From a477dcc32429f1a4ace55342908b193715fdd603 Mon Sep 17 00:00:00 2001
From: Jose Moreno <jomore@microsoft.com>
Date: Wed, 10 Jan 2024 11:28:03 +0100
Subject: [PATCH] added ARG queries
---
.github/workflows/translate.yml | 3 +
.../network_appdelivery_checklist.en.json | 67 +-
spreadsheet/review_checklist.xlsm | Bin 563676 -> 563603 bytes
workbooks/README.md | 3 +
.../appdelivery_checklist.en_network.json | 791 ++++++++++
...hecklist.en_network_counters_workbook.json | 1342 ++++++++++++++++
...en_network_counters_workbook_template.json | 57 +
...very_checklist.en_network_tabcounters.json | 1389 +++++++++++++++++
...elivery_checklist.en_network_workbook.json | 791 ++++++++++
...hecklist.en_network_workbook_template.json | 57 +
...livery_checklist.en_counters_workbook.json | 286 +++-
...ecklist.en_counters_workbook_template.json | 2 +-
...ork_appdelivery_checklist.en_workbook.json | 192 ++-
...livery_checklist.en_workbook_template.json | 2 +-
14 files changed, 4937 insertions(+), 45 deletions(-)
create mode 100644 workbooks/appdelivery_checklist.en_network.json
create mode 100644 workbooks/appdelivery_checklist.en_network_counters_workbook.json
create mode 100644 workbooks/appdelivery_checklist.en_network_counters_workbook_template.json
create mode 100644 workbooks/appdelivery_checklist.en_network_tabcounters.json
create mode 100644 workbooks/appdelivery_checklist.en_network_workbook.json
create mode 100644 workbooks/appdelivery_checklist.en_network_workbook_template.json
diff --git a/.github/workflows/translate.yml b/.github/workflows/translate.yml
index ffda89aa7..d378069cb 100644
--- a/.github/workflows/translate.yml
+++ b/.github/workflows/translate.yml
@@ -105,6 +105,9 @@ jobs:
python3 ./scripts/workbook_create.py --checklist-file ./checklists/alz_checklist.en.json --output-path ./workbooks --blocks-path ./workbooks/blocks --create-arm-template --category=network --query-size medium
python3 ./scripts/workbook_create.py --checklist-file ./checklists/alz_checklist.en.json --output-file ./workbooks/alz_checklist.en_network_counters.json --blocks-path ./workbooks/blocks --create-arm-template --category=network --query-size tiny --counters
python3 ./scripts/workbook_create.py --checklist-file ./checklists/alz_checklist.en.json --output-file ./workbooks/alz_checklist.en_network_tabcounters.json --blocks-path ./workbooks/blocks --create-arm-template --category=network --query-size tiny --tab-counters
+ # App delivery
+ python3 ./scripts/workbook_create.py --checklist-file ./checklists/network_appdelivery_checklist.en.json --output-file ./workbooks/appdelivery_checklist.en_network_workbook_template.json --blocks-path ./workbooks/blocks --create-arm-template --category=network --query-size tiny
+ python3 ./scripts/workbook_create.py --checklist-file ./checklists/network_appdelivery_checklist.en.json --output-file ./workbooks/appdelivery_checklist.en_network_counters_workbook_template.json --blocks-path ./workbooks/blocks --create-arm-template --category=network --query-size tiny --counters
# Create the PR if any change was made
- name: Create pull request
diff --git a/checklists/network_appdelivery_checklist.en.json b/checklists/network_appdelivery_checklist.en.json
index 695d32477..1db7ebefb 100644
--- a/checklists/network_appdelivery_checklist.en.json
+++ b/checklists/network_appdelivery_checklist.en.json
@@ -2,7 +2,7 @@
"items": [
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "If you use customer-managed TLS certificates with Azure Front Door, use the 'Latest' certificate version. Reduce the risk of outages caused by manual certificate renewal.",
"waf": "Operations",
"service": "Front Door",
@@ -24,7 +24,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - App Gateway",
+ "subcategory": "App Gateway",
"text": "Ensure you are using Application Gateway v2 SKU",
"waf": "Security",
"service": "App Gateway",
@@ -37,7 +37,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Load Balancer",
+ "subcategory": "Load Balancer",
"text": "Ensure you are using the Standard SKU for your Azure Load Balancers",
"waf": "Security",
"service": "Load Balancer",
@@ -49,7 +49,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Load Balancer",
+ "subcategory": "Load Balancer",
"text": "Ensure your Load Balancers frontend IP addresses are zone-redundant (unless you require zonal frontends).",
"waf": "Security",
"service": "Load Balancer",
@@ -60,7 +60,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - App Gateway",
+ "subcategory": "App Gateway",
"text": "Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24",
"waf": "Security",
"service": "App Gateway",
@@ -73,7 +73,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - App Gateway",
+ "subcategory": "App Gateway",
"text": "Deploy Azure Application Gateway v2 or partner NVAs used for proxying inbound HTTP(S) connections within the landing-zone virtual network and with the apps that they're securing.",
"description": "Administration of reverse proxies in general and WAF in particular is closer to the application than to networking, so they belong in the same subscription as the app. Centralizing the Application Gateway and WAF in the connectivity subscription might be OK if it is managed by one single team.",
"waf": "Security",
@@ -86,7 +86,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - App Gateway",
+ "subcategory": "App Gateway",
"text": "Use a DDoS Network or IP protection plans for all Public IP addresses in application landing zones.",
"waf": "Security",
"service": "App Gateway",
@@ -98,7 +98,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - App Gateway",
+ "subcategory": "App Gateway",
"text": "Configure autoscaling with a minimum amount of instances of two.",
"waf": "Reliability",
"service": "App Gateway",
@@ -111,7 +111,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - App Gateway",
+ "subcategory": "App Gateway",
"text": "Deploy Application Gateway across Availability Zones",
"waf": "Reliability",
"service": "App Gateway",
@@ -124,7 +124,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Use Azure Front Door with WAF policies to deliver and help protect global HTTP/S apps that span multiple Azure regions.",
"waf": "Security",
"service": "Front Door",
@@ -148,7 +148,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Traffic Manager",
+ "subcategory": "Traffic Manager",
"text": "Use Traffic Manager to deliver global apps that span protocols other than HTTP/S.",
"waf": "Reliability",
"service": "Traffic Manager",
@@ -185,7 +185,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Deploy your WAF profiles for Front Door in 'Prevention' mode.",
"waf": "Security",
"service": "Front Door",
@@ -198,7 +198,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Avoid combining Azure Traffic Manager and Azure Front Door.",
"waf": "Security",
"service": "Front Door",
@@ -210,7 +210,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Use the same domain name on Azure Front Door and your origin. Mismatched host names can cause subtle bugs.",
"waf": "Security",
"service": "Front Door",
@@ -222,18 +222,19 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Disable health probes when there is only one origin in an Azure Front Door origin group.",
"waf": "Performance",
"service": "Front Door",
"guid": "0b5a380c-4bfb-47bc-b1d7-dcfef363a61b",
"id": "A01.19",
"severity": "Low",
+ "graph": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant",
"link": "https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group"
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Select good health probe endpoints for Azure Front Door. Consider building health endpoints that check all of your application's dependencies.",
"waf": "Reliability",
"service": "Front Door",
@@ -244,18 +245,19 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Use HEAD health probes with Azure Front Door, to reduce the traffic that Front Door sends to your application.",
"waf": "Performance",
"service": "Front Door",
"guid": "a13f72f3-8f5c-4864-95e5-75bf37fbbeb1",
"id": "A01.21",
"severity": "Low",
+ "graph": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId",
"link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes"
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Load Balancer",
+ "subcategory": "Load Balancer",
"text": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability",
"waf": "Reliability",
"service": "Load Balancer",
@@ -268,7 +270,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Use managed TLS certificates with Azure Front Door. Reduce operational cost and risk of outages due to certificate renewals.",
"waf": "Operations",
"service": "Front Door",
@@ -276,11 +278,12 @@
"id": "A01.23",
"ammp": true,
"severity": "High",
+ "graph": "cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId",
"link": "https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates"
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Define your Azure Front Door WAF configuration as code. By using code, you can more easily adopt new ruleset versions and gain additional protection.",
"waf": "Operations",
"service": "Front Door",
@@ -291,7 +294,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Use end-to-end TLS with Azure Front Door. Use TLS for connections from your clients to Front Door, and from Front Door to your origin.",
"waf": "Security",
"service": "Front Door",
@@ -303,7 +306,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Use HTTP to HTTPS redirection with Azure Front Door. Support older clients by redirecting them to an HTTPS request automatically.",
"waf": "Security",
"service": "Front Door",
@@ -314,7 +317,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Enable the Azure Front Door WAF. Protect your application from a range of attacks.",
"waf": "Security",
"service": "Front Door",
@@ -326,7 +329,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Tune the Azure Front Door WAF for your workload. Reduce false positive detections.",
"waf": "Security",
"service": "Front Door",
@@ -338,7 +341,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Use prevention mode with the Azure Front Door WAF. Prevention mode ensures that the WAF blocks malicious requests.",
"waf": "Security",
"service": "Front Door",
@@ -350,7 +353,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Enable the Azure Front Door WAF default rule sets. The default rule sets detect and block common attacks.",
"waf": "Security",
"service": "Front Door",
@@ -362,7 +365,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Enable the Azure Front Door WAF bot management rules. The bot rules detect good and bad bots.",
"waf": "Security",
"service": "Front Door",
@@ -374,7 +377,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Use the latest Azure Front Door WAF ruleset versions. Ruleset updates are regularly updated to take account of the current threat landscape.",
"waf": "Security",
"service": "Front Door",
@@ -385,7 +388,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Add rate limiting to the Azure Front Door WAF. Rate limiting blocks clients accidentally or intentionally sending large amounts of traffic in a short period of time.",
"waf": "Security",
"service": "Front Door",
@@ -396,7 +399,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Use a high threshold for Azure Front Door WAF rate limits. High rate limit thresholds avoid blocking legitimate traffic, while still providing protection against extremely high numbers of requests that might overwhelm your infrastructure. ",
"waf": "Security",
"service": "Front Door",
@@ -407,7 +410,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Geo-filter traffic by using the Azure Front Door WAF. Allow traffic only from expected regions, and block traffic from other regions.",
"waf": "Security",
"service": "Front Door",
@@ -418,7 +421,7 @@
},
{
"category": "Network Topology and Connectivity",
- "subcategory": "App delivery - Front Door",
+ "subcategory": "Front Door",
"text": "Specify the unknown (ZZ) location when geo-filtering traffic with the Azure Front Door WAF. Avoid accidentally blocking legitimate requests when IP addresses can't be geo-matched.",
"waf": "Security",
"service": "Front Door",
diff --git a/spreadsheet/review_checklist.xlsm b/spreadsheet/review_checklist.xlsm
index 566994632a720d996e18b38e9f1a6185231ae696..d4aa25b873fecc9af9efae87de7ab95995c01871 100644
GIT binary patch
delta 141981
zcmb@uc|26@|37|@6cUmxJ830plkA~gD@7sNZ6Ty=<Fr`XsP2=dvfYv-p|Wo?MR6C|
z3Rx!!F^#d#V9d<#y3UNH?)&|He?Gs*=Z}u#oO500x?aok^?bcvM=cqP(2PYdCIpd1
z_Ui&l`2YCBL*$P?#Qyl>58pFd7d*UNk9&ByuJUy|^W4gIZ^uT-AO~lT+0x#Uo13>s
zyGrce>b%NqiM#r2I!-9>n)$26o@JhY34TP#9mA#<>)gvP?p)B^Js49UM%4OX>aX&=
z(pmd<4RNXY<DE_qtuM?P^ID*RKm1HL&BCr4xjygvGK+Gu7-yp6>z!B36^V=mf=_!d
zMSB`C4rJ|FYw^uLu5!ohW$QldtT^_*@3ViU;2z4&`S#M!(wwtxz7_sSSYVJHK2I;I
zQ%K0U_U_|v=BhU(@6VdhEAJk$v3YPtE$!`3;sXsK&2E+B4`p-_myiz@4}22}uCF!F
zeEoCwE9CL)D{&&6?N`Ex_59mt2O|B7opw70DsN6PucrOn_V9YOhRn(~=286}Pd@x@
zw(5AU$-AFok6!7#`YCg4JJZcs&?4odlvp&w#JPS>)GB4AiowfvnwHkZLt`seZFxNR
zu=?4L3G2HTEB-CIvPaD?>&?Tl7w?5P)+x4bdc`la_ufyW>dpz>lA})Q4<#C}D?6LL
zd!@GfTGsOGisXoM`lCxy!lL*#Ix5n4+-qn^`EWb&ZpB&4exbW><(7ZG?^ck%Wbvl!
zW3!h%FOKHV{C2xWLyYB4&wh2~rfKT-6N4G=WiKrV*)==;jl?pg*!u4Kjus`?FDdxy
z5VSWAc6r!XY;`X^iR_`s-?8|<|I+0>eK!ibMs_D%_R#COMQ&&koqbWFU05pmC4b>W
z5M|-(kA*&e#(6J&!&q(*y2;_IfS~?j>-^riYF9PZx~ByD{h%KfR@C%5@i_R-nghGY
zgHjD%YD><YXcpo7q`i_Ov#{ihR(x)Iqk2N{k4tAv#|!oK-rN`wsznNy?sYh7;F@B*
zrI2h;@8~vuwasrfJJn(Bj+Ke;eC!j4JykTe3nawaYbiIEPz*X{7pJE@*z~GJf6>^H
zIalv=3K~Tuov4u#c%^!8WBb^w2VYmr7rb!}7ocLSf2olX9-sa;qD%dWNLx<<YawyH
zVJ4HMay3gjt?5m3_Sx61L?rQ<X2JZ1#=FPw73a=ZwCBeKmKnr{hFdJY+;U2=-ns7B
z3%z;cwxJq!>sJTbzcmYJx~kJ=!R%00v{-mt-XddnPL@c<6TXJ(UV(&<h4-FROOHC`
z&2_RA3d_HY+o_wrUHu{dp|-=RKS@U<59T5Av-FRt&S7*syjqWb{dSx>A2GZ4%3$}k
z`<a8Pn<i?90wNmZM{c_x5^&k}Gt6g`ufE;}d+CRE=@)80?PelUvt>_DG~JqI<2}~D
zGD7Ro`-U3lg{%=DiEgc;gxHYax5T0_dUcMW+upVG$6tRAp8G~h(&x+f*p!_$c*0=G
zmLk-DQ@?X>)z?)oZ}fC6>or<-2FXUfC=!vkcDzL0hp**pZGVNj;~iUD<*t~9_U?N7
zN0_z#2D`^S`2Dn#Z*IA^5sz){s#d>~JXXE9{rG&@d&lWVj`T!@rtzPCy6v7sNKN&E
zE1T`YimGxYvlE(Z$r-bE?!PAyiU#Dy+<JdTP;=|K1#66O9x^|xd&RV8sXSbB`J{V<
z-ELV?H_MmBUtTCk&bcE+x+v9EW#qerlA@{ertp$^Xs$!1>t2J7y1vui*)4}gDy#|o
z9tv~KtXeo*d~x+MC(XZ&x|kP#9X{#xY6;bIeO^(7Es2woRqk}vG0Lo0FEorpFe&Ai
z$`}`ES~U0XMFEyiR`CB(e-3S1t&AKv;t{o45+9ezxj3QpI#6Os>MN_m8oTQ<)0#78
z?Kv)W_O$-)CT9-5;i9VL<9X^KqnGo-y!#9rGAJhwAJRIoy);F)IQzy*n^Ojkb*Cd@
ziCW8qUOirPaL-)(8eRXy1xFn46RY*l4y??%t1diWU3Z&p;(5!mJB|15ZEgzOrtt+i
z?7e@%?408rf5-f_I34{^JYc8ewX<0Lv&yb_^XC!mGj6sGo^hz%sjYHZdNU5mJEiYj
z9Wka-Xm@*-lXl>q<!u}E6_rFQM<Z8C*bQdAT4%2(lI0zljIt9lDnbP{ulcsomi|#V
z%TvQ@^@vUR7OMxlX*yCeCl7Ag7O_#~fsZ88KlF8QuOK?4C6cu3m1s}lpI45a{VF(K
zoSEgnoQ6O6_E=cw$WgZbn@6I%2<E#OE8`N#mkI=p-U%bGhFg3Wti1PTu~5gkKSRqq
zcjsSi{bI{DvCe3E;}A0YgsJj&Aw%EKS1#W1)-IPFwb01sKT=i0w>PeE{q7N~82Xi(
zD+bpP&AiUAs>_`YhqfHMev~bF*s%8U>FazeZa&wkEHAtH!+zO|)>fk*HR=z;{N=2p
zja^3rwtH)Tl-q2n`rx?MaHw=YUGeT-_OtgUf|=0~4bEpauA+?1eyMu|#mBq*4xpVb
z`rB5lts)MTD4vQ+<;%aL=u&-C=Hee5tM|isd{34jW&Vci8yDW)KJsh}F8+*`l$Pz+
z{D>p!KkJiUJUlS!6*V_k#v(q)NBz0mv+hRw1>aT=7GGLuasx+;s#<np%_Heq_0no0
zKUbf}2by+xNqv*%tCuboJEM@BWV%Z2wXVI)tm_TJ*Iq`Adpg`GpP%ozTVB=4<oJB;
zr?+y4{@@S2gm?(pFI-kaxfrf^u9~v&#_{M&0j^(PYQ8Cz(_4L@-^pa(#FHmQC6}G-
zTwkuaFPcC03SB+#(MjJ6;bmt%*8YqQU>Pf|F)EqAFz412zNK!VM4cvI^;pkn(OrkX
z@-Ni!v+vIRd++!jhT}f(tMvkH4j{gBIM^Y&^@w+i6>>hio%HCb*Zqh4EgcSgIA13i
zhg-dV%OAQ8e-9th&R&1#`;JaBNleaFr=hs0(?3Vl;=Ntt?oIh2OULfl2QtP8Os3XI
zvz7-k+V`o9gCFi;mL-+lGU5zT!>Yzf?4g~Uc7oP8$)4TQJJzwyA;^!@r<`u=-ai^f
zYjaBqqave>TXCe%90s#2?j2{mefZmWfiZ^?Mq^Lx;UwJhAFH;0AjX;)iyOW}X0gZ0
z%gEzQ24d{6Dj>O`x!fnY`xfVnOuEX*D(k&kj&j=z$}^Js?xm-%x)8`d<wJkAjBx7{
zZSWk^Z9A!&Vi{P6G^Pv(c<BxepFRCzoz}zy0y5BXldx_)GL&r6I%NIri^qEk^)2I8
ztH-9<$*LlcTRZdmzQ<E~>e??j8=uoNoLJQ;;D7!OXRY7U4fhLkqh(cd3Je0ev=E=G
z!=<8zfj{*BJ~Mds<-51r@`GYIvr@_t>fw#-Yr9FDX7g_}<Hw=vZ=WahGZFj*m0UGS
z4q_r3nY1RtUVjCI-A*F2$C<2dBp{Vs6qi#r)YU=Q#>wXlv%47#V@38vQ+c{~I_(pM
z;LwHy4fhe47dXDd<;_*MjDD1`sBCsgf`f6;L>X)Et+pV)VT9rEO+e}AEC<8IVJ%JR
zqw$}kj>Hxf7WRs+jk0s7T)C7;>*>`%XxsfC;=f9Ib}SUPFq7M!b3^Q;<Eu-tHh(E|
z{5b9NOYQH8q4qfwUYs8Goo|J#{vXr=Et+wV?=ZWZ<pEyAo)~Cl<~T@pmzPm@w+t%E
zHEP?bX|=m;_pooz`_gvrQ<N`r;FE_(RotS9q=<BbRY;@JpGGmk7fNIXO6?s`pAF(j
z5lK-g($VS>i`5WE=8S8^N(8tWZSx;!*VQ#v>&at^X<LMQzsR{xZ|_KmLpYf%M~6L2
z%<>s!Wxb;}<Zi82Y~L{Piux&w{YR(K5sJ5eSNmvrDcLxP-aGiVsI7Ah?LUnlEwpYw
zHL_~2veM|B+P=ZFkM&JSX2gWHdSJVLaeW*h<G9<k_OW{(*drG>eH|X8R%En?I+i@n
zD%s138=hTW7RT<WAqR21f`li|A{<od1&I|$yf-%7!!99gJ8x3-v%I?`;WVi->_Um!
zF41B%iCLlDINI_SpH1}l@{ORIRVf?US{E4LeXpeMwv*UiaKqIrI4CU8Si-P105#@x
z_Ahlz|B#ehxGT=RjXe}cA|edB2dT|?e5@m>++!3hgUn&|SL%MD8c$d$AJZ#NeUmZd
zScTT;$RPq+JK{EoY2`7m5FYCcmzZ}M`|j}nq+57$3|ug75z`VvYV8LM**g(+hR$F~
z)I?p+UafTw@0yc7k<KXhGRyXA{v6xgJwCcLPCvonZjn|DX?gluM^U7dQgMe6CidxM
zW%Qmfrt`Y6G*RWJ<uQJvI|l=+@O{U_j2U@i-iU9>-wJ-dpNt%wDp+%ri0SuVkp_K}
zNnMo+MwQ_)HJtoF@BVN7?|N=MSXV|<c4w@snphUmE#{CMgB<bjauj{p2M!E_?n;F|
zzxUC8o}&`kT|q~Z(gQhXYtwI%Hx>SkFN=ze95NryN@5Q0e70RXSvBi%#AkF)?e>Q^
z_aI^yIM%h{HJ`$0X~^Q%rT(LrhediK)}zw3a%l_O#)e1yJ+tt0gz7fcjm-+n{$;Rf
z7OPLO^-J<TH{;G98)63Qetw?SI`Day&34z^Ylk#*R>iPK4`;-@Gj{!}m;c!gk>n*l
zk7L*0-dcN7@)<Qp?pdRIXB?uP5T?cNK|NtOQup(2`kaSj#UYtX^~jr_-#e1Y&V87=
zg(&w_?~;p!nad8v<Ygj{@2r;%aoLbyIC0ti=K<e(x@G&}b%S-AF7%u*jDEO7*jYqJ
zJmpl_OXIZDS8k=xdA8@Tho5iTSZwRvG0S=J?yd0;Q$2`Hd*bDO)Eim(*8jXKh173a
z=a755e)9uI>WlMKW`(kKh7kH%SIS|ju7g|BK9O^-${GhUEQxYXUBWW850_g~H)h9h
zgx-Va?vz>2I@tUpJ2hG?>Gu`l#$EJ7T>i3U9*TbmL^Jskm#~4KobJOJD?XrabR`fs
zQeA)DRjLg;MZ7u{|9s!aJ!39^J<zh-?)qp~mfNZ~#uF1AjvuWw97GPpZ2DdJR%Y6^
zcLKHlIgn~QSnR^QFwoA_-j_(8RcLluE_SB)nD`Kv>;t1Ne@Xqeyyxc+62qg>!c7a6
zC%Uz3-4-z-ji-zO2~G%<Zw$J+I4EY|A-cm%1NRNJ-?UJv#Lg=UEW2f^ugg-+$J#BM
zpIZ^be{=`+KlhYxPeyMWN(wgiwo9j;`(TYOGg!Xp<5E!vk(9EiVN*t(p!4*QGsfb6
z6NRO2!AYpOnXGt~T#k6`q(&n>)U45(Et<O2WnvN7o!{)qQ~sr8{KMS}Y{doG)Ev?G
zU?O0|?u)E6$XnBL(Hb)abcw-yq0I?`vD)rx1_#kKo0qK1Pp{oVnfNm|{I<HqZkO$v
z$!a5yFRlM`shUIhxf9=0?zl_jxjfdd#ccXG+?YWp+_YjwT?yXaJSh;)qz#>g`=0gp
zl*p<(P~2v9G|y08D(?>1bjOBb%XQAGsqIUTXAQc2Ux6AM%PJu5i-A>)djB#y8`(YB
z&yqur?NFcl2$2%N?!$Ge&3)_A*?g5fqIjSKU9)MSN>%t{V3CM>aMI~oQ=5|A@b=$y
zj}is4>KK?48zYEav~*WPX@*NhgI$_Qng>Qd8Fdrhx&@;+!$o{jCr~|Or5)U*<c9Z8
zdTwf<ydO}*fjht1bj#MC2cDK9NlU@Xe|@}>y*9eU8YP;p6r?wFD5P9ck40&wD^Me2
zIh5Z_lJ`?WU^8+-vQ0G)RWZ`wtAZ+7Id@z>zW@0^_g3F$=&mhl`hs=Yq{}I1<#kDm
z-PImnKY+?vnD=fsbXEy}{Qhriwbq4WE{~fxr^!uOWePBjaq~i86i{peuUKxeVYCJm
zw^c@Z;@`xt3&jr?g_}H+5Za97>9nbi(LST9M(U`vi5$9Wi_{!)BQoI<jP5g9i0(6x
z;2Vra*X+>5!Q=Av@l7{?D*rcjQ}`9w%}T!ie?OM5drE&5_`eg17W&d?#cU{^U(aM^
z&y1W!a`x(Vra=FEka@fQti(&3u?>TNf~~C-e8tMytHeIM0f<ur2QO*<<G6foe3Q@E
z2CtwUEn88=?TZBL)?iKs--wQx?c!s%pzF*GQL$~al|Rw(V+CYmWNg$H;jn4loa<l8
zi~|{cHAysOPUk~(-L{p8*GJEPTARW)Xl<U*O*Tf%uuX-$u8pR@g)vj@2(|O-2Rb(X
z34lmp+cXdvMc8>Os2+U$YY>nt6W5n|=Bcm)_-}-ofzgx$D{o8Fjra`-68436T#cCv
z76DzZYzmW}6{#z4tJJ#Ifp!_G@oAKz@!OS<D8m-xiap$EXUuBv`Ck|DfAaL=$uRfZ
z4yPvPyt#wnDDK~n%Mro4J$pZt-C=2aD!xAy`BLx1?$V~4KC+Z`8&007_;R;GrsB))
zwdDTeeNlZk@~+Dklz)kSx#WavA;Ij!;Jfd`!RU_Cy9>JSE_iZxbz<;}CA(G}+bLwZ
z^S;IL6=SZYcWbR~F9V4O=lej}%~t!BkH263Q#a}E#w76YFvDy6VWaH{(XnT@y}xhq
zE!v{^_gN~I?R>vu$>BhCw^c%Wmn^-jLufGiUT1mDoBN7~F`Pq+7WX_fl9nle?U~CU
zQP(ZJ9Ct`tdO7Ds3-4W$bFV@-@vSacS0brT_0-r`FaP3qOHS;ZoM7e)*JLhVQbstr
zW=S`pJn#0OvvzewbJtYsz_|S?Fhtj|eIB}oJKOXwu^A3I-2L;$u2=W}M4~D>?Y6%^
zxYT>k3eP=25<TewV2>Zc7Nh>d7I&@P`ToJu!@J(ccX_RP{QUqrC7uSu$1BOMd-iVp
za&i}UHcYP5Yd$ZR`29S(^2v99Z(SJ+FVg#HLCc-dQ1;_!nYljVBetTP5c5f5kG?GL
z`t(?+rfXZat;ic(d}Br4kX>cST|57^K#iCt+4*Zad*th5hg?Nn#ZvWZdT(mWx~{7~
z^}OoK?U!p#SiX8e|6-_Lu%p{_r+)WOx>se=uI>p&WTx&=6VEg}4h5i>cCA$z$?DEb
z72pIiO%UDJJ;v$h`X&+vwAhc+{YdnV!K5Md(=K0>c0>=YwpK^&E#{+cdvwwGy?QgR
zAz(FiI?oNe8x)A?j}I=hiFvv7gj;F;%@JAowHr>K*(q(&gsrBy=|p#N6Izk<xb=up
zTS=bo3G>o=U#+ma<QMca=Edzad4rm}YcuH8|MB3i1-A5jBQUQI6-{QAAJWqet()ih
z?;D*H5cF{%`R&6;XuN|Y8oOUy;eifMs<BYu0lEf}&HnoyE+~Ib`6Pwj*}Z69d-Ak9
zpzRiVsQGR^lmz~{Tj);yjx>a?(6*LLG9Y#J<CpxKq;J>u={`3+eT*94`s5blGZ3`W
z&sE;;m0$jRIdc2~;`qIXD;dk<$M$pAj4k|^15niQohvu(y!NhZcPV%8K+l5|*INtN
zf|16NhxXXVRVpw0esE{>Crh-~Qc2;V#qpT^U|+?<2QZsq+lzX<0Q(!w8(e|v?^!yp
z@XeGhCH}6jnK~4ql-{i(9;51#x>k!<qe>16yDpz(dkF66vaIc^^%>DTK3;yJ>!zlx
zt=7H60kQa!Chwq+Yfhb}wquT4@!W8I;xC8HsB^2HfGczx!jF%g=m*Oild}9>wn9L*
zaR{6cl{}=5T)Viz(Z1m1nW96d7x}V9T&u>k%kDnN3hSN{$gh^+UYmEn_TEC{mPXeT
zJ6CSFK)BT%rcbn5vCehxE4vSFhRXx5;3GP}k6e3_ggH$T7Xf=Pt?va0ap49$vWky;
zyjX7-DS61T4fA7o@tD6lt4N{kDC%jUE?R-4JzlY-k_(+ZGYx;HAc2FdTu8Ql7%~mB
zJ+viH0tetu&|<q)h#wU*iECfq@hswWy;3aCj-fdKXqYk(%pz=$E3pIe?=GNJMBQvX
zwQI$I4HWfzuN65XfAx#dXWv5`mOYHc5Cz)!q%EvAj9i`AqG<$<!@@U;-qeB_Zdw%c
zL-0n=SZ$b>_vaHX!UNd-Z?>UDnqeD@5bBQZi6*nCb?HaeX4|h^Ctf%an$<n=@B~<R
ziTBP2hXb5u8~}>LD>^-PyTH$%S!<R^M-`Np1^k@?_4?#4J3lPR%T{bI`KZHjT|fMz
zo@5vbrWFLV0AtmM)^C;oSxGOx$V;u<y?06d@1Bjm*{vbEj`Kg=mLM?s27oxxsEf@~
zlzebDLXH3UpkWo)#M8JNz7LG8KiUGQ=;5!2jQb0Ot9SdmVO#2WH^V}KzgCT8D@hXH
z#5#EIx~9E_XGvfWpWp`W^OV#lZCQM`R%<1Fj`=6cYd&4O<x2b3KDq0g$^)vxH|`V@
z=bbB;rSEM(FIh>TulI_Hj#WjjpNeg)nGiM8twbGko&=6yz7s~%a7I0BRR6I-`(J$c
z7vIHP`84$Im)`IQlx?}Az?`vwUF;TX2@z@x#EZKB!5)t{0&?O0=exUyE)E|!Edr(Z
zEgIYZ-CDHTK^lQkkZruPZ<Wp~wW9p~19FDA9Vd6F<6d37#Zg(2e`rg@>shO-<7#4w
z)+gTzl?K%B`PyHMf4TN=^!2AZ2i!9g=OoJAb=mjKq|vr0(q&(oaQUch&z!{i2MyJK
zeb!xG_t$|dUU)7257|nA_bkeVut$?8$0W}|@y8Zy{UGq1J4f=I&hZw-Q?_D8=E<G>
zJGHUl79ulG0#d*f;4NFhvrZvX_q_0ZDF2D&^RIYinodohXLJGGbyR~d{s8KK)E|-l
za3ju`L?4bzCTo}#h*FnkHdptV7Kl+*Gs~)DO#|ARcFH!D*Voe`<MB~$@$;wwPR6DI
z!qg(83){xVvbw)HYA&;mH%a#1=T8+9*_mz_Z_<;sZ2j^g`k7P<e`;gpL2zxzF8=fJ
zS(r@xsmZic+ZyYyRN-ISPdwi^xuXuNXC}#|sRyoDgxkWk=Df<;34XVexyQ!I%jH;5
zDqNlR^(sJ7d1^E;UZEjJmo3<4%T~NFWS1A&(Xuuv%p2TCw;o+3?y0d&<E~2!PeNQN
zEE7{mZTV0$m!}vY<h{q$7l8NtN7-x@JsLkjsrnSaLS&3xmENH73Gym8U->1sYugN1
zl$eWXX%~L(w~4bY3ToV~_lYuG?4IL^>Yr9d8kM{6(cNNgi?Y2b4Rdpp+a1ZK0qL|;
z-C50UMuo*2hi=H(AB*-ZG4Jl5+i_DKJJ-0mF5zJM>dKqmb>Or)@0(PqY+MOAb@xrJ
zYW2&~V)hL6%cRO$%eedYC@{Eh&vkI|P4*;x?ziX&8nG(+oa;d8U1Ovu)|%^Jv&-I$
zsU&AVez=byXHN-e^vm)Xt}#bvqvHAUib>%g%|+5{KCou&qhQFzp*ewYUI;z*R9>M^
zCJKy8kis?zpGqIe(@&?j8u&X0qN-066t=(oha}((uM-H;bFdj!iT~>in)?3ETj2~c
zEie9c2DCk6k<`BqMc>3PQu*f~+oDyKRQV*C^UToZkr1@qUjq52-8NKfpY7er9NcJ4
z4^K_CcPDq#m>U^tnK{*MP#Q7KI;)C_?V;9RbXxl7GDGF<^}=}PrA~DkKjk~@M&>e0
z&!_o@;7fp>;1k`9@Ei1ldU&N+`!8fIs=$=&liL$R338ZH`Uu%KNlVN+g1|6pvw?MC
z=Kix>1tqs<5ecm<7l*_ILiXj98^Y*7wWNxF3K*8|W4RC^we;624amuXg#gLB_@)Ab
zsUxBTg>vYTd_h#{^ql!Twf9?;xZ?XNQ}C$C<3&<uz_a02z!Z79tncnCY(n4k%cBlX
zb0tC>oZj(F^?y7{NKU(H-1v5LrBu3SUjnwbf2>D!gO+yRuXDSPd}AJ?>lM9VvOCY?
z+tD{yB@o|mh8;b;<^$tYjz=@imZPZ=j~AnEbMlBUs_H_@KfLSA!*>i9x0y3>_Q%L)
zOMu|rp~OYBV&FM&i5DKwC4R~`=ZysAwI^!M0#|a|eS*keNy{98w1Ff)wI9DqsO0$p
z&_yZFtoy7FdeoUyPw871)yK3C%f4q#3m8g$tOc2<LMDbdoS}4M4y!>+hJdh#X(aYU
z4{4NyuoxWn$TH5rEhOHvk$5D@*f~jtZoLQPLvgnjsx&+}HnGF|%07wN!7lTknLM2n
zFBd#iq_F6WL#|r9^lW!@pQoHsL+3HI16R&w4kjnV`|!byaRFCf;0104%gLf|g5(wT
zww?jkBdi4LR1RF(Ct|8C*zGMQo}J!#XJ5fA^wK>!emlmsaMUwMVh(+`;R2WIs1_ox
zNICgZ9L!~-${SOs5?y7u`3tddn`x>9I^ZQg>&Ti7=*#Pp0*tZkPv7vF{^=vDl2%f>
z_34~;rx5Hl@O@{E7=rBt?}GB4kXFK6^o^%HQgG9XD3gzG4pMe#4U*#+Yot$WEcD|g
zT8KmC?lnLV!N;x-=nDFX7O#GnYqIdkLLI>p$&NYkrwJspfJU1o^DHYy@sax^gu!#3
zSN3&t*B5$m*kpW*d0AbEd=9t<79Va4C6@zN<PIcMq*MnkwA*dYZXSt?_Y}^0a#k2D
zv_l$7xIIt{?GMu6Gun>g&YPjp{yHe)se^vG>5htA)j`yPNwKz$d$fKMn+lFN<hBN%
zmv1`a#E3TxrY~%=bgHt|2<|W>_?*rhtZSn-)0rQvnbZ~m3gc`a*B;NGi5VMd(ew5{
zws&E@Y}}RA&)2!n?^Oss7URi15A`X9#w1jtw=O7q0r;(3<+H9}iC#w5m0&l)h1-=M
zlU#ao^UrojgHbLmK$Y0i(RpX(#9B;aFzvd7O@x6Byogps_xTG5WV1ET0r8+OgVJVf
zNJm((-J`qy!6)H@bUJ$Rv6O!O+;-opQ!%osfms)r*(~B<U66iG+B$dR;woYY-KhCx
zI-L}Q?H(+z!+Snhok;PE%3PDD-e`oI>`u4|pzUhSGiIB{Ram>Hb%4pXRFi8+m=1U<
zFf!WSnj2zci3O72@x$;Quy9m7Y7ts>O^7e28dbe%ibnZwoT-M*Kn-#KYc=Fo=CTBh
znbJ+nGiCJ;$f)5BIYdw3*dfOjfZ~xr6CI8k;I}|gY)_-fK3$9r{Ex+IKM4nzrYd8i
z&J6+X<vDFF@%QeN%rM2Zz(IJiZk2hIoASYNHjY6aW}6m&uJ!cs)GK6K3*?zRjhprf
z%sB#5l$SqtnP0i(dxuB7d@vLOG~xptR}P32kJ*c|pd7&zIAFUd&R-c-yt#FTB+d$@
zbG1hcf!b63ui8U>&n=eLYOb;ZOT9^kCN`<Vy{O)e#YUH)G5%v8#B5a+mZm|`i)Ek3
z-v}fFfC;<}9Hn&Tsk2AqKJ>1a+N`uyAegwS3Z!y20za)pYtD88*MXL%%w4ON6kIFv
zU)So>b<3Ml(Gy}gtq|ZZ!2k6+=739EQ-H_FcB_L^z<)H)F^NTl5V<M6{kO5s*x-0+
zd3P{D3)jIq=Cmi(KQL~Zf1520Vy}b?>nqTMskYH}=wLHXGjn!=(sxWsu=kQiwvp*m
z?N06W0HnB&0*D;Wc_D(kvkzGRJ7u)}rh-(NG4v7b*<5D@E(*1aihHW_O=zP1XUrzi
zW!|h{f^pno$8q5i^DXGtTat*atq?%Ert!o@nI0LM!BZ%y1%TN1bWGmFVe_(sP7pxs
z9Zj!PQ+7Gc_m2@0F->1*n*uHYv#zF87+4Et<!=HI*zllQWuijQdu-@|&lA!MQi#1{
zv94fIWia>Fu%3h*9AqU_RC%Ub9Xx)_FKxby&m}l7#FqYbl#0$OH$g!}m^tkeqbdgh
z#EMw}B;uXcwyDR<DL?iWe}D*^0nxdBaD{8c09dd)KzG=rDfHs@r-@g@EdKOS<?|B$
z4QkKg9MB!%N*Yqd1F-}kX$`V)SzaPOs@tlV+OmzQRLK&gYGyJzK_oQDshn5<3<KRC
zEQw~~7fMZh)*C9%^XVEcW=li#%nbpkgu4H^@X(p=xtKAT#&m!?T^&UV`5|tC+Yw=;
z26$;tsV2bLI?TZbOrC*wp$vTU*?>ut?Gm8=bE_69Bf_ntDs>MB<-jdH0T^mqCKZXU
z2<bupy15Yv?*E3NJEN$YI$rzFOvgr5f#&C|)ton2bT(RpQc-VZnnN36;G>!1O}0+7
z@&Mh<zV0!3f)GTeV#0KMNH_?67Xz#2Jk#k2666w-w=t(O8UdscJTa<}Gv&)BJil27
z;w7bGBXs+W7!5Evh^)|?+5`LIZNGq^nbU6yOg51lG^YW3QnS?51wa~lGIwr~Lfpw+
zd8SW8LZ*~{mPjxI;pr->b9M=;;-A3-YaLNRRq~a!?I7|qOmisasEL~bf(3r^I4wqK
zGS9<jn{nD6l$UcoKE7UT(#>1AXo`XKq|3J-+7UF?eSV$l=VG9VU@m~G0JWDOQI##G
znu^whq>>ORu9i!~ZQ=I0ZVtBZ6uH_J;Jh6a#d&v@iqDmO=JPN?_ghjbPRaAtl8ZkH
zGi{%a%!1DP8{C%)K%m3IbN9|yEvBg}CgU%L*ezy=aP$26LRsekpGbpPj_$u851EA9
z1wB473p75^51sGnA!<6>$u*M1Vqhew@Hu%zOUj*`O)j&}2_M(aq{VX$yfGqmokL~n
zI*bWHeE}u}!|fCjV&Mlep=gcwWsKqhrh2@U3?{tzN)s5sxSkNZk0O8>1a!hF!|)Ua
z9K)sv_=jxwNiLFhN&|0)4?si#F^rfwjr}kRaXH;gsnD&2fRwz&K`ZSC2nqF)GvE?)
