GraphPOSTRequest.ps1 | 4 +- 4 files changed, 84 insertions(+), 5 deletions(-) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNewAppApproval.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNewAppApproval.ps1 index 438fd62739d6..f5317b9769a5 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNewAppApproval.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNewAppApproval.ps1 @@ -6,7 +6,7 @@ function Push-CIPPAlertNewAppApproval { [pscustomobject]$Item ) try { - $Approvals = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests' -tenantid $item.tenant + $Approvals = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests' -tenantid $item.tenant | Where-Object -Property requestStatus -EQ 'inProgress' if ($Approvals.count -gt 1) { Write-AlertMessage -tenant $($Item.tenant) -message "There is are $($Approvals.count) App Approvals waiting." } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 new file mode 100644 index 000000000000..137c55a9c28b --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 @@ -0,0 +1,58 @@ +using namespace System.Net + +Function Invoke-ExecCaCheck { + <# + .FUNCTIONALITY + Entrypoint + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = $TriggerMetadata.FunctionName + Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug' + + $Tenant = $request.body.tenantFilter + $UserID = $request.body.userId.value + if ($Request.body.IncludeApplications.value) { + $IncludeApplications = $Request.body.IncludeApplications.value + } else { + $IncludeApplications = '67ad5377-2d78-4ac2-a867-6300cda00e85' + } + $results = try { + $CAContext = @{ + '@odata.type' = '#microsoft.graph.whatIfApplicationContext' + 'includeApplications' = @($IncludeApplications) + } + $ConditionalAccessWhatIfDefinition = @{ + 'conditionalAccessWhatIfSubject' = @{ + '@odata.type' = '#microsoft.graph.userSubject' + 'userId' = "$userId" + } + 'conditionalAccessContext' = $CAContext + 'conditionalAccessWhatIfConditions' = @{} + } + $whatIfConditions = $ConditionalAccessWhatIfDefinition.conditionalAccessWhatIfConditions + if ($Request.body.UserRiskLevel) { $whatIfConditions.userRiskLevel = $Request.body.UserRiskLevel.value } + if ($Request.body.SignInRiskLevel) { $whatIfConditions.signInRiskLevel = $Request.body.SignInRiskLevel.value } + if ($Request.body.ClientAppType) { $whatIfConditions.clientAppType = $Request.body.ClientAppType.value } + if ($Request.body.DevicePlatform) { $whatIfConditions.devicePlatform = $Request.body.DevicePlatform.value } + if ($Request.body.Country) { $whatIfConditions.country = $Request.body.Country.value } + if ($Request.body.IpAddress) { $whatIfConditions.ipAddress = $Request.body.IpAddress.value } + + $JSONBody = $ConditionalAccessWhatIfDefinition | ConvertTo-Json -Depth 10 + Write-Host $JSONBody + $Request = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/evaluate' -tenantid $tenant -type POST -body $JsonBody -AsApp $true + $Request + } catch { + "Failed to execute check: $($_.Exception.Message)" + } + + $body = [pscustomobject]@{'Results' = $results } + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = [HttpStatusCode]::OK + Body = $body + }) + +} diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 index 838f23ee3cd6..eda323666fa1 100644 --- a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 @@ -19,8 +19,29 @@ Function Invoke-ExecUniversalSearch { try { $tenantfilter = Get-Tenants - $payload = '{ "returnsPartialResults":true, "displayName":"getUsers", "target": { "allTenants":true }, "operationDefinition": { "values":["@sys.normalize([ConsistencyLevel: eventual GET /v1.0/users?$top=5&$search=\"userPrincipalName:' + $request.query.name + '\" OR \"displayName:' + $request.query.name + '\"])"] }, "aggregationDefinition": { "values":["@sys.append([/result],50)"] } }' - $GraphRequest = (New-GraphPOSTRequest -noauthcheck $true -type 'POST' -uri 'https://graph.microsoft.com/beta/tenantRelationships/managedTenants/managedTenantOperations' -tenantid $env:TenantID -body $payload).result.Results | ConvertFrom-Json | Where-Object { $_.'_TenantId' -in $tenantfilter.customerId } + $payload = [PSCustomObject]@{ + returnsPartialResults = $false + displayName = 'getUsers' + target = [PSCustomObject]@{ + allTenants = $true + } + operationDefinition = [PSCustomObject]@{ + values = @( + "@sys.normalize([ConsistencyLevel: eventual GET /v1.0/users?`$top=5&`$search=`"userPrincipalName:$($Request.query.name)`" OR `"displayName:$($Request.query.name)`"])" + ) + } + aggregationDefinition = [PSCustomObject]@{ + values = @( + '@sys.append([/result],50)' + ) + } + } | ConvertTo-Json -Depth 10 + $GraphRequest = (New-GraphPOSTRequest -noauthcheck $true -type 'POST' -uri 'https://graph.microsoft.com/beta/tenantRelationships/managedTenants/managedTenantOperations' -tenantid $env:TenantID -body $payload -IgnoreErrors $true) + if (!$GraphRequest.result.results) { + $GraphRequest = ($GraphRequest.error.message | ConvertFrom-Json).result.results | ConvertFrom-Json | Where-Object { $_.'_TenantId' -in $tenantfilter.customerId } + } else { + $GraphRequest.result.Results | ConvertFrom-Json -ErrorAction SilentlyContinue | Where-Object { $_.'_TenantId' -in $tenantfilter.customerId } + } $StatusCode = [HttpStatusCode]::OK } catch { $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message diff --git a/Modules/CIPPCore/Public/GraphHelper/New-GraphPOSTRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-GraphPOSTRequest.ps1 index 9236b7559fcf..315881e1048b 100644 --- a/Modules/CIPPCore/Public/GraphHelper/New-GraphPOSTRequest.ps1 +++ b/Modules/CIPPCore/Public/GraphHelper/New-GraphPOSTRequest.ps1 @@ -1,5 +1,5 @@ -function New-GraphPOSTRequest ($uri, $tenantid, $body, $type, $scope, $AsApp, $NoAuthCheck, $skipTokenCache, $AddedHeaders, $contentType) { +function New-GraphPOSTRequest ($uri, $tenantid, $body, $type, $scope, $AsApp, $NoAuthCheck, $skipTokenCache, $AddedHeaders, $contentType, $IgnoreErrors) { <# .FUNCTIONALITY Internal @@ -20,7 +20,7 @@ function New-GraphPOSTRequest ($uri, $tenantid, $body, $type, $scope, $AsApp, $N $contentType = 'application/json; charset=utf-8' } try { - $ReturnedData = (Invoke-RestMethod -Uri $($uri) -Method $TYPE -Body $body -Headers $headers -ContentType $contentType) + $ReturnedData = (Invoke-RestMethod -Uri $($uri) -Method $TYPE -Body $body -Headers $headers -ContentType $contentType -SkipHttpErrorCheck:$IgnoreErrors) } catch { $Message = if ($_.ErrorDetails.Message) { Get-NormalizedError -Message $_.ErrorDetails.Message From 1101cc1664b4886e9bbb8f52550dba7b810b8d0a Mon Sep 17 00:00:00 2001 From: KelvinTegelaar Date: Fri, 12 Apr 2024 14:29:53 +0200 Subject: [PATCH 243/243] up version --- version_latest.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version_latest.txt b/version_latest.txt index 3238344b3b0d..c7ba1e87f75e 100644 --- a/version_latest.txt +++ b/version_latest.txt @@ -1 +1 @@ -5.4.4 \ No newline at end of file +5.5.0 \ No newline at end of file