z^(idul=*jG=X0n+cZMq>(Amqug2wEB(A}8$&J@=9zAGaEymZP@Kf7|m-#tbb#32x2
ztGF`wO&%C1gY6jGa$_6jH;qju#lW!AZS>Ms0jdF<3c7!($P5E{P}8f43WSO7!fwNG
zu1xE!7I4PQ!6EA$#Lj8@IL!cl-~8Q%Y7k2xg#j@V6%W$n>y$=s`<qQt7p0w}omFvc
z@MV-SONPTp=dj5n_IG3UKssl%yE7eCJ)^yKn;@bO9NGR0KI=jO@mzrrbwg%Bb)Q*)
zAazY<Qgv*Om0(%GDqzW-0rAZ_R7PYvy*bY(#*--?L<gAI*lW%7&gn;UJ@k%%h)XWk
z>nPQPlw?}(fUUtGf78kXz+q|L&V}_4s4e3ry>xtlmaulP&2cD&G0>C{Y=*Ir{UouY
zw-yr@4EvD7K|YN}T$V;@!L#T7I}nNn_cJheZnX~JIX<6EKKjjb9}>jXB4880EeskY
zU=0|h+Gk#YgaSwgXxqf7=E4Brh2tu2fLhv)7Tk+SG1n3FiTIV-V|*CUs$W<YFXe%T
z8BOb)j~;hlAyAJ*!-Qc5Bi0q7U{RwlARhfITXIQZmg&Ye@57E;H5{m|L^o1;U>3PD
zm2$KBR(}ReEFqEiN3Wh&I=S!0$8vfG#vd6Fo=3TC9s)`OCIT*pnPG1{K$^0)|4zEl
zAXoWCWn@zw!K^2Rp@3QO2pALz1aA;bJ9-CG(EXk&X#KUVLKl`yj8t$`IIgI8xHd>!
zo(g$lQfFGUqr|HUZk&Xl_Fjv3)M^NOB)%3|z4nu#(k65kQqubAQ=G<EJ~<VEB9_td
zMUPZTu_+fli{Grdwr>{EBCA^XfM@2Q3yrSFAr872S3!Af8_kG|$GfGbt=q<l9`nhp
zj5hirf#oe26Nb^(6EBIx+R{vO7-L61Aeu0xIX>%{oujDGt@;NJHpXdeuZ~q%mIFzn
zrwkY!UVz~gbk~3ffQv}W_hHZnY!_a;vN~;D7zjAqNg<?6u73u*7(k{5tg`^ZR3E_a
zfRqcs7n>IiGIQjsMF3oT!~^381YYKuNiLo+lGD$86VRTHzKK`?;rUwROSC-F0|}VZ
z{x0W=&l6;y1NGm^m9cJ1=21^&j})DCE$8TWr2<|CzSI|Qa&&Sizo2`g|7c9!C~z8e
zj1;D?i#Pe<vvmC=&1!_a$}eq!e@tVgl&R)QZd%{)ptB%)i|>m{yTBoYOT$btkznKu
zhy<{@@B)m7h1eWt3sHSsL-wTzW2|pqcdl@Uo_D_sGLR~QYtMOsyg+WdurBfhAz0@N
z`8q%_D2$>yAe~}2@x~xw5TIN?*g|3kZ@A2NCwD$C0L*m`psoTy9JeDD;Z~uqBmJRJ
zz`u?2y63Y!G5r=D$VG)8$gU;O*H%SZGd<m%)0^`m&&D!aK~M8mwUHUqhFE?$cpIfc
z8B^ADk_&ACEx#**oNvt#1ll(S00jv>H_~4KhK&U`pNMJw135e#l$N^ypUMRgF~rPw
z6o*NPG&>$xeKCY4jIeRH@oWI{QIX=d-XkEJ&%Qc=CBLq7!45ISKP^21bdSqG2Z9!%
zn_>j{47Q`v_j}Pr_jM56U_=RoTe0)Nu17+ecRS_8w}zZoZZdPa6>k_qH?UPzAOrR`
zWapQq-2FjsUGvT#bRr8+s=^1;Wt$oXk5n!)uyJHh8vgIu{S5XtWT!eE#yHlLiZ~!F
zq~{9j2%sLn1o_e<z+^)~MPcXDccGY6fUF_;nv&2MzBQw-7^JG?V&klHc1K`7j`_lG
zVu1|KBv*402@qKoOs2tlWk5*4GTP~2>1R-hsO5ZKGN{`<Gc+yQLnyL;8{1>dexeb*
z1aM{Z{oTT5f2W*TYJh(cpmh#Cb5|C@Dji%r7(p&9&16&?nKI{5U0uO%T|Z358*22t
z$B*v)eNPa;K-j5)tb-eY{M?J+q87};Y~d!QLbbgHFuDr%h;aahsZ*xG%K(8XWW7B)
zq1aS@CUV~mkqhzlcXPOL0vgI`{h?K`2%$M)juj!`Xt+^~uwwoI#5(7g$H*#BpR(N?
z#F5UQOwe+%?0!`XFkn&$2+67_5-G^1^f-fgTMdW1ftp7xML_7KOfZ1~RIyHjoS(Pn
z?jjj`1!z8?ZuOtp+JjV3)j2%@>Q=yip?83kf5IVkoeVI5o-5P&uBXg2?RUpYEvA}l
zIKiby7S>x#C&EDpAw%gg281$@;k5YP2E$xhV4VWQ2*68CwUt0Pq+7wD=zimG8ZU^1
z03BeS5?*kYxylh_ql*?cFM0(=ZEPB^0xy6GEvPNEqy<Q$FI`p9zQ|pZKp@;b-=6Cy
zSm{9;O^s0&%&D})uA%0^3P=}5D+YM=6p%UsG|!0H;hR}$=fZ;3t4X-$I`wZn4(?Gl
zhjCWalyw-eS?KVF+W{E~64v68F&@}=0QEtz|9yuNSe%4g<Z8W^S`dxixvwrjF~-t;
zbpQQy;P4*8W}_^p7+qk`Sr?!^FP>q~zr{Cdp*53+sR$){C@cmD4z<__*wbVc&%MEr
zvI@9AF^m_!(DEobkEy+2PMsS>KsYoGlfxe3^dsyMGH1X;hTLq6jJNCKUywT2`+Q9-
z)l33~etQ=K?K;qNxn~LcB5l2vmLlnH>`_)pcPQZrnp53ht6TWl*X3DzRuCb^I^f+c
z`=-^f`hxo;xwy`D1k~Z1^`t>#WveYG{#z)al3QV?_*}53;*I>BUx4n2ykhf<m%hKX
zn$kgoMT=HrPT>bl96A0btDEo8nncOjmbdI5E<!JrNTHm>ISLyNul&6uKmi>ASHI!f
zJ~aNNyka)~IOt!wW`2WB3-BmtOxR!Ou4{XfK-h}4Zj{5tZ~Wf;$*-f7)y(x8Kgyu_
zfjY4ilKoAa=zZ8^t44aYd-@O!{1|G<znqH?Hf932ttYbNIgO2eio2DJ*RKG$*PiI@
z8}hzHBz?7CZoAY{F`dG5qVT+^0#x^RDRop?f!{_I?2iqeEpaXCtE4!QN5$zPI)$J~
zQ_7M8XMNn30BjGO$n<waoQGb+Zb6F!=o<ux@me%x%+gzQ^_U>i9_62LVNGH{OKi{=
z31@P9Aihe^V0(b8gjPv*ikmSfIFvxYI;k{pA1JMrRc8;oG<>mP=$kB60SXB;iE4E-
zjy_k!&82kL5IujBL!-`C4O%%S2U<ChgU6H{iirb5PUMaF7mV7Vi&%pR7{`pp6KFP>
zN0pUNWMDlfS_<fb^m89*82HCf*o9)iNpeX*dZ066Rdl+TxTf-;mYdQ)<WMy!hoVen
zV7Wv4K*O>Rw)1jfKMKgC`xxksgfm@RB}-`pdHW`{HdEM=wCM1A8rm>^<UGlNdQi{b
zStB=pG#R~=uY$T|EkL7Rx}wJUPY}@cR0K^ovGbf*kPDstM=s>3Vc(%o0Gb+PcVd*3
zXi$|38gx8Ls`*o%6hROFBoF|$0o2ZGzD>(!E0n~-?q^`PU3nvHuYfr6DbIIUdq|Nc
zPeT4>@C@l>p2DIJPo@mQd125W!+LnYK+<Ojrr+QI*2#?xgPl|aYaS(rT6>HDtKkWz
z%8V-R5fAM*c>p}^%34)GP8Xu9D;8x+*&UfcO<E*@--+^7nW35)M(DGAFCZWfL^{3P
zLx8!J^A|h7D3em{ZdxEhU6skKRx%BkM_rNG-Ds6wZGYO9Ofn5<ZTcqF6yT&Bj}N6E
z1WvB^MQ0TW$bByCf|WD3I)RR_eVY!Zok8Ln+YxZ6I;cehJ+W_zt$aYIg&x774ednF
zG3rtB59OaUEgB-<K4Xly930=l9wds(F+hhB0q3<_2c&tIf!IYE;pHAc-xEP2Vs!f^
zG0aGyC17wT2H_5fBqhfm$SBKwE{mbDzA$s!SFG=ep-3wE6vN<5dToulEw0K;8y&2c
zK#iY@%o)TaoPo<%!U=U?p1@=jf;3JR;j%RcCD1I-kFhQ4$|F+^qnU!#b(!hF`s}wc
zOO>Zuf<OT99CplMC$?!VTU12LO%^)uhU>t2v8#Gv&}Ygp_e2obx6LI@x!Sa8@%p_M
zQ<I0_6YMTrK(efRhM6N_prdGxfejBeFw+320UQWmJv@SLEy=;%*ZJ003|qS60gARb
zP%bp0`=6-K8e}GB{FSJT6YU-0Aq8xQ_MiiC(ujRixdG@$d#3%A&j3AXS~Ho!Y}w`n
zlC(P7t0BE69rir9y{VP`wry}dptVv;%S{sNkpkDb3!ojif^n9z-I07?qZkTwurYDW
z6c~3#b6#_mH?S$?+&F98(iVpW0f38B+BAR)2ihKo2LCHQa3OT)EIN>^nbDf0h7&3*
za7_OsP=GH%tuvJnVmoyA5ky&KnsKtp<lG5>=rdvP*CkHFpm~%47m6@n2Uwr|-6zwd
zU->VDRn-Q<E$sgOzR!iJ{=8`5yB9W(v4^DS;a;t+LobSUCXv%g&{v^=xI5#i7K1}y
zB|7+YqTfa*WPsTTVu2v<DvT6hn<iOCGeB<@hC2leEl@bgiK=!tD-fm{WrkHNnFY+H
z`e89~Iu>+DIkPz|yfD=;6HC0BY<wMv8=G`MY$^hF=?&d_O4V4?+f5b;qp!7vUmlDy
zpAk09oeUMH&4E84rCTuUpJCH|aI2oc)<H;w$LJLMCW9GPKbN_6Y*j(`v4F@uBnO$M
zxuDJl0@?HqfqOHc`?fd~9R%TFhG}E24;&dV8KpEb_!PlD5%o)3%J+eWBI#x*G2R{B
z8}A{S($L8bhs2*;BbQmuEOqK+l~aA#_)ffEEYodNsgj$6)fY1dxlhwTK#xPKQlt>-
zsaOo@k!*kHu#h@|h-Nzod|_3|ROsg^6wrZl5lmnh33c$u{Y1kc#|V7zGU@0aE;Jg7
zHABPB|7>;Erw7ohDOe}SVf%ql)|=`N;662KVeu%-3&5P=H_i2MZb%bi!+5UD=Y^o+
z>BjufInkPz8(`oQwk;wmV}XxWj(Ublp^=YO5Jo2rpjFS6A`q<tVPFOn2XYrINMq+Y
z1iv(}!4ngWy>RQ??;KJaT3a2!Kn72TCE;*aTt>rv!nu4@AK>h%2??Mk$Wq$OO3aaa
z@UhN<pM_ipPLoLe3aWrwF*B%6A6k*TP!v!*F2|cfCy5a<zyM%(Q?$=M9lg{ky8sHL
zUHg3KCy$9?Kn?=<89>cCICzB0_QY*Og<ma2ad``oTM6KkjW=yz4Mvln%<wRa3(w5}
z<A8myVV?nZ99qQ{MFb;UnJXj0hS^hA`_CN%Bj8Gb2I3cV4j6BF_G^qeu{P%ZGs894
zhKuST5L2G44&r`E1A-g;k_M{09@8I4F=p^Mkx3pmiOw>p#iPYSQ}heH_-Ks{_8Zsa
zxN6}-E5^aFn1h|Ql}t0X3=D1nuL0i&{S#|oRP9Y|1D|c7A_<FdgpAb*7PyTBcb)jw
z(DMvVPi{`@_6XM-kK#`5xc9g8(P)7U9xBcc30)k{hX;qnO{j|Aos^U39dRZ5e;&Fh
zg^JZK<&$bcb!s<A^SDtAO&*D($`h1-0^#+0qis}~Q$=ar`GgH(m0b1-XgEa3A$$j|
z0}y58NYIM_XXCF-NDqk^?3;%VL96KoU|Taj2Eu^*+#v>+AOh>F0<g#cf*#2@Ln1|_
zoExsSIy=-rM#V=}Gu-=Ba2vaPMw;If*928_43(RzeuGHeOhVl=Yp3*-I;ORg2RYR@
z1S`&wOqsptHi`ycpfP%mvJoefkxF@v!*!!JRJHj*Y5u9*Y-i>6ysGM;5PDrkI8}s?
z->>t$JSyHSNl@X(2`$L>cy3kHVnpN+kyudVuy%4lKhjR)m>KK)lW{nEv~55`*dZQ|
z*Woa9(%5*yYeAgpf_#IPc>}fH(HMpj0jidwgl6s4_Ab$oCU3+(t|P*a>zHRV`x5E-
zu@rkB$J~iM&^@37d15yM(KjQ@r0#Rt06pPe=Q<q_5PFQP&KHEBssk_37bP3SJs9Id
zXFw=CTA)?HD)cH4LEA}^=<6T+@^qSCPR<C!bIW)Ght>UUT&W4N0@hqAr2uspR>L6~
zSB3|0lbe>62BbQhO+4>lU&T5xD$d(7IU|WKz=yW93(cYreITfc;Fioy0i4@$Gy@12
zmHB2xI3|pf+*L<2%eggj___w*Q5!+}<P>*mNH49nhtUw3eK|@)r*K#SC|^sv5=I70
z7C;7p;q^s8CO($;Nu-uhqt8kM;Ojzv(Twy)OPpB4NFyMhZ_YcMXY%wSyLftub>LID
zbrX$H{y8r^>}J~MUvDMV&ITN*@&P)iFm8rnaq?q3W+`{lzC_kV!cj?_lsY7QA{gxx
z1}19w4Te=N^8>Obhm{@FW3lt=t<HLP608>BmWp1&h-vZw{%NQ+YbCmduAbrFt%gHw
zy5{nCM>e~mPF?CkNC<tT6=Z20=<Na}G_Na;kF^hdQ>X$S)x^!7siirn18crXdNq+~
z`$dOs1U?`%{xW01Ga~tk>^{Ig#_Sj%j{B#@YC&l?ama6g?|htvmKJEMM+{*BqLL9#
zx&?!k&)6HdPa2H3qek4Ege!hR6+cc!5&#+W$MM72WCyTMn3d&a>?_=Y6GikJbxOs?
zN!?~3?{-5IiWUn4>t_{3HM}Q!ve4S1<#K>Vz>E)M5}cLX%Te@MSk8dnp~$Pq$aP~$
zh96l_M9Z*jOs`cZ4be}lZD%x$zG35^qUDqgb1NG>BO~ma=5BQ0dHN!pC=*jUG~Kuc
z_Z&36RBCCheS<fZXb`7Cr84t+vtpS^_~33(bCzndhVO194g>%SLpUaalRUo07Ro0u
zEdazt!v@H7c&Z-(i|0Mr&vQ?15P`&p5Ze(5g9Ii(4AY<qpM@6_iZ1Z%nASAcJ*~Ar
z<L>KFoB&;9YJF;x>vLt6y400ZJD4<PHxE{f%e#ECJto9a6Q%@uuvQ$+ql)b>!?qYi
z1SvG8FyI+5L{HN1iu$5Vzq1fJ=yaCdQ0>+?W02RvXQ)NZV_c_F<}RkzJ5c#qdq!*V
z6&zocE1Ey5fCjx46Vk{`r*(1Ir6cIQw`NEKAuLLDniTfva#0(|=}aq_bSSSc@#7WD
z_SZv!m4er8Wv*;yw0i=AM`EX@{sEy2v!HOyn4ssvtd`O4)M`%kF>EO6tvovx19>hq
z3hvFZXSCKrh~?;mCS{4$oFX7*?tSiO&b{a{#!5aG8@)8rBicRf>QoGZWfAg_y9b5V
zaeX+Q!>oEY!lS!VO$`@>nWb@#%+gMQ0uX&B6aZjMvm;EK**7_%^n4p=2@}kGn5c7=
zTtW#Xk8;5hR8C%FV*On%rzud-LwVZJ+eYm49h#PN;Q)g)rjY@LX>pU{$B=AVG#U6Z
ze;mJYdaFCCS}cXme=j`?;4Ql1{Z^#F6N?7Fy%dl!4<}!6ba0B+qKebvv8Uh{#7&Nk
zL@~^dM?leNhFoEpWy+^rGl4UOTDMAe(X@0XlV=QQiDDGTMoa;<Ru>6!s2f8iWAvLE
zP9z3~@-yJ$S)PN*5{Tls1%jAl8J#I8ZPWlc2pnq41$cge2@#9;lji8I+^$<V?5GRj
zo~vvCI*F-YyP7bchYOvI`dl6$mx=&$J*X2h#w-`Xw%eWvibL?ZgV0s%umV}(X97_O
zr;;H#p@tJ3pN?(kr(zq1nu~d;nN~#)FBdxxY+&@4Dj498{-S6^xhy~6CF2C~1vuk5
zX<1S&b_HlQbE!yS7;t-@C^1_E(gFCx+K6FrpM(1hEzXuDw6@ig8~VyAd9V%_YRrT#
zCQT1lMh$C~(R(bpc|p<B6p3(~AGc6r(wRVk%9m@RK17d+jhF!e<0a5%O>v{hZMek}
zP^rC+jX{W_b<Ynd#_=%p>vKu;Vuc8{HZc}H+ruvC1uLM93P1Y?p+?z^9T%Zr9=`bf
zE0z4ml@%W@@yoH^eC7Z1-M3s$YUceEb&6r6E6Mc6YJok;>xTIvsl>uqUib!~lamQU
zCpuoGv}_tRt*Z#lW#cQ~Nnu_Emi$X_1>|qle<FY5xgafefIP8DY}zLXe@Wuj&zkT~
z1@%4&^x}YMP75DS87JmuZ%v8;36}tiJOo$?q!tp0e+Y2gA`n06pRQYTt5;G@7Z6&P
z&npi*)|1q)OV<M?ffcT%;|onb#RpWbD0zLI_>S(pt{L^K9-=3gIlhPkPXKd;RV@M|
z9Msdjqrny6Z{SMlSna)mxay4#cCaD_Cyv%K3~Rs!dq#?qNTp)u0r&pR*?CZ>ZDR~r
zUES_u6KqgigFXz58Y6n`z^LhXU#?XX#n3eglBia_NCvG(1vjge!a)5wi;gD(X*S{g
zjI5iQtGw%64H;xQ#=SH$Y2Yv5(=+fLFqPxRDzNka$O!yE0ORFFfB}#(r=Y`tW=y!m
zkJDV9GX&i06D^$#T_Des2<GDQuxU+w?w3oAL(lYY&3H*v#T_)RgpQTXBs8aM<ox;<
zJfhT7SzX%3-p=Wiyz>sRRay8GS-qX~fguKq0YV?ql-URQU$YKd@YmXtE~?rih5oD;
zmV#K^fjPG^z>j_|V<wc&!Rcs!0I&gT##oR6$-)%gDWnD@{|+BKO5K}rjIj$RqSY7H
zNEy6B1w@g8u~m6Fd?VG3g&!f2#4-Mh523R@O@QLjcmuk**%av=JiG3#dDRSbo{Yv*
zjH|Zm%^3K~A8^x2Qh>ilW%gs%&cV=i26Kmjk-O%SntVbN#Xl{eE~b4@ADRZtow+xM
z4w4J}pr50<y(*II0Px2N+}l`f)VHqc6-w$?=VP+a{Y@{>>IxmvR!SAH1+X>Z&&jPJ
zq;3dHWl}u|n}%qm(c-b1h_w^h7}Ua%*l9rW?fD%VLA6t{iQ<A002;-<Ns}ApKr97l
z$$e8R_yY>AEO?Y*Dk7Z74g$e!4Z&R)rzY}Y66_(nM+@J}i}r(%M35t6<!>TX%pRQJ
zq%EO2qsx&#QYe;r0XtzkA0v-aFgpP8I+Rz%_-(n(P>O)ju^T~D7BLP3zzu?Q$`a@u
zT5hv-tlg*ct(jylym1`F+etcTO%iLxwy*<^rcTlOaZp|URe{`06>O&g5F8Mjuz&@E
z?o8(%z#lR$M{5}Bd{pqqOIR}I#-9_w!lTN=OVC5*l9seM>Av!rne!yW1I0!jD+TuS
zuZhYCBznMmM0vz-a({#)!nlP8|8uTIhP(u{l>oN=l5N5Wt8K#oE(LIk4L-kN?hAMu
z0D1tRsR$iy(%$qP&|3qh1eIC1R#6TX&>&H8u*R6UEMK1k;k7vK5W?e5m~qUMJZJ)d
zs0!#8L{#7~z~Q)i1~~?;1S<`&5<p;^GMO3t0A?l$BUlW4vKm3apXC_BE(Ba2s3U+Z
zWkY%g)*tzrNH7$@spOoSj|2R`8e@XZpf=dR&Av1@L6gb_())j<Qi&fsd|1$$!p9ge
zPvlXDhB2b254yfuN5zwimVj6Q;D;oeSH76cV6hZR8l+Ir%z^k=Y(UIGpW@BOy2u$(
zdj(DqG_#mK+`@wLN|;^qQddA<5SuSL|Czp^FW*Wa)D!r7bk2o-Z(mT22AG-qj~vmT
zoA*tpEzqJs^A1xC7K&iZz=r-#J)mTNF%*FR;P>811$;A<#lkHXD1M<Py*3#&uT5}B
zA;{{caz&{oH>V5ntzq=}O(&f8#v6vwU)hYzrTS#~bLLX1NmA+DuSH;FYx_t!NzP^O
zwtcf3v%;yc47*7nyjxMgq29Z-oLO4s{n1>0Hdb8h#3vy4cq73dceUvt+-U7PnP$S#
zSmGHC^LnB1p-#NodTz`IDPByUd;<x9Za>p?;wZ=HGce;B!DTu@P8b2S6>#cOS~}nf
z+@eGT#$;iIs+*F#a~nV%=wj%(Qsr4pqXTG7Wf!c*90JuC76xXZA=RAj`d`9kB%MBF
zH)2!8%Hd|TbEySze`m;}hLZ^);31H6qfW)D$H#%xChtvWag%k@e}u3p&#Y;~V$Cp<
zashy41E|#kx5wfpEMxGH8vF&Su>(O?0JjD5GZ6j}uK$Bt&wt&=|33U9Gs8b<sl$}Q
zo@dFEiN<LVmJBe!4q*DF`8g+iolMfh>21_Nph&PIvB@1xacStNSnL_VZv>F{d#RCI
zVB`Nc$P;Q2%V_8n0ANBmCWc$A)Qcc$+%C&pDl=(}MDk?8h%<NvMn-$Wr8$7Gf<+!9
z-^XfA&%1layh_Y%=U^laZ15|xY*{yigptnn(^scbry2X4DpxoUeGPQJ<tv7@nIIRb
zG2&83z}OIHjn}YrhVAedmmR=oycqPu5jrGr^62JaCuBMi<`xw)MgRkxDjLPiX!2!N
zy}~OiVItf+DMG9`gkc?4jm4^wTPc7hrsuDyAUn7RD!bg8QPjo421a5Mxg~;rw4z^;
zZ$=CeLU_rh7U3^(obnn6n9{p4I!9U%5#wTS(4vH73>3;hX$F+~xWOHhQ!TfoOn4!N
zTZnLdz{=bnV7&vDc~3EsslFWOjDVH~x3RHoeI;mYFaV$DvE~0)tmkeO?poW11FB@x
zm1%Bbniwho?TK4?T_IqF6*6KoYRVLGB3vx)D|aWQO=bME(RhwDKckaWg?g9k&ql&P
zT?uV}D`7uX;K{|fCSdun?E>{f2Y!u_NyHVD;Ld}3IIjvkMHgXM+)BYh4HmyaRrp`R
zw*ZTQCB1|i0o-$R{@-q}INUvzK<EFOK+DYIMtELTA5=|k|DB9<GfR!R^%l@(nGQ2E
zN@kND%dHtO1$lW0h!~S4j9VF>zlY**DFkT|+*0&>frJ1z`HTU{=f=IiMC)IQ=UBO9
zl8|!?5jnT|xoHp#Y20eq|16u{iPpSUnV~=hoESIwW+PPvtly=BG;sF}%n{U>07*rR
zelFb>A%FF9f22W1RO*Cq^KH#WBIn@5qxb4d*1gIMf3j~@;L)7kymzhuu)k>o1Rs#2
zhqvxYKSuu24Uf5%b<9rs$hhrw*TPVIiKcxOv$X6JabWzf01?pC;*Lx7&T{}w%6kYC
z&VZfM$Mi0MX7t}IIZ$@=?XjC0ERbINiPk{50?NE9z&Hjh${F!Cg`dAA-eV?8Yh|@)
zW%;I_Zv#ib`Zz&(?|{`1;@_Efg9m74;3_GR6*Qo32r9p$!vpbPgm3aYb4`0N(G9{W
zY$ECOx;@zV_Cbpq4en*U`Qf8=-5a#*6JaETk8_`%IYWa>61dv?<g8!vJJ+0&$$7yg
z?<kq{TKEU+zR850GPp&2?TG{r8C({^==W!~hlO1_fq1cR1zk7ZGmx}`ZSc<F$tXn<
ziTXyfoH%hEX?xkUdtgYB()>k|!<N25mL%;Nh+Dzdf5&P1r2nm?_YRUM)c#4*<nxaC
zMS;7-H+v{s^4CzxBu$3do@JpwW`8$ooL_V)P~UHnOY0x|#W&MbEcpjKh2A@gA(nr$
zH|x}#`1{;~%~h&k)Rn*CH13ad?yT^VD7wDuPSjJ8@9FUTCY)H!^83=>#aC|)Z8z#T
z7&yvmjuYH3%&!CH+(O(VWpdy<<p4OHFO_%gx=Pv?_eYDa`uugsIMkAV|4=Dm#pS1H
z3%qOc9I@c&b+Q7t&i>5zrXiVNB!`pJb@5bFznt4K=JQMtjJvL)e)&*bo4B8IoVd36
z#ix_kW}JMxF0x<zt==iZZ8@CeoVM?do86=cRkAqn-!91OfGPB2v01PYBRz_D8kn;C
zXU!ozlf%i&CzORh75o;ljQ6Ieg2(ax+rGyjTR%S|7|7ui<QI5htGPDyKDZcJzSEm`
zD`M|JD%Jk^4v_(>=Sx3)t-~6HD?b))E>qE)Q?ur3gvq&ik50^2ypr2-?Z?8mid6)B
znTq|uCf-$WsiQ}601S+hmfto%>0PP#<`{lYn==X~(cBBC%R)D5ZeX4?i<XX}e7^?H
zjf9YInO`<u9*ud|g}w4o6ukO=H*Z9#_*>_fp8Wfl<z4#({<n7QvO65%B?0EY10OE?
z#N2&Sa3LZ=Uhn^1rv@k*RZ;hnm{KC9PkzsL=fS1tLw}D%{SbUqAGvZvgi7yXpm1dK
z7Wd;URBw^l>zhw&W?^bQzz+=p=$Ch5eFi9?-tYU?1N@$4Lp;*}H(weRsjcO&xGHD3
z>GvUUtmnH>ppTes?qIG92I5oGQ9kKUzYUqXJazKR>m;U@@_+HRsdr4BAph5IlmEu-
zI6gG~n6&Iyqv6?+XPE>rCH+_}W`s%Mw@W{eDf21=7yw2ZX#&;kxe=~*6=+=W(Vojd
z$MC|(2oYdQ^!Lz&8s1BQ^S}j|aSZ6+_=vr7vktuYCp3zP7VH+!_@Wf$ADveC&2F$q
zbYsoiJb*Grqejze)JWGNT7b#!2Q~!UbS4^{<Eb)@ym{OFthAFnn*`47B|(Y%j5$=e
z66R2{lMdyO1bv_9wOVgExG*Cn_>V8gNNLuxUWC$0+UasGe14MqADm~&k`dN5twFf!
zj~Dmtdu(b!_obK9$b375MB;@mAO9I%k+yTGQu9ksr*r8eskBWyC<_kHt$iB!y&~II
z=Ve~aDU*JelIV1sY+d5WyhEZ+J1uMbJJ!Co{4&RUX|c5H0q=zJ%dfpOOYzq$Xa9dR
zePehaO%rWwdt=+Sjg4*F)=rX*?QHCgZES4YHaB*%xq0t*@BewatE<jAT|HA%O@%x4
z00ET(^brYCgs#DlJcDI5{&8=}KzF|?Rl?<L!zjFt-oUOr>O%m$-qTJth=)l*U~83H
z^4Y&e>UyX%b~Q&SD$nyHD^jk<%kR6pi2{M418>*BkFaZTun_4P{<f;Syy76!iI~h%
zx2776chk9y)GuiW+IK8(!T`TD5!9pNXVwA`mc^&!^x&D)QioK+2oJb1K<9x)d>6<J
zVf@!O6hx$t6+DgTld&>Zj#lEdw?t!YB$)&gFlhirh^q5^9Z@@oyZw4nPkb`&DxGh_
zK{=nM(n&E&{@Z_C9mX!~Gj-4nQ6bs;+_e7)=GC}B8Y`HbgHR7D31$YYI;3JuSY;BZ
z+-}#NjA4ZDLxer4tV@Te-~i#p>cn^DVQQ*G!%QhdEM{pSc6!EHM<Sa2Gn2{YWpV`b
z6RtlrtFb~a;)I15TX@~Z%Q%Xo`#+axDUm#bh9O9|p>5%}R8ya(vvi!)^V|vGAvs!z
z7>#h(w|u{K`YVP+4(M<vQc&yD#sFC*GOt1OQL8!jucUT$N4iA193>R#b0sc=(XynD
z#F1zT0U&USlq6&4V;0>hzqC=jZeuR0*i_}`P_)oop<W+!-cWDIrM=2)qo3-`8ZNIb
zupl(tP4QTLSqAw|i$;Esk5y0f94UcXx7M|dv4>PYEKS-t_-Ug+<|Ibm3IM8RnxQO3
zUa#(Y@QF&jSj%=E&Ha-TK`>Hjkf6#aa(0zN;r_<gsh~rJmT3->b@(GjQs=hThQSO=
zD@T%PkjjY%!NXbzI8<2e2L|Eo38>;d<kdaqSPcT}Rhf$$U!ge|l5<1uVWn<^WfhyM
zxTZy2a;lt@M^LwKaWHW$1jd8HDg5{c-Qa16C=maZ4G4$-(BB<{6qHKNu5x8-AU=7K
zZ0^Tiv9=Hmu>=E^73+`02<X*~w+dobgVP=forI+1<Z7pf;TOBvB<*1C=hkq@#-38!
zq^ZTUSon1$%-sy>sPP}}OW{;-$@oi0uF)z4E(%U9cKXrpu-eoB?qY^pC@y5zurJ4_
zwT1s79_1mF#t%l*!~4|+i8SaJA9mrD!!U+~Ki>NAMKHA=xJRJ8L~H6;or?NNAX*W<
zlvC|Fv12nHt+2Y4&ed^@@IlRp(`t=G*4f>J$s0bw+eYf~;C;Gj5FX?I5ra4yU-xa#
z=Gww=w?1^76v*-#F!+|fQAAq%0%}Nn(zN*n$B1@MwfVI0QM5*BGofdS`8MS_6NG7&
zIBWLR7}{%EJXzB(G)eMumWqPOfV(*qOa0@to90Cc)Ff(CqM++TWyMPynh45!#9OTz
zr;F8-9B1?qO!xqiGhvg;(M?s?x=t~BS;gv%_?igtRD<uLluVj9wF3J!D2mNRC?S)1
zBWyxi4N_yrPWlCG&*v{-2a0w?!1C*XaTjoxh#<#Z)6Obq`52#;1lm>{P0+)TtC+6u
zx*u3L6$YALn+MA66NFBbis}V-3GSveKMqa=fgIwjSCQ#KW}@J0P*xQWXuQ7nkJGMD
zcmas4QMG>OU!V>6JK`X)q^xC(A>R!rz&??mz+zEUBvURrKd~=w*8kr$8-9`==g&@N
zEWHy>X2q_B>M5>>0w727UN$B{_UO)3U&>_nU#tVbbd_74ks2hnc&FMnID7?SUj!M|
zF8u5M$FZuos*HZo1|#e+5p_U%UL|ik_8bSt?^jSOjM?IPmpghUo<5d%v2)Dg{dsVv
z@+5`Y9m;{R+)+jZ#+bjF;{VrLkha^zh<!*$Y%)qBA14uF2wz`}Q`Tr@?{$aG%Kx|#
zc#cHHizb9U4`(a~M=$f8;TqBdv%P$Tqw&8W$1uT*PSgXKb|U!;Fr;$bNTP?t=j2K0
z5H5-Q|KrA&Slhx)D>+jq;Gpo=yevgjL1y-Q(-;0eUS{|YO2J=C4X>b$C9BJI$sZ0C
ztRT#;j{3b$F~}6hKRuTDMV^H({^bq7Y728{M)sO%nN0nZLp+cnrK?-(PaZxJ`H~X=
z#gCb+;wbS~VEMStba)O_^um1wv$!%S#YsTvJ?;6fg@s7z7w!*WJ>)>4d4ixbG)md%
zy|SJf&y)0ZF%Wj`*0a(fMZ&n6TXHl|4IpV$KyJ#798G)gdMyb<Gg+E5A|`40za(@4
z=8MZC9KTHm>Tj#auKQ|5s0%Yz+kp~R!cc|1k{FxsUm_gzg8LT&1cUHaJr527<>Gk^
zmLFmC8guIUcO8L)B*!o~{%X*ZESTa>NdHHg=cUW13<aSYs1Q@?n6jOzx>aGuzGv*^
z5*@V~c@-a_D9RS^eskj(_j2zM9n#~<WL1lUn(H;faPy=wnU+$uNt&MS2@u(90^&XQ
z(@ZI7=y!g-g5ej;-eHGB`=Pmy3T#}o4pru)5uiT!6!`K%$iHC`&!swUP6R1^d0t7`
zK;#u$N`^m)W!9|MH-J<8`OwXQ_elkh)AD~lGm4EKf*gdeF7P|&$>y7vd_Pi=WIDiD
zchx~>gBSf;E?BP*5IO)~A%IAOqY@JirqrU+|K=Q!ZDYe>$NazOF{6^tl<u&Lolt^c
zep76njkgSk)r>auFoLI3_%ihujA>>gW#tW6l9j?W`!O%ruK`OW)r8Slf6#M*S_Pd+
zdKlU6x)@@NaRK9NalKp=Sz#I@c{Jq;xW^w6^o*5!K<EG6{epJtD@E@Pl4T<X6jy?Z
zh-=SWxu{jYHLuCy8b|r>T*F98J}!AT;ahlJ8wE}4Ql(?c;Ra8t6QXQ}y9m|4^iw7L
z-(kSQLpx<hOwIg3<Zk`<8D#8=852N>T|JEFv}JMG;DaFc>+D@2+Lb%0sfI$KYy!EH
z0cpy%uw8>_+<=TJNy7gJS-m-syzlXlsNx`MD^jZcX#Wyj&IZ+Sz|~e^C@ipoarLnv
z9wSTnZR*g2aTDJLYC)2r4teEU$0lp(>KMFC=f?iS$+X;D7+V~<2|XOO85yT%J&D#U
zFT-xEx`grh#+T<f+Udi|Dcb;)C>9V}8AzBJ_TdXH92N>MO1Z7L4_z+GDjbHm7!gb?
z1KQAMYHi49sLUu;SPLvcKgJ0-T?D8;>V3Vh>_j|hgG3eu1fmHQv#jdk+U_}8pI@EC
zAS%Uv1pj~gAL|w`WpC*^cdzy}1kPMr;hp@i0TG1dN~m>COAS}xKO|AGP&Hb89|%y!
z*TG?ZE7AvDG~QK;|Dm#iqWvYnaI0VZGb4BE0O5$%NN)>|$7DnV(U&D;>x>lbsJ0K|
z`a;TcJ+Vn*t4yoQm@vJXs!TyDztE+Hop;*+x~>W++W*iN6lkJNY($l<Sx@{+5KJ=Z
zIP9<p38<xlO=jp}{$gmJaSUQYl`NX<w-%5tQED34fu7=g7bAI#;>;ao6L)Hv2^$AD
zZ4`WK=Yn75(ACgQJ+3S!WBF41IZ@~dw{p{18e?KC&HrVg!a347^<GZa;vit(a0l`7
z9Ws(t`V=9;S`gE}0Qu#47!=r%e`feMK{SAw40nGTWGPr1Rj7D9v0Va}xa2QKf4dd@
z!zjuubV2ra10*gmgx+m)h+}wjl=ZfmrN#_x6q_$YP*HIpGS!g;N27^1ATHrmVU=X@
z#XuQrFKT5#ztR(G>n{n;XVLrlZTwGP)lSu2U&6CFGmISj#5ZVPD>1V#ODN8^0B1;2
zVUh>|6TCW<A?`M?JkbWmN7suROgH5d%xsR%Qv&(Wv6b)cAv|JZE=<V_F5eDT=&|Wm
zaX5T6)XY;ox?SgaaMpk30{inVA4lfxh7L>JANE}vf2w~A{rJ56(V+is-}YnU{jo);
z`SY$h>+|3Gr*b4Lx|`z(DIr(cAi#u$L~Wq@OoQgG_N@IxV&Mak^!j+`=+flpvnAxX
z<q?&WIiNehAjdAx9aC$0jHap)#w}4FUe`h8*X#?MxtLz+u9>O*p$B~0cdanwE=_r`
ztao<OFWtSCcnTe|$bb5+GiHSy+BE42@i2|AdNi!_|IJ=qkA3P|;hitJ1WbA*F0bq~
zy*<>Q*M1_&PbeP3G6|X|DY9OBh3_WdNTrE;cnUE${6>$tGTaNKkiV!+f*yMe0Vt>>
zz-A(lg(JeywE{FfS~^)X?eL>XrmvW8dYBET<zkWSd~bpR=K~j{d&e2vFj9CLs%Hvv
zQX?$x0&m_030KD51pIZlf%C~9FRlE3B~x|{TZ)!%fka0ZEuKg~hMz=<qP@#=*{I*B
zX16DnswFR=U7gnP(fsfAYRa%@)iJgVc{C88Yau=wVq{3n6i)O^6S8^f8&*k*Icz#{
z{z$YC0|{ZD1CJqo^{wWGGXKEfqkG3!li@3c%P79LUrs2!JF%~1!0?~}J{ZfANCO3@
zH}me;NDaMy8iGV7d|1h&;rlNWCb1O=j#}ber2uNM(z;L2g7Be9<kFpShs$#7xJvP^
z_pgU&ZFmOOy@tR?=li2D!rNm@LLGS{hz-tkeZ2asB_bAHy1h9tr3-H(eTW02#7ptQ
ztKkbWOMkIgL}n)d&D8mbw%E~rpA|&tgxskA+=;>b{16)RFN*dCiHu?cit{z=dOhR#
z5b$s)(9XIgF+ntr4lxD8-7(Zflw_i}8PW>~r_vJoNG5N4Ci?uW<cDA8Kg>DZJ+iLc
z6sKH1>>IKkIB@!e4hMhwFG2lw;ioVgj|Y#16=KE5k7DQt2pbHrFdq!}2H9>N1JISW
z4_RNCu2n|k4@B1D>I5~^=JU<Jn=FkN{P`!xUrQVSa@rq%qbitIn<t@2C;SbDO<uz#
zyBLeP&n;LZ@#^NLhZ=VI?eJe1oBnk6sa^BRWrq5d%jHEb&B~dB>)=&_!`<{`M(*BI
zby3!a9U$8eygBEGMcEll{Qb+>;@o^O(F4PdRqVH`bZK10JT*|R!&<{88lWE&=J>Sa
zpm7W?CTXRYx{WoJzrA7y$man3c4>E`cSju!+tQ8=sgh<-rUI@WZ>LF}d7CD0_Pw?|
zzCr_m2~kOu_l7QNhf2yS#CD>@sNzQ=5e_r;cNyluea}I>;#0$BB~}M)$K|@l63MT@
zN9($rI?{9OO;7CW9x}aI<CzgoQ9>SW$WCRIcYd>KP&ZM$?j9?s1!kqkJAHZsu62R!
zDT_Y`NjnVkUK|aB=Q(dXh+|b%oQfU$C2sHb0$kX(HlB5Bpuq{5{b^wQNITkT){^0v
z9{8JpQ-?J|71WU52%a<H?~cK@SYiTpA->hx$}R@%?Kgu+4Vo2hF-JT5Z|FO(ux7Y?
zc4y?@U3NL=!cNaBp)B0|d}#C@{b<6T-Q4vQ(zZbH4}xnWQ11F<5x~M@fBuXvN-ToK
z1V0fSzkFXY_gg<<ftIxQYX?`_uw2bUmL7To5`Db0c<n&OKb|HZ4cYH3h1|H4xvNy7
zc6cUcC^0>e5h0;zBxEtjxB9iYDvjD1*k(H>B>{0Ii;ZQEcAbB1PMkGFtplsNqsHLS
zCM>Yb3Js~Vufvd^0RqRi(HSd)?N9Xc0^fFf@^oMBbplwr7&N1(y5gUbj=||NIvEWC
zGt(b>f}nGcodkmDG0;A=9y+3asnfc*NLoL1CJsi}&;JU6Hz1)cy1Z!t@3X?8tKYdC
zZJVj5?kOz>cU2sF@$cvVG#EH3X3-(TTMoZw2oU{KUrKLS<?UF#vrq-(A95d>N><ih
zzA0BO+hq;+zf<YGuQq95njhw;4|53vMJYIIDtV&YvIQy>wQU<?SA_pY)LPmg5i%VC
z9oslZ1T2W4tZI*>#~NP6^~v?~sdRhn`H!;iNl8}iXWE_tc+Yqs>S=vidDgvg8H7-^
z%GVrVTgFD7S56i@WbLPM?oaLdcG#akbpNKl4NiHR4ayS~+PP&Ja<f}6#(Nq9t!sC3
z&@GJ!ZEXVzV5vP0E{STCcCeIXT7O%)W!;5z8yXXF;^HjdE)V6BexG_gPUxmzt|n2g
z50WuOz7AObyLWK$5luSv>vF{cF4ApyT%jVyAM}^Efk&1T;=qr7e^ZhnYz!KHoB<nX
zO^R%5p)e4emmvAq!th3Dgb5+QpDgUWrosgGWwV$=7_<zU2MISztF$6ojOHW%4)#0@
z!JOpD&9KY*0D;41<q)_Lc*y3m3Xa0(!+@PP)-5~~lx9>4!2-##gV@~ub2=McGqTM2
zd3s)P*S`6FW7-#|QKGEy!RGHNJR7u<B8l@iP%RB1R-8h5IY=tIpsEh=T1eLzw=r@G
zEq3<SVy5!h9IL5seuXpbCN4w{lta5E2&VW^@a+f^37+;5y)sy)^K1i0zQRncCfCy7
zs(3_&ai0oBe#-M8%w?pr^lqL>s{oaqG=sp;rZ32<pWO(Az_L`&UB~($esg+Ad`A5I
zz0TT!=y!u5Yo5@jTRRhQesL!PqM5=df5u);gTRA_UW)vK=%UEGhYhaX+~oHzYxo(^
z^(df57FMqkP<(09;=S&&hX2E+qctxg*#6K)kAfylhG!sNHStQcl0lC?24pd!>gv&o
zO+Qs8x$SV-=|CTcNTB5O=5a~YqF2%X<Cm^?a9eMRJla%BcqJWBwB|M3Um8u9+m`+J
zs36$l@F59}Wy{f_A;d~0Zuva$Isf*eO;Zci8jBfH#%kKE-;@>XZM%$=-RQ^84J!j)
zjy9|egrx7tr!!{v0l3hoUMzor>#|o4u+J)79+tp340-C9952|aAxvl%{85`*>M)gU
z-Bu}%_L1h}6kG;a8^yo~D@AuJrLmMI>yw+#sj*fUp<VGy%J*AP1f6v+MHX^_(nd<F
z55l4=%1;@}8eK^6;~FTDspz&7W%2A{@;nazTxWRn4J<0Y^3Ce1Lin!mCj?<FI~O8Q
zPtjU0Ry=D+!!3A#Y9W5^$Pb@)T5gA;{EWymO>feh9<dO3Q)`G4`6|4ZWvP}I2-X+2
zE<)>&NY(Cpl{dAL4&OvBbI2iig#8O0`F@<x!;_cMv5Nk6S;7mhM3QDky&r9EJe>(i
zsat*~@nM)s;0r$K@?YFR_BajjLgA^cyO3Y*kleUM<mX3C)Og#V6C#6j%4PT_^!E;O
z-sTxX6@khCVN0vq0E`>b$`fhLVf<uo<q4BsJ-f3^ARE-cy8p-+b#0&;V)Pz&vgp<D
zPCokzXV>`XuII%Tp-02zZBx$gajQtlQEdjp)V>kE>HEkg@ef&c%Aeo)Ptfl<O2@#2
z#wlFDn35gr)GX{K@$j_3bVfioXf*-im+u~`0jgd=ca7tY1KU3$zE!6!;Lq`tlbx(n
zL6MK;3RJv;2F4hPS^@XwP9IG1)+PVe)w-ugndY_)%VsrI&HM)&@ie?{QBPOYq6=Jz
zmW3)4UTfev6q=CrM(^iZ(C0$PC7*5Q+yL*aomh<2(KpiPfpT$b3s6FenF{c2v}3CM
zzM~4@+tI8^fL5HYld{Nfs*Y7R_s*nIRKqL<!xFZ?l~)qazf5H~33{VVYJ$)G6U9Dn
zVXFFLiIohNc$8Zmw}*>y)bAwlO9H0WzjIe0h=9nyL_?&!aq8#%J^3KEMMU=9LV1S5
z!{tgDd@#chb&*BDY#@qjXPt9C&=w?YxF^g2^o(D;4$x0`=6SIlrctJ5vxSi*T}Z^}
ze=SDPi6mAwA(YuCpE+!ErTcR(t@kiT>e@|TsCL3b<wJkR$>!ZeF%-y+8oK<cAnyr=
z_f+-cYL7XhA8kMCN7Cr4F}lMK?pPKT?$2zozF60I=x})xaSDsClL_d-(T;<7H;RG-
z(B|cesgDmm`!0x^Z2Z!vP}^?#a_oTV%afv01ojG|!a2CtO&ElA(ba0}zAm=af=iun
zY@qgI^Q>=PoRM#cRD`4k9v%OmlgLjh_17X}%l3&5#O=Sjh!ca#2rcc`rSx*xeeGfk
zbR#YqLF0*3dl;=eyKg=G^9^>zRmCo+fc0kQHJMoN>L1p+QVJGmk^pKm4*|IlaSf*4
zWRW~cR5#hmq~W2{K#HG<!xCkD=Ou5CTP~Bv?<pKPBKhMiPGObwOGjmjyJ2{=Xc)Ox
z+RKQ}k{5QX@_fGaR-gMQ-wOY&b|bl~7|v1&PNIUn7Jx03gaxDx44(;C#?(1c0sM`8
z81G&Fs>@j;$&wX191pVsUHpH9Yk239d^FI~YeZrfwnbJ+cj34%N>D%H()eYf(E1<x
zZbc^u+u00vtlNMezR!Fd$K;rTTV_<2$D$Zklc?th#!cRNaE8@XcawHp&OA?eWX0Xx
z6TSu@d)=&wMLNhPDfmtCI&v3f06$TAI4zr<Mh7a!JR?zD+<FZy?sJRgG3;T%1aofQ
z<NX7Q9$O_R?yPVg@j(noRebr*-~8D~HC#|J4}Y?!%Z@g+EwAzUmcIR@dxFD*_&>FQ
z7>Ra)sygDyB9ZUKMty4^fp`~I@>iKo{ecb*D5N9s;S-4zSNsf|itDH6z@5r(is56Q
z*}4`j)h@!w=ux{S@1Ja(+xR|z;$E}7d$L3fCrK~8LOjz9X1zxm$2zIetD$TZm96Gu
z%*<3GMeK5vF82b~K7Q*W+pa_anY?ld#OFRrA3dJhzejd!u~9}jrf5)C>#b2elNu))
z!7NA#i1a^pKL0VIRkg$q0z@@*3q46x9`Gm5;Xy5`;&zVEKR^)ovWWg>g%J%u%xt{0
zn+>SzxNIqXOC%saVj@L>wX$V-8spa7HTLjT*=}((S~&$WORjzwGqNXKpl!igA)wQx
zNF1n~pV7iP>0SPQOAmxK8-E{0Rxy?#2<JeUId;3w0`*sLK!ZTR23}aDoAx&IHj8PB
z=3{O$?@a!2(6k%#uweumg}DCmnxuaNf*AyzxLt3Gb2kHah&6%-^2E(rDcS-NYMlLD
z-s$_2H(euo{_=BQt;fA&j1^Zaoy6msMb4j{(CGLDf40SC@+wa?wKY$izzEX2WJS3h
zkPTf@s>2DK7B($`1NQgbOoY)D{^H7S{_Q#nzZKt)RrK<9MolP&Tf<K5y^nY-=wU2Z
zqXGo!`cQ8F{%dr<!N%L=%8cD-Gi0(Mtac-)vcLCpWEia@iPc7e#*hx(nZl7Uem^s@
zjiVDYINH2-U~39e@SLf>vv1q%t~(@R@^yLNe!_j~p~3i32Q+N(r7=hQGew>#pbt~A
zD63G<DEXLQB=cBUnvevh2z#cR1h555A-AK(GI!k(AdGyN%)Mh<)(M<7lpw#G5TVae
zJR~542-ID~61t1+vG74)7bVc1LX1y&zyCq$z&-yov3<e9^0nh$tI0pESQII4qRdDc
z#g7V0mL1g}21v5Z3i0FYbZ#8HrV+Y@DV)d2DmEv(n5sXH+<*St&12(@)UZ((pC0dh
z<pYtB1{n(!zaF$$Is%J$?!rU+m(X!Cz#G;6Xm0>c+xgR?#L;}^X%ZvjRsSNI4O=fi
zaRF|RoIs+lNX|;CoPHmktw;>H(WyK9#9Ik9`>)&qE%0@kJuaRZEl5BbK`}!TtI}jm
zyUFkP9e|91A!>5vAU6SnBrucrQGl1({m!Eeh!L_}w!uoPUdU00nLQOuGJsgQhRQMD
zsAWN$73c(^Ofn<lj#(%}xc{ij5u8yD^xA3d!O0+yjtzzW9s#+TSf{*L-qFtR`WUG^
z9l%rL58RpVSBDr!2{{#8?ci__H~)EC!^}Ar&{W^?jwVVN0M&mbUl^#r2Uo)j4lca8
zZ%<dSkPgFw4nl_OjaWAjk}-pAYMuP%akOYTaP!F<m@D{(t<%Qf!9$f2`VvNjbMLv-
z{lYH=GETmN?uWzZ0&2uf>^hNbRMT54OdH2K2HavqJJb7!?$aneGHrYRLx{p6W#v2l
z6fd2K%I4kXmb3|hj_e)I*k_Ov#(ia4gsI8^wfVf?_H3vzR6&l($x?Y#sw}<!j-;&y
zGRCh^kliz)9;xU<MRvG_AUKQd+s}o3w7+uDzX8e6Kf7N1!R+(>j9u;)hEKetywz)s
z890lAE0zd>bVCV_-=l9XwFrm(YV#YO`Oxfw&+<L>Lc+`ZatrxjUQtiSY976#r@r-@
z7#E0%aYvlQd|ELz6FOGsAk}`CKlXAy-Ei4oXhC1vG~A%^yG72n0GS9PhPOZCUZl{O
z3S)_Hy{XNlj7sMPzCqL*{gUZaL+3=9ssI;kpEU#Oi;7}&7>R7?E9Q>~<D0k-i^n(A
z99!&v?{nLqPYw-Tct6ku<PYm_D{vg8cVv3&OA$u!+^uZkq6e<g+&a?DEPlWjrG9=E
z`F6g+_#Y_GL!3l&FwD~6R42tJ=c_-_3=uDQavE6ZA#^{amh@Za^5-b~yIHY|I0HyG
zw1Wq5l(4yGlzlL?(5z^1q134+a})lv;2*m+m5J#+%%&UfwqG{g8$Z3-HC>SX5?^6T
ziDw!UXZ7E?>gzGWiBY!;#zLU*+}P}Cbacd_cI%T6y37o7+$<&ZRf5~&hMQbHw>4Q7
z6<6%U&5I<5{1#N1L$2-V>KHnI0t9~l`}q2(rS!z_X$Sv8IkSk>c9J!~P4;+7W^9ri
zAX>^b|F^o!eHFW-Hq$k?M(8PvhuVkonx4qU@PtkBfDINVd{nLyF&wc@+#_?8+b1vW
zRWp}w6w2+az+|XBY%(_zw2HnOK}Oj37aFgjo9OA&<#<=)THAvwG$O^<i>_><-IWP2
z(&mETB}h|TRvV`(5u15|2-G9X!tXdI77qMRxCcTSnW9-|618q>l=14w=(_dT1EJK;
za41TZZ7I-_3*HF7oOyNBZi$LxW=qEu$!NM{e#&0ecAUS?PitU?M2*S{i(;X(qAr>Q
zCG9*MCp(AN5LiE|Id5`VHv{SgncbuI3o9labFMiv#z5}B6Fj+o+~EL<BQ}~Q_K5gC
zr`<!T9B3|Nv#2_4s%p%ZzZN*h2Oh&<RHDL{aqx|_kl>;@A&m243*s&$8I;^YsnY{H
zM~Rz!C+>bmm;T@~NAbAVi1FnZ7M7?zXE)z4tRyn<*<-?Ef4{-DFap<_1f4T~-}Ok|
z%UncOX~PBb9AJA%+h{>*OjJlZusc_45gIo+IScx60W((mg<U~$M0q833|KF+TGz<*
z3LLs9J}K?p#Mu1!!-!05zdHTLs+NDG(KBVrG}i&%d)l(b3TOnXyWHk*Lz~(Y!6rX@
ze?#jSgMVZ<$Bd%7lmiUS%~5S$LPmnRg}lSr#Wh(_SX3YQbI9)^YkJRK;XWWlwUP`l
zb^%XwJm-HLxBH8anYb+#kaDvgQ;WSI7p)dxSNys=a*znzr1n5or4J5Lv|J^xz~~AI
zj78BCqnH2eOo~K@7eilMPY!QC*WDo))xSEMnbf@c>50DTNCNueUBPxCN?bPF>Gj)#
z_kkBwb_WdZisySw*~1%u+t3Nmh9*jRqKr@oOY7Mw)t+Zo_$y8PTXencEjUmEuIYw6
z`8N~CBq$9RGDzxr7BY5_lmncjqzsssTC(5#-p+tU8C(q+Es+G!BaB4sap^rwX6rtg
zg*cc|nhFPxP#_(<ID}CULeJ(^p1lYII&g|lX@w9`q{CM;=H6byZ<60HRE(a~d7_X$
zWx*rYLu*(m-C5@J2OAU~+R<1Dm&Y9z0%@3wK2NXFcswzP%eeATvLG!*3LcLx7sE(&
z!<;Bhx6J4Zs0S}o)Q1O;7+MglX-#~2ByATG)H)9y4ZuN3PBjyb<Dx-(<W2op?to@?
zE*Weh7=QqXp%mQ5V=YBok%mo~?NOh-ppDnirbu5*+)_^bmiKe7@kb|$je<6<Il4Gx
z6%tZ|_F9{r+~;QSChbcglMTlXs-pt;PkGz4Y)D596}-Uy6FMR14mz1jEQi+Ci#O|O
zGJlS;3eZMT&%=cBDO$0e%4IUPG+0^*MLnR$DrZWq6mj@}ipz7n4y?NH`Bu39T<#hG
zXCwoD{!*QFQdvt(B|#+=Epol)_vMso+<TBz^n_r$s%~2$Y~+Wb#WwXwi3F*=4(1pt
zaJn0a5(yxUsu}iwOE=Kr-tb970Jj=Tkp`7<1B}!)!!PNq9K|#D(s5GutY-gEPiSZ?
zlnNPxY`I#Ynn<xziITYK1R08OM}SN3XLuR3QvSj$*_1rCs7%MoKY~uZy(hrDP$-`x
zJG-7`WnQeNc<kudH+1o63M5X2ZG~mzD^={r$zj2_mb~wo83BXeKB_mBOq&(QYe@eo
z16<CMo{C?UjlQ(JC>3LINhIV7E_Cc~Z@Hr$6Txzhkz-msC(8V5Po}BW=BBK}2P>Ak
z+K$osHy_R3f9^H|-xW^p*e<8AHQGI{Y4zx8-2L!2*<&uVYlc2VqfUVp`VK>$y3{=2
zm1s0I(>LL;y<Myx%_1qJp1!PHdabA62e1eP>5t$=1iD&5`9oXg;pgHbO*%Xb2~AFL
z2+YVlmi)mZSIEgVVLJAiC=?s>r<FhT6~pF|94fYM!JhGd`xjcKio|=(G`C(K&MBdR
zK7;fo_zpr<!9LFi>odq+G?!`;pvw_|tNU%7Q=PKq*{PJKAqZ`i25gFbj6?F<H-OqV
zkB+~AtaMg{>+@h9(V&pz<7|D@Kjo;Afkvr*r7aI&AhtgMh4R*x{TDSj1!=VA$2X*8
z)Ug8o#7*=zE!@Dv0_9)R{Qbw!g1;^QJr+|i_@!WcA#&wY^<9lX4U~zasSx%=W6mdu
zgs}<ipPB)v^dP#J_rFJX^B;zT_`nA`mZukmG0c=LZO%WW2$G(7)QGW(yHm{0$iTV-
zTHQ+N>kwAMO@-lCK4@PyZ|{ytI9ak9dD#<3ru#gT8_M6i@sW>vhBI6rM$|ITG$`oD
z)%S(9L+J^0TbMOaQsNN4n?|c8e4Q9~%w_t9UOY3^-#B+sL|S#T&%V<!^a2seS_OB+
z;KU5{>G9R8kw|VF*)^W%|Hds<TFAndg~wfJfGFi}k@D{ty$0eMQ$D0gzk~lqW)m`2
z{W|n~$}xCrXJP<<1sSXEIL)7<$ggo8O!aR)XhndaHLZ+xfm}#wq(knhX;|DbW$%g(
z{99~)v_QpsFxeHITmyCq@c?*}s!rjoVO*+aLrH1ks6QWj+KTcoU;Kt@&m6nuWnl1T
zK_jB=oK>yXCt4Ss^I<k0NKzN==^aK{k%VmEN+qB}LX$i;-v-(*jAw@G;$OxbqL72(
zB_I}BOMBvqp~GQa+{PNOG0O<G{5@N0HtO4chsF@VXvHhIeVqd2x&hOB`RjI^Mh$a<
zfsj-t^Qu~cK|xaG;G^bN4dpA2XV|_rhv&vW0!|x9Hb!e)#K}hO8?SLZLZibqkWIx@
zKUU~d;dJ}isg0UvoOW9R)Rq(Z!5n8gLyW@%wUCHDO1`tN;KKCr67cwMr%UYdT!5!r
z7wln=Q|_+Glo664RROhIV`S^;i|uE&cBEa@98vyLB?zE!F1Yb_>EWhINZzESzqoe7
z`Yy)moip}nNcxeiPPZle{aJ~+uWMh_k)BKC4R(1bgfDg$#YIq6#C#Vn!$QjE^w11v
zz8h5RS5P;x`~eddW|HRse~F-v1SyaOS&Mq-Z&|dp5axUw{shv)Dy&EHz>L+y0meC(
z?+QXeUl+>C!2}>xRjzMCw1wU{g(PyXz#m7^rJW-G#P;$tKv<=M$T!JBqyf9-$6v-c
zEHdYn49fDp>CXc?_#d2Ow?RK!-G+x~CWrsQ;^pGRV}x;;AwWXF#?e4IoHN3CkFTzD
z{j{ALI(P5Ab_7!7obn52(O5qUOeT8hP`pzwyyf+N#kya8vtVr{w2JV;GiK(~1@j=}
zr3HHhYbi!AayizTCPPR)Owsa4eq2QEUqr?neNYsb27_>;&<!6z?kzSck<^C=8G@J?
zmgT9Uhs--s#5?Xl8HBo6;7T+_XDX3C*|j}XL!JdoL;>J@%X%8J^0Cq2qwq7cAn(p<
zc*wh9(wXJ&D?pI^Q<M!uOlBF>II~Pyxu|@ni-+pzy&5{g!w3@ZUL;@J*P1kF`<A-r
z&)h@Z@A1oIl%G-ZC@4XTEq=j8DrM3@Y7t0wK`V@?)P$3_w#EPGO@KR!?MM88kWqio
z1o7!#-v!i*SRQIb9Tphut|z$NyPnTu7lwi9UanNS(4Q(~ISZ1ybqnX-*W_OP(?jnh
z;SyF54~Tl;gk0fPP>=+MzEK>Mb29tA$oI5<HBC0;mzRUyot3o`;B=t-1-Qm_VUY64
z<fNSpMixCv;YB>~NlEYD?|j0tYc&mP27X4$ApvT3br(e&vW58C?!rD0_SB&$o1%=<
z2q2bx_8!9HFLaKN8EefSov^iuLTB$YGFc+b1BGDNi%~~J)<L$?!GU-hsikFN>$^5s
zo!D>aOMP)NOo=y~-8d?u14yw5cd|*7Bz^)){6v+cRCh~pHw}Y@<-Xk**0!c$Z7b!q
z)&S>X7dr8&sVlUS$33o;PYmdQZ@u+4U+*m@ecXIxq|~p^Qmmp~x!S}^w&U^IOk<?+
ziOyVOsjCuCmznFo*xW9E_A9CGD%S+t9NiP(qh#<3ZB=dt)P4;yNn8gpu9FQR>(>wV
zUH+TT);ndgyK8(NCZXPc!i~M0C$L^U&j$u??pGyG;hjx__2eBA6hH9G`ffwQm73ey
zp>FrOg3*kIz+%F1Ngwr3z;PIrJy=CmT4f6sTrp3Jva`5q{1=5*A*dB1f7P|{n@0M(
z<n0hyT!V$vMJmbdUd$*Qhpkx(UK&IHU1t6!s3>eW!-T<CFR6rY-n7lXJWZp_Y6_g_
zkyX0xmlsC;fpb*I85ND&pq<(*=;31+cvsiU5P9OpFXa;8FJ;(=m?Z%!Z>4{Gh^^!r
z>KvY^tJs*cXTlaDQx-Zkle`*fhj}UsbKC2=vwi$|R5zTT`+*hMz3z&%Vi+K<RIPfF
z)Crk0>@mt7`O@JbfZW3VnAY=nfCv-`B)*I&`re|RQAywEHEBsV4DjUOsDS60ynv^(
z1&KPY8tQ2JE9m-WQca&34bZT&#Oa`$BVhom?tbAh-mvZ<yye9X%y4FUiy4p`Psc>!
zn5@Er_$ei~w<y-U?$7(#;QW^tFxh|V8Mrf&7yn_4efHfQIp@)kld`7lBLa6O`CrXT
z;sadGDV%@-5|j0S7+QS(Q6q~<mIMA%CWo<_pMcw|t5D{|2ovYOwFXb5{$V-@_Lz8S
zrAinf*fd+{3)oQW3lYP5|8S^U!t}@BtG*aj?UVRe!OA{IY>Sd>xR;+>v)z2_hHgKg
z3WzbmjCc|5K_E#!j5OfHqks_Nza0?o)_6<Ayk|#UpXgsVNF<(z8Lp~kf2T{aQ4CbL
zi)D;oVin2soPbo!U+#BM!sSo+`p5FC2j=!Yhgu_(58wPG^BpX6@^Y}g(v(aN9W{{X
z%|gJ+moYdr$Tq(sbM*?@gKskr!_xd~-^B|=RLqtFE9-`b6QV71AOx`e_SsVN5BK+K
zy6e6ldJi+jO&wDFEf@xuXeKmgU<wQ;Hsg})f<G2k+&2m$eLDs(bXP$Q*<e2giAuwH
ztQ)VQuO!PYkdKHuo}mDPB;dx~@PcM#a}(HHV<8Df^;MGop@WvaBPLcD6sH{`AGbpn
zs%`hppz-Qp=wax^T?`n>#0w~9?#O$Bbnfrh6WtYsDaNGCH#ahN_O&<>5WMf#TIYIN
zx(9nkXY_(N&Gq|}!tE%nDWik=6yQoNnZF5X`1akQ$Pv%3bHHmh?Du$Cj&yuUb-G=6
z`b{75uhZhlzLJg&bfKUjWv&^<Yd0Stw;C3vFU7HAfW-czkP^VD2JW-eyTX^m*<;PV
zio~!K<t=w+D(XOYF?7luMw6Gj&dwKXn<6#%TSKfoORX}w+<v^UJ*yZY3b$Wto<_;2
zj*zxziJ}irmP9G$7WZL!1|N|TElqOO)ZUmLqv2_^4)B1s$Qzzz4~3xrO2OQ-<=RIP
zh93=e)TXr1BnEc&P+qQXl2XiBpEGW-jc{bAzjssPU^YdM52q(}2EH&5Vs4t813o6c
zGhS2Jx(n%V?;OkY4i|(@zfn$CaZd-Sjl(a<NJ<7483qX_oAVp1U*PvoY|F5$Bi!SP
zM2`h|Cs1xlFZp5!*gX79W;x>zOti@@YKWhw<9~mge+TRY-VmQN#ciqY_g6H<A`3q0
zNDzC%##~?|L1may`PlHlM6{~){)O2eCChraz+4pm-LW-*`ZX?<5^h1vIKR9vtP0Z+
z{4*-Cmo*kOH|&VZ$n8$99@<GMTVUM7|6O^W3upJ-=FVTF=lON>XUOy}Wo{SqYW2Uj
z>1KZi<q#kqnR_IPx5EHz2U!F&lAb7JI=*TgTQTCOzdd%10Wb7amn_tRDoO`RdsxPG
zn@>ve2sFbbFPs_IAEL}CT8_5w(2tz2$1jykfc;#T#r}<$B+;uyOMkf__fK8NJdxky
zX7Ir{s0~(dRV`oW1@i`mD)gkqcgM8+U$qligHAxfivxnx&egOkzIFl!KT$9;liRrK
zQWgJmVJN&*8%;iN*W$B8->tMBpl7?bCWvXq1KiL~nSPu3m0STcF-C!rmTYc8I1}Ky
zwhsm+ab^Q=PQeb}8HnW^<0LpSnASj)1m6z<`!+&hwF&F8I}=ph8ySWh7K^_Ir%lH>
zE&|~9M05Gq@oem_bV+J>geTWfVD)@g{BRM9E8wUBsV~b6<|TR2hRb0<QgAwyK_B*Q
zej|pR<h99j-dJ=5Z@`unv>;^Ul^}V5rv;siWB;Zp)pH%(t;4uNFI}{c?{us0-+R3$
zy<xtVeFvVPA#&a09i!aE=uDp~EgJ<Vk_FJ?;tdK%wN^0Ukfn`{-#|{1qJCH~s}K{a
zJXx>w$Xt9Hf`EX0eja37yRK__gnmX!ZjQFB5BymnSXb5Z&C*Jlx>vg;NjVFWmNt<`
z!;NpOl9>diT|p8_&4kG*)-Sm^I2>e?2RgD21+KJrEUVw1?q<)^xIA0T1u_}8vVq0J
z#frO@HQ4FtGwk`%io4gzf#+t|ADk6KgEl%02HDuI<_kXB<u)uGs)LvI`hS?HY_ylI
zO7>m6e>9huuiE&$oxNK$wd;4`#8{XsGyTX=9CmN2tkw{Usd%x{j$M9mbN{N($KKEM
zR_?~b1ay}Vtpp7W%1zqnHEj&&BY|@l14a!Y{P&qrH*Y?=zXsWcYVO{g`g-cemPF^+
zwyOi5t+B94+#Iy^@8Uc%f6Iv*1P*zAR5nZ~CQY0R!7iWW1p6L5uKm$-Wql~niXNY}
z=g5q`lDv(1n!oLTSuKR0y6a(eNUfMyB7|Q`kGx=3ElUaQN_*2tg#?FR+5{kdvn!I&
zH6F}aG&Y|7+Vxxt<v8?9E&i12A6TyKAzyCuzgx%U1Q*Y*cn}y4^6s3uENdF0@X|IZ
znDlXv{TaaJhMgCH{XEypj^Ll3ZLXrHl21YB9?>~~7#pvrp8CnYnEp+xc2nPJreWtu
zo~TqspRvL{<}4=iX0p*wNFUInQ@ilsWWb{1pwS4~llqO0f#|OvUf$eZA}FuPb-5Ua
z1Y?HLK`HU5wqxyKZk``m*rQx+DUY#gkTdAKUH#QP+(`3RY9WHSDZ6CL;F-lLZj{Pq
zodQRW`ngO)#Rtb{G2?G|&aRUCX7pm?46EcJkF}_96*^UsEZ^Aup*6s@Auy_E>oQ#k
z8t-~Ev4*Gp!Q6DLV90?%qG|l}L3EPawC!iNdX$SBPX(itD;8IVnyCjXBesM<RcfJO
zi%@sFYB&3k$lzf8079D3Bo%aZe`~%Bx{!t>UUmP2JtiKXdPEAJ%mqcYC9*XnmL1^u
zE2^-%P|xU2YJSk{j~=k-S-9y?w^Oy)<F!yh$Ei{_J}HP~*EjY--NM{oon5$=ZdpML
zL!UyCP~lG(uCo5EmDtT2K(~5T&a|p>sWVW&8%mG)Yglg1p&Rv6_3GF+7Ft3_PXV<;
zDn>1FV9kSpeRJSq;31)&yqQ@g&^%)ASVpiGJ=qVSq8^9k^9F>fG|x?je3aiM%2M}D
zhPn@JyekXqqO*&T{tgzA(0PL4$FO{>aZ9wy<&*J!c&+m2!08pS{I2!Vs`K~F)14=q
z<Yk%c<)2IAUg#MO9^H^DNA<XgdinUnK}O8Sjm!HPk^I&M`KNuA2uqnmW=BVPl=n-1
z`S#6{W7_*(Fg8$O^F9wSRSXJY-K_(AQDgw{W*bItnqwK5_B{5~AkA}2>oF(qU3PUg
z(+^AT@ww@%Z?~J5?n`YOl#q$F43A{So64u}EGXAhzEJPgT^B+WSy7y!zC0XMt?^GN
z8KhEoLoDiKVX=`>2%}-Ov^9fX>RrKIU2~78yj&xV0>F0H#WvMYW(26e>n#=9pdUKy
zKpE$OnB}{WQb|6e=^n=BN~Janm?D<OEKBfwhd!j2^UKPL#9u;kcL|1%t<B0NFPY}4
z_<8Py-;lvvE5J;&v#5^LUW)6O%KhUc#KFc`2kM|4-Y;uDKrsfMR!OS&2y7)SAk4Nd
z%H5lZ6^J1wP(s))N{_7)r}&N#8gnacJj(!?45P;tE-His%{dc-@SO<dEQ&_w#=wLR
z29KHI&btZ6zRT<->A?gHtDEmY_mcX?J)V{b^JvGluy2CW115mC%cFsL4*dK_0A6ee
zFJ8++fNLthIXGFu_AJB-Wq_!eci)YsCmI5Q3m}PPMeodz5-g}=&V%Z(==nSs!B01$
zfO2oM_|?knJZ<F|qvbXD;i-qS3iQPqi!L7Yk=>IG(^sQX)KCiRwFiJM&_JfEJ(knA
z8~7ver%aF-jIIuJq&{z_V91)&NE?5sp=GV_ViTGj=zQNVZ`JEUGYe*$|1?URl)LNS
z1s?cq2<+^mui9fHRf!JkO?400_7WM!#n)~Ne~=s|5@pTRtymMqaY?n%4%3NB=`n^o
z2^h#&X`^azj@WpEWWDi7ZXrdp^3;wx$E0Rk9a_^(<C}C%+(IW;MtzWXa)b6XmvaW=
zO4|2yNi?n#M_v=)wdP<_A8j%=;-*1k04$V93u|)fXXu|iGG@XdKg#Q2luFT=>gNo^
z`UnJ8_Ul&4Ay36Nz?D4ow!mt}D(L<q&D5gT5ekrpOY_^44_qUlSy0i&I!iU1&h@~}
zG0TNccw*1DPan#Qt7|Nt_%J9H4ep<7jB&19_Xt3I$C1>IWteb5@DZbgK&|mJ1=<{r
zG6&9LM%u!l`9$2m$Lg0r>>-9xh<KrwRJ=U+HNp2GQ_JGMl%)+oY;|ef5nscwhQELb
zMX(7y#T+Ag7cvTaD*goZ6`6a*LdxHOkBmiRBuDxBpopP6gQgcw_28d^x9^oOIk!my
z=~eq^iYh!T&GE1F*8~Yvtx`c}CLq90+i4;9G%>p09&h>0YHM5_*Qza;TPZL^SfXu~
z<sNKc3Iyw}1IIAvH@e<gfnJ283Q^?Z^Y2P2<Sq@oT4J;Qgn<G@Zd~*jTDfCUdW)_|
zR&EY()_%&8x_RU_CYTYvE%l%@bT?xIg(Wte@~YR=v)wJiZqW6xDp-`_9v~J1QLJh(
zKQ`rjSY(LP#W$Spx+6bG9Es{@hVP_3&MB^_<+wcf!qC-U$TIh5G<!mEYwD&d=N%dH
z1F5VE5L}(Z>a@W59k`^%TqWPu{1WbKOWb1O1??h^U;Vvg?0!BM&~<aop(gNJfM8F_
z+vdsuU(A&kYp%mP4k_7qGC&mC>;iH-6OdnFw5&?U1wlOvvUuQWiW)dV6+TT#Q{XUW
z(%k;7cWR-6qH+js2lfiOcKb+Sp+HBWhLhx_o@5?Qba8m!a(wDt7{2$S*GUpA#hqB@
z=Sp+d#_i8e&Co5I?x_1e^LlP_7mj2p9;!~$i1l676%St>@=wNxK>)uCl=$*+8&`hT
zN9tPwXrcTYw7Ty-_#Y?JS957#7K-h$sbDxC?g9key48_B5?JT;v}a<$bS~&zXvk?)
zR^d%jj9QE_l{1sz+=n6&S9|t>9){edXM8sU!?Hd(CE*4PA)T&!Z7Jo{3kkWF7lTB%
zM*8%$@h2ELHOA*chrlt&!r(!*!V7F$Q<wVk!I|`D(@jk)I}9`!l|hqaQ~oN`S_?9@
zBo>teH7_dVGYl1*lS^F^HJ60`NY6kZABz67{=l&SRd86aRzUNWc4slI5E`-U+@%(9
z$xSFc%`ICJyP-RjGDvRNNj_gD7mtxif_WuM?Yym++EEqR0vw%7mj)WdfArCb%Ydvr
zx&^z#iKSS(U{T)T6H9d`LhF~3AYCOF%bhUvmYF4W+#lw+5ya>5N1L#U$HFyIdbn<=
zg)m~#4%!RL^BN_9YH*$GAv$|0jw{&p<siOshSgz$J@>R{hyO$j_-#Bhuo%3MKiSU4
zCoP~s_$KD}1DJW3*n9e}^;DAMjcxxpU>^o{On=}fGiRHO(+w4dLz!CTwzFO)fp7K(
zzQuduW9#htgfWw2-A0OaBAJ-v;{)07_#&@M1>Z_?3s?D771voJXB75#G?XY-`=qdk
zSOI+h7dfdwW?#O@GtCC}FREKK({*c$4Nwz-6EJY+7NF!=^B$=|01I9u*6Fjt6ftM?
zeP;37MRBT^rUrrRMNT`6xQ$&>yO`&82-H9886zp{h{cuS1SeIwQm4_ZxY7)-uuQZw
zr;b4}2WnV;@g?;EbsR_Z!c<<Uqu^NE5D$5oF<~g)lOU*1_L-S#w+<uLsfv0*65&SD
zVK{Y@I{?`l`i$X%T7Bqdb0o4J1J1k0#xpR;YYtu9Qs`2tlj(PZ0#d<f0aKj5e|)e9
zDJW(ZX0%uaj+I0abYpq~GZni`*o4RO&07i2Kj;W8T9(IVCzwHKatu}&Jv#8Qq^{|8
z2oqc#k@)m1xWs%8PyNo;N%Zf28kp!R4=ZIX3xMcxg=yS6{B^X<PWjhpVe=%u`0?Y=
z^#cjnzGi9Ase~T-o!pa!se)RZ%@x+Yl{IHJP;3IJiD@YVM=feR1SYn-g{(|1PB#jy
ztgZs1E#D4xJaF3x4Hk$-_=5H0m}2jf{`fs#8`pw3{2^y((~JG5v6K=dYe+bD9nABL
z3Ah$qNRO>bYnI_me}4#*0}X;ALYh@JULK9=;1@C3O7T4Nugj^DB-Rc8w^}EjXZvm3
zS%q|7ydLvMc=&NJF(_R#ja3x%hw_U1$zG1&c+le6?`jRYG9K={oM03WVFySNrw9tL
zP8F*Tlz{vc+iZyBJ;duB<K;A{l9xF}WS}F;92snd+j2A9Rq}r4`C#svSIz!~rm;ne
zatT2=p!Qs95L4iML{X<1T^SN3f@QSWhw(QCMG%_Ov;RRxQNkrML&rJm&w0HgHpO)k
zlH3CtdHJ9u&%S~Eyi6a;8H7~^uCXu#<7Hc@67NY%Mm!36v{Kb_<B(;fK>fNyWgrf<
z7^-jmz#<$AzT+<|_oTj{>*|4cUwD!Ru1?NQG+;s(lR_jms$_afB{LVN+*dt}!E{f*
zx<%~Xv_3<!wCrvg05f1M8-dd1T^9%<o+Y1yLsjeFLZtt#;+%Q#*iWE}+|&qttR&Kg
zfEezEX^6bAsK-;<JTZ6fH_-@g1#pfx_?d;KXcsk5Q{*OQLlpV#bbPS2%l7<FB<9vf
zd<O)`5iH%XOuYpRW<h>({l-GS_$$lHL}P9^v&OQ1B-^V`7@@L1^jEdTPx^IPn(Q0q
zNSXo@RLLFwx8e;g{SulVC+7@&GOh>)Ms$1)1ItoHqtaOMO$gE7Sx1OVasgj(Qa4ul
zy|7rFN3!Cwg0!c$3^DJ$iAV%DYRG<3KI!*wILjI|s1k&s1_+=Fwi?o8o|->QPH0X8
z5^aR~WXqU|PcZge+tRkyL8}mHe8Qo|+#o=ApvUT6ZV5_hID`pF6%~@OYo}+<sa67^
zHmmqEs~w`!ig<s&Q?IWvMF2cbBt~Ls?6w6xU@jy9%x9vdKgm4HTuo*hyHDP$>e>y|
zI~QSbnQ3aMNysf6tVoS(DI95<&@<2O^lP2v+<!0p!Dlf2KLCe7c)z3xEdGa#g=AgP
zVWNysOI{p?OOsfR^^lBpJ+64N=WU60nFUp4ds~%kRar0L<7ZOaBR_E9hA4>3f62g7
zypxDyXpF1{?jdAK-H<KPv@)PF9ZyUx<558qs(yXB*E_Tgowmi>B$%6ogJjK{h?eFg
zp@L!D4=I15L7oY?-lhW8$zv+cqAXBaN1khp9T0Q%??iVzb08k?sEe7G^G!N@eqE0?
z3#H^w%KW6i3O_fwt)@h<M{mMPe{AgrB=!?O0X<Xpf(65axV{?_6?&fW`m+T_cl<QX
zM^Ez8s^yvvHIt-do1B=E$~cG!sc2_X)By*|WXJ*aMQ&vJ(K6i*`_?HCM|Xk}bn})^
zudqzr#D>8`buB6Pk8-@5@J&$^_^E40R3t<LveNO)fq1;<x;QFZ7Ry_he`V?JX=}kB
zZ>XYKfsQ`v)m;mUEQll%=)sufQ0{RWQoufdhIGe2lV3P#@tfk@UPL#B^Qh(+Tq&lw
ztUeygKgA)!F15MFaZp<6C5b4k!((T;CW+vaUmm!Kj>itf>z#s2hf0jeE8`6s_fSIR
za5GnBeTXGatt1YDND&ece}s9qq?SQVj-A^v{A-XnLzbuGs{?U*_t_5NsOLatYPXsu
zKk;QW=Fm&fbcF5Olqc+5+L}mhid(<`OS^0P;e-!=ybscaLrkQ&)yGLX6#t65%$0Vv
z38RFj6@MUJ(j5dq!QyF_;uA<#N%hjb-^Vq!?PibH@MlpN1a?6Be+?`~E*GX$x@+9X
zCXE<^;_ad3cf5UIo#yQa>s#Bb`(SEnTdqQn+U2HbahD1?6xkY+C#g70E5xiIwU7!z
zg9IMfIZvE?pg_y$E)o!TdV)ay4qJ7&NXrH)z;_eGr{uH=+@(2H!^Iju;k|yVW4cg5
zobFfHDmaeDyn3$of4bc!<@@SjnGWHy4hfN!6~nGj^n#1a>E+NgeB!6`%(e#nwCTbL
zaohKnX_E|nU?V=~QGnK^-*sDx-fmW{%3>}(LG&wD*HfCAh8FUuPWwJwlb;ZgXY^Rm
zM+%$Z*_dmp@iisw36%o_x8DUX8Z7X=9Euf$VG=<kM%4QXe{BnTrqe{);Up5(q$mb}
zr|BXh!5E)UB_7DZgJy+dNz#3CC@(}i0(I}9Q8^?Mn3}98X}LgpJAEhjD1~(U`G1O>
zJ786J`}^7^R0bzpuBWpJ0sR--HsW8-s#~GYR8t6DUf&V;-G6g7r61sKJS%_LSctt<
zJ&q+knsvy`f2)i(aIPKh8(NmCTra14)bk@x_ZO!d)5Tx9JEq`!IGZqnM7JU+7#f-J
z4bn#DgI^r+jjkQI0|mZsjp@QVK{8*%A+9f%<9gcis_(&#hf`yIoI2>bFJ&fZJ>4QI
zcBNIpjUj9@fLl1gP?|0})1S4d@N;OrmqBb>Y%Qm>e_ZPBaDA~IDMO{dXWJBS3=H5f
zri<JJ-FyR@eF(kf5xq(T<E}4N9|=G;z_@|4vzVix*`dE@5Mk}2H$gc62ez9!)EQA0
z2MZwt1pIoWG4WAmJCGAL-L(TOoZUrmf^)ttca_n{&ybi%<uP%R6H@g`Nua9?O~bLD
zL1Yb#e<Cn;7qgiTW@|&*FSyzLm}J)*^~3gKAN4}CLNfb8`>>9ZRLdZ|s41|O@wJta
zpojAAZ+LxRXa$O#!X`b85nB>?qMEXk=?a9o8LM;OX4F$U+tYfNd%lhNbm+Ac$l*|h
z0_2G4crjM&k(0>tfem$Sj{uOPHq^FFZF_WDf0~Tqpxc@@g;{wG9N6q>Kbvx(ag8Y+
z#*!);_%Z&;=oW#zPib&51jV+`(4}6I?Bbz{9ZNIq_kKOMzr|1>AA@8A4@${_HKh)i
z#6#jEQ_{5t+U;%5d8k9DH4JVqpke0kx3FztgCE1SO^~c=(agqRAj6?PTkYi$Br8q$
zf8?3v7GTI=O;nN?^n`3ztb5tM3%eVvh{Jw@C~cUq0%3yDCbiH^9GYJh2ZSfGpcBYl
z!IUHtT2U|*aQ4b#vW?}C!it^V{MCis4JX7IpRnw9+R#@1dm0D#RC}-DdC$4_XtVJt
zX13r%U|6{VW(&}D0WJ(fhLMF?nxGB+f5Oy_AH>uCZrV(@c@FC#9GsXWiw@LKC~sO*
zsq`bINTGlKCb~dhl=}&rAayunuG@yd+>V;Nw@ND}*d0=Z*yIelA#!t4`Zt{<rIo^A
z_z1~f6Q{N-bG!Pt(8c4T<0s2h>l^MD+zcQXAECfO;8N{Q$%3J>QcCAobp+Y%f5x^Z
zqw8ymbNg4_h1jCcPdNC^@ST>R-?}s5LR(Fi;ckcgfMbG;X-*X48aZ|kKPGjRT!Krc
z1TDz>yRYr8GZW2zy7)iz)sL$zr%Z~RN^MKantiEo#q^N04PeA<su=rc`drvuG%SM?
zpRne8(|>b!Sx@)8?*|5ORUafne=C{V11GQZL}o%r-@8;|xD<B92`#1o!<a6S1eeg8
zSh$dZXZM3N0{eL$xVvUGE#O@q4zAk5i$hZ*f;{(qX2^KHFX?6}s86Z>%J6Z3K%IvD
z+4Bphi*4=aHS+HbPikAbnDHpHszjYPI#NsyY=!xAk>@i@&kbU%Dh(Uxe|1hS&I>90
z!Q9dV+^g44*D>2qbIcp+a|i2onT;($bnqr3N(OUk?j-#t4cK(VQ>j57lpd3q)~|t?
z3QpHSi;|y$x%Yd!%8v~6l6hyFnR=t06fvc0(`&~NEoQw<_p|>!E;_-K(lcl)nj549
zA8wy$U-C3wY~@&4>{tI~e{@~6sQ(GOp-jDTY2fRP@NA0L`|7HDmhB4*&paGuGp0?-
z@~B>jB=OI{oJ>0w;?)}`{Bu_uMBR4*)-S;5WqBsEtIpQTv#YY4NIS_{aapZbXRDj?
zj7bFJcQZyREdQ`KZP90zSCAnFQ7Q~@fQyQJs6c9s=m^k^4{%$!e?Qtyn_a$sc}tJv
zMNwZ*7t6C*d9`|VZv7;FYkGaNeGOmVd>12hNyT<G-+o0;H59*mg-Bgh)Ol>aV4|)3
z-Cw1v^z61^B+akWzm>1fxg4g-NfBW?$X2S67#m6X;0@nrS|ink>FxB@In!dD(DO~V
z_#D$O!*VBefknICe>ae*BySKX72~_K=WScwo{wKdGuF6ZmPW#7v5vEk^VwqgVm@w1
z<uWOE$>Gk6<xkAfS@5Q0ZHg6N*4MO+)zW?>ZDOo{GoXvIQ186?+sRGEfVQ(gmrV+K
z`Re>5RQl_e8-e1ef7j1HTi$RFZziwKHFIq{-bDrnE~xE%e{~+Ox!%Q@zF+n)^%(_9
z(s9t<Ac9Ivx)9MgKNGGxXKdi^i(jVW_8rC{*43-?|Fr(=55L}&<x2n5mY)6A%w>4}
zl8zT{{Pj!5+|6IV{5Yv!jH}t}@a1Uxa{Il1y}Ei$wlC1WyL(f<*Sud>A71PB+wyYz
zJ$c{L)O2lre}(s&U!kc?K5bRqf1=*}x_tWnM|zfJ4Sk~N|3s3>u4V1sYd=vwYqZ_0
z)EY@+%r9(w`<hpXMJqb(>xUxxEy+z6(8{>Pj@;N^KyE-{7>VC@CXbK!;=;pF5c>-W
z&w#kP2#@=n3r{zgkb#jM;n}m5pUvnz6rSJ20<7!Ve@=+b=J0|4!64zJoXs%VxaB3D
zs`H(PR?6$QQa-aXH#dkiImSk5jMNcgHt=~A_J{U~pGXsu`Od}c0lJmZn_b@)emNs`
zT^F}Ezri)*E|;IxP}%)H=b^>;JPyw3|1cW@_B%IGUG6}pp0={{vy9X^i>r@k?xWH(
z2#8K~e_F=%y%Q0SCb4vk)7sqbL&U?peCB8OW2}t@dWf<1EZz=ceP4h_5Y8SABM;^1
z7!#6@JAnV$oYtEL@myd-ro`6CF4h|~D1#u@^{MhW2{zjZ(I*a~$Es}X(I>DOkvJ8o
z?;-8)RElK$=AIPEP~R?W{t{C3OI-;W_OrO8e}7w-MBT$4=`#wDXQ0H7a7#}Rpn<px
z)I~u1UB_K+H~k@FmAe9DzJM9}mFY*(Y?km)hWX<2%Fff#%oD_B0L?T|`1_WcE}C&+
zt-Dh5IF@-D%>&C+myfeNPq8)wm&iE1t-E=Q<avVB+#8e*t+bDlKCidh5<>8VhZ!M;
zf7rcUu3o?7zh^wdi|1=m(MZjaO*)wQ3}lD>33Fhmjn6HLAbr|6sX+QWWN|}xLQH<b
zcXpo*R$Va&vm7mNrCnhu4BmV;!qSGLuz8dY_J%(KX}2qe$Qz=xc|yh`?`;<Vg)EOI
z+v8h%KfnAqE}PHwI-h#=XC~R6Nyhorf4MZk#04Eb&11$wb{f&jLq!<_Mw#TpTmrhS
zR2I;^O}dtP7*d_>0yn>TMv=kWa&f)7X=u!O@p1bV;m-LPG2KKMYk70Cv8(sh=EDW=
zUy#~>TyBoz!8^sr?K=yYX=yPQwiJt6)o1nf<*Re5h^VpPV>W-F_&8m5-j+Apf44{S
z0h=WwBJIb?Iq=c*7t6o$+_=}j1TX#)@ZR?8&5!k6(pSABE^+pT`f5xHH2;c6#5Kfz
zJF31SX8>g`qgI<Mq}tPWw6U1+A`e!w=-mk&>64?(+ZbjAP~Y5K;rzwb>whn1%q0KA
zkMWP9u=1VeA|@Ysam86n9%3bwf4?03>z9|;4^B6Rvz5b_r(E6t*r@&0_Q>T=^&j^e
zZM}G7!cb`IZ~w^Y6e0W4JRRWSk=r@Xfw8EJrk|UGW=0_od|<RHZJ{AO><qe;LGz8E
z?H{=q<*#()Vr%xb{!@u!-0tA^l7Ok<4C0|@jeZe_Ql^mJ0W3ovkO0mSe;(D*vpvC^
zr*4l9g{{7xB2mX|k07G|_S}?No<1G0%#5L)Hne!k3xj4=Vrc!y@+6>Cx@UV5)E~V)
zvW}7;YO-u6>B=!X1KsxTEVR<hWs(3jPNagFN<?3#L!(c^bBTQF7hN~)lS^^;r(fL8
z(Efig1+b$1N6yU3lm@DVe}WEag_Su8RDAH*%PfN)VnhPdbADgzdyGUu+zm*Swhe_U
zn1Y<KB1|Et?3}6OSh^rdC_K+RDT)2oEuEy%dkr~dnpCUFW1gg7)?v6M<p|7fbxAHU
z`IkYu9#s^dZ13B$bkcs>zrEC>@QXqndLS7}>O_n~VkVMIJY={6e?z_^#w~oymQK1&
z2RtyNCPT&^DlIeddE}B5(9_IA6)xZRJPcu<4gVc1-JhHne>xgtwzz2^NEi{l?1wNE
z#(9w|PnY#&ro$!UqR>r734}6IG@=|xYH2=q2qTah6gk~A>7R|OwSaw8Y!fRzD^%(J
z^-a_ul{*wq%x2Yxf0(9=cWv4cy5-H{cD=fQwWD@s_sy)Xt9t*NyJsp}hAvO4H$@Yu
zF63#qXaXwF10_uw(YO%B%z0`NvDC5f_$2*6_kaG;y!i3wA9q-wxv<X9wvok~R?^xp
zS~%R@+I>iMf0&<nySB^;lL4(Bn%-7a1|D|6%6y!Y6~w+ne;w|l+l^$q(T_XeI<(zC
zf$aa(i|oJpu6Zb{l{HT<P8rhT@NgKK`}oJBZ@|@TTU*rOKf3E!b{!va$%FCCSKl==
z%J5@66qO*5U|xp2gaq<*0MiQMF$$=8Fzuteek;3vdwAC=yUxCiyJl7s{5gBoJeyGl
zo$|mh7xzs&f1FL}cFqV<`V=1B^@Z&E;>Vq17?SXRVb}cMVT`SJmbVJ=yJ|Pj9nnm<
z4wa^48V|@wMj5><Q}>utt0Mx@)&qk728>xQd(VILxA1>ZyT1Wr#@t#;UXg8!XQ*@4
znG2}l*=SyvAOMWmPc_c&7~6etyKh=}_q*OMv*OYmUL}*!iQpTCG|1!ALdDZFLYMXx
zL#OhA?QU*YAHLpiV86DNIXv!&`BaQ$z&{hYQWs3*ii0)`@NjAVI<Vi3{W`eaUk)qp
zjyv1~I*?io{*r$iE_oyq+Zw9(_5T8w0f__@w=7!(3<d=Pn?Va#w>@D5>;Zpn+b|6L
zmBK%e*p_UkZ~|;i)8sRPqQIWEp$WR*A8l`u?|9N<ct=V)QKXsi_T%H@e!SkVhw<~*
zpQq1#)l^Tn-`AhFeN{j2s>Ap`8NZqJzOQcf`|D7*^|<*ujGOm==*#4@uVPzm%xZBS
z!CD#2tSML*9>KshNLRD2T%&(>jndVuE7y*W5SOEEw>o4mLrzxH3B_qJ@^?vUX?aOX
z%FLH=l%%A=OnQ|hI_*i3B5nLll4#>+NurHk<evJ><)w=so`?Slc#f0VaxAzUi|M+-
zVKQrn?s1vmFqySOx_xk1jwQAfnw?x?vCB0=ud{Zxr@U=;lwE|kDSv<Gbhr@SWmFG+
z5@r4FXM1sZ^IKI0TK<Ln1K~%)+X0XF%KlV&PK3vFy!rTVjMGCn^ZF#O$p`0)nTiv7
zT_9$AQ9ko4$_IGhia_xLJz<j%{pt0Ze1Hr25cl#SPS<Dh0iMskL09|U>_zzi=j6BS
z13XZzwCqFN%ZIp^4{(1WAL3p<#C`Swo|i9`8+^QGFUkkFkPq-ckIUpk+{=eJcOmi@
z@_~Q!@&VrY+J|_q_6=K|eUrT;AL3p<!~;E!V<6ngM>u82iTu5M=<nr2yrbHBq4?SC
z8|sXFW-rPIxR4L<=vv3LZi??~AL7xq4#HjQAlzji;vHR|$p?S?%gI+aL8spW6a-|#
zN<sLNHlDtr1t_mjz9Wv{`a2U`gLe`5nwa3y+!6Sq+#a~hx(JyrZ#+F6EkIdF91{3D
zi6gj9?+9Ei9D$n^6O@p!NmnpjgjCTu;q>5V0burXU$abbMS%&fr8|Pq3HA_#PC!sP
zAweV@5>mpkPI`aJwL`$5t8@Z_(g_Hzck>did^!SmZzd?6U=J#vaGuW$-?ow-juxQ&
z?qKX!Isw5oX<kC<gb}z+a|ERmL{K{6pBJe{az5!P&b9z!jLN6-9LEt{H)ev;2}dbW
z=#jt;+3i8RJBYAq$%{^#^mo@^00030{{R30|Nk_OK@PVXW&|$?fAXkErtSy;0JcN`
z01W^D0C;RKb98xZWpgfgZEWmZS#R4$5PmPv|3DDvqs&7*4M{;HS!jSX2w(^8LtiM0
zl8N#VNGg?6^uP4C^p|yZm&a0~cvDtTJ3uVb+?m-qza8#s^6uz5%vUQ2ZQq-+!X3{t
zmS_4K+uKdqFHftHWX3XKWOy6H@jYwGzE~mqZua93lQ4R5tjA}|iWnf_g;Vx9iuU&$
z7n;wOYlL_H-tyotTR(7(2rh#i7w!Yg*o0`1>u@5^E1YZC9!n_PyJj6Ct`Yok*pE!#
z-5Zg;wjDcq!Iv#>1Q>rvnBco-d|cZM{LtS<cR-i(w_Dq^&c)R^oiogg5>ReONsu{S
z%+386w4@|)f%Vl!=3{3Q@8GW7C}d3k;6-50^cF+@@?irv6^UhtRTlmR^u+)E?>|4W
z+-$<d!)KGN?`2d(4alH7vq|`k`D!>oLqN})zT*c>1m*@R_>O;PxE6V0VL0|Wu+d{%
z!?m3ka$7_<u!qFYxi;7fGbbF#{|EF`2`?Uv=!@C4CRLx$qqXxb=F5jd?QyiCQku${
zK~8j(&}1Gh*IxV1rkeP=!U}mK)EBxL-EN-LT<QHONb1u|X{CvnaxVOO<&`K+%bY6M
zt*7j2#p9n|3{QU%k5kCW99l#Hm6l2bF7v2dbmbhilg=-a6>&x+ri?|FBvo8Au&4QK
z1R<1Rl9|tPX>Jk}w;_~XTnkDKnUfxiSDfH*IxDL<E!?FW&E6#c6~Gn(Tp<oO+L|T$
zIIq9}-69*6{SkjRmULZHL`6|lULDJ-ev*oOFZ3M)Go*jZ^Z3kr^7%6>x!r=ZH{UxC
z%I;+^opKTJOvRvKU6WLaS0!0gu%*t`)1a6nYyobaVyg>@u?2DL2W5q$xn0l26%t3}
z@A^{`&I%!*N!xKUfXgFj3U_7`SPVo~;H}_-i9bKR>;ag1ux=r4ji0M{dKVZkf+*J?
z0C8k*kQ9Hr1%|_M5?{g3Vu8s}k^#mh{41omNEDS{M06c<v%QUVv;frus7DCCKVCdP
z=jEY!(e+}$DaCB)1Sx`Ns;Yo~R87ZuZ+HRJflU|BQ_td0MM+9fG)>c`u^>q}O$|TM
z#%yp{Ky<JDU<1vFbODQ2u;kus;#k`Vd_1ss&**=5<nK`+_)!Ea_Ss}(8#~`K925n~
z2zn%RF`!{FWus?kI3#P=I9TT*`iBDuF^PH99D(J*;?x`ff+up<96=^oe~zxTu@7!K
z%hM!5&5`Ia5u;*Uf#4M*>I$AW>&=K$Q;>5Hcr`^9I#g}@=VIe@6lMJy;Z|(X0T|Sp
zaYcWOcAIKDou|30*6?<LG%SyXn(t4TIKM-=FfGS<M0x$UZCW!V$a}{v)$oL}k6LD^
z_lZ6N3XDIJ@<1*?x=Vuq&R!VA82i2R^6B8Ntzd=w+?WNvi-2f$HOF-=yMFK3JI}Sy
zY7Jz<13m|SWSJ4}!(-faNggqi2R>$#06Bll<N+0Q;18H0Q6j}3WT%x#_^)!Dy6b_X
ztxRlAnOjEP>E`xkj@wGZk1rcO8BNbP(LZHd1Ye*LPE5@_`+@xpl!H3xs0Op>#Y<$H
z=o+#s%lsJ_`zPy&JNF339JiOJc5UIVEl&s4$W?X&4<<2+JvFf#@zmrhiP%c34k>?V
zk{d`!b#}1VwP6)^DmjC5=km%)xZ%`_8(=j8AKrHLMoa0DmfDpT5V%yAdQVR#lqw6}
zq0$+OL9hwGX2j*HG+Tk<n#o#Hk5MTqF5+oY&xiLZEvlAX1_UuJ@WfoID4_*!%FE@d
zqD27}c)?mhtk)b?R+(bc7e;UVE}4ITD*?S%u4R}!VoLLGoQ=z%*pO8(@$oF77kPbE
z7OOPe;8~o?3*eGj?gNi0%L^^bUk%r3oizlilINxZo;L7QdUA%wd5>h9RuHm{w+@aX
zE5oG{taZRZ7mawEQZ>T=LS?z>5j?hWt=iS#O5j#_g;=ceGqHBHxRR1Y3J`w*Oez4*
zr`0-!M=>PtkiO6gxEN$0CB+S#`tp@yjNzrGz}yv;dY<tvs<l>I?4-=rs!L^nk%Hc}
zOHUn3HWBQk>(Zna<Uj~aU|<k}+tzfKs7)S*9Y+1G6Pq?XFp5j!x3(~ytlps~BT{||
z*rcp=P|`hW-2<$w7*tvPe~W+DF4YYQc+bMMPVTLN07@3buv6vxX#!o+J<Opjk=E|S
zR`u80wm$(l-n4wM;J<14py=PUd;&nBn-Ea!dx_Ge4i33oD$JDC%ikQ5s4ZV___6al
zJMm^(_V~ESdB+}O#maZ(C&6;6-_vr1d)a*xrB*Mm-ov5<$Sn}y;>v#w*PZ}JgH?Pf
z=D~07;axqoQ6slaBYm;Ypq<lG_Gj3z8#uQ2N1`|YN9%*_z_xbuvYzZTPPTl+V?LpM
z7Y?OqY5>{ae>NbplE=~hiHttf0r1^Zp*~vyf||(?^lCC2LN*GgLtv(xW409q&>6l_
zutz!D!kcawPWJW|ZsLFCfNnLdcmpWe%2>1)xE`5Qq(!{lxPwUPIh<rW@omu}N186~
zoqkh0obYUH!fgL7+MHXsPb~G+<Uoafr|Xg?2%0<|YdWv-`ooC$akBR<0W%Pz8PZ3X
zK4C{0tA+%|A@bv6t3Uw>I-B&&;%$<}mVC1q_P4^ocyr4d;eCI0eCB&7r`d^`?j;Zo
z7hShBqudJUCPH7WfOp)cKn{@j#@ZSOCwfZ%IAycXzu?0NfVASLKHFdY2$Pty+2@bw
zR0q7GLjVk&qXJ%TaKJ~Z5PYPMRw<(VAU|Y><l^$A3F=Z^p55koRa;Ug`QoQ#{y|x-
zaNVc)a0zeNg!z9lgo7aPn>hsbl>O^ruIkH&l{nJ)xi*r<mORqs`En#ni}`Z7(s_|z
z{7rqyM2D}Kz~6}hJ3j^KK6K!VD1unwu>v2ndsCLWAS%RD0<me?by4Bp%K|@Ijd@`t
zDTX%El(9To$%434r1^uqk}28cmS07|bAmv=)B*`F-$xm?YXO>1{3Y=c`Yt#MT$W6N
zODw@<UpO-Rml0+N6$#&W6bD%c0079BU3UZ>f8BE1wi3SYOy2=VSIL}6)SrKpv6WGs
zBgZF}<4TS@?TrT{Aqp``FaRh=exW`{U+jFKew<?I#66QXH_2!L?k*PJ?tTj&z50};
zY$>#nDnD*?TI~iCd8A^QC&!KVSL5bkgBi>7n5QZi$BmURjaS1Te>gJ6GJKnx<Ho|;
zf8u2jm}ns~Zd$4kIacOMXWZhaP6AVC!DF)!!e(jEZMXM>jLW>iB30)0xX~Z<8m!Fa
z$5NcEC7u02V|Zlb@W>8lWynTQa1_|#QQ%}7xq#!+u87=nTN+<_qOwfn))&8#$-<Xi
zDC=S(=TgM}+PS*(MH3OrGV`VH5C&g1e=gIxOjD}$A{Y^^N((0Qx$+mLVkyNPo7JC^
zTahSDVsfP{Pkl|7S|wT-8md$o>f@Ehl>ryjpSjQgjbH#kbel>bBjiS~_tSHK@9F!q
z*S^fb#{fT?-?b8H7iCx)p(B-BTvsbnSunaUwFq=|?&i*jsW23L_Pah(B4%e+e`Ms8
z?t<!9UW+*|Q_HNhsUSGo9a2K8zxrC3NXx<^o!B!~{m;|q{;n$#EpnBrL<-{8InR@l
zCv;)-cIN9DU6W|eL{!!##eebyH$$NQUtaKB7;?(DKp!Xg{YmqCnM$6sOQmg@lr>+@
zps>c!djP^N1Z$jS1-@k|fC`}Oe{QeA!qQqq%_^1%#2$M$dp6~XsX60pje>{o{u~lL
zJkpo=$K10ePf^g?jbL~bA=KJw%uvBPPNK(v*Luq@fV3-jrrNpS+Q54Cao0(LN}nD6
z@%!46v+&oA%#f5wh%={g&NG>=s0mk2Uz&nPa1!+rIj|HBl-ij{MPzYwf4fD^>c<~Y
zks(PpSV29mYUBUs++UBt=S8?GLo9y4Jwf!<LYno3u?06QM|BMaaxYct7RkviTM1H^
zuNEjO3?Bk)JgV}^<s0M1s7L}lu|ta8srFOj0#<lYq%z`RDj2#ELt>y#S?8-v2(~>h
zD-X9#;03&Zy~-sHw{peif2DT6Klcs3{>eE>4mCkl!6|Z{N3=rkZkM4)2nGnu<tP7G
z{Fa25FG-W)OR~#6QWv)6W^L4z^BSYHk$oV|_?Gmkf*haLwCoE3IZ=jam_?jc<f`P6
z3O18jLHE8Peb$+23LHC<kI(}oD_?S%Iw1M?;T)=yJNRkwv6PxNf6|FWZx{y`)8HNH
z3={t8(Y5iv-}&a<b`v?KpmMmm;}-$!PdDa+Iwo?ed9h$Wmx5A-+33<YV|YP;SV+?R
zMwe%7!gDmQI;Qo@Xv{9bez^8^!9mSkiWAg6d_$I|0*xp{H=+daQs|0(f|HPr>8J$Q
zWJJ#67H&9Q7@hxCf3IZ2!%nt*fM`tbeG%9JDo-t$y<T&0{|ic&Mw1D-pI?Q!Ao&L&
zEsEqQQ-Ue3i7J;P>>b!lChx0@^3_B&xr!omQ{|uoL+w|i>lp(bNGrHJx?>$Qaui|j
zl)h!7qF}E91(a%1QuFnm8}xzrku9@AqxU;4w5~ctU~<7ae-x1A`$h8&r}M<gLOMRh
zz?Ng_FimN9MQ7pkQq>rZN$_VspR<Wf))_)F^CMyPSKteour=YJs)e<V`uJKg<pud;
zyV<y!?EG(LYhCP`rzJ_dolltf^0{=AAwok`s8VB$7^D4B?RqI`I!^`W1K=yJ^kIaI
zkw#Xj_=TgBe-+ipg@{2G!qu+-Z|bsxB{}&FtP6Iie4)w|TqRfeDpREa8QVme!8Qk>
z!O1Y$MUI#}dl-aro{5S)Y^mA{M;_dOgW0Yq?emJ6V8XT-n`C5O`3Jv}8F(_!ikJQh
zY9o=Y>#OVK78dRnU|C2(@NEZjS4<zKCGzdJo5Of|e}A(x)Dn5?gQ1uG4b34tm(k6Z
z;ryefP552xhN*&Kt2BD;cX6Pmw0=GA%TBA`>iRf7ZFgI3BIWJ=!2$2Kn}b1ruh|b{
z-W>FLy=H&j?GHMg{a(LwNZKpL0;bEHKpSO((N5~5bq^9#VX8tzYET*OhI@Z)dg@E?
z-h}C+f2Kq9#KECB?1#<$gS~dM-wy}PLA-a+j0a)J2fe*+?|`uDC{<-_wZhvPVNZei
z%r6r>MLph9)<-<msw_-!D^^SQ;t>>DEv2iW!9+${88x@9w_<f&Emm7h@Ficiiu_=R
zgP0Enoqlr=wsD(>gHH2s(2JUT{rxCB2;2Q`f0vYet`qk};H&bE`xMRoaW|TublMLp
z1HEqMswj0L5Fbq8b-nBRxb+pM=9VDo8~6#WPYT@@41bRoTkYnF*JuR4T{gMYq_^)h
z{S8pdR!E<x=a$ePl#y0#Kk_|#Q0K4UEw{>C!XH)z$*c>I5`W(q1FkPyC%iAEmBHWf
zUeuh~?E4CczW^fy>(N{NS}13D>JwG{C+z}%aM%_4XXZIspCp-Oi7TCTt7sqY@i@h>
zWGO+z6A`((RJiAI0~!lv$mSrdA&+hu4;479dkFO(J<Y!!bOiWI%<zAgLB<3Xx8HsQ
zVLJ+|)U=c=2LJ%bBbSiJ1QnNGx&#M*-E-PF5P!d!`yYIsKHSZXgN+RarqBTsZaSAX
znWi6ikHQw<i7dI2oP>7zzu!u-!J#xHg~@%92VzO9)oOpcD|y$?U)*NIy2f0jjP`Bs
z#I-F<W0s_J-nZYqoj4ua5)#n_5k_&}USeUt82tFd^SBo;5SN!Zim?SusOZIieS0Bg
z-fJ{OyucX}CoIPl#%7FXNJ5j(8wp1@z&s<3rt7vFnu%R9K;OY2Ln*E1^M}l5vsoJB
zF^h`~Q)#5&m>>xn5Q{Vy6}Q-H^X69^voz*Ru$erGS=KPjs!ahiuhm%XY5+<~ki=fs
z4XkTK`nGE~R3|}nZaOe^-d&o1PR<IN;3Q(40vt8^Eba}7#GC@Fh*1erm-@;cr11>#
zt0H$m+#EJJO-U-3dfWEkIq;4a4D?~W!5@p1W6`%`FIcM}c&q~4u+eEWOI%^IUeFVA
zNwC?F=Qh=D8>@A-2opre6vbCcH#OoF>3UpE+*F2|rOik^$W#)nA8yruFHhse;5q6|
zS+cy~7H3j{V2M1Qq+G}|B;*C+V0WIayg;7A&y28}zKsb1TS&ngR6l5e@lUpO!%^P1
z#m541Y+H!N&<z@sylO-e+Me1Y>JcF?)z)<*S3UU!SN{?`djrylPeAIrAkS1wmFnN3
zZ&PqJ<#s&10+*xgQa{;$))g25OaaHyThQcFBrr*pYr23Z>Ip{DWReo18_ExHM7Ytu
zy!A8<DY92AF@5cplEBDYWaqP)>GrGc2C%HS0B{=%D7T@OT;_NNaiDMino);H!w#d3
z0gTK*EH(yWp^c(aj9#WxmDU#rWhtKlRJ6aWHK*m40|gt{kOhK&##h4nImg^eut?`r
zNh~!(!%1o7+w82mHcQ?XK#hLc;Dc$R>_(yZO~GJg0KHKeAv{QJlMI9<Xn7|hh;qA>
zDd-FuRLQ#P0B%J0;Mokv@=QqON8m4drs8dE>uBjJ(EbZ8{Tn8wP_7KgV5|(OigKus
z?5%2yF~Jg-K3yJvGuJ7;@y9w0GWkd8*X0;Q!awg=V1jeGxWGJC$BRC!AT*UH(~!=G
zw>4^zV9guCB?I3Ap%!U;MX{)#U6p;-47sx7`z;&dOztOj6Ng1tONlhWAHd<CX4(2`
z>X>@EmFuhJgvlX<B6ERQvO)!bxR<BcA4lpcrdrpCFC#{OSapHWClP>vH9~1pM=|a(
zo<N|i-%OGV&1REuT1=+|*4Y}f?mKZ%tn5ik@zv2mEjVVItpLny*TF@$vDg|Bjonx=
z+>=<rKhzf}``|R(ax|`2sFNv~!3^&NT70X5uTnNVSp|nv`*Y;`9XE;sr!{V$I)U4b
zoYAS@bWX#6=D67n{gxj^UuyTtN8c)g+J&m!D`@($z%NU0{|pDX`txA*F03A%y3VlM
zbsf(S$EWR9Fbdr8i#}ns%z8J~F2Jiw%r~JgO=nN&%^hy@)^LP={f@Njh2kO5`-g>I
zgBJJpgx)VNb$8+eIYNI}=v#+{UW2wb^uZDOCkXg|;bEcIpzRHP>j?c5K;Jzq^cu9i
zp>H3de*)-7hlO5)wm0-!@=EGTS{cMW38dqF;IQ|B@nOv)G%0|+-vV?#w4Qc6n#bSr
zk~ncD-QmayhU38LM$M5E4t*EiP)Gi-J=*<}7$g1Wn-xT+XV(N0({J!hy$jC<V<Z++
zhIsOS)3cY)+CBL3e3hVtVffvg0bM08NIxhBw8*xxI#;aD*Q_*Qgdm{kRdr!0VhJAn
zhM{bNh+c8ss}dwKg33yn)9M&=&ZPw@4wEv6q{+Zl)2_9kx!zz!pyJxS1kGIp{w{)G
z7eQ+mL3<ZLxSas@3|cRhX&M>=r3(YfKQ`BY;X3WWiy+t0Y&pYG*K>kV7`dai--_D9
zd(5~@ge7NFB6PKB!EVm*9CEL}<Bg0wjJ!us8?Dvt1oTBnzD8MD&MFh6s{a!6t^IdW
zsx|tNPN`j{pT1^wh7siD&Y-AMrczD*3^FxFY{2Jk)^FeHfnr$CE^3A7JfnWPV5J;?
zQ{z4V(*j2KJ1cen@e18z>K0^WS<2qtr{bKF((TH0W0Hz|1SPdAF)WR4j&fsm+k#Q6
zJ?frD-q`UwEl7QOLC5L3-oyzz<Bsb#!w{lEJ@Lx@N2gxHhU?d}uiRHfeKZC^p^A5&
z>+c4<Hn<CXF92iE{~8U2-b7hQF}YWNGrV;wI3VoqPGT04_7GLZ%Hvga^A*}Cz^p3X
zmGj@1hM&&wNx^qp&6aJ&s<1tSdM-R>c>+alI)|b*nM1`{)wjQ=w(M=MEq5MPTh<>$
znDW;nDxVLjyq7gKQ!st7{X&rBDV3L4Ld|=wkB^0p)Dy<w^9)msL38{H@p(!zg)Zu!
zgrHjW;m1j6TkvIo{;$44&;w?=YWcP`(_Bnr#S0cIa#ID{SX^D8Rv+LD{sNZ)i3Ajv
zO`!xIx3|Fr&jktlv7g3w2mk<amygE;9e-PM+qM#ZKQsLgEXNP0)1gI*x=-YeOhuhE
zzD=Co&KpER5{^ND0YKYIr~kc+3uQ`CWIK*CZ7M&=#BBjAc0Vk3_r(vlIrXlwkc6|L
zA039ihgr%q!sbK&=eLuf=X+8imLbX+9{Nix{U46L`Ok}VkS>r=mjz0(2Sk`0q<=$y
zp;R$wG-SHKIg*FGzzo`ET;xbWQOp~eKsP`<r;TP9b{d9=?+BnzAdn-%s`26><N0hx
zQat8qnPaBxDg>rT0SDxQ6tbe0Mjg@ofMQNk!6l!m!<6R@ORU-y5R2N4)vk_!Nf}Z&
z>W3}w8quL2`VC!45u4iz%z~dUZGWZUCChM@aKYd>YW?$cFro?z2BZ?s6s+3uD}NBj
zb0n_HB7o%<u*oT*L@mv>{i7E^J6UkxhxZ1*D~Z5z=%-QZjs>m9G9c_WdX1(#SJ-US
z8c4OI*ls8an|im6)x2g26GZ70rB|9awa%-qckO!MCNuOXBS!i|5k;~2xPR5Zf~1S1
z7ici$+44eof-8Lpo-EP{5mKEXsV<NJxr=<Q1?n7rW|ZFyeM~9H0s(2z^}q!#-uvE-
zK*i9P?@A=F?;(~#HE>Lcs*orsM|zKFK&86WTQ`M5*Ay2*|I6^~4Xj4Khpw#<)-yG$
zBIdUo`V3S}tDPWMpmK~~ntw0fy8<DAA)q*B3#R)NNlb}W%@EEL4J4-|n-EG(LF*w-
zsIc5uw~^^X%lwpQwyx6-ft+1$nV-*QwmPn=8$hz60tdG-fmR#lsbzs@fCEGS`<w+-
zS#lU{G+<;KQn}HPN+T2%W6U&;Rfb;zn5A_FPNmWpG*CyE3aL_h|9>s8@DxrLj8i^e
zey10y3=J3z-@y4sB?<7Mj9_p$Rf?8tYAM~EjBEZ`mN3o6RRvI^rUuVuI8`T7X<-JT
zH6t}`d%$~f(`fe(6gSK=jR#sgHw11aNcN1iAXQL<O2yym!WdJmuv09D_16U7#AAa+
zT>a)yuw6mE`rXzvU4QQk7iw{VMXEvGTp5woP7vS`n~!c?rO}ska7P?Ki-Wkssum=@
zVp!I1kV-&nl3WS$ZqWv9FXF5&<FN15RFY))SAgy>Gi`k~eOY|Dnd`F^l&g`z$X?@1
zUTOqL2U8^CaiR?(R~i$Cxhbdiu;*~W7hw6=6HI9-;ZDbyZGXH*VwnJZtzG<ZY}lMB
z$=ta+Dd8dm$g5iv7S!Ozc!Otp1+$|ul8Y%vBK!8>r-QZzDboO55(IdzI~6Jco1>C5
zyO2V8Fq^$hK)#O7IJ9FyW&~%N$hE<{LgTBxt1Du*U?yKdYz3#gZX}dyNjLZ92Up7j
zp!Y-hOb3MN3xE67><rK0a=LbghvQs|%mL*kRpjKF!o|9cVXqE4gM(KGQS8_TTiP4}
zRgM-MgJvcx^X<F`Qa|01G96bZU=8DhXZYwx3}zpqW=3N!o7&A&>TN%zaQ$fX(b{9w
z_q{%}k9KI@*CD>IL+ic{?fW`(?(5Lq-T}@4xbB!~3xAaax<kRY`i|BtfG@8UU}61{
z#Bnc7l2*_jcU}gqu%86SFXLwLvfCUt``x%5C&{0+H^8G`0Iizw+ZmLMyesi5cPab<
z#+LaDMy+-yXeFaC==XZvpf{R~!bvhZ9!*+*I&_CM8#SwTp_R-6!X_>l1xg1sTyQlz
zapCn7aDU+(UUtuh2iEZ4G&R2pJb104<@Fv9c45-L5D%iyiw8!5*6_g9?8JkUC*Z-P
zq%(LlJ)@BjyEo#RIbmO8k2PZdZbrh128EM7DC|MO*z}c=(EPlhU=(N#6kN?tP&j?!
z<3U)z;`2QoT3;_NoN8P+-Q&U@7uIkg{=B$g6n|(97hKIwTsV6QE;L5Z_I5C?wXf5c
zaHiqlY!3%}I9P*&D2O`aC}?$#JHcoYb%S`^Yqr`+x1V&I_xlpElPQ%Z^0weNCwLAn
z@Yi@FFaj;VAczy!Vwe)@5~R*hzV2bu^_N&|tzUC&JCB_1e_T$d6kn3}byDE%SS@Xi
ziho~8rWTd^d^HvoZpf71TGtr5t$Zz=s1>z(QMa?Lp%0Nr2Xl8L3|W|W-J1)3zLAL;
zeU!9J5rp98nu%NxaA=xfvR!OW*eNn=)9#zQj+u!Stg#f`UU28OpV~Epdux&_@6Js)
z^qrp&0)V`PFu@67S2%MaM{rZ3|8wycB7Xp<5cIXgO)$|osbMJ}Z&WY{Bw@7z241JP
z+%DsJ0%JkP`NIBA@!0++hGW0-FzkclV&E2s^axo6s<aN)RL!(uC*wM7_CG9~jOkJ>
zxCKcPQ#zt^=E5ZqVYjIhQwlL^i8rHTjGsE6J_vD5tE`{i>My|8Hbt(j@AE6N3xEC?
zz5G#-Oo!?%+PYvfWgcW3^xMt0@1;7qU<NUD_{<B?YRTr1SO8qGIR>8+-;cJ(_j?bE
z@0+9)9sk=I_}1|e4LoZb++)|5&L!Dn7l^6Nt*NJwJO#UI_QMYBGEK)=-C*qSYHABr
zn7#s@r(UF>XlnszW38D`wE5aJAAkO(NiKUmc$yx7l+l%BX?gpF$a6;Bo4`dDGa`#)
z$dS2{BX^&Jk#6tkZBf^D=eYkeiN-<PYeUo(4D+BLMw6i18~4Jn+3j|dupV_4@uTCe
z-9{MKL$4y%*_UVx3x!Ot^TH%}MjcQWNbH0*s6Rs^X*RKzR%4sD4h7b1Mt^0&s)r}c
zSihol_8=Jh8|Fuq74ndLi0S+zxe)(+BVjW;?jb3X*79(c(j#!Z5QM2qtROjYZmg{Z
zMvyWy;T&>qj2&5^IfggVoG@v!FAuw5f9VX}!>;c^3a9z6lSNH~9j;5U53eyz#THhy
zV6w8XiBcPrYYTLhDSh-80GC3>1QfR=&;;QH36ZGsXypa~05z8n)&wX4*_Sxh1SCbB
z<<bFLi}t}0Z-<BH@|}<D(W_<7gIlUJlVTXghfx?%k;;sT`7nHUJ*oA=KpP@5!lj_Y
za7A_aYV`9@N9iD45M{0km!Z}K6cA-W1&qz4%87xdn%6T$?m(Bt)&wwrd?7JssghdG
z%wa0?x)W9%3WUY&`ubEOFj7Vgjr&n6xFviTMqwR0IT3T$K}GG|mFrZp6dBDDsRX!V
zV}70vj=7;qfT%<Y16q4~<xjGBPSj0V)Ii+=4mo9<nUy_uI64B^$wGoXg17WT$rRPY
zFpXRHCTKm^08zKzt2exVU*WKEYoN`FQ+J>^YT#+>>wT>X6T<nFq&H}rjmhh&_v5&5
z*BH3Uh7o=kW;nGUOZ-(VU5t*%U@EiKr3#cZ=!8HQ>4Yh5&WJXbL_yreA!dQOfS(zc
zcf*i!4za)>8n7R%Al1h(xKpGUhWbNE6b%C+Qs@SY8C5kB1ML`p&qxMbn=3rJZ4}s3
zTq^vN(b-$jMt_8<tqAm)TCJG<Er+3iRKv7W>;_U!$SeC51~(7{umlpv9>GqZ5=}Y7
z)QrHNWS}Ky*@SU!8<>YQ;mTRxEMq%|m-)HOTwkXhfjFmcnP1FiuDe-v*Fj_@1su1t
z0j7-z%&MR>z=2_Z_**V&+&FQR><m!i22#B<kZKzgm0|2Q-c;6J3XFw0174}}g$&GS
zOf{Q};8?*<i3B&1IYkYP6#y&Y8_Zs>!T>&ujS8I0$!aSnwck)kG@i4EKpU<*KpM9_
zbT*@@InxFs86wuMMA^=}KVl7`?i-9XDl!BEOwFBWTL+SV^Dzceg)^iy@){ds%Bi6~
zt31#bTpA2d2l^{nV#q)^l8mSX%jddffx-pk4C0Swt|;6RwMrzHTLl3^jzV;&1C}kf
zVpyt-`c(G{xOfL7c}r)wVm2BRy_ia(vR@9~9W){gU^@bH5(0^ivkH?yF)|*qohF3|
zU^|C0>EL#MbgASV%7sP&w>A$7%sT||N|0;Vo!6;XrP)8h6iHL4aTY|sz#E%@k1uwm
zV+*VvOW%}OZ{#I6?Ch2U=I*oE<v}AJ9KdhSTMkaPy9BztFev(HPf_L%*dJtp7b;nH
z=GqI6H6=2mqv%(=o25~<W7kQ&{Z6v(z4s1!)_D<s>j3)g!3mAWCNv+L(0Xh_`>_d~
z$0l_5PXPOa#l0O}qY6Ur5V}P8MianSP%5arpOR*?7bQun)*g3GYptlC)J{&DjoN9q
zF>ds`&2}?MK5uZtXEVdr1}W+cO2Iyq^mmUJpP&faf3;Sx-LADxCau~@t39qYjwj82
zlJri08>i7{TP3Z|Hq)w8V4gWZ$j+u*TNbsDcV~1Ci1r8FsdF&$o&e|H;G-J)5@Ozv
z+|x9V9@u|H)!zO~sxV8xkaJQ_r<`7~kDH=E!?kK;Ssgm=My+l)?saXprh}c4POsmw
zieLfXLQKf6V_V1{mZehytZ0t5kcxq#mft&nZF45h$<iBhV`63zeCtGHc_}>?pSl!-
z$eQFPxKGYu_?iM^CmcALEWs#eOx)1Svp_%x@|RTCEWJ4g9`1x&erGEIsPgcjfkoiZ
zwFUwlel49Ed+AC5ytUtMw8J1pnmPk^2A_EW%4jhMipuA}ACaxTgek`RnPTs0OwnF{
zZ;&v(fJN0hK0E$T%)S3Y;{Kfz_9v4lD3WlI*2kX0STI<pydR`K_mE`$NtKU%Y;AE9
zKIO*{+O7}7+ugFK9Ii8(Ry@XCbD%cJb6?{jxi+%hm2C$sfR1|+W<$Y$A7QxD+XBXG
z#WK9sIW+fo6E42}3`f3%h`4pYJ)jzY{rcbI=~rL>egN0E^V0BDz_r0*EUN7XE<1EW
z%^js4tfsEvxyTxIzV<N!l5F$piQn&;z7X7VL3_6XPR4X`0$1G|ee8jDP6`J?`xtV&
zbJ9Oe;&H9nYXd`$TfJI8iYK*hZ`_NbMz`BdfTLEA!SH(8d^Sh!)}!VoO;$~Rd_g5+
zP!t|)E(-fd8+U-#p?G_MH{@8`Lu{0Ux*y)V6pRC>+hWi_pn>X+kv-!JAh5%ox=`KK
zpK^Vj&L6nCet-1rDbJja^Z5$)j3g@*6XuE<cwn5{D!8Boo;M~^!dtj4@CCg00jZud
zq3sLmVHcP$zOo;7!vLOP?O%K!@U;VOIkuW1(07#L8f#gwSy{L@y`9aG8m#}fWArzd
zLB<3Xw-en2)F}z$e~-061polSm+%G!B!5wJ+Bgt?znS|FI`<(j5Nrd6IG7olUV6Qm
zw7rtMK6EmSV+*WCwx}e7(_eop%LbEh8KyMBGe;(gv9(@FpY-|LT{FmHir_C1?!q%t
zp12~2aO{g_OajgXo62UuVs{Z!<JVsbOZJo{n@&l9U42;JlkIR1&H_x0A@nm~u78O9
zIi~(SOC?&kIFp`%Ln8BL)lS0LpKr9F(3ievSVk*%(c17a94xd;c|XU9gq|_UO!%2d
z+q4W6FvdeczGKg@Eypw)`F{g}k2&<LY+zVu?#swC;s(|2T-#E8$Z#<@=t**RhtXF?
z5+Uy?c#Vm~T#pRFP?RGCQw-UX-G6z;RP_XN<f$MmDXwTI#mSUVy0Q#dlHfq9sdxs5
zPo-n#QWo58qLKrtO$)n0tAfP}m?|j3GVQK`^j)tukka!xnKMBojMepT1*56N=L(<L
z=QENtDV|E#a{BGlUUx3fi>s2&UB`j*B?)B&?arxcjWC%-(zPvZ{Jlw%5PxT`r5y^^
zTylTj%)51^GCcvTZc`~);u+FF3YmaW#yvw{z4QZ&zBs)b18E40)+IP*%WHrcT01xS
zg2FyZ1eP%i0ZBiVY_){SEo=+$Yj1JP+z?9uK4z)F0VM$};*+bune-K26|;paVJx>S
zgJG&YauUO2L!#Cb44Xccu74Vlnyw(pjF$aO^%&70B#ZJ^<q7T}v&0Q>0$c55IGD0T
zqA7sk85huW%LxFYx43QQv)A+Uj8}>YrfCd+&*qFv1do8=juIh}Wa!WFhxdb)ayA^a
zpi4zAq_$8odVQX`7nDHHZ-9g7!|hj?#C5(sU*{`T4moqL*aCkhGJm?jl!~0G;4O2<
zFt9C`M@bMdo_B%JSp#*PUISST<aFVnj_n4r;ny6rGPi0BE<bXTNIjI{rB4M`Hr0!2
zBC78ZpnM6-y|!9iDNQb8>R<WrL>zuGZ+;s`7)$FE=V(p73YI9>Yn$>ewb%X_sZ|+X
z<g230Di^DE|7^1>E`Msos}SoaTtVaiq;T&!DBQ7krLcXZ@XJ&9UHpK;Q_kXglDG}z
zElI4nY#)NeB*$yAdgRrU$^AW<eC9mX;<mXaa<^Sk;?AZLw~sVF7>%hfG01Rbcm6aX
z-jG(Of%>_yTA;6RVq2i9z{&1Gg!LgOC+ZoNa#~AncG}OOvVUh4ay|%@%~M;&&1In6
zInwiB^n44cNrX5SDV3sLK{9Boxt7-sgw6+4*O|g;vcjp3vGUp8EOz>j(p|f^lGt{y
zzm{0bR`f0z+<k(<Dh<U@t$+%_lgTV3iQ6;TZ6$%1OGZ^CU^5jR;~B%~?{{S`3e^@>
ze#!IqRUSGD7k_>d;BXI0y?xEHpO$rYbk=F9fEB2u{*+>FVbl(}<a>4<ag5*S<X8Dv
zr_MX&b)CISGyQH6<5fyC9b0eTqB_$nEFP3+R4Q8TTjyL=EPlK^qkR3?re3)J%koT-
z+kGBgt|P*l$WETeL4gKh#<pSzFr^2d^AgP=ghxYl1%J9s<`iF)1ua0UhT_wG7D7YV
zn3rF7Cv@*f=$Eaxeo7Pc2@95TC|T=Z@)TWpIF#QP4<RAnlr767m6Tm}Mp7stA;}i9
zW#9LCMUgC%2xXZ<DP-T585+A7`_2qQGYrNu7-N>7-+$-1?|aXCpXWXI+;i?Z=W}e{
zt9R@>*RjM}RX?}1{jFC?k#J+;zhban!TVE#cXmeg%lwbwiQMfpEvw}|x`IU1QL>*%
z)wSJy&BEIzuk<ljgrzNnPB%xMq1;T?&#-UjM2dX7qoEi|)bbM!lo=R82XD!Cxfw`7
ztfj;Zz&-99zSl=Ak0uf#EQ0!nFFh+A9gan=v*L9hYHUX{rxLbDYgo}X4TfB-;}==o
zC{+nNS>ocXmw~I6d2R;->)%8oy4U>$Z3MrHoPQ{i;3QIYPvkw*w+tpv$4>jqw_hAD
zz4FVJa=YYi{gM+OOnCOEbXBc9RwCIRx=rCSH9{$Aa3M?O&lC>Hw`!oU>uP#N*XAcL
zC!c-lOHfONqa^pDZ#lTaOY;3wo-wB1Onp8IM;}Hb;Ant&4EJ@N45AMN5q;qS2c~(w
zRa5?XQ&Wo=FZpdHKW*_tsUEY&kTiP-8=DJcNBbE3)lt(AV2%RiAAkn^vH^zi&C<6$
zqwQVOLyT5pr#jA7GEJkMp*i}w5zgvyVbrxq^~(1TKho+iw{dvf8nrf@`>>dNJC4L(
zRFgKOI}4-+$&Q8_;v~MOExxa1S@Sj&xZEbXcDE?$gQ6kvPP5=zo}p&i;@euzHQplW
z(eH*WX^Sbf>}%SFS>kO1QVAq*(LmZFG>CPS{lmc(yTlBG=CdB4(Fwz;%hCU>Juf1B
zIBN*HOOYSlH#|=Bxzl`pO~UYgk<Q&_jy2aJ7DEtlfA$?op~$*ON57eG&Gdth9>u(9
zE^X`1O>xnC8gGImM;(jQi&{Qx>EDzP)oo^9!x|c-ZQa+14-)wmOX4WHU?`dPFKtV&
z8MMY!#9Cx}Mf)Ae&5%bt`s^AiO^s-o>&sk>z42Ke1zn2zbL(}oxmLZd)4fV{C^mJS
zGlwS%SX&p6bXRKa=vd=V2IDZH+8^aro*+C*A3<hRkM<wZTo;*=ch4s;_Q;==l<!Yy
z-NCrSX8r36uRpo`9a1S;{Cw-mO~F*nZS-LF+bcsEOJmwke!?jC+q5Pqzv3K7*E<?;
zPCecf)44n0u8bc++Km5bxaT`9>pBDP>3bSUzyVc!U1#&^KFpgMy`~eMG6wuJXN23E
zGMe<q*euen*Edxj%5R%G9XK$5h`UXdDF+5RCt~gy$}Ki+5~ZAOk1H2dU?XCM^r~!Z
zN-?wk;5@J=W5oAmIj~}^W8Av<T$_@4mG!UxbFk9$sbSsgAOsQ0<3KB91R<S$eHVbe
zRTdt)25T~JKigyTdtH*(8*l8ScFPFK@c*8j>Jff19?e!Z)l;;iGjjMD2;%wvu3ifF
zj|S&ARZ}gFw=zw1b*R@X&lj@)b*s9WXZ`*Bc7JiYy~&HgekbnU2*zeNTI4n^`k8U`
zRpI95=Y_iEk9S(x354R-2RjDAP6a7|Q0|w-UsR2Sk2?Jw?{aGLNcXxOP>-4||CS~(
z+~dNuR#Aw;k_>!ZU9D=Mr{~3!RNDIPI_2j)_hai*z;BY%BmT<C)p{3N)M^n?Z>Rq3
zLS<cA>E!R?O70EJRy)D>F9$2dubyV;Y04GSMt|7B!4Jo@_g%$k-#LgTrcYi1$?E@H
z5v#MEiNSZK1OpCf|CRj4lF~~b9QPJ|D9zQN(+`G#$OghA+fxlh73t*AHHK_Fz714x
zXy5pV_%<h0kU6T?BqTgJS@Zk?nRkc-6|DR`>{3<*5E}c(!8l?LRPhyl(EMyQ_E#6r
zR8Zn{ohbCGqpNC|?5{mT#j5kbP(Z#6Q#r<6Aoz14M|}m$M6rCR{5)Uo$;M0#9E<K5
zWyg*6+zRYT6=~7bcE~r<@uPP3@QCWjZuO5nj~pG6twZ&lD?U;qzYOB`@W@k2J9-~D
zL8T^2By8n`{u^!BXu)>J9WF1ktckMsZzqCJkb$D3dVZt`!=^*GSKa^-SB~9gyh1|j
zvs*~f#DFK(s^R-WLr?2mmSep_P%f~Dmt%TUqS_EVW+c&M{a=5FreuEW0cNDLujv=k
z3YM*@2Ga_|<E?Q5rhi4tQ48UuuQf}033(M)d2$<l$KX7&7O8Q5gaekq!>6el>^NNc
zXHEYVh?RGE06JO{2SCx0FOhMHp7RT!Uw=XB`D&RVvg#2lLlS%DIV#sbLg|(vW8KC>
z-APoYfR}G}>Ho<<Am$O+!9&r9j4lKMD`BNR_BqsR_ML9yta=#9o$_yY-u4xJ)ULsz
z0zpW((p+uQ)PazC`;H#qlGBG)b5tPP(~h4)Msx5?GtdhF=(oP&F2#Q6qw(glg7+}{
zRKLea+bDb2rvdcs22)D!Sl5`r<E`Xx-E=FTCen_%PtTi>>y7*i$HH+c9KknVuiT8=
zx-hHxU7P&oyVlVoHE6hn&)Pdd@7g1t2|CTZMIYM!rp9|YOV4>J;`pSJiuJkQ*3)_G
zh2QndMALZ=05|z2!2UD-k7~=@E#>U5caPXpE)OKuvRC7J*iU){rsK|VDcT0mXWgf2
z#oe0!3=VbvPJQ@l;%HC4pQduIxmf~w0W@f^y8?b6nAIgQ+*Vnu1l89}gfoH~W1b`}
ze8f@}AE2e947-xwZod#Y)iZtYP)MDjHw&;mf4QX-3K)Eb{n0*veS_qk<?Qy)pLnC{
z%+O9?{A<gbUsHWigX3nyM%)y+Ap?XK%RO^t2q|eS#2x$gYhfL|x_)IK*hY8Iqwsgx
z`$|6hn&ZGM7BxNd)OxgfyJj)I1MPkIz5HE^ZBCurzpQ&r7H1kSrp|WqbK7aGfCbnO
z@0dHi1<-^?Z*Dc-HVL#Ai3k;$z3|&#)z-jhZZW0ZsH}q+KPSX=_;ow7;5W;sAjX2d
zLsQeGyO2Y49NxYR7ULzm#h!qT77BT8Jud|J6unSPe+?%r2<sn}zg^D|pctF6NkF6(
zP&}uGl-eG+DXhJHv)dhP=HT1W^b&JBxk%Dp2`JCv`ohQJD;x%$`kBSn=!=nh^}#2u
z*!T<Z6kAsM!Zs_Jz>015u?@_*y6Gh}WruC{wT=A7ZRh)i|GtCL`zurTvCUq#Rw;yd
z|ApJ-bKSwHMlrnSm+FgCg4%K(_5_7Kp($45^t%UTud~|7C@~Vg8h9<#eWbEN&jHrd
z00&(POlL3UA_E?Vo7B~!*CgyMZM;p75_H9DynzYjo&$l}JQ&J7Ahi$@xdX|b>JYht
zpSRTTJ5^m*cTMi)PRC*NK_<eq-1gAQW~v#nke_V`yZhJu&;fC@*hK(`ASE2g@Y!ne
zD7w;jV^%|<(7noiLig{DO8i0g2nGlxg(yA#Mk02Z4>`ML>`6L1>0dC3Ak5Ah2@2SX
zr`Bq;u1746FFJ~>1^BuR{nCtV{FtZRnLl%*G>5MyL(Qh)EH(C)jcEOR%sCrJfb^Rh
zpH}tNQlAj_l$&sd@~wPZ9h#IjlFfiPy?hI#x;?WADHW0fW1gxFE!W-SyAG@y{Edj+
zg#OW99J`F@9KYImrYEiEAgt=<k^v$^EoG}93$VVS^J`BSNzGM;vCYT<O`m|!Y~Zaj
zY}4^5I>qxMTYzBi0&aqMoZ{scByym9_9kZp#qy+U%mw63@)*(TyC8$RaE)-^l0Et?
z4{Kj3rY@oIO2pPwd;QMz6wr9T?vAOFV67WgkYZyABHh+!qKyku<}4{s(0;6>oStFO
zll#L)FXln8li?N%KGMau7)GW7>G0=u{OadS6hIK9IG3<TgtM)V`3ma+cfVK8{0EyU
zh6(8bi2gW;#yI^B3VU)}QxYR4Y*>hx>)8gL$-K@-mB;O<`vP3F!V;E<OT#gX4fu?#
zut@N4vLCbs9|P$Tq@Tc;;G4SHNdn2=7|A!g@Ny!0jG~e_@H~XU@ve@xUu?-qy7={u
zgRB^mAv6K4bHfQzP$jpu68$1WQob>AZ^nY988Zqbn3d&l;J}4s+?E2#;j!`XSkqbj
z;R(-=>#qT@G%D-l-I9k(_up1VZ(~_Pj*go9d+>4~Bty7_w-DjPMQa%6#jmNc(iSx1
z>2oD4l=1u5qaj?h(2EZJX9kq&AQ^46^8S-=@l2gCh2MM)E_0Yl{l<8GveZ_%AD`ev
zzJLWM$?^DTNr5C+0>&c=U33MK&Qp)mAmGogAJ&kfHv#)~1wRl0r|!4Dqs+G&Ln<}5
zoi6^Z5yf2<kiYl<_jq5R<Sd*dtj6!QEQkKDBT)SoT5rN3oB&o0Dmt9=KNaw@7>$_+
zw(-${l6JU~oN}d0)qxb32@<W~V;c>;!!=1@TTkl|<;!r)qjjF1jQ1eY1fM_v^Kd;5
z1pcIw?PY!!@mFCkajJJr8|@^yV{5i<igm(~d@V%vS+E-Qb~3HcYG2jfN>nWKj8R*=
zNXKfb+PCmx=RWDGBkUM+o}p*ow)#(O-n@)B`%Pnax_tmPa^$v7J-g?4krtd2ggsVO
zrj<PJ7!VOGuc8?(zx_4t+0h786o^GA4HYFBnCpbnKa-$5e*Pli8+F5tM#oRwvujbs
zk=o;?-v+wYs2rm}@s&M`=N7Ux5gM@kYe!l97sM7P8vg<w{&5MRPGO_SIfbagga#*a
z#@wIjvd-<nEndoS@{&{obCi0#?+#h6Yx}pD$!Fa8S|BH3%9)(3c@mAP6NJ>a^edz+
z%`Na@I2EW`P~cj8vE7iPdOUF(Z=^tFZg_J)NG09@Klxffd23Fnr%%pxo)x2>5~&y;
z{#VX^<H^5Kg{b13xUn^F{xpGMVn7RKY-$;Vv2Hj+@i{FgvlVhg`dzs5BKNRSl++-K
zl-pYskH^isY+ENT0a-0B<8#SNR*l}60fnfFITm=)&Yk={xK`(Ov~1p|2rfjocdV&Q
zyaVA}48iKwc0@VesN*-Y!@FTqV>EW?Pt)rNXx)X<;}`5^Pd94v%j;HNGD9m+{;2`F
zojVzj1_{QvLWNFUsWIYXgw4*j?js+QHzeDC!LK4l@{C6u06{cdsFi&jnFJj<_<mh-
zM{M0D50P9~@o%D`01etbO!PuyeJ)_n`@+y$^midiq8~%D_+fsLm<tVhFd@f;^{1M*
zm1))u^>68OWIBrfMUTv$l2Q{BvB91g)`1$PYHiNo&e_j6Wfd`wx~^4-+U|v&rXAV3
zLzuNAWXA#69gq%j$w`t0JRl|;@?=?PtxGPfak`Jy=S-WkHp7)a<H6rKfoNLdASz4C
zc4JLAo-!PybVKUkb~|Eyq-S$&YMu>`Js=T$gm;A+if?V5YMdU6VW?`+olLvHnf!>g
zgLWMsQ^e{)yTOKs{FY1uH|1{Ukcn~V0@I2M5{RG#wE5nG63qCcO-%D&A2y?xsdo1q
z9wyPX3|5_9QCJ&lKONWY>{`P+8g>d`_q{OIZmx=n0v;i1=JR(RgA?d^4lr`)vVg_o
zp~Lhj^{(Nts7Hv`N8h{bdxv_}iUokJrGg$AHeSEp7RNOlUF9mH%@Hyi8Cq6LE<GOs
z$oGT7XMV>eOuxQ!4&q(Ma@6&sg^Ln(j}c;m_;=7?HrfLX<dLg%qx-&Kw~|-2WvNd0
z^@GGRR%n&JPJgC}6417dI=${A?pelqL9WgaMAId=3o3@E@@OA4TiH`BKPL#Cwx#ZB
zXL%bE!Y@%?BcmicnibQiynA&BLIYraP3@|+vE=4Y4~=>qR<zE#z+Uv-OgHO#afX*w
zTBz{=3<N7^_1Y#U*`D4DdfUPkkrp|EAUTZ|64%1}U-(d+wIe@~T+OJ@tyN=#BPs@}
z_`(w@?A~?`F}{ypc2x0o>?IxF4N<8?m?tvhvz($-B559-8*cqb!X=yl6R?3BS`$s=
zU%VX=hs}H$_25e3Wn6bp6xxCWk5Tk8@(GZDE6;3r?H2ua+`L3zX0CvL(^{wW-@p-J
zvZP(}2$O_>m?($EKgR`R$g)#KYqB%O&8t`<?xduNUbH<Likg-iyt6$+q^^8koMOe{
z=~~M3Jd^;wP1AF$R5}?r7G8t?C2Yu}VFDv^YeeQ#2t-ROy=Xt|9i++_E=oGoyE4^5
zNei+zuqZc5qC*T<G`_-iS01b=x2v`oZ=Vn6-p-hSf8wXnKJ<FtArcdwI_=_!311Yb
zUZF7&UC=XRuh6;n`*4<d^kL_!=4OEO2~Am8Z0wH!;Zga(Ju%-cOQ+2y>8i7~laWiv
zXj9fOv$34x{Od2J1dyT4)>_=AJ==EhywoM@hEo(W<VKd^w?#4pA5h^?4LUp7b&FR!
zIc~$5jq>Ry2d?j`i(G_!zKOt+NHJ%>)O1`y3l~j2P?YAe)Frc(*eUk6fUBoOUj41_
zK>dkfqJ0N=5g%MGfa{f86s$&eXz~4yfCo~pH#FzTh*jV|YgS$t++1Pz@pAJINOx<<
zEXvc<Ms#m}OU5@%=iTl<iqH_Qw)qGH{X?&>CgmGJJhDOco+DwC<3Unse|l7NCTkoL
zDigZEQtO9<CO!uT91gt4-w*u@sbGrK#rq@2FXn-09m5UJuk3J`c!bFC@qrmh?OEuU
z7^6`PBvxgz!1uhESz9(TOy)<$;njZf*RPk5pXN@<Mu5s{479=iZ917ZV!<Vc=3}2u
z>%5t79g51p{n=4n$gLY)5!ObK8J+)-4svW?9?xdkYc17PRP3A})vk(KmeL<?srRwn
zD8>McN8zh3+W*1F{d4H-t1b3Nzt)cKvCyKi8Z_g(JCQ%=g<Ltd`H#YnQv=B_PW71U
z(GWT-JZ~mdCB$yhErM)+{1D*%B^qT0h(;p>z(3FH;0x_CM*3H7+ebB_W(w!_2fx8}
z1Yc#52Y=P#kM+c(1$1s}{sq*Eh#wt9{#5|D9<47ggd-#1EN#}0D!F%pDP!;jXrHmn
zOUdIK1Q6k<O7w96n$~Cq=Nl`O<Td*Gt^x;pP<Bc{^FO@D0``If3P##)6rCo_uv?>8
zw4-mnWM`(XeGolE`jPhYt9Ai`)<9_k)otyV#Ur+Y?>uM=zn<1J;q}t?e8U3^@larl
z&}(;eVF@Qzz~D@`X~l6eOh}II(5zO-yWD|RQ)6Jx7?FbZY`J!DhurJc-xSImdD$rU
zr^eCs*7U}nBWM)`E?6S>&MHdkr7!b*gQ=Njbzn2mRTdL?yt7F_3#4LYzM8Js<;=hL
z9Y6&_q$1S*=*Vxf{NUSJ-QJ6P0W2JqOhHC2q_M|~H^x_l=B9fUy3iBu7VGP5<3mk|
z#(!J$h}}?7!n&kmjeO#=q@_ZLNCIWW+P-z43q0I)e!8&Y?M51z-RK7H805e+Bhlw8
z&M-SeO6z%g_rP#B5=pJpexF)X2CAm_hM5@q8e0sbYbMuxkHmHUT}nAABfZ`b4zk)D
zrbRy_bc_dSjIg1-3EP89OrpWp`a?Z-2gT5jl8JkXGojn6=ekj*yr9{Gl<2Scx!slI
zy)*PVz9pOIBpU4JVkZBbxc1qNrBH2K(v5ZmZprD8g?cO=e$Ee#Snr%nOf^8KF6nIh
zRpC0Ccait7f7<go^C7?%5JqxB9W9=M2A&`3Al+fulXkmI*pFeL@G#3M5dJ%;$L`&4
zNh6>0`&L)NAUi#YDt=W6CYXIeO#MY?lFr`xVAneBOAZUnt86hdhZUCG&7yh8t;$Ua
zI*pP@onwwx>}C*r5}hw#8M!vBFx?IH5u-#gznLl4y(9GoAbSVa^}#ZRaV3q-1bs8P
z;(GH>tAp1aQIG+dI56F|40oU_hw6%@({GNjMH}t$kZ&}cwargrC3sH_GG)<Tw&PrU
zsjE%dLWd7^i3O;xA3tEBR<BWIh0r>KN(a53`>327NPl+|I4eRmAZ^cOq-Uvlq+!-5
za|e69BJ2n#sCca{e05h~ufeo?E}^3^q@_kNTqS??k%nC7#!zYEhUO7uD-6Eb^9Qwb
z$(_>$t{k3<(_zS23+R_YcfzuLvpVxn@2$^qTZ35U8?2m63l1J`JcvQ$Kf5p7m461T
zy!og;L=hqnM=T(=VJ`ixlk)l-zL5c%UZk8nv>^Z_?C2@44FF`?dzXy8sg5^Uu+fqm
zkkEvqX;VL14*{rZ)C-y)O%lFNfSscfxhTsZLN}oM`HkJ9h|Lc>XE&Dhc?2RaVa(G{
z098_b@}*xpkEi|<Fc*Ubbe>xkXm~WKD;Hu$Cgv_`%!CO5J#N&fAo?iOx-aVQSFYd|
zKq<WZFn{Q?FxBkL;@FI99#o`%X1UG`aivWS`-w<^jGJwZcQ-LVjOtX(vs|;Yg?1m_
z+HaKm&rIi=X1G{X-S4501-Tuahe>Xco4m*W^&THQj${cpjU<N?Y74hdKlk22MW*Ah
zHj9TEGtV?Pc49^g5Qq$a&W#OLd(F-Y;LJ9sWR`-76FajOb|gvk3}uZ7U_&s=A8gq}
zoQo3-Ht%@&XC+j0PIh@2@)RxNef4k4?f^;!$x1wfu4EDBZ$c=ZnW^5=bM9(UMKcMA
zyS}#?DymGmKXkO&-yt%@((>rfKQZ}dFEZYbn=l-eIhVI1)9FN+nKfSv<zXd2<YH}t
zLwIUL#ZJs~rf728v!U)A6zjT6o;=Et7ir$F*ivvI((b4q3Z!e6r=r8CXtj8H<?~Z*
zo#wQoFJgKQPY1s893C1w<Dn(8_?=fNBlMc?VJi#XIH=V+7ey8N4Q53(yv0`l3<y$K
zE!nii7KEuNAw9;2S21GHv)lkBuxHrHQkaxH$G#U#7o^-*ez)^~m-b8l9l<}Fz?>jO
za$FjZ+&ex{AO%~pXk+DckL51uF)~h8d$JmZc=)%cx}ZsPXzDlM>0tZe83MMYdsyxl
zGak7M^a)aM<0lk0a7~cnQpZJ6(!=ik-wCy#_Jb<k2w{(ad<By6r+ZlB!Ft<?lkQ-y
zJ}jx=m|MY2-xWC4pG)VnOx*z(f)w8pHazkG$Ks5)DH%L?Ly25HVLfq*<QU%giYwa2
z1)~$cy0or9LYvooEk3@~yT{%$9BRQ$BBQ?|e7I;l6KCHcDZAekNOpB+Dd(OH=M#E{
z8HR%|0D0uDAJUK_I+1@f23|CW-i~zzb>!vrfGTo(*@!%r4o{4}{=#bkG=>Bmr4<XY
z48G&QJ%Z*ssvI*HILhPjzJYLCs^J_0Aw)5Ug4F9V1ev*&IwPIp7ox3hkBoL#{t{aS
zu`Al>6wK#n%xCn6GolEqZ@&-mk5$o7oGNgBJQNbydDzfe?auD<2F<c<7Ys3I_Z26L
z>9};1!KxhKl6}f4go_AqY(%dw?^@4r$P?hm`z!*AwKWXia$A!av){Fo6`N1mjh3L?
zs7-RU8|U21-%*?ugG}|bY0xf1BzlPJZ&Fe5M^PWqPCLgOHChO(0-5ivU(^t{fFhpu
z;Mn@t=+AyB;@s%OmCxwZ2SVjmQS}2vR;ipQMjn`bGq-Q5)m1tZoxYQE33BN4Z>Q-z
zaZPpiZy24o{Fh{FF`)cj4)GZqYBO&>Qn9T1n7WmO?%p|;n7vXXjqX^5WGfg`xNS?1
z?1a2;Y>FUe3K3nQ7UVVuQUeOel*N@DiNuw*hiVGMaZHjoYwW(E!Gr>l=;-+1?oYQ`
z<ZKW&H?G+~)!vpr)V1(l^_ms@BwSy93^~r`Zg(Dk=3246=Sun<G|;{OGoa9KvI~@K
zr)x87xY$<S28}#OFgSZ+cmQsrQ-9qPN+OD81nQ-K6CKQ=_l0S7(ucrA?w_dT{W|9L
zkF*Q^qZj0uh=Nh9hcAt=*J;f79Da(%_UielOnnTm!Pf-2&8(g0<WuXq?^8ht$MebP
z(tCTynTo}ls@JvWM(&qLe6j;xe*e82RgghWxhbx56EJFjmjBypX<q+|C{&T;Ki^tS
zl$M0wg+&ze)I-5cI4F>?Q79$gWy7XY%vAh}11GH_P}DbeZb^ef>n#CXKGvAu(G+`p
zDYyR8P>o>`(Ut>jD0Q`>6&!kyGMVO&-H7gqtzKwzPdI*sKQ35`ypd=%p}6~9Cqwf9
z;1e9k2{6&9xmNL0uB3P(VZn0$R`4A@zMenn$E}QW+;gt|JJJ9}$+I&}-KVJH6t1T4
zhBh&fpK=L5#!tD1N&a^4sO%JRuP04n)B28P3x5<JNi=1ETAg<eKgS=%7B&#eQ@)FC
za%}tK7Nf9HVqJ%Bvs@_fF>fdx^_zc)sd?#PDjGHz8~WNxIt)biI*nr1EIL>EUgMij
z5N?7t?NVbr&<=nscz#7%STB5kzh%5N;u!hS9a#K>V9F&vy4Rz`t>w}Y*v=m2%Ku%C
z8K?Qltd*<PyQ8!{hd*~!n7@^SQo`!XA_v8oCu3xiQ40Ij&4bZTqjj|l^Ub-Fp>hpU
z_@}yKIRPJ;@*6PW7<EoCr<P~Ot#&2;D2_0V*h4j|R{*S8->&qaRCr=@OQ7v=veSO>
z9^MmU7BH~oc(`A8k%GiMPJYgzjo@C<O^)a%a7FQf>}-sdG<@ed!CSdaY`d?=TV`=e
z?M;cDAa|WlyDDGe|JBVjnM3gYQ`(YHki=%`x?|{K^u_3xrc;xG%Fc}08xn--vba%V
zYI$cTU^VQTX#VA(j5+GTSi**gpS7D%IF_6Sh=tjW<?P=5slr_GYJSC>1*8O*qh`ej
z$ZU#d)L=x1i)F|+w^z=9{~iB$BKP1ZMUcnb{>gvRgWa0km*qAU6w{|jLecqc`~l&j
z-RImCe`0d)_FsAGv#Xs)5F@A2qfNpg@POT2z(`hI<*+@m=@|M~yOMy3JIu?De6cm$
zC$SeO87i8SgIIa7+I#IS3;X+)3NU1M5i9Ati<i#<L#-U;9L$vWJ@$(tBbTMDCJ|h-
zH+FeHRs8TNOPsnRx9ikz27i&2C5so3-m5v?`m)0+MnF0Y<}B2)8tK#TdCpncSt{!^
zAba6Oy(+iuN_%Hg`)YViqU!5`y_2@YELpgY>-MbnHDyF@3?Jtrn=C!PPx7t5=&J9_
zD^YBf#-_;F+w-)o8a+*3^6TY<Y|3XQAP4m4TkVl}r<DX<?-eKI&F!S|amsM6ep{pI
z(qBcE+|o{xb`{s|e#Y-$@agA8d{^a60hkS_yH$cCZ>qev?X#PGsBTv4qTI1H8G;UR
zc%oyDYC-$Y=^dd8^IK(KrVdDNC*RLMlPIdVcI#`y%(qK^Iik;*Wr>>Ed&cx#dTb)<
ztK2R)HnAcW+UwBEV2MVCq3&*=6}OvN<xV*WE=|2}-4zIXW6D8N3AZ~1>EAsI%p8{+
zCDQU+Y?LRmFq?^p<&>K5d7W-o4q8$*5G8P;tcKi+P1369QpOTp(uKTw&HEhX2C`S_
zcuZ-<FGKowLdD%74MWc3=y0sg<R3-5Xu2Jl-}lT4-SIHMZIPzXy)JN)1yMguyy_mo
zf3#U>za#vpDVu4rx;L1gT+Ir|ovN_e=Jm_5ll(PUKBenhLl|f;49PoaWu13L^`Tu+
ziDPmr;slMOA_Z^(V5XzLf%w&<o{BrubRn7#d@I|xKj#<p!UxGCpYhziKTiSK8p>ba
zdvk`RhIdutw7}BXXskZNb{r=%<Pq)tf9WeSgA>6-2)d19<m>B5;7*&$c#DerJ@DUP
z1lRm^kR?Xt$eme7^yr0-Yp`3vUTwaptJjB!)>iJoX#QE~RqPYyN%ENk#r9@H&PHEx
z1w<)|daky-VhlL_<%;A;vGslH(Wg56_Hpl&bz2t6HCwm)Rs3aJD#D3zxLWRyhY=4G
zr{-_&vVRde*3&#mYU<uCdwb|TZlIxV2)|aPyz_q9=M`drmNAVIszs~NuVGYZf0-NB
z+?X1TbqMX=l+Sv?-W2Q8vJ{W?IYsh2_~(dm=EeFl13Qc{=OVi-!LFAFn|&XzDX6!l
z$+?bvb$usUK;Wal4gA_Oc4KwvIMco-z6bx#`xoSF5MD5m05gOP$0AA`+%-L(vUSi|
z)*P$`wOhGQs|U;XivdfwQkH(?8GQr$+O>XU<bQ$gf!LhG8CmTZ-?hm2b9>FU=dzo?
zA05&JpNwD-v5_d#+vKd6Dy_A!Ad+@7zU%u;`6c-rP*Z39^s?;@=^d#+vB<ADRY$EN
zfW^tsAeaW&M}xYiKMc9M@oHJy<1_CdkB`k{6I$7D{O7+{rv@k-TqSsl9u1^Lv^A=2
zH-D!Mw4dza-Bat8nEM!B#z~t=R&agT)2v<Rq(Y{Ku9|*~Z<5>h*K^C(>X?&pVe-$g
z$?8-@_GU#a+$YgSIYw@J*+B%vng7T3!TimuJiym1wTwib7$a(LrxFJHjEs9-vD|Pb
zESpr*uF0PpbW39U`x$VYy83(fRRy_^ec2*de~4`{2c6qk4m-*ARF7iiev_wv=H?cm
zNNJ_XNJte==8@Q?JDBs_!OgI|s5`^plHWb9?m(O>yR-yj$-GOco-F+cXYizgfW2i5
zP@8_9uKZ%<P!#Fo*Lw3joqO1VO9RSw$e3}r;yiR2MAstiFxO6gE!eXo{aIuZzZQGz
ze;v03bM|<XJHB5?{<E)Jql?lzKNZdiQ{2vFb%Rw)_|Xqod3MaR&?4mXb=Hh8h-(=0
zBOvLLs={2b&6u)j8swtR<doh`r6x__E_#6racsO{xbgu}^7%2)m@0e9Iee{yxBNj5
zAS(M7@%=vI@Ipkh$SR`b*9?$pMDUk<FouyMp9)GjGc=dSQN|H3HVVoL^H9EvAn^}h
zk;&!0Qgp8Tfnri1w}+4*z~ab;<Jz)OQ}uKB)0BE|cIEdoG+og1_E0No$yOh@xlj-H
zReQC;d1H>v^r($zhjY+>IrJ#tgQ?}F;e4!{a>F^;7?~#aRfZQNzo|4Zz0C4SC-K-w
z1abYCZwF|0XPN51u<lr=+OfYUpoe%%?Q-}Seeb;1&6}|4tY>d6seJk7e<Mkjn5b@~
z+eu94f`Oxglz}}}IGi;JJ;4Ix*I}e;9hO;sXjd>nDe5aQCU9k0aX5zhTUP8_FjJ$J
zmD0{NOg{SjH&}<QigZ-36_q{E{%L#9Kb@eMIckC>hV>+f;ao9uet+oMwlqHPJgGD-
zxJLKrAiw7{uNN449&vZWW=19+f{+Z8wGR?_T+yq#sfCNqov-PB8wi+~Hmv_FEFUPF
zPYu8Siuwyx_zT7ILf1F8^z~4~YIxw8Ma$ug4>t|VjMTojr_-=$qj=*)?F$W8&t3H)
zE!QL@9B*B6_YNuN&NtIEXxe0g&MNuZvB9c+%A{Z(n65MVEZy{-tiiG8=(FtsMVdMv
zj(O!X4*@3au&vD0Z2}MzzuM&LdRyn?Rhdm|=Dbdqzac-i1Vsfl?=36790=J-@$t}6
zm{HZ=v>V_BU7-bxr+PU!z{xp6%{HFY1@5NIJ<R2e(@(yw;0E!5JkK%?EVhnXL^&}E
z?M=y&XnS<sBUVaK`kX$*0`~Dn&u*D|;he697^}9a_2{#I9zsCaT<p|qgVo^q=F~&E
z+&S%v^~$M`ozmwR=XB!j?!N12yWzQ&79Ope=<$TB<gndjaCSf@i`XZJQGwSdj?Rh7
zt`NDD$Qi$U?yEq!(hl2pcB_9ht3BvE;2`+gD!DP_IZ9$qf>0~OeodB8MIN*3-Ne`?
z^L*@mp>t)xdj;74@Ws&5IICOzS4CvPWsu<~&1f+e+jOe{Sy^1^7gz0Yl&HSj2Sb6*
zHdqMkPrA&E4quwXX!0X%)51mTl$_)Ei|a!+D{3rS&K-O0=KN9ojh$70!(|G!wFk5&
z?)WA-%P{#q$6LkBEkD!VuF%Kl2zn+iZ5fKhfa(D?uoN(yG~Y{p8RLJB3RqvR#O90G
zd30Ld>Dj$IrTdw;wZ&?C-=J@7u}&GndKFUFYvay<?%p?ITxt(IF+a7uJLcNcC02m(
zy*_u_#IasF*@5}==9W9qGoCK8VnEe2hrDmUCd-#%YGnIxdor9bM-F)N<5H7D8+(AC
zz)SALO`rnP%Iu}R;0Sr1l{gym7+kzp62@t=xaqWEMBQZGbrJp07{MVJZla-c=IGGw
zsUQ8z;c;87j`DD2E8}f;Y9I#AHzKk4af?gxo#e}{bBlWNt3SD$uO*2c#7s$tiACMy
z*J8EZxZCT??o-2A+U~L-Kc~bwU+-fPGdG!X$q$%o?f{`0ehZ)2GrxsJG4;WPr@{5X
z&O%{>)!@IUvVxH!3DVovN%?#+IGHfcu<ls7Q>ND28h&%&ThX0xR0*?ywn`6z6I@UB
z12uMf3_`AT^zavZpK92w326WA{~S{vJ$WiD2=?iXSLTFrqFb9JCq2if+Q;nnHHhay
zDZp_u(_6Sv1~P|joLT-n>~BL=VV&nk3=R)HBcGhSZO~^-K9Qg*HZ2Ocpp0i%?3=n=
ze%|}>B!D#2G#PmlS*)~|cx^wdchS(+YMI06=N`wt`o555kBuljvNSy&bd|{Z-p)0T
zx-k0FE>~M8)l%kJtt|m7I93Rmku3)bkBTE<&8nEH0(dz*KJ+R48~oSv^*N+JzAzu|
z>eX+`yScrguv>tguNp4aML1QZt7B9mZBF~tG`ReqU_Bwq6kqvfjTF~M*hd>gTSc2j
zI|N%)4%K$_{DbYs6iaV{PBk34T}`35aSziUhtGXo0(EoV^1YvDs9Xdv@z>|)XEAM=
zcfRhMcirFT-R3K@zWVQ)4pWOCS72=CaV+@oR;5G_vif84{M<^sH@;xw6fU*})8*Xs
z@1shX4n%xJpI)LMYde+xGiP<xun;`jr@JdK-cZ}Q5Pw+cBh+uh;ga+PCgsc7?tNUs
zx;^w9PxuO}`a7lQC-ev~_pxcW@+O=ihn_fTq+9%2oRsh9>4i8q2O)BsN3tBwsYXn2
zwnDn{Ct4=NnCclW_lnJXnh566p=y@=cCn`346&QE3lzyRgLyA_Gd28fu{#l>2A=u)
zEm?EdEB<Y~J^yJO=(Tb_?~YtH^<<#ZZC1puu83~9F|B(04+Fe@HX=bxjWXw+v->2)
z)vLiJmQz>HhbhELc3`bVZT|b*?HuDc?=ZPJ9H~2uYW?R-*;7C9<m`*UHh!s}%W(fR
zoW~rURz-{9CPk)SWelYo3Q#KWRfX{D(Y!&H#>Y*aIQ4tTIM>H3v-R+cW<KMT(Q16K
zD5)C$u2qi38L+X_gFmb7)3IWUm}cT0Fj%{k77=Eou`bB7csM15UYQ$)D%@5&)HN}^
z+w(6PVr(0^f2tvc_Unapp_i3Rxcw4#onvEC2c(6&qpdyox0Xj6<2^tw{~E2hb)9yK
zG{8@}h$oz=C2}k)ibc+P`|NfsYXy@)3uxAXsbPi&ob$_Bkb6<)6#}#Dr+6QP@<q+^
zAKNp-Tu)axdD)NBmlYRJ(^;2=oM2hHa>utuoT)`6fr96Ga`L4wqw0xHnl5(lD30IH
z6Fy7>W8k`W#LqQ76ymjjv>M^lzEg(ibGVKyk{cf<g&gdS-bx>S%U)T3InC#5_{G;b
zt0w!v7w;Q|UP*2Zpa|Kkh*FD(qy>!=<5-FoJ!H-<I55!RHTwCG-NLj-nVd4Mq(|#7
zq^W3HviOV%&?SP5n(4!I5J^R+k-61rB#95Bq7%juws;rK<g*v*Hk_aF7Q#nT0aOze
zQYkI9#B1AY&zG64F*0)yu}1t!)hUnj5a26i`cq&6Iu7N7vA!3ZQ1{`d543wqtT<3_
z1?Jj(m9xROwBMI|L|bP;rC?z77>{JrfYY>}jmzur_8q7aBWUK?0JWFOR5TvbvzdFB
zo-YOLSp;1_#88?$(N8zye2!2rD$+h0N~0%S2oy-J*rfD+<<{9J=YMT%ac|xNn4{-&
z3?+0*px0hV%k`XCU2f~nJc<E@x1KCBRNfteneb18ov#f|vz_##<w5CD)5O+>c$Sl0
zNOeNrj96-Zr!R&PBK{Hu0=_n^X+I$FYu^f(mr?un<TOrZPSu4ZarF2F`y+KpZ?i0(
z8DLzJ;MGfK5omE-j>f1D_H>Q`KUF<DI1=*|=F(ZBXYV?kmL-JUrptt^Sx_AYDH$ef
zrnD_^*6-M&4x&wBIH7qc;0jJrws`EHe=Q9i2sE=Hd|~>)E-?n0^ZJ~)i(i{xn$FOJ
zc@(BOTs%m0DmX<Bt95FU<!SflXfJK9rSd=LXifEcjYLfI?z^s@;oATq#hIJ><;y|%
z;Z)-5!_+>LFc$WB0-4wS5<jCDO7T7>iI8U|({B6CX*@aYV`I?Y?oBY{YxEZFE6A%4
zE@HP`p8ZF$Jhi0_ZC0FSuWN64O_KFCc(|c?0#UHhe^!1b!N@j9$a%;5L__LJ<19}u
zyL%~GED?z?gU#Xh_5k{k*4rc7OI19F2YaD{$12;dItOb9zYBiTt?V2usY8TFGCg(k
zXUsph^#}VGL+(^GnJ$;&p5R;L5~mC{9~n33O>*{MAjBDMh}z1rHC8;E&C%6yl?fAT
z>}2|Tl+7x8O!*1&O&W^~LGl_%E;dBLeAZ*B=PF-_;#Yo6=K|e@_zS!qdlan_TbI13
z%z>C6Kh}Kiac!$EW}TrfBt*vVj@^Sdh{b_5WD6(JKYTKV_cAxlx?9hu?@wnSRPbH|
ze;)E$Sx>QIKGyvUlm?l)GC3h12KL<%=whVp-)M%1$i@%aaLp?34Pj;#%D+3@`kF;J
z*Du3h-O%Q(0xSoMzY|SETc=a`ir9D|h-;*liEd)U)&5=q1a$XKWF=Sf>gtPyA|;}W
z@`nX71GnLc5osxJ*@_CIwwkG|(|=s3`YbCqH&|Z1F#VpO7Uyp}GgIb*Rdd36y=@6m
zZYi`&(bkl3b@iU{kK4GOx*lag3rJA$o~Zq<XMLv#_<rO1X|uckiC;W_mJ7`ifBCMI
z-denP#wdf4yO&??TIW;ki4F&7!CP%ONM7VtwCUl9LGpUBcR%Ie&o>ccY{G^#nQ{iq
z0#}Tci<L{plwu@w{+c3~z`Ld8Rl*XZ;>xdR`VhBHjfb=S<ghk>r$*mh>e^3Q$N?#?
zq|XOf{<5=tO{c^^#9^FJZ}-_`5}q_lbuHHlZBD98{E*`pVB&MuySp)tj`1m3K5nCZ
z<4)b79Tev>j+PShcH~TQ`FLJaGxighgHot35cDyO1R}(@C3)AA@Bw<$zanbfo*q%a
zd}K!O&TP<h%A0vZU8G4J;8e)Hh?yLsJ-~?f*z@v4Xs-v;Y^RaXS2a|gj!@kXaMzuB
zKN(?Fw<+K63!ee@Z+$`6e<TbkfXXC`eM>OMz2*0hHD&ygi497t`gM_=#?M=(z7jH}
z)~9UFz?EVpmHT}@fLv62eV=JST6{0l+#$P1{N&ytGNN!Z7Ubeq-;rfdgy4h&?$pIS
z^?)fUtCv|((KjxoB$?rUMc?uknLmr3q*xt0yZ2<tPoB@#=Y<i@pdUs=x-9gt?;u`F
zes>UL$ZK_Zw0^|Aoi?4<hZN4X#I`bi9vsk;Zm$^Bg=Ve_nju)X3umDPh5r&S_Vd;y
zpyhH5C0{{%VJZJ=l2-|P+PwzA-g_O?en-M}#FWFL=hX9`HLTD6>W#2*cAr~Fy@CEY
zaxk0Mc5E}6<)a5b)5%nBgTG*=c@hA41ru%z;X3J^y#~_nhP6{;+QX!5k)}@23)GZ@
zJnl~DGB~#Qx_y=AtY%pJmFJ9?*~J`3w9D*pg@U#R_i61}a(5vXIzM9p&;-vVjKO}K
zI$or%)PX44D`|kQVS!X2h7CZ@rLvFaA!C%Qi=xt~*RNXG41w`h3pSls_D-22;7VWL
zdT~T3C@d*h9@1mn5+=6fUxuB<LQVDeZR4VxJ6ori9Tt$d4u9_Ky|8lbX}K11x!RRH
zyKQ(Bejocc_#oK)1YasWlKRVC>mDHjP29@AtJ4L5{G8(w`)pbBTl$sgh2Y-3SBc?b
z6{z&NR?gsr|7dfkUo3P8H$OmA0yb~-F3)9pwv9EF;((*&H^Q3Bsn}3(@dE2HQSIF0
zHqJQ~V$j|hV!P6~Zzyhl8ggL(L&+;&>HercFWxyP9?BgI;9^GIuPEm}`S<*D)5ya%
z!t?Ks*k@rpSU$l<i$u=`OqFxCJrqsyn?nXrrI*EGsF^*)FhPWM+HLEqvd2G6kFJI%
z4PYZAM61PyA{+5b?-M-5e8L*nmNFAG#kRu3=8&3VnQeZhu&aYAq{D%aoe3YbUcOU`
zw}x5s;J9mmjr%-%YPg?bm-4ls4^!8RHkZmJQ4&dojhbTr&JUdjMP&D!Hi%k826$E1
z-5(5-<qIp?UfdmudG-0Pv^?}iDrqA!yGO?$%5M)J^kgN?mn|!~_q5{aBr(~@#^t4w
z1W$=kgs{gh*>j!e7N$Agmwi!L`pD@o`Y?)lAj`uFSRp4+Z_BzY<Kp^~JzKu)JSujf
zIv$EQcxye~4|t=!>bB$bRXyZ<QQSn{EkSr3<v%^w*}Nc8q-2$KgNq{162TAFFY<?{
z@n*dGpRn4)mA$A>7)XOI#8fBhKZ^_0XwU=9KL40c&r30OIUG#_EmdS5l~)8hnF8&9
zFWCc_MTp4_-2UZ;4C@a{akDv0DF!oXgcX^7%!`JC)gNm$XHu>Xm)!5alkgy_Bs+@N
z!qV^Z*wY0hH`1loOYod^=9E&!i;vkoSl)pQw`}jMJwLN;nK0JNyH_$*w3jZ$yDcP@
zW0$;<OrX0+MuzE?kQd|-s~{<4MqgyM!QK-fKWYT&!n1b+ZTRC7wx~2byN6m0#`$>&
z0;eNF_}IlGNU2M-ur(p*RFPJXmmxLkzrS}->R6A!-G0e~LTMM|c+L9Kmo8BQ;RzX8
z!f!{#M}g)FCO7i^MUjt+-4v5sT>PPzx9TN9SMN8RKDK%2e@BE@53mo*mDtybu?_}?
zkl{R8+O~V!@d@Ev_8BHq$T_h^<=g<%UWM?RjITz3&Ba4qby>M(PBDiaKke>fyD_9U
z&*3{W{R7+yFrdG_b$-fT)Ca@%@4uu>Ouk*e)LjEsb%G!~yQvv-7Sh4fSM(_!wzJ)+
zKLSf5uU1T#V-HIn<`pgZuDt6QGuZ`hNN4W+ckZQ!kZH?^IoN-ELKHd}%Vjc7jlXq6
zU-P={82LYxr`HKH!p(Rejwz*l?`FO|bDxCiAdK@;+BvP8?}Pu`=6ruGujE8@_)nf7
z<&R&EZR>_Tl|j1A<7`oWOlpHBDZBjhS$2clB?L_|gZp$23{{v<j%81o8(0yTx3Z0o
z<06a5L$6$3M4@4Hg^6%bPoYz;y-nb^ow9`Lo#J*YC&<IpJ1;auI7L^#A+7ADwplSv
zabK*2PBt3GIL*f)m=EcKuXhRKpzQ7MJc1n{zN>Wv)TOw=*NB3>FE2_8X6YCw2hH97
z+elS+vanhb?<(7icdWk;7%BYAdV@8so}T<$?MW3U!QngNWDL|u<D_l(P!V^MjB-@z
zT#!qb6U&jtx!;ToPvQJvLb+!)g~W{;*?M<%cg(#o)^Xi>$IrM5KYuxX$ig2Pwmz?t
zKUnD!#il{L^kXP0O0?Pd2`<@bq{%%yq{TH`LzT-2q5LTCh}i?kOw&k6DBK-tROi86
zOd4W!!arJg-)-&&&%9E?__32apb`ITuiSAxIr#m`K+|>SYz-W@Ij+EQ-B#&QUe3ug
z6A^*H8<MAm<dkH;KMVRtczk6+vD+Ni+GCYmJj9J0Z}QC6IFycFmnK$yXnpMKI}-IP
zup1eU9EVlBO7sHmN_4{lqmj}^2lzXT*o1JSeD6Vs{k3|?kX8LhH|sCmHAz9qZaO%E
zjTEwadlDFTyW2JDwi|EF;5(T#D8KJ}$(6P@QEdi$5OB9r!}J!v_R*~6`h)1|ZgW(@
zj-qr5f>UnV<5K*gQg_dPKXK|W!2NfkCbhRz_}DWz@W4f*yhlydOO~qIPsQsMx~w2i
zuCvnOh)?pzEDgCJY}DMPm}r!IG$yu}-G{f}J~n+z%<8Ggd;;ZH_iklrdm3VPqE*mx
zvM6E6%5+HwzL<VAYOtUf{qbwPa>avGsl}nhs81^#%P&5bKfCda_God^QRBE0KO}@|
zWW}<OaX>5gz0Z<<&&&s3ZaGr?=dH8CbN+qmxMq|b@~BxNRqpq=N?wRE@))x};3@Ze
zD5u|akqP8Hwyj3p_I_Ya`0cAjNSW(<q?8nq&YJ!`z3cI41m{Uizy*hJmod%T!xU<)
zgg9Fy2w#Vtp13ITD4*FUoLatff~@MSzyF!PY#&fJ@Y?VDZM?p%CVL;t@(iE4<U#se
z?nFWgov7d*SCvASzpqhJnRPr4!JQ-?r>=TkuY($Is?l~&J(qyEIi#f@=#O4_>)lnO
z_NJm#D~cFP5C&r^6<h3FI*BR%n7dBWvNPw$x@%+<-^Z!fvO3sZOewtSH_oq|s5#G1
z0#?^Ch4uJXlynjEC>INhhG-<yPdg~C^i9FO#VAsWCqc|4GP^>?$u<P7-m#vPnP}Fa
z*dz1<F|PO-w;gN{PL^~p)XW}|*>bcE=v>YkYT`!LJmah5MyIyb$)uz1W>owhRS4)^
z<#TQeoaRe$17U9EUQRcRt?1U8M0EB7S>`X0WREa{H<Eq0hrBM?pNstNt9E(_{VR$)
z>#RZ$oD-W`QF%r7MRZzt@v?M;kDdSWhseobZb^CP!^AXj&P%JK6|;sV#Xw#wzYf2T
z^tfe@Ax`ctsdCX1*=^0~M#NOtIzjpeX&es%zknT|R&@>v*&84RFX+LvWbFVfPlsC3
z*2l)M$Vn#E;;<057PS)$n7t?R`D?y{CQci@w|?gHRLXqvlfnLSoAZm|$3LUg?%Bx=
z=I@S)81(7<3clj}Uhv4(k0V9E;eJ(_`TK6zJzADCq`&TB5^>N<d+k{q;uZDg<h>}G
z`E9lu!IxFqD=~A<C*J5TrceRsol>}eP<aCBHRVW!j4L?|-utYCmo!Em%j=&UKcS5V
zcH6RPuk&9I+{_Hua--T+dW0j7%}`OIPl}Wr0x!;dHpZg<4E5eh9@bGuU-RhwrpJ4$
zD`OesKNakOb%EaKe(ib6V88O@K-P{)#GPq&F-~9d+q_h6hL3z^H4gwe0m>M6pH<Ju
zD>k)Dj_`WPWmWC@U3rJ43w=Ra^L3<OJPxqV-GHf(sjz3S9@X{}PeQ5}3T<->-ghHw
zLb<z`qCfuFQJmC*yO3E)C#h0OtJR0Ez62cy#MbFpyz4UgVK=eOG<_NlPS83ek>6kP
zE*uW#8iVg^3BhOY57YtZO~L%v_m>E7d*%G1BVbM>K`YkO*(%*dPlK(6O@kJ%Y^~$I
zAAMKFXL%pZofF>Lnd=UO%<OEJCoHslwvz9QIKyQQ#xALMG^q8zO#I$<uCaQ@tLObr
ztz=Xi=YAHQf1p^zVd+n!P;!#}Ut(yr)D@4d(2hRcww*eqF9NLq#HpxHF}}NaSb`kE
zKYM@_M6h-xUZ}(=W7X}S$3ySLSG;{4wfwZ#D^juVkZbgTRAx|hw^H8wrQ4&wzWm)Z
zEMDvLlHvzka|AU^v7@Sx__pjJfuPK~_@&#ukNso8QA6@BD%?ia7m<&m7I*l>4cUFA
zqW)~&%m=fA0};DGM#ZInlrI&_U#XBXl}lo1i{$X_^F33Mk5y;n6zOL88W-|qwtu!J
zW9skQhGUnkGfIDiQJ!uaV}I$P<b$W*`{OC^FC4cMZ}K05w7%|#unEA=#!>vxb!BP_
zNi502@h$-J<x4=XY8;pvm6G6qKaGn{+}AN+ao&fi{-pqNH%uyrJmb3-Z)R%XZt>Ti
zbF)Pu=dPnPR!)-EG#=5VIyfe69x6~11Qv1~*Bx#PP3qmR8rK_?KkO!mEn1YhT&?%-
zn3BbZbwr@UCYQ>0q@C&CbZ3s<vrSx3aqz#=nQxyrP34AX#$Z=<4+%a~<eIMm#EA&C
zGo_UexWa)ipZ*7<KwQ7B@$^HIbRMO@&A7COd4zw&=M>9cbU`upKOb>LVzVJUTA$?-
z+io(fPadrw>DjY%sAu>-<*8?d7&=f-9(Nw;xnn%_oXZdN$$OYb#Ix)&_7w+gBRLk|
z)@60_(37^2N5NCiW!D{Rn>^PY=|3$z_R_JB?csulD;}<Uf4J%4wugHj?t7R=owH4u
zSIWZ~59d70qst@ts$urYhGMC69#PIRrf}Ib{vgIt$K*L)c#JsHIe|XbS1jX*M?Xh(
z7%IlJ_j#8#Ec<>Qu6dY8jx+9I^oOQmu}fX!51|kAOrB$E$BUbKMB>W*k+fp5Gd$Ki
z>hn2bl<PPye>{GiJnamR>}I~SGn<B~Cy)NtxY(CatajegVg2-tpQfGvfXa)VH++<K
zUa{0q&M^B}UUBkn)DMr{j>gD_hc`Xkwz#vXA0C+<>Bgh2sXung+>Xh!egYZ;8;=<e
zXBA8R<Q0qk;c?ed{gjPo{qWf8sD5}nH8JaFJC2)he>{eoV}a$`wRBiN?t7JI|4Av9
zd636YNBt+OSn8)@SmrXt(tr3Gil{7I4{w<~`%K@`q}@msR8RJqlw!5RhQ$t>jM!nt
zYKMufpUAPy)=%0d&wj!qqN93ne`e4YNySnRDZ|`%3QeZrX2#N<OxrO1s7@?@K#oDy
z`oujxfAY3p!J~)CbH8HS(tHSORUXC6`joZ&ql31{0Z039Jcii!Gl@BL3*e)B@jULB
z>C@+Ii@f^D9pmYTcP*XgAi8DzQTVil@6)(kpVka>Ey*K@BmEn(%(UC^WO$5lr01r{
z--1Ykwak6ME%3T#IpB6RuA`nj@|R^fgi9bef0)bzrws?davZJg8P<#!8}7-p4JRSr
zu{3Ebdc>%cqkOX9G0h9Px->EPY3!QJ89oS{H+%?~N8?gv2DstLY<fJ8x}^-|dAuz#
z(~-?Ki_7C)Bc8|C5~m<jFr0@^STW4JIx#-ww&J*_+>Xcd$XQM2luLU!Yj~PIlHr5E
ze-&cXGu?uQ@$@a_h*juAyyNk%sOghWdN}lO#=}_;=RI7E@j+K1h7K?BVm$XclJk-m
z?$=~oN^#;e^351d0@qDO?(G_X7JSpN+)q5G>BwFOvH4ml<#i9=WEeMVm~or24AvkP
zm(xSrFx^BR$H_X!op@JNjQg0OD;qEOe==fz*41Ku$~B0gPZF06;}0P2rpa^fqN5o0
z8UBy)Omo}gc@!pXh1hB@eI7l^^wG;5Zn}z|3Fs-ul0tqz*2OvF8Molc6cvk1#gnOd
zGIdXe$6=~{!~JwmhR0!2hdXiUc=EfRJdapqT<VroEcx;X)F{miG19pM7ana%fBrb`
zJ6DY7xNaKHw(D6s4?$)-PAB0q7qqVEU-1aZDE+))#x0o4gNR#>Wne$OxE(L<R*Z39
zfY@w%-*~w%U~zBfeSwREeCL3peFGl(xYwT32Ih=E30wxgPwuk>uBGXS&E#>5(Y|!Y
z(&zpak6TomcEW8d#+;IJyD>h1e?&zlk;Ym$FpN8+jz=jXE}mOhay&kf_#ozmiel++
zJPwh4?*R5jHWXv7!98ok+&^p+Tb*=`XPxvc?wzQUZR2Gha&a(s@L0vYb;9A72Cs7*
z_RuJUI^o>G;}D~{qiMJbs$+N-c<u?UlZSABjmHCOAHX`D*z{}}Pd#~De<{nz`v~1w
ze#*Hg2YLp;qx4LIkM}SsV|vy^-u5s(-0<**;r)o#G#moAJei&+!=wAC!wfEc%?mah
zR%%Jh$bHeIVcHfRdB<{bU$knN`=UGwQ0oMJ-uM?G(;>EbId@59;A5v<*)aFn>V~<`
z)-;?1-!ja7wvH#$Gc0Qme`2J6nED&fJ-6ht=EXg?G%;k3;KHNW*eAIs&{m9f;@z%i
zGAVq`<J2HC%{i1uq7lym^XNEY&h=Shn+FTV%f5}_6Ye)$OEDf<gP&|X?J$oki|o>_
z@iTB>c-$J&f8#yCJbH|IQNB)$yfV~Zd2Ed($9Q}g`BS*?$UVs8f6*@7t5rOE2ky%k
zjpsd-4dds)w~S}{{g^-Nc48jSrL0CeOu3BWB>iL_%f&im+??^;FXAy-%46<Rtb6;!
zwOc0fSNElDjnGjU%%_3tij3Zm;}KZwOB_dAmd-lT?;C#>n}@|Uk&*rLj$+wA?;3v^
z`{!H6(>`QiLbZPee{K#qwx8rthp}!^Uj-kH!LrEMUa?`0ud1ba0KJb#Krwyxfo9Cl
zx=qEHn{c1hc-EmD0R?&P8*G~l=cfE+Etl-wDHeaDK@8p4KR1kLUM<6X2BU3pxi;y0
z=>$(jWyfquZ2nAW{89I5mo@$<zAhVo06j~N7=oU}a{Q2Ce;#2J*^MoepF+8Ij1TcO
zk4s{mF#Xii1I*)yqPS(_ImT<i@qW0;`0c_mz5)KQJZFpN3PeWRg+~W5&1qb=EKSzK
zj$!c+Y1Co6$n!{{2+t{&^;&`0{3{+86t!u^FzdPM#pTgHQ94}@_dU$xh$5M^hjSk0
zu~3mr-NT!Pe`PO1vGj*6;Ha*)$?xgIMNob4(R`PCR?>Hz?|9rzbicS@I0VJxXUHdU
z*)$vgw>7Tx?T&|eWKC2*J;Qu%kjL_{EWF3MYdmd5>VwL&-}1;B9gnaxhUrITh*6d~
zT(TyA0_%Dn`$OB3gcam5K*Y1~?AnT9!|!xkh7;Ude^!k9vv~IDIgw8$kbX+B@M+^|
zA9(bO+AiD&H+~<y>|D&l*CmE-AudJZQ}D5C#@_>e!{ScEhHn|>GeSFYz6V|M2PCg)
z@;v4R`C^X1?xtb#dBwBjD~9D+FU2AGreS$*P4N-(J>$jaH=g&}`Z15^KP^ql>>4k>
zqWF;Le-jc1if3gVq&Ow*Xgp;?52rnxiRDqZie)a#8qc^n59d8x@NhAXi)Wb>C#gfl
zc&1bJaLvPY4>vr#5vMcdn#5?+EG|4cB$`kAhT#dh%%4;Kc3uqM3fwj<zK7uq_+(Ax
ze-xK2G4|i?fNkIMFpm}?e-x|OoQHXYOvG<^f4Jk}zK4@9s66}poZ{)@*ssgQ{H&{b
zJde0w`mDpY@zkLc^HZ*`SoXko409aqD%SfoKPc(o-sp@=5~B`J;u0E9eaec1x(mjt
zCPP=)eOTh+XAHRap&0k(I(iI(-G^#<JdakOJz+oOQ4MN0;71vc9SXNg3?1kqWIv+v
ze@wHjSZsTr7%~szvSU2=QL`_Sx98c2&G#rP#ujSV$xrajZ|Q-L_Nlfc?y&!G8cA$}
zkNk(Zk4pObTM5BBkLQSGK7Gg)J-(_uo;SPIH56l?_JHHh=A(LOSzOjXe>NY@1zk&r
z)f_!1mIv;EkMs%al8(#;X=0RpKQ0-=f3*2o!NcX^+?vz4*t@{*EIeFR`AI)tj**JV
zh+kxwbLggGJgWE^$DiHP_VW1|{v=;*`-?7Vn0+;)So#2en$LP*pUf(jIgvl<NBbsx
z9Zujw!DOgI-7s}%SUS|9V|h`B9Zv`T1U;G;QZH$~?1!OY>X25f`$ELNuZ#Y6e}?sG
zGW3x)M#$U=nWo8buXxMSKjVJZ@#o&!=V41frkFDPnKtX;5y<3>r*8atHFRJz#(jXx
zu+3NoPfvWDGTP@uV)R4&%EhG(b8NN@vyXKQQ~w@t)Zexwo#B3R2a?+cuX_&IIrxO6
zFa0efwmsOi@)#G>ZqD!w=Jc$`e-~nm{w8sCkGE|65m$3{;}?*0OL;tlnjA}gQu3Ai
z6h*@`@DnPAVHsWB!<!!FPj6$JV_5b!6-!&YAJ%%4eruR}-TWDMRJSSPxt0kP2Yk*m
z6U*ZngE$@hCdf;t1{~R$x}-T=&ur5Mc=hq7@L^ET0kQo)E2+FZZ<F$He`t6X{zh6c
zo~ihd%PCGAfUi~YaNV#x=VqAY-L$yudo4>-?2=*HimqYG_f$9Z2l(p7-_3g&mJa2^
zAHkPm^KrL9v8?Yh#xJ`sxvcS$uVKb*$NYZR0gmdhOMZ`^O#9FSAK6C7Nn7?6Z+C&=
zeY|f49QFA$`90|z0hIwCf2C9K(kaI2pgz5HY9rDKkxt!9XVc=+Z*Q4=5;ASU`dhrN
z;e+7&hHnQBevEqRb3R$alqnmgJ+B+4{cn1>C0O^FJH)oO?HT5JZOdd1GhgGeFX56u
zuJZd)Zv|r1)oJEy`~|FHJI0s6r+-4_>DxC9bAP6(7|-<Lm!O7ue~-1NIKh4XevC2O
zye#P?*>6+C=BsCvm;H*o$>ebdqY(4he^xB_np?(GrXBNBF8E2+Q|>J)4o*WR74sO&
z#K`w<T&l(|V0^U=vrfW|L7ilXQMas<x?z@aN3q<?2>!gvpT#94mbnl21r(zm;3p`S
zvTqtb1dptv80(!=e{S1&j+Y&aEB?Rn5A&|hPf7aX`{fnO^A81Ll&i>gR9<Xg*JREh
zZZGDsru%7?KZ#3*7-i&heO2SxXX?hwK8Ep}JKDzcx#b<hccBL*Kc(r=4(Aoa2RP!2
z#I|OyD33Zh<7$TSq^#R8%=J;r<S!svCzi)E8$Y9E=N@>Le;8>V#U=0YRm1!Rf8FpQ
zJO#6%80*liYa7qH-7-9jn%lNCL!^l*Thedi5)#Y(^jqDQVeVn}4YO~!pHul9E@fiz
zm$3h1n9s$v6(>{Z|2@O(8-2yoMeY<fB`*B`DOXf1ZCy6ZeUb_>%3i>wYV!1RddAbX
zY#YyKq*Fhye`ykD4Rar|tXQ6rt}2%2oa@H3ej3K}8R?Cfhkx~HNpqU|q!mltjA1?_
zJ!g17e1?|Evs@j;QpPSZ%0mCDXZ+pn*Ie)mT8EU+DHh){uUOVK1!BZa;8Hf8^-wij
zaKGZ}hUNDiB5%L%FkbHCSo$Y<ALkb(Us;djfTKAje@}kToI?M(06uy~w=Oce-_@{m
z68znS#pN8dsXXqj;F)>F*fYtwzK3@`9Q=~j17%VkPJ4Kc7`kz;%qcIwg{gWnbq{ZN
zc+<me4|hGhW$Ckx`d<3sUl{0?@o?6|c@GyoT=8&?82V!rxrXwh|E4F?_Hft3TORIv
zc-O<he=iT(GzA>BX-Ixgn{xh5gOB`#oW<pQn)l)sN5s8{{SbV#r?+Ww#WyhdBxKrx
z%{MR^+5a&a+TI=G;U~M)rs~hRsc4usr(&4%@|Iz-CyLR>GS2<QsO;F^Qyg&K3}YU1
zqG3L>T_v`4N6mPSk-Eiw5MyM+i`xf|{I?y6e|rlO7_4iuz`Mq$f#-fj>-=$Cionqs
z2p!>Vuh{TW$ZQc~ZaTyVE&h^X?%jokL!K$2SnkmmJY4p0)$kG6qPk+N*;B6N;f{xU
zhL7U(nr(|qdl+019TF#@LsGHWrGjFabBo4PrX2I|y@8{;YLnm7_Z|e*0Uxawl7Cs+
ze?s;pQp8pdp<&iT)-da#pg6eGU2#>#vSx1?FMCQc58pfH@tbr@hcZ3m>8o$W{FK`U
zj`Z(~Zo_Tuw>!te4rHQnl=&-K7W%Psg7vJM9I@@^6b;W}m#AVgly4ZHLO*OO4pQh3
zZN-U~UCs4ke!-Rhs<zQ*z}FOu-#FJ&e?G@&J{3#b)fG$IHH?1(aW`TfzU5yV*o`Fc
zD7%pYAMYtq#_kJeMP7gZl{3t8RSgHgb(NPr{Dy}&Jlyo~rs;qg%e9OT-3u=L8LiI@
z`a{kz`Krfn80PcgUB!5m<RRBL%(*iEtD25HLqcr+ThVwvKUOh5!?GC9djy+`f8l#i
zySB*`A(Q+yO(%;>h1j0iYbnM(-=f<x%yf24o_)#vb&*dVhF_O8OqsG`-1CL)GR)r_
zHcW>7xkU{9AH}6@_$+Yh*CkE4*HBd~K1toMJaem9e6Xfr@|%jKU$u#m{tPZ1<I`{;
zw~S9x|G%N-eb#kcQ?d9M$r!`>e-cM~KE~7brY-Knu)T9$+&XZ4KThI~9*<o(v14Na
z4h8Gs)V3-z>0#fgg6qrddieJ$!Y%IIE6Z!^^ULdN^7(*!ce!-_$)&}$_3%<@eSTqn
zeg3h@EAYpz20ToR|M+<fpL_9VJZ*)SX^-JpovXpF3W;3k?i;@<#~CsIf5#?6cQTes
zk41vy?~D0N#^+BWe!(OucM5Xjl236+?lk1;CdYD3yVIrfE0->nmQjMmmE~}8y>w}9
zp#MH-+OQO&^0d8t&cyn3hVm)Ie1Ay)M`M0xNd9ch<0g&$V>up=`S9&NUyS+Oko>ur
z&kxBj#C&x~{zA;xM1B|Ae=^^4%x@0KKN0h-q4bwxerrg6Ip(*A<SQ{BO!(zmjd}b?
z#;b?*n4cSxe=6qX_r4N?`d4GVJS6{Y%vXlee=g=XhU7nl{?ar__Lpz-`u$U-)irb(
z>F1N^CvvJAWSIYRh$p`s#%IRc=iXnQUoD0Af8c?W(Ky+)ocQ?wf8xuph)w>D?vc{@
z@@-4=%NH-tUo3@drKQq&c2G&5efw%4r@z_f0H5WT#Fqa{91oLPfz;>YaruhhJ*d|!
zj(XQUxpl;Am<07sxHI!hmrHBmTDer>bRy}07UTRW;jad5i#-_c@~dP|&wiZ#6&%`m
zHQ2HAS#IW^x+zLmf9*$j$KdnL_&(=-&vNFy?>Ro@Bsj~DmZj!>pTK815zfAUJwCU*
z@85vWavGec@3!|n^~K|J@=xvHy{GTj%6J~+3kW}m@L`0HAiRk1QG`0e4<WpS@G*ps
zBYXnklL*`kZXo;!!jB^S7{ZSu`~<?w2tSFifxvwo?#XZue}(%TKZEeI2;2{7BK$nU
zrxAVu;TI8p34!Yxt_|qp)32s~O#hVrBz-daLG*cA2=og$r~fJf=TgpnoRc_LU`}wK
zMR*0_Zz6mS;cp>)9^r2zbP)ay!fzn_U4$<n{5^y(BK&=XF2X-R_!7cDMEEkoKSKCT
zgnx|CL-;2Me_uiPrwG4=@XrwbIl{j{*h2W12>%M<UnBe*gnx_h?-2ey!ZyNxK=_Xc
zY?l9o@ShRBitt|$`Uw9O;cE#04dJ&D{yW0&Ap8%69fbdh@Vf~A3*q+=t|ELL;eR7=
za{50A-$3}k2)~c;{}BEF;r}Cy(WpN*`C0U5^au12fBu4={h9q`&iV^KbDU=J9shA0
zwg+~}q?CVUV3$l<`OgjPk|%!!J{as$obDBuJO=yY<ty{9m+u$ibmV-&Sf4M(eEe<>
z(X$)#>6=x1)#pnwpSjcLzZ~<0A^G1N*qtHyUd+o`gRwqeiTTEm{BMni?hE4ybY%4&
z+Q@|sfBy#ezV&ixHGFD*b#eaOQfW=<`HJh^d^PAGg;#OB6m0MOh0^*n;j&t=XddsI
zrcpb|sRI_D?TDZ0%RlCmboVc<oSR?rGkVNjoebZ}JVLDhA6W^@D@zL@)Cn)Il~#|f
zh3Z(WuiXa6Y5npV<#R}r*F56!+O*F#``p84f9CfN_uiF-#S4qDyz8avdbqZNgy+}c
zo`mP;m&0?I5!P2$OAF!Ra`@o;-}i8MVP*Bwyc%f6PrLAVc)E0H<te1Fw76Uf&#ji`
zpIi&m=gX^a&xG^K3n9^Wzg6@5E|sq=&7Vhvg_X;w%RhU0WgQ=$UR*DSYm3Vlmr9{h
zf7bBK2hYG958t!2cxiEYp2FuaV=<T2k|iavk1n5EtGxB)ASEv7tFZd7hu=lzOf5+<
zbiaev--kWn-yI(l^K-=Qj8CA=Uw;jE46;lojdUa@)7dl}skEkl*wVV<jv3Nim}1o4
zllbO=3#{zLwQ!#G_vDFiRTW-ZIX}O&fB39;iz?4_IU|;q-*$QJHk!@h6shN1+<Vr}
z&sR$56U*zXD@&;S`PKRJ>u@2$wae$r;rv>7_<Igpf1AYGYjL@9dHwsP@!u7eB=Yyi
zk<x>2PcR-@5j)YM#~9ZAN8Im?kE48Aq5=Pkd@~{6yo$RV$K3nj{h}*K`e@>Ce;xho
z^6GMU?CddgEqpq57XOaLdYy9jKDDxl2$w1tQ0Sja3u`B&&)@s(W%xJitMkiiOXv#W
zz4-^wCZ)CI_3-JH)hENJOG``IEEpklV@zMZH0`I|{b=u-ob(gX?g{(;nEUPVMXX1P
z@B!H0-fi{BW{GQqgJ2#5VihGge<5A_;v)O~%H?%YZMC#^d1;-+QyJ^O-*B%?z8ti4
zSp<&lRB)#jSFxsfx)ind{PHtlWo2z`5hKFd0i)sK@*0Pn4$6TdGDa^gUM#P3h|Vuz
z%q=`a9ac*$@9sD!@<Drq?(5^P!{@J$`#t7KuD{?jQJ-7g!z)iy8|?u|e{v~YIe-50
z>S}43BX#A1lrYvHs#m7@S=dVc!i9PG=`-DLclV;%S4+~^G+C%C^tX5%9zzdez4s@y
z-tTqqsa952*J0EoZ<wKY{dZw?<x*Ixo-Zx2`^<+=tgS4+P3;j3l=R>Wi%TU;rmx_?
zmjj;2%71VQCU{yh_1Wjbe>0H@r(G<(PVHmGt~_NG)>8hq<!?{^@?_Pk@)NSFlRP!`
z>SRX#=Hzct{_>>MtCJ1+yD5J=@^?%A?#SQZ^_m|~M!h;YCx7$uw=92a_Wg!@YRTWO
z{N=f)S0{Jv`y{q*sDB#QtCLyzTi|vM{*kW;!*fbe8sl01H@NVDf91vXMc=es!K|XT
z@R+-M;#K!1{5NFgXf)>I83}fB9Ibr?Gv&+ZPY+Iv!RkCTK|9bF%SP{H^!Hzr??d;<
z_%Sy=!G7~WNaoRRj=9N+5aF{-J7izId*XF6R&}8~U?$vM;rC(1%@|tVE4UnU_e|(D
zYuEeideW|^?3zO!f0PgGx(_9u#6DH{(8@{$oqToW@<o_Q^#9eBr%`T9YbzMhxXSRN
zrKW8y!QP+@q1zhgvz|l+)CTL}P2vXcL#pSjpYz*C#`lT+(Nd1#K8cp$3B+dEqgr4;
z<-XPjD%dF~g%6xWc9)SK4ERtkAxbbM4*RQEJtf@3rKd4vf3KG=uB<+z^@80El$n0a
zF(5kUV?eA2UUL%*w*SKTZ;<$Fm(O`gXnv1csY18U^24r2obIVOT}>}U)~~{g`40F(
zmoN*NLSiia)OX)N`;?2*$srxuBc4XfD^I9pJ?wM$m)6nsWNj$rKV$kFb5qv-!}Y?J
zjmpn@kMutVfBk*_Y@AMFh<`lh_Yd*Km`@Jz=VJcA5Wf)f(?fhE<_`_=tHvL34`W0f
zb0Ku6{_C-PdPx4Mm_I(mS7ZLf5dUn<-#WxU7xS4R{)w1BJj9n{{>Tu2A?9a{XZy`_
zKMxxiIzi4~x>T{bQQMS;{M^dQQfYqq1l`yQY%>NMe;gt@2$(LODXrbMyb^T)xFf<^
ze~`U`x6&(~h{hbw4jCVeztDZn`@}hs|0qwnn`HE0@i}?S9fi&u4?K<f71TaIvmeqn
z^U4#eS)Rl6*VGU^4U+)XxYKeXyjWT;t#Z7szy(IzsSfIK9C3N1#ulZwq3OKqnsly7
zMLb&8e*p&3Z8~;tqcMa@ShI3W4duh}&augHb;O;Xp#L?6JgN7c?tRNk&tM{+UkKj|
zhaR)Q1uP_<sgzdfb%u*Jztef5d7EE^<AJhheX$=dS^K`(Ju>lTcSfw~zS#bJFXs94
z<rNqy?mjKAVBXeLFf*SM&m_EeVF3=(T3A_Ke?hM6&zzvUv0UQRy+UaeQyTaEm(R_c
z==#bE6rjD*u@LF-7U(eM-s}o-yR&VtFZZa-HQxzK_*!YvP9C&=K)>L%(xW8%MFw*0
zH)&jlb=0(2f0PUGJ=@_OUOPOpidtrO|K^&((qF!AI}G%VWTJX{bmEws6?<QUPo#QA
ze=__=#|8B)+V|1Cfn|}*PxP8Y{QDs4(4VWce{kN$(-`t^FjEIEGXDc^9J6=yi8I&{
z_}!eLqWOL>FKWJ;*QnHA=luEPdO7Udlf%Hz(44NH{-mQvdA)R#Bhx()_eZWY{F(l>
z%CP{Sdv&oQyRO&E@4$%s)S9rK5;u_Ve}sE_{(@KY!!46|&HVP?Kz=tnY*swAc)oPq
zJojHG&w)L?)`NPj_Pcm_ap8LP8N$2NKF1!RH5tNMMsvqE-+trn`ngPv$VKO$C?8#?
z9i4b(GMbH|@%BgePtK-;@=al6t*>4#4LoDor3UuuzPWxl>4ww08R=b^Us_{(f2prc
z`;bL?ymId`bZKwiO{4YB!YWT*<K<qzjRN!utn(JvpSiZ3(h~((ib3lzzvEth$8R9N
zNq2r_ZN!*9K9pDJPI&p8xPg3ba@a?~O7z-No$zwPDcD{<x86WLQ*LeXQe_Ek9@)=m
z6yG|OPsYn9a|8K|yYl?Cd1Usqe^BVAZ(#he55Pej*$21=WU9ksHFSq=AfKDu#npKn
zFmOGKaOk=gFLZxk`zc3msC?1(?DcX!a-Ezx&U#oehwk?+|Ct*qH+O}vZ*^y`TW;}x
zCI8tQDmV7%#J{;-xo59y?+@NUev^)l?Dg_G_?q)swEm8~oF5q4UkGJye?iyL_rM?e
z9PQtj?k9aa&Spd**UEZBANNnAyQjnc%Ot#`$4*c?f1N*x=ZwR5!zstY!F(m|#9Jbx
z_CxkXJ{9B!WgXrV;r<NwSN85td}@5}j?M5+1?3s{o870-^si0znEONaz6Q3c>soW$
zzNQW##36*zgd``9!@Ur5f4LBv5?+36^Jf}<{J>58QX06%*Z2n8*S*&lOePaColJ!?
zQAE=SS<%xI3egkFM3pD%t8i3BsH!5=hcZmXR7@3BR>-T+Q(lEeFC7$Bo%z1C_C7!N
z$A*Ty*Ee%5IOm>y_St8jwbx#I?e)7_I7;n*Wxnz1y>4A9=Nn^Ye+06FY9qP2WF$-F
zNBX|-2<ms~_$fb28IfMM+wo-93d(_yi@=VjFS_uDG?3Fwp=Raryxkwqr#m)9u)%$A
zRK8Wpg@s45+Bm-brHo^Ft8t??5HpSAO#J`M<GA)q8OIZM>o{T@>^N2)2gj3C8%NA*
zJ1-%Dz%IXZUYE-$f2Ce%b*Ut$tUNEvC8;-JURILNuA6mU{^{en?n@cZ^LLff*~;TF
z+juVW$5VBr;Q_5gXTe#CF0~qsC7i0w&o{o5`B~m-+&pZ@leGS=vbV;~;xBQ$A1)bh
zO7khxE~Uri^!;XYEj!-DHvpfg15i5OY3cltuPHtOA1r;Se~b^a;Zv|~Tkdt%bvvkc
zz3cYGmx52_t;WroFA-nXeBtpV-^EN{T&DqlH-5T%D1rZM<A-(L(syT78c>8v^q|SO
zdePCVE)V0%64qqRyc)J+j5~b|KqZ-2>AWg!AA8Oj`TPxd!=`I|gUSOvvlY*5x6cF;
zi%X`%Jf?EYe|^fkQc4YJl9wKXZoIDuZWi+7LJlAsq<k|o4)fgtwdW$vhK$+DuPHYy
z{f?RCQsEv|mK_Fg;{N5>9ggoRea}s1EIXV5%!Ws+?g^ho|86(K!z=syS02Wn*VVOd
zcz9i*0DUQ`f3ydsa?vP1Sq;yiD@AyhFx}*H$Tn#4f16e}ZafIDIuos}-xoKZ*FTT%
zWwyVQ(05PZ?3ulg)c1*`o|?ibv&?MF=V487Xb^gG%G{}$;RppvcF5wz&c{AI&~O`m
z4K{SN_d~N8$cfjYed_H~I3JIl77g<`Gt}VW+UnVTLvGry%{TrllGNM7k_{R@{bPN^
zKkzN9e?+g1yU=S(9o1V?4=6qJZ7W*w&D5)m3f1!YzNaBe$Y@o3j93KddsOe62Mq5t
z($XeEA+cOKw5-k39~Y2ic?$agwL>6qq^{rn3+8#Owl4y*M`Sd1%h-)TMsdNsKz&`q
z1LmOUUh<)SeM7$=O5~h3oIU`vDzRd*HeB9df4VRd7n3VkH&7#j8~sqy=k}xPp2;`7
z2l=|wUr~>+%xo*{@63&REkQrgbc^>OW*ZGC_VB~^jHbs1<$11y_rOH+zX5CY_y0io
zXakKO_4+B)2*$T}0Sz;~kQK5vtJ)g11S9m=H{$O1LKyM_@M1BZKM8z*t8oQ9OhoWd
ze_O7MhKj>cEabdq=FS|>lQ>^Ox4!`kBQZ5|&H~ga`IaNJ5kf&hOru4wwk^9apDW}B
zXo+$>)+=~+&V0XNue2w2A`$$3#0-v&jTY9eTse|Cl+PT@W)3COv_v|T=_>%=3P~9K
ztxS(*S9bOEbgy2YD-7ofJEa~ifqgtKf5r2&g6GtF!?r_?&CPCJ$UMLm=7E%5&phab
z-rQ;=VJX!Q!x`!+350AvOc$~Ps*?*qL_@vw=qQ2cY8LZDG<*1NF_VXB63oaz!ZLY|
zXE*douK?GN$_#h{X34a@P;DUZYxz=<qPz_IiZ-)_`c5_7+Eg47840Zyp)M@ae@tsE
zi|sb7&eg<=f_s>7K@|z(CQgOb=vB}G%C%36{eXKv<;41))qD^3YiyRL8hA%P8^zCX
zgR5YA<u^!tV#Zw$ZBPQl*FPq+`W4_dTMp>dLh7>zvb2Gu7Y7!Q0?g(eefbZFZkXE#
zl_rr{-d7+%W!3YM5o6$EU((y2fAhLw+mRcA&F2;!8Zj^x1+9CH>$)H?z9&arZnRaH
z!yQ69N%Z$s+g}gArp%MZ>!IBhA32mhOiM19W975JP1@m6zwCES4cG!u6={yC&?8c;
z^FmO0730tUujBu5z^T=6h49QogVSWd8vysd4<6#E<slO04fKt0Chci8e}64jL&t1?
zot~ZaqaFJ8lbDaRkSbrt?v2n7LM1{y(9ddg<1(zUNH?Z&Cf)eD*)mLWX^mTHVfL+^
zTfGE^7%0-8J2WzsgUVd&&BP*878EgqB;AmC$@MMpQ<#j*UuHJ`EH<t6ILGme^ST*y
z2G(0R>UBGQvHXZVPuMf*e;dos+ViwLcU6w0t!P7z?Q$g5hV2)Q{3E?+5&Ic_Qeel+
zF%NrNs6E%;l<hL&=1sdFc+;21at-48Q#3G_Isk@GFeoR=OAnmi7`(TH)MB;XUt-CO
zs;KV_Q^(+UGLpjzci2m8eWuOpcybpGPr;U=<0<@t!Kf&PmWk<*fAdd~@9Jp(ne>bO
z*laqKXz`;$O_H2xuL^-FwU_A645VSA$sTTmp)uvQthx0Wj;LoovDPBaQnbOOhn~lb
z`lMd%L_aRMUk_W{xcOM_^7%J`*Pp<eZ3^=QMznS<O3JMHSjroXa2rAyPxy4D2^rZ)
zAGbc^?FY*u_MWh8f8DmN+v7@u2~U%gL)k*czd1rXY?z7THs47P0rr)1k32PXc^&OP
zhdxg26RyDelvt{d=^e4NLOJ1hm*5G3NWOvcS7-7G+);GG_ni=WzY=r(1DUyRTl{#t
z;RmSGYTg#hrFTN#^=;Z47RG3H0>U$t854Gs@1gCwR~XIgf8$z|4yIavHV+v(jM&<|
z(d@nhoY=)tZ-bqQFdxBVb{K8H*#EDAQ`wNsdmUI>4rZQ)Au!B}4kWwD|M33vhFqsG
zMc!i`aAwG^I7#r8JFx7L7vyIrda`3fnRSn~bi*hK@P<)K4yUxhg?Izwm64V<aOXoA
z{KtZbx;{5qf3QsC@_?;uSw?L5)~<~^yLax`v}Nl?!09aDG=)Cz_CITPlsy*wc+0|Z
z%B+C(`2cKtVTv1~)^1gBR0_PAn8?D?2qQ%-oMYnba-1C6TcWMw{vj@{zYARD|6f@8
zJ!S4St~&&JzWj|s<7wM@PG~&We7=co^Edyun$@tYe~Oz^Lg!COxmyot7x<v%t1(xH
zGT<k`SzxO;01XKF;enwvjK2yVMgmsQ{XX7Jf;RoAj6U6m)x=rL{aD`j?yU9RmwG=2
z9yb_B5@o)4=6$g{9m#1=X%BV=^@PuWo_h+OydC@V84wr>f=6U^PmknA4iD#w^qX*B
zLg!REe?B-KRHhN>iz8ocWKFuaY+3e181D1ogBNasE2)F>-GC+g!avT}gy`MRG>{In
zpYP$`l-c2Pr^=f8UBJw<Emz@I9qy33eZqh2F`<RTpt)wL>-=NHB2uxq`H7{!i{ZoW
z_95iIg<FV%!){9ae(WJv`JmU5OeQgl4))Owf6cNvSMa|1X4|gbZCh6-aUdt%YCgnV
zLDU+&F;)k^riQDi)nGPn>_KmS0^EDAVSW3eI(Fz1Jh9i9<gU!vPWY5yYu^R318UI%
zmW}qhD|%q=hL^U0&vny(CCNgI!gqc9dHF8B<v#OE;BE{v=zp7z_Lro>?*ac)u$TY3
zf4Knu_ooft#r1^P&o72crGo?a8p@2VlkFJx1be_&jbdTUlzgzoZ_%@&9pQhZJ;n`M
zPZMMkN|-qb)rS{H5oL!#Djnwr<v)2B%s<Y<j`m;49-VlLt^-bq(Ebfp#PAxTWgeL7
zGLqpahEj*<j-UOS1Y~&Tyk`4cyQa(|e`Z%MPfERoM#{GN0hlX;+WS5cj&P9)fe1*9
zHa*g)<FX>&0UAZNfR=~ku!OH(t&-%wsizG{CHaGg_mhvKg!>ZUxWw^sLIL*`!R-uN
zo{la7@^?ITR5+t^=GP6=^~zUGqr~mzJCGig>*W+$n~C~U0>C;mQGH4gR2J}&f2@?G
z<s7H?gyLv_rr_lZ_MZ!`^}EgVBkq^^4O+j|a3#YI1727n5&#yGD)5i|v4{S19O%VO
zI`CU~DYasq=okWz4^f*UhFCnv29DxUdav{!WPAPIaIQa-wD`w<Q8wc6hvR$(fH(;_
z(FZ-?zqd;7FF}%k94}Z}1)XHPf9)P?P_~fVb}6b_v(myS4NrCCLEh03n3neEu~M@O
z^xN%@yvNYX3FELj!sqKpMdbwH;U*y0d9Js;-fd`s_Ar!SQ4&@v%M$*_!t*@N#3wqG
z5})pl;1gW4=#5o^P^_0U-RV5|1C<d0sQ7d@JHH9iVy&M+g#huQVj`bAe{6z<Tu34v
zzyKCur12(ybK1uB5hk+-v2XA95&<I!{>f`;Sw>rF#|Ut<%Qb2=H(C_mD3Xs|xnh1F
zSrrQWhKj=@*tcAjc~D92cI<YY7pLs`tUX`0XNFGaeq^ydQ~t+x?)K$(*038!5m7G_
zb@Zh@7wfOL{!d^ELDOhIf2})-EX|TZtHJE}hQq=sitAO$j>6(Ee2y?N;$~W>hxCUY
zXV!0k5FxM}TV2TS10cLa2L6T=X9y1ywZ}UF`u@8HS^po`dCP0%v4`-j%0JT|^MI8%
zkhswx+>I25jR7mL5a_N4rp`2s4p10wWlE%owQcmfM3w#=rGN)Uf9Q%OUYO$BNqho@
zEEeqd5^p{9i*WSJW*W+?(~4u?ts~}PIqP_JVVt<W&NCewc5LWO?i$049CoWKsXND~
z(G<r9R;)#<lMM;;zbrg?)rmFMzFz3q-BPEs{hzTq^Zo<o_c8|b$<g|qt~%cPF6PN3
z=ppTFc4Ds*crLR3e-%8zJ6F-l=d#*=3LL@C-1JaxBVMKI>qd7wZ)b621x5E>Mr7Hm
zQmND`YrhT%6Ur(kJ`5}Najm3~^USAs%kS{NryjYeuwMS50i;Lf{rN}fgw3AOb8Ii5
zMZd9F>@>>D<=O9;qqoD~AG(E0z=l%4Ut2%oXLbg4Id3l7fAbZ4PA%e&y-SXJ<v1?K
zV{$x&qds>AzvOwG+5WxsYt0Pzfv^ZH4nc?p!7_xJ*yyL>KPPy-04qatjP()aF<T&0
zEovFmDGtEmAC*UGfL|QtdpgWQg5#R!Gwk9pPiQlAz5ZjB{I%x7i=E}2LLU}6|EG{<
zf*UjTZwmW4e_xw|F@3-+iq+YDFIn#JeQ0QaQLYA`=JTqHE3bDy)_)JNW2lRJP<**q
zU-+MOIzLp$HuD=ekE+$vH>fVoy+QatX<v0;v-iJRJ#AfeWYPX#d4&BB>%6MJWwv_y
zmM%c)n;|GEoQ~o>{GKB?6Yp+u>!_;PE&QEz1!rV1e>TpZg8NpjuA|p#7Gr$57uk>%
zrYN01?BpCe-gSsESNart$^UUPA2Z-F>^wyd+Oi!S@Kdlig->yR3nvRa=DFuo;z_BW
zb$gNhY~0L??IHiWHozO$+sAsnYVT94xUjWGo5du`0m7CK)!Qk>*K2)FN2b&o#J!*6
zavA>rf93XYQ9B9t%h^rL14XFZPwnIT7*Vk^N4sub@!6S2<1hY%(J-dI4i@^cy1LS~
zf2h;ie}5}$$ya*j+Qwl{EDZ6|aSFE=wz3Jsl~E*SgRATR-`oCjJbLjQ<x}0JlMxLB
z3$a@S5~@R%#ZS7T!sC2sY*4&Y$;#L}qS`2+e|V@L9;w*c<+1mL2(4fH6ZTJiqePSM
z{8PE=Rma-$@1h+BV}h{%6F768r`<fa4tqoCzRVEfGtj?F1j4fEWO#@SI<HzC@$3cb
zlciV-(+~OytMjSE$PNpCqE>d*=td)DIwLvkgh=(P(G6W^bY5RvQ$DYwtvEWO5DHt>
zf4T85ANR`hC)#dw{xH^1fZx%YGvW8O^rsTuO+TdeYhT2VTgD&laQqj!@ekH(Kf;;g
z6IgEt`DNkHB;ti1#sQ*B;e%Z$j1kNMFed#z!Pk%u2Qt{)wxlS;S%pJpY@e*>jYeN~
z?c+YZTKP_;<k9Cj;z`gD`bB@!?66xhe+XXW+t^X@#!hg>pmpgeur{5y<!&hveH)!Y
zZ5)H4!^?mtG3OV0H?Ub(andx!1y`c<MkSkkMt?QRE~^3jW?%=<jQG`XtF-YkoX;%e
z=ea!givF7`=?e?8Ed&T<7Zj5E=cxb_1=o~;&sKh)SWqb6JSW!KekURZ>L2B~e~+r1
zYQX7qsVGB-(sZ78{n^Nn4H_?_s7~$9qg~q}1ax-I$C-Tj5@dR;L{I7CAK2lSu2aOv
zrd7du6&=-Jz9~N}@qDOKk*ylA@j2|rxCc+?^J(#*m;GNVIxoX`=H_J$PyW2|gm`fU
z!mdhm@FL1}KUI1C6^CoCzWy3ne<|LBVy}xdaF^)&$c4F>0YQoLk`GFpKRrwCjzo?K
z*5#)ne0EUYTc!M&D&@PYls{Xgd~cQVzAEMYRmz8|ln+!XAFNXTT$S>XD&?b9%JY%(
z()C;HOxqMMZu8eQjbs5is_aBU-a3&z3@KW$j|qG0%)B<~bKL(bU($~Ee>;BK@!#dG
zMR}93CywJy*zRopFV*<{^7jQal<kr}PCOW<kL6F0M!N3^^U;<1I$J+0&ELg%Kl$hT
ztMJdh7muC84jy5?_^)T>iz`F665bqLZuh@9ldddq_!BS+g<$0m?|#F0qnyEP7!&4W
zoAJI<d<nM_#gwqGPk<@qfAFVFM%UZ9b{|-2Ul@K*7(<93<KQF$zBXL*hZXUnQqN}V
zS0%iFf#es)i??URi)(`;>B(q9@nR5X;)PFF0=EF6D<N-!8R<$;@A~M<WrSEOrz@qc
zMX@F9DKIl#sl4x*>pXlxJj3!h$_^YI=|;Z-JSl&o8Xc+Bw^Dqmf4KiyIx~JapJWLF
zW&5eCe6apc%!(hCAy<iRbfZ6_|HavZs{0Ob`Sd%boC*3X-FXP}DF#czVYFL|j#k|F
zS0}4taJC?Ur7rcTziXgQA6f%wQ+T}q{C0DU(JpDreh)Z%>RTxpq&EZt_7%dmy`ukp
zfO29_<izY>-29<|e|G1`P<|5f@}oEh`a<gQXpe-bgdw~0s(L)>;cQyF;Qj2+V!V%b
z=*>7^!Z<x?eDhMV^Hm*zvpK_O@1s#q+7Ch_p#w#YDNYKiXonuI?>QJD*>OMKbVcOw
z=S(7Ys@3Yp;D_RwrP!ObLe>;F%K;J2>tYbku|=W`ws@4)fB3Et@Ym0BvzTC!AH|T0
z-pt5;gwLdM6mc8-ix7#}7?*vSu|pY1_gj{>$k?|q$Yl%c)eF>_<-C!i?@zH@A|1Dy
zHjJdqa@2ITY~(GL$JCB(IrIW8F^=2C`#Elj*m<1ESGw{uxF%dr<4m~zh4C~XnFd63
z7B1Z7`EiP<f4g%QtJc>e3db0|cc@oM#r8_O;&1EgNi<lfAO2nR9TSVGADNWnSvgM2
z@v0n~za|!ta%`7luN+6^cvOxj<aioK>QBzw^JOW8BLMzHpNU_H=_ki7IqsF?xEzo9
z^-kf}cWh*!BlVxf&fuEke!uZHsBNK0yPR=hRNCy*f06mV96%#dB6=I7(u{&YsWc_l
z94EF5Z|3#TD$A4HCsU)H?Qg~C(U(*splNv!ZO7dW;-K-lXuKR(XKn-WnD^b<tSvJp
znwAG~Tii22Tr@tXadO<fX8*aU%-Y>w;NK78KDc`eagTrcUiIg9_ZXMSeW!~n;O@Ej
zMS9=Ge|d0s@4-II#f#9np!IIico2IK6%_$4>CvNKevd@V8Zuuso#}lC4yE&uUrJ=M
zv20&<2w^Jx{?Sg{Jw<yI*KgWhy7JY+HxW)jtP^)Hi07toWNZ?5Z@J%|izVXjwBdVL
z-^KoL<w;x4SRJk`B@p$;(aLh%-L*o+70)&qf9nn>(huKcw({h*vT5HcK^B={s^fj=
z3-_##f;JK^O}OS>)m_iUHTS6QdLFL1H+9$Zam_ucyKa`fba1@@*W81;`wMZ+y{Efo
z>^$!A-1S<lb1(YWoLB$R#$Uri07H11@mVVa1Sb_mej$C3o&&VrgJPbskS(GNfZQ^W
zf0~%kV<{o!rWvD}7eJ0gw1Dj@+MzJh`n*Z%2R}ly71;UoAQ_`f&y$#cYtYw+v93H0
z)woLfc-`xHhP!2c(IwLkx!W#TK<L5-iItdKi7G&}<uq)7u>ol{Vy>n8(PwW>DrGh1
z>%fERJX<5}a<|QP$*-S<|GWqK6MkC?e_6j;U^wRJQ;W9jLSef|Z_ez+$#l7>0aN&-
zPug1eUX@?Cw<_P$ZT<G|&^X&Fmy-pMnt@^Iuf$oa(7(2Sf&NV{(Rs4XY-SW0-=>O)
z;f!{G7SM7icLV+l>pni+={JZA2yeI#evllIw528dFyiBS11}I~*DPKzFp9<)e~K8{
zZ&I}Ufq{`*Wg^z`9KYY%crm1Xl!53xAp9=FpI+e~l#`Ege)e;XSe+}sX;uRd+eMew
z8HrD|Iu?yrb-CU%l+6V1IfC~v`eL}8?-@in&wH(3{{w~_<8GCp!$gV;pbaAE+d^p+
zK(^;%Ou2cH!1s;$?-lv4yw}Bse{%Jfqu#+ty=ko5jPs;1t6V+O*6~Qa(^AjHX3~0;
zH>AvZ7%UbNV1PKn48pVr-QS}oR?A>xE+E_!+~WI4qo0qo-z)9Am`tu8Db#x*QjeSo
z@g(W&B1EX}kr;`n-Dkp-eyfEYoC$QEKPvKd?%g#)t?p!w_};)9z)h%ce~!b)`;8x+
zkR*^HBPC*_1dDVd<I}GoUXRkTI~y(-#$3D!(d9{qz!<_ia+8(vyC{wqOczR6_nRem
z7-N!}23??tw<+*zinkhzGO%t?d?F|4A(CO#j%$hSN0a|GK`&hVL+u4?x?Y4MEC#($
zdDkiMok2gMa!2CdQQW6}f94UKPlC@K$GLnzbZ2BgBuWu6xz8PP_KVg0ZWCyac8VU(
z<jcS6`}vXBhg|)Ht{CKPa(;{b>5)U}{qPA)?#rzl%pF=WmRsSXmaa&z;HtGEJF-IJ
zYp)<WtvJ}1UdbUwekRN+^6gt=r@+CJUmiyZVqHu5JHRT$8<l-fe>XUe`Z{=xLr<^q
zD7!HxuL-7fw67sM0C;SV{S(gb06(6@alRaHm*Zj_dzgU~P_BbLYut2WPjjm+^`vx-
zl=At7emVFJ$%=6+N}IszwwfO84^U_q+QZr^HEu;);d|`Q2<aboc<^fk9(H5yZ5O%M
z2c9B$ecdn2q~336FZDD!FTe97;4vZPrGD0TN5<DenImky=&IYJ(h`jOu6D8WGUnTn
z@eRZPj0@d|m;9OqBUoj}cX#aU9ZF}uYS4}l72VT$sZ>(_30}pJ8_(g+9{6fL=Jn*W
z!--9@{Y#)LD1?eOm1<eG%v%a${}vp>RkTC1)uOy3REPBMj?#X0q*5zviY|?J-7c4R
zn*|~#)35|QX?DjZaW0?7UbS(yae6DyW?BEx9>=*CXU^l@PEM>ovO6=Ez?%ggf5iSf
zSr}A2J{~&)E{5~CFE)L<wI@Ug=kpbNZUTSBYY%6{r^ivR$)9}|8<gV_IZnuN($**6
z$mgb|^r}3^@oI*hFN_Z9$>lq=|68=TpIl(+Kh9GaIk8LyH%BH{tX4*m!vt>3;-G<i
zBl$xTg+PQ#VzI6+D1H!(^>#yGe{HgpaB%Yu=Ze^Rz>0^y>!_a{DQ2Dk)*S~$dcC3C
z!<KsIufje7vLViRiR~O@LHO6V_htW<xcn>O+%W7d4BQb~RQ|5dE*O!sZ?Ii3`+2wN
zq=rZhlVk!(_-pYtboPMUbK6@H**w=fXP2h;Rm%NC{XER?h0p^reueLCe=RJLlNVH$
zBiw{orC=+wKnPzpF=*wkrE;L>q@3^BBzZgrvexU|m(QhP96Yv9qOoYeav6iLpMZ-}
zse4m)op#be96=YK9xExl|CEDt`fYMVjgTOv?Re5AIEc3=`VWcc&%D6Q2V%`Y1RT+c
zKtpbNG{BTz{7SSRVO_eue~Wx3?QA7h0atg#DVf431|BK8^=7t)zz>%+|2KZ53i6c~
z5xL|NqJ1nk8|icavKk<2Bq%z1gqf-7Xe72`ptq+U&c#e*Pu-m$#}MDEca(3XbWh*g
zZZ>2Xbb&Miq(r@#VTYo$9`Xkm)5Lv5h;vgJhv(snporr%sB$<&fB&Ujtb3R8`jq^E
z+9)Q8XZ&-qn`QM2_ekN)b{dUF{cVH?j+>w1ucB|#_HYlXwki6*TR2X)s2`gBD)M53
zF^(6qkx)7Se=%(Ou+8h2ez_6iI!XV3o>MrxdFJdV#s5j#hxgYQTy%2C2sM;Na20|v
z9HZnd!4Bw2m?$V5f1MuV9oH!f(2C6eiOTVACg*8CnAe5<Ie|0z{0W>-Vm)Qnmw-RG
zEw1*-$YxVf@1cHKc0FI`Ve?3>gveJI*TH(#i(?pC)!rjw6{5tT!$^JrmMfHutF*^K
zKj^QO0e-jKaDS~6H<$85^w+AU=PCJKA5ydXXb}Tt{P8}*f17dkW&eXS`KHBYJ%ERK
z%e)1?<1HO=8P}!x9zIXLWDvh3z5>pW+Dp0aPma`o(w+xjcvZ@D9w^--zRmOZF-Pik
z7vuJS^I{JgKBsuedJZp3^@KrQ7`=0&?SvrfysrIyCH>?1o0RXr4fF_J`r&Z2RpT7a
z7Ed<VCtth$e?*t<#~t7ssNbsK{vrK&hnkU+{6nRl8{|K+C(!RfcrplT)Y_kGUl9Du
z?&qUE8N>taf4QH7mX~^2DEw}<_~>WvL^~brV|IOJ+`6!u2=N}+7c0lpI2<P+GmGX`
zLcA1|y#jd<vkN)9-8U=LdlhBJ{CdiN@4{YRr-yj|e--#$j1@6tz1Xb(6LJ)CKHU|X
zPvXuFNmBS*2p7p`Mi(UeC-ch2&z*0dcm6p698aTfKf(VWL+ZqwQDM82gChS{xV~4l
zp5Fgy)%zm<lkZ^sCZ!9K!^xZp@i9O1^EI6f^+q#TMdPjp`1|vU{SNMbFw6b$n}Y8S
zp8v%xf6t$r<^G4W+&@3d{a?;<|3Z~<E9di$HYz?H!I}8<4D()RBugF_WsN1}HnLdG
zLaHNGwt(S5{D(9$6-pcd-3_TZvDKyc=y<$oLU8b$ITCBe`-q359_jm0Ii8T?X*ph%
zWAlBYFUFC7tlusry>c9t<54-Dz|rY>e+517e`&c!{2rXi?*;kBUblX0$3cVNFTqX4
zDko#EcK>T=?F~=}@-tmHYx{4+g#W=c*P-uWeSz#a_Cvgz^5<1Xe3(Mqf`V2A59AY+
zw?_KDePd4Bq`G6a<?PMFdyJqwX7x@^*NgyLK%~ESqlYhnH;nE{SRR(2SGvz{`@YpP
zA{La$)op_KP=uZC6J8fRDerS9p`0h^pnv~3?h_u=nG#OaxANIVq4s6|qn!J>JK_H;
zQ7A(>hDH%3N|bW2TY+a#jCtGMuy3TUjrQzo5uXGKEC3B6DnBiY-CtXo%zmibMpX&}
zOcpzONY%&>5k_^Fz@Y^gf33JjD8D9fD6ik(M^|Hg<_*>Q$EwtCjMSgw*MGT6{W+2P
zU-9d|Ql<V^BK4d6`mb6%K2qoGNnRB^9>q1sZO|`&1+d~g()-=^ewTm$WqUtbFJbF>
ze!XM1Ugi2%@eaQC3eNhz*KGZnpF1P-tl2zbI*VBZws3v{fkGT{msg?%6EmK4e*YfS
zP4Ju*B@s15szC~*b<&#NhMWGfq{Qg5{a9bt4y6WEH&t!PRfx1jx<@>3E0>+31s6mq
zf6snbJ<s5lw%+oxdj1aARrd?n|Nm@uB4vFhv5V>A3j$aH`m&@#)j}MRW<-cA4kvBi
zDp*Zj-xF+Sq&RH#dWB_|_@V`BP)cWq!Y~MPDp6>W{<`%?*B3tDokm8w5DaH}o^<5Y
z3);@LJj3;99QAn~mFJ@VODyk2xm(}e{*iq9<4(`(iwqI04vP}eU1<;!5f_Jt;g_<b
z1vP&GFjV5Ug?EpK?k+G$7zJs6DBxw1bvP@WOpF*w{$-zyo52SV`Ktig29tEt&aofc
zPb92{0?CRAou@0p+iofjK`Me*v?RTd16O%PO2u3Jc}YHke1+l-*UzYDuwshNJoeUk
z>FE67xKBRMb(c}O!XCvlKPTgl=lJ|6&QmJj3}#gCFiA3?hZtcZtVK}S3eZ#jZ^+p%
z1tEUKD9LX@rCE|=5hGR{=9iG91sg`8!wSfEnB(tyzaP&MpEqM4;OBq_L1o|yMk19I
zyZsDp1EmLX-RJHp>SV!idOSN^9Co!WUOWCxIXOfUg|$@Nj0>lE5|{C$1r`%fMyXF<
zTO6Td<Eqa)iZk~;Tb-90r3E1#1`v2o;SYJ1ptQ)d@Jsy&tlom}K_Jvo_$QH`oRF7U
zr3D**P;UrN{jFH}@Vc{|k<RpwcszMX=@i>_bc%Ag36%4D5#M)&!5l%Nux}H+nCQCt
zk?fPf#*pQ8oR(@J8x-r5g$4~H8}yX&o#)Kkv9)Ml;+~)cT1x->o9@@|pO5#J1{z}i
z)_2f*o_~Zh;go<L(&|KD@i&ki_rn1(rVIp^^Q8qS5#xY!>Y&~K;9N<5*Nk$0=hBxf
zrUe)nsS4luvHzW2Mg7ipoGX220_FV99j0S|mt3X=8wm7326lVvmI0T4rUfj2gw-t+
zo;L1edI~G9tqU|(rwuf!NE(fOC;Q(q!sSQyJ@-_6j~inTZ&8Wh^}I#lf2N>t$bgRZ
z7568*W$)awOC~p|br8LmG3RyCXZrVq$`Ry|J_@7;c);&eq<X}1k@Ed6y!RyLeLK!m
z=C3096Dqi)(cgSp<6`}`ITK0-F-FaKTS1pFrv)DYXqQl@1so{6$pclRea2+09qo|r
zO`rt+4^r;*vHx8-5gzNzKbYzIdUM6zpRUiBl&1w#7l1cY?vCH}t}i!w7j(zLi{<~&
zPI!5(m;R>(A%9k;V|!6fyt&e#c1GQ}K8bPflKQ25OT6Md2pN|Q55xGR;A3@pzJx2V
z1m$|@-ZzbF+8<rS`4T=h6Xwr+QvmESbo^-Cj!{Rp5TtYz3wMj!ec67PppO(_2ZN}E
zYJBP}!z6$o0{iWuY5kt;2u$JyuE(1a0{?S>Krh};Jb#Dk(8_0iV&yZZW8`C;{;d_G
zqAT+cfZ?y%@!^Qg!w!Ta=Hg}i*pHVH-~&g_)kE}J%h~9N1?8u0ImhL3{1*GK5v7Nd
zIJ^Eh{)g~%^^W2GNqo;yoCCh|CfRc^PT&IuY0XuhD4|iw`%-|h4#vX>JUxar2*auH
z3Aej8(tjTP=`yeh{0OjeE0pGP35E1`qqj0Nc48(0`2#fnq-GxYTdplLQNWA1KiKd;
z0cqj?h82I@_nyEt@n-^O;?L5O_;MQPTSLLy5OY{F)sg9Vj9z<$)BD(KjUm$DPX+St
zp@dgw>^P8~uC?vo1N#gOU*}rxgLjU&zeyl;wtsg#Hfr1bS+rey6>fKWNc(-Kv%4FH
zX<ZhI_(0=WI37DI?VU3p#3rSFd7c^%{+h6plOugNp=p-m5gdhn%hjYD&&qKcNB!gd
zt5UWY-mmaJlVg`0_sVfxj>qJ93di8NGg5X@j#uQ^1g{R*?a6ViczCe=Zn>t{@n^9k
za(|qVdu)mKC#CGH9H;Fa>6er=lP!{Z3H*Y#M6Sty%?<eOjIKAI`aWbX?mX))@$H^=
zb#+Jxc-W~zkU=E1=njm0)VESbwB+P|7%>+6V5U60GM^dE6;{fo8NV6qeuXbDEv(c=
z3UTub!5GBU#@zp%$kESQzJF^FpBfH3;C}=#+4heOYG`Hz!Axw;j3kB+Yfd2;t1>dR
z2Pp$KQ&L|mx(W*aE5OsUz^Q1w%15y0`@-=mv2ohxhpZ(0`uzUy5c3of_8^QkLQBJ<
z7C*K#X1&C=*B!t8g!MT{No)jRI0uad9~`QiT+ds}t_UZgHfxM~BzA5xKD1B^B7dV@
z!AQXZPVQ(dhom_VIExP;!=vLW97m1y;T?!Ot++#*+h58!kpf|>3Ml@vB<`A)x1yZ7
zkaLy}P~LlIFph(1{TMW%V?_B%bC&(+Fi#?iSR8laQA4nhnh}vzDP*$w1k^T@xJc8X
z!WbnkF54C9-f7s*iu?!XDbuO#^M8~6<QGKS@3rlBOZywNeFgCic!T0AzvBvI?Zl_A
zo2N4>YfF2akqW^!W@d=Pb<Nr+imXvX^GakWVNdb>PyA`~6cc(SVOCfP=$?}`=vMOt
zRFlPg0lV+Vn6@74(f_OSIG7*Ncpu^U!FY8^b3rhk{Pt7VH17qdv(9*_Wq;>7F@k&y
zW*CkaL^j0!Ni^@W`KaY?K7Q!)O&@~4rjAhk%)f%&kY+Ve*@kC61a<sXjJ`8<c%R6>
zA;S{=AI`)hnWuc|^<cRe#PMswv()<kpk4P}fgHUF_6IgDKWV+BM3Y&rgpbrdwBGAJ
z9^_wg{{)st@>*<hxO4TJNPnza#_yTv=l5*>Vsv4K?^=uYRUbfoHb@s;J1G~<tAFRn
z;jrVXh!w*j7a>Lf?+s5@j(epz*>{m1NW@^3QgUmmxsR}IwETwKcdGxHqaRum3=;wB
z2#B9BNh~<5;q+|zg}!Kh6ps6^1)qN<_{^)Y9~kWc5IYv$^$@}^P=7b>NA>g{S^nW8
z(bKn@k7WIM2YWOAX<naqpv8+L%L2z^p4sEt^W_>M<mE_8)(?sApxH0QBDJOP-J$-z
zJ&39yS&c%;fez$k?m!mLoiWgC6zLtt$Y?>HB>8rd7&*<i^Bd`>`tkin`uK_PIrEsi
zMZYg3fQj@7?U7GwHGlftG@e7OJ%Pg>^Af)7W6ar)?Y=p<^Pl9YMzQR!e4kG$oM`8L
zG_CEbZKbw14{!Y(Yd#{hTlzK+xo>C>AIvd)GPE9<VdVW0`2N=*pN2~5L(`Fpfk6Be
z=d=uz=)A*u9p?tM<eooPa$j@hM4z_FN#Z&s$Q+;*8qu>FNq-1_E4?jGUjlfZfPPK+
z&)*7se+!sK<DIjd{3GuK{NrWFYPNp~{Np@uEE_3c0@EEhAIR$N2hf(BHUVh~g0sL3
zUtO5FAH4{?kH+1;?DKA1$AXC5t;pxVwd^1L{Q&%c%lJH)V*)Gw5jEXRWu}{p&<$>a
z?h~1?wtDNkHh->va_g2|J-fW8xAb&*JzX2U7I+J{c-uDibZqG8>F_#wdUkH<{8rCK
zsEsyyTefxY*x9pj1J@f&P+51bK1+PODEV^8NB*UcSL=Oi;i`F*D&t0J+8VU~sV{H(
zROaKqy*x+fzr*qE{<Fz*)Q<jm$b3W@&cAk^Bjy=$^MCrMm<PnK6T9_1fiv-HWstAO
zkA*5ivua6uguc_S;xZ@!b7=ARbi;eG3yA*Ynb#n(dfobGQ!jl%;=ul)VUF<0^|CUt
zAB$~2nsIjPVAzhJ5jnj^GWXeajPK~FpGUbBTA+P^vj@1>Kuw{NBbfa{n&)!JKy)vJ
zQshOSMt^Mqf~~md`CSfJ@qhj{<zXMh#&Is!!y*e<MZbs&LYOKtO@5GkKia39s2OL<
zq2i_siBeV~Aod~aT33Kdpv1$5$!|~>`5S%t#(Dhm%oQs;{3n4I`S5!n7nK})!M7rF
z2m;!Ujxk-IJRjuMbH2;E9#Wn~YoLDyl}ni4$A5TDUx4s6eF4JPyTjMOgJ(;wp9@{H
ze-CK929=G3*3*Q|5BQ*D5tMGqZk(}cTrY2U|L}dK{e#8Bexy#@&jkn@%JKmgJuG8D
z=qGTe>0%N2{RA8$aKv>4j<}u?j_B8HaJ<dXP96$s`jJ>ed1oho!{Algj}my%5522b
z@qf7;XX5kih+L4}zu%?9(F~i4UcleW7XQla`Hg*ktuKEYLux%6xQDrcm;krf#|)U5
z;cyhE2a@Qk$k$WshWW9$eK}us&io-Z`LymsO7j<=Mh!&OlH+ALBD6nB7?)G+E&nKb
zsB4o023eM`OAd%nEBMj_&f};Y@Lx(^S5YoU(>x<lDVoa5xJghMTHO56^3P)b{ZvTK
z#7Z|v&UEElgv%eH+4wwm65}~7*QI)<Xud5-gZylr7G(l19L{P~`pg!uVjS<Go?sMb
z;`2I}U9kl$f0l!*lB<&swa9yVA&bp;oj~gCYHSqV6%S_j!@XccQYkQC`Opwn3yt4|
zP1tZ6o9f~8bGiJ=;Vj7LN{A`2r?9;Pf%+VKqScrkDd0H&C@;T)-#n+<i2Yr1+$+a%
zIUbYaDI7Tt^^K~n;x6={%oFU*v8cn_wo&hEi~_gsf186+md|PYfjtLy<Tr~pn35OW
z-_2>H?6e6_=sr=e=gKv;WO_YM-qVDB?3N5pbL}r$#?AA8ll$U(n;L1yKVN#m>$!4G
zp9{S|Pp%jE*Yg|U)7=Q~PJ3*&*AjEGk^5*U#zY>}yG!>Kc2qsWhB~U2kgw(dWZ8@+
zPtk-#f0*!eq@&gm$`3T5J<cNp{g7SBjcRvtr{eJ`oQa1Ud_1P`(s>Hoh-ggCA<72P
zi#xQo#Mgd;;Htv!_~J8y7sQ|56@>4is`#-;#%)n!6h9VQ{8()9V{v13{8$Y9&{0?X
z2(Dw|S%<6{ehu{mA^*M5j@PNbR6QWC$$w4Yf12<<R#JWh*PQp`I1^sqDDzjb*$F~C
zOKARctd->8+2ac*02MpW@awZ!6QZ{3dNfbgw_t9v9MT3*RF@fc32^Uw;HF;+antVJ
zodP$?wZ0-g(ulYv_`U@2UkE55I+6WFNFcrtu8d#KU-aT&F37)v8wiqV1!)dLAH!CN
zf75rFBvTMs$(^NfuAcDMOQha64E36@D=N*>=|cIW52TaBg>r?MwBfjL;!$~jZ<4%<
z*Vf;ZfeqDQ7PL=uHsb5Z3d={>(eXBSIKs$EoRRtsPx#MTtHv+*EgV<kSz-t0^+Pkl
zJ3yXL_hcWzaR4^h2mr+2i`%u`^Egwde@=UHHAbZ_1O~9;K;`gD7K!jEC*0WHY?e`4
zLdFRy*Z>aoW|{1b2C?(H2XAK<Pqi-5`O}N{a{tnev+{e$=g0UVVhBr<ZbqE9bRy;n
z-k&oqjUMWgUW}szahT+IN{(mb$h-zvmE_nYQJl2Chu_dwONr=*@hgb)KtIVBf5lch
zZdw~vue-F7^J7HjS(#7N@cv;KbBaF{rAmdQ2l23`g6&6gIff_{mI3zN#CxE%b#ix*
zEohd$1h<~)6@?7*Ucy{V_*&%l#k>vsj0X1Banpu*-6nL<i>#n+=<iy_5!g6{Si2+K
zcoYzK4^Z?>sqbjGy(HR8R%kCde?xn1je(U?(*GU!&vlz!n&6z0#6INi^k}so@+%Wj
z9PQE=pJODwA36Qtq80#Dcp;b)7K)?H^b5>{cCr+cxZiHxYS%xURX?wm=IJ6{YF0PK
zO-jabnc8vXi-;P9)SI}=s5Lh0E~9P)Q7!?ml>bfS1l~gow}UZyGcyL|e?!pXsE;k@
z+n5+<&~<=`fBWfk?cza}A<eeU(fF6#$36plx!fosL5#tlgAMxetUy*I>W0{JGLL8E
zu9~U?uheTmZX%q9+v!NR*#0`>c^xpuW9lB@1T_JNBx5niY!FaUqUT6*Q2z3R`H5^M
zi2LoLo<yx;g>S>yjE2^kf4E7=dYy>CQT+^=FFRs;F1FD~e9!F{t<Xzjhr0Bw7?%Wa
zH6{3e!8|N@djYuHYSuKyz*{|U_Y?FN4eLR;4|+ZpmOC%Ed;@)mmZKfYhhBsXWE|G?
z<kDW0mPG%(g?P0PY!zaO5J@FqNfC;lzRbQfheac8`}VTjN^><le;kTV1zw$B4HJL$
zRdJFsOW)Xjp!akVA}H%!&UJZ8mH+Dp^NCd{isI$hL;NMTnPPiAVlM%wnP>c9-;O6~
z@y=HuUN>l(`kOAb{L95ImXp?Ld8;iyBjx4(&8JXKe7e>7=Y$;HTg|f#<U8msgB;=&
zX_xbVxruh#viZJGfB2}2n>D`0d7MvzzMsXpTyFODh};a^CL<SfB&xcVVD+dfLF4+j
z7w_Tv(~I-}!C$w$w-vagenRcePpCpfGUk-FeF#Jc;nh(*iMSRnwe0~ypdB{CydX>=
zA~{q<fYmbM2h9Z}8O4qJn_K+fQ}8rMh?$L;v{}(TafCAmM|89Rvv0_7tgpC6$qe@i
z8$3VDxU`KgG)Iw%+`SE6Vwl1F`k=RUNGHMh@G8bv;dJUWe<ANA;1!Ms`~M?62#3Tb
zJBe$jml3!HN|!*m1sj(@xCI-RK)3}Ne?MCYFwPJ=r{}uQ{?2raAzmh88=H*xROcR~
zw8D?ayp~;qnfA=ss+L>k&b{0jOBd?LQvWWMN}XAqTDv;6!g#T!`RmQX`XzO(snnW>
z>;L^NFKiyl^`(dItNZybgnX-eZBx2wsF0c0zaEjOni&i1j(fWiU#mZ}Zzyf%e{AW$
z&HNXHq5Z#Poe5M^ci#8!nmr_JvWV~}APE{s0Cz<a0w@(F3ffk!A<GR!!@VIl0nxVH
zuqZB7s<t}a0Bvh`v9+!3)8`@J)?KXaw0%0QxOJIlW{R~lb)IR>`@7hA&wI{$a=u3n
za!v^M{?`9J-;cVya&th&@k~-ie?3@@VWRP*NYjwC61n@z!{98`tnzK4D#+s6K*%TK
zScIAUKDRG5q*hR}&Ru4;BF`=u1S6{Gszr7nUey6r7FEf@th+M<fFl*y@3g6U8CT^K
zT55bQgz11a(aZs)99jK7ur1QzdlIZVWGHW6gMoEbzy`LonCJt@qZ+P{e{D1(Qps--
z(tg7gb;5PIGE&s}1D3i=EqL0%n~4cVgorB9AMmoa@}5*8pC;4_wL)*hz$!Q71UMu<
zLi|oV5WwS>2{}DjbFNx3Dn;%}iGv-C?sov(BI=t{FKq$~G>f#TR*I#EzGWzlJ!vNT
zqpB<ELzNAq&!>if_!v!VfBvt)$7xHl64Iq{$y3oM>RW(xIGBE3A5p4PZF%uldL}CF
zQTctWfpNHmk2hg;tuC!CSmPC%Rx$2|Nf$A!5r4&ZGQ>1nSkh-<itr6N(U(cW=Wz&%
zaC00xNL0m--`faKknKyzbCfItyyV=4bVmX4J$)^`OWh}}RtojLe+)Mx)iz1rrNFf<
zGt@|Buj`e3Pk9)AvpeV`+RxEDq)jv*Vp@gnP;b_d^anaL;S7cO=e7SMT}odq{y4OQ
z-U(kho1=AkC2eY{jBc=O+OBy|(o2PeARsTnV@pbRy(f{;leF-o)WW|?^67B(l0QqH
zqj+Y_?P%tjY8u~#f42>|IX<MMjZ&Y&ebVV?cF`Y6pQn9j_@fVLzCiXp-Q@g>_HWV~
zJCs4U7kgWp_oCE5KL<$krzt>w^M987>-`smC498Cs^!@iD3aQ-cvcEEP-Righ)1fr
zCadrr60NUHQl2}G?@M#6ySTxjC$7>(#5^-y5A+k09|N*ve;CXJ(U1tpP2gxrXdD+<
z&d)WrJKn&*yQa*mDI+*GlAu*-C9#sbk|i6c^JJ7nDq6Oe%zB#MOV&$Mr^YV{`21(g
z+a2aiu+4iiMMG$g#6LbWA!NTFkhSP6k3V`w4tNnWE+lWY92|?&-NeTC+cej4=5}k5
zQnmIB{?d{)f5|`Nm+rk?@+YaK_d9yd^lPLep)TRlDcQ3Rd`g_3a*&?8T+^kL?p^K6
za>ypJ$N#&zkuLK3OJz?H-mU|LW@PGkdMNp!#CC>f*KnI9&57Qz7s64Q|5c}9b<yng
zarY9TXi=7Szd4*UXPR`F2mwUK&9T5SYIg2*KK-e_e@`aN1=qO`a&I|<jR$kbaBpq|
zf8?<kuEwUERlSXmb%qbVAy*J(*w$IH4zfu7T#15cZk*4NPRD1IgDii>;hz9E$<SUh
zdhb>0ezF6TwLFw(i<g;kH)Ylo#csTJJ#7R(wdrB}Ui>p(04J9c|0x0Pb2#X}&E!#o
z#G~Yge?&{1+q#l?F!&<*5IvfELfS(vA_C(<uGQy>E?r8y$s4<gP<!CY{%h10@+HFY
z)7!sLkCJ}E(i<3hpY2FE=%Jq_3+O+ygPO0%f=pC|Cndc~+6!t!O_%K-w>pD9{EPW7
zwq}$U2Qm;s`uIPFhT6ercH)bhtHNXb7GSV?e>unDRNn;aVK!S7t!2O9eX`itar>d!
z#6Jq>5|`hwJef==>*gN$3z8`+e9h=;Iq5pb8}eH&=6r5f-~mNFhnhIQrwa9{I|)F>
zU6-2DN+fE9mAcsi{O7XO_1h^GvE<$YLfFX#uZ0{(4z+|WFQLYUZ-jD=1D|=8r|>Ja
ze~$LdH!--0AidRvFwrep4R44w10@-F$PS9-<R>A2E$6fV4)$S?BsOE<gUN~XVE6*y
zG+-=?i7vUK^BZ=@fbOn3taim6lV~D@v1kTb#WYh~D;9)2#30NCbzl<@2CeR<V38Tn
z%()(f%S-a<838}#bYn9;9C+d*rX|dUe=t>>PYdRmJT?fBE0Rng3+_0ImOF8s$T`N>
z1SJe*AxiRC7azc}wN;Ss0i6Nwd&k|>7;=zL;SvXax1n6yzQ*atHUI*5je`hCcINNs
zLO`q7Pc~8>wIU+-v675uOR+Y>YFI^98l-XHpL@sSu;DkTli-7gfg>Fz^3=d}e;AX1
zq#zkc4pM-WAQeariUVmtT2MSF0h9<z0wsf{fKouIpfpfAXeuZJG!2vq$^s!!Hb@7`
z0p)_GgYrOnkO7nrngN;#GJ*;~g&-5i3@QQ@gGxZNK(j$}KyyL!K=VNhKnp>OK&7DD
z@R`ftUkk_zDhJs>HK0mR6=(@)e<`RMbQfqDXfbFxXa%SiWCyJTtpe47>OrePYe08{
z?g8BkS_@hSS`WGpv;pJ*HGrHT7sw6rfEbV$)Cg(<`9K>%n?Qb0Gl&IoAh<2C7Ellr
z0*Ti$4F9%*+CZB@?Vv57t)Tls4}cy7b$|p=z7gqk7||&y;kqOMY$+r%e^FOQcPqrV
z@aV#a=9bK&W|z#b$`^VfQ}xwe{A-^U%r}vR*<?gSaI|UC@6bQbx5bGsJ2YoUs*Z`W
z1!3N#8=X~AWU1uc&H!Us$7(}CsQR11e-{H_dr)+Og)k8f6?J9Xbf*>P5}+kxh`3w8
zE~8Y6+NkQZ>3bEmUUx%fe?(PIzl>+{v1R%?#=U|Qp6|?y4xmu<zrxWVV7S)nExRpb
zk{%#6`tA~ID~I_!cU)b|QS<}9hc^oEGyis)42fi9-VZs$O4+M1G3$pA*2V=liPnyz
z{!{IuX)T#(^*O5_)#*?@CVlVu()*E)c&noB(>E<^w%4dXR8$Hje?6zwiU!}+*~bR0
zc_u+6*m$DLcqLTP=!<Lym)a|7!G=kr)yvs#N*$-z=HD~#P57JfjM*7<H|ZAZn~kWZ
zHej_kfL-osxmPQ40j(5dG0M*fdrC!w!9mNc?+?1xRS|R>!>onE+YbCTp5Nocc2YIM
zjz*S`9MCkRMGqa#e?0tHGjIp?g(8nR{R5A9+VRX^gN(PhCc#?lCPy@P)s3tabnAgR
z^<L&il-RvGdsemgh(f=Do6;7wRi-${D>%0sg~5@U&3=aS#zqnw{auo8wBHw^w&sM>
z+S7U~sss-7$bHdOi;+-<J(;6=dC`M4n*$AC9n7Pgl<~8Ge?4$-^7|SVc!L<%49ICW
z<Hx~H9Enuef^#`1(EFpu0b)09%Bv~1G17W&^v!20t69PA4||xpP`Q5*fEOySw10nB
zE^Xr`L@U^6!obqqG&mF2vhe;vNXBRh2W7$?LK_`m@@YeQG_VGWlXLtoo+Q+lzY7k`
z7Ub1zh`GO!f1&8h#9+F9{dctcf-}wG^E8r1VSYnSx5F)@ik+W{?1irHAPMcISuzeV
zL!Ud^*YjJC>VvP?)wpMDTF_TKZ<vbmjA$)AvAiMffA)7VBp*l#r}hjKB;XG^VpN}P
zH5uRJkPNKyN!S~e8zhr$oYn!BvB%;!IU0%Zv7}87e-V!J4@cKs{Sx;)^e>f@yg`r$
zvX@T<`~>uOqn@xz?Ct)E4f!kli~<K#+ElzL&UpjhOy_1ffY#CRe){Z`y*N4LH^PEm
zA=-Z%^K$F)qte9f4aw->+ywj=+y~t*7z^JHW1F;T*9rzS$;xB+MU=Ie)YE2Tx9M97
zU@YG{e=ZjE<9<i6?B=v25<f-hQ8f#mwvWHGD_vds>cOEtq<{aB-$r_!mSg;)t5nX=
zc!GJk0P_+P;te{ymv`_Nz<Jyj-O|S!ijAjU<sJKzqj$hI9$N|Ze8Y)SWTHaTsS*=)
zQBOTwQ3``gkz1Zn@e$Us757+57{};|_wm7Ee?o+0B5Y=NT-&T^cKk*ne}Q}<UceV*
zpmj;zx+$+^lp=HNHTw0cr!!h{Mdp{p@u~m7Vl$_0#789)8CCcx``;zwDSy-TJhW=n
z{%odvrJy~5Tl6s1Z~=QD2%*?G_6!!ZB#!Oo|2gpz+Zdl2-86P^;+26XB%z57yt;xz
ze|I-s>|=_iphYV&NBkN4w#yBi2yW&xqtuqd8>=$&(c<gz&W?e{8i@Ze<M2u99=n#F
zoM!w~p}9c3h`*c>Pv}<%JVkx8QFVp=gn2F#<Z`_ucvR9aZy!tBCr25J7OOoocV<)i
z70m6nfv?OPG4DmK6EDKXQf}Uy+KtUbe?RMCsG9a8{`YMQO5Y+YwXeS@StVOKE%p_@
zDXxj=k9!v%P1!|7l(FT?e_@N`rjsc%*2kS!Ws|?^>sr<ci6t{G|MfY!L*B7crk8w)
zWy<ph2PMB@`dffP{CR1c<ZRD)ZSk_~aY*<+PjZs_vlEm8QILcoW--U_hS*p;f23g>
zSlkM{2qQEix*q;-l30{~MXmZ2VkI#kGbgvsgMd-`G3^w92aQ3{FiI0oCMA~yL~CoM
z8IMmc@IV6w6A}!y862xjm#H3^22m7%FbeH{vPbbqdLtGDb6YV=wyWPJRR>NshJ7B)
z9<8wfSjEu$X++u8GfQ)EGCU$vf7QLIJV`&I7lTBqQCHHd)lgjg%(=1j9{P`J2$zJo
zv-JGcaZS#>Q%_N=RWRo_2ON{EjJU>KTL{Ug_lZ96K<f(e%T$&0Bk6n~1cTa#s#8?0
zN-wi<Z1iD~l9|Myhz^}LK(B}aeM6)rfNQ?kTME~?=K6qh)Z`PCT)C><e*(~9mP3S+
zHzR|OEvLIlzDWjQ(%Vz*MK$x_CbD&mX1dk+NLY-_;1TW_C6{+f9hmY0!E#54`dd(J
z&UHF>3d%TTG_UkoIjWV6NE#&qT^~FhW?ocO`gtR<M{=Ob$x@Y;v}&(juKp{o7m~*d
zVAs$lg9<vX7e_W&5HvC@e~k2pHzSVijccHf=HYDq-%+x8Gz}d|i4YCM8R-JYW!&(6
z;m7KS)Tr$c7^>^$j=x~yM_<HDV(x(Z_gns4>Wp}w=Wkk9_p@4=&tn*nL*g`!iySA%
z5ye@2P-zqJ=aWR^YYXkvdeCytl2grkF=*a_86NaUee5PMfG3lpf2T3%R@o5DxKHtM
z(`64uBxmj`TzW<(@OOy8#0p$fuD7!8CN9_ueZ{zj<wCR?LBs88AJterm<R02MI&f}
z!xBU7qD}iPm^lDq$3zoQ<`qg?7j`)-=n%(gmKX+?oHleM13b4dhRHo~$qwnNE4ed%
zIDl{^K0OUmO%4>mf7lN{o|K%6-<1AO&xkx)7n>GqlK+YRZC2*oE_1&m9<Qyvd3)Yb
zeSJ`vUbMDf->?61Fr^67PWwU~%B3#pFX>~+R0~$3`iz{KSVm7Na3sc}R4nxpJ)xow
zeocR#@?^r2i9ZPPl@QcLjl{-pcw)B;8ruu1t=8$|DFQ4kf5bsym`KbfPY?)=5HJ^X
zy2dt(a{+_p@6ip-8XX+Qk#0d2Nz5EuFiDAU+!;JvnB%T5>S|X|jn}FCA^K&>uSQ)=
zep8;J%9cme=M`lS<5!o*6em<Mg@tr;!!gA#id4Eld0ufk$#^^=W>T7z*~-ZC!^y+R
zpQH{e&cBsBe@N9TE+!yE)g~IgI`neNa-_=bQ0b1Pgmq=9^p7g>^@?tRVkU}xsXLmo
zR&76hNp;<PNp(pTTVv{@94hg(K~*fjq>ObX{kL+~M_H;Y)##!NIkD8(-%~&Rzd!MY
zyk8aTR~_EVsl?aXOgwJofmoTUOjV+~@|SFKfQ;!Le^&gKp5hzZZ#`Djd){QGY8PFt
zUDQD6e4a8znPQ&e7t3S)N&QKV+i(52Ppd8|Ejvy$I4{4(z40oYkXj0exUttT=r%-1
ztC7%Qc5yUwxW>f4INpZ{3_poYj$w?WMJxWjaSzmGA`riR0TNj|sjv<tL!=mXk1|Rf
zUbqqee_JUcRB1~d^g1!Wx&v(Wld8SaNTo^xA&!Z4LQJ99CXv1ibsY0RwGcxck0kLx
zhk|rB>Q-xk%)*k66Rr_#_9UV=@#%;nU<2l>YN6DvSm(Y4S?%$4+qH|=M-p@eSI=hD
z7eIEiJOba7WtFWTNzfHa^Hvu^mg{(`@LgG~e~?JbF`b)MZ)$qV`PI(r<nWYVyPKS4
zQ}hCRO&u;^TF1Fi`!DWbN5cIH{Au~z#Fw6=yEI3%(f%LE&=j#h`Kf9A876pXisKdQ
zD>?<)F(voJoxxHFIVLGWqgaDOB-?lIcp-5nf&P(J&5C^*#{BNl|0~3+Nt!u$a(CZV
ze=2MCzxqG4jJi+9^=I~H3N>fsd-CVZ)1JzO`P+$Iy8fpuUZBE!e^!5%ko8+c&Xi@9
zWuYuOadv5k2A8#j?(D&CH+HCxZSC)Rd%DwjojRr-gCIZ-9Q7OjU~KzbeqMbeAN6&-
ztD1OdQ*5tFeC<&UQa>tcRmA>St*Tm8e<#<dNYy9uylq1S{cFwx-|v}hiC|#^@CT@E
z@$ZUJ$uETVKo{7L=}}c+8s8*$5j=|aie$<+U&Bq(>cRV7I{bIa7C1tW#kmKHp;PoR
zU)R#CUH&Q!oSpNTc0A=AIh=evdEMzaD3tUNReVG`*-F>}@q$+3VlUAkGD1Q>e?30<
zWF2;=d1`f9VE=HZe-aACLdzQvX*8m4{Is-Po8%AQYG(8I>2f54sY5Gp$*skxxYIt|
zf0WQ9kx8dgh&Lo6wrxOVQv4J$DR@VL!X&-+4z9etwJ1rNGfbQ$eoVcvU_{=(H?_8~
zws3wUnceQVK>hOd-F8Wq0{v(5e+5;0VN2@m(kq#d7Gx7&#OIh*IA^|%yyj<!e)Cvb
z#ms|>k@y;f`pwWtpabT+{nn~W)aR70EX7H;J>m44Qie^#rZzNe`js{8oxXRvrN}Pj
zOczvTcs*yzKi@H(pWZPIp_o(RM0V|7`Cj=h`Cf_4*nht86Xmg77oIf*f9YD}!yWkf
z!t;gi7SeGYg(#-&KQE8UI|?tSbQE&I$X!_-g+q>x!nVQ{`TZvZae{!$M>N3YyA#rw
z7}8>xHz0JM5f<IjdUb_DTzeoJ)+;Xi#o3NS0>q_wVaYjC<x^NUE=-31IK+RL!<w)m
zg3XRMFF@;b<dPt#Xu}>Ye<oGpg&b%SFC?D42&XZ}<b_0545D9*`2X*6;_Cc=UrwwT
zCRQqyXcPM;EDV=ZObB^q(t&TR_I4I7M$uvs)Wml6N_PLMGj=b-lXtZ|v?rn^XHAF~
z7jqS@*uE_8xswQO#h;8{*q4m3tBYnLbu?15f7njDIVu<wHctjAf8`8C@X08B+aR5v
zkL}o<`n3Lm-qn?OTPfj$J6&pV3vl2djyloic@P89Iu#{R)^HRT=u*S&?_)OuC?e~*
z?fHT^>m7bv?1=clJ7nDc^|9f14!uKW#@<=B?D)c5b^iuUe(;0D?TfDwu>5x4g4S+i
zSC;RY`#I^Etk`!-e={?@5j}JGaQ6Kx=MQg;^$xtg@#z$&d~D-*AGZ2}DP~URJDO(P
zTscHMk-Svlh?oZTFTdy{91-NnadR;;@;?5hK+<2f>Sx4+hA*%?BUi|Go9T$`J+@tX
z(-ez1#@CF$DQNm5ngG%SYP&YwTG&n|v^!di#};a~9M}q*f8pT;{RLTp^63_An6Th!
z+~mF1Ay(6W#)31^kEX=HfsDGiepAQy2l|(^9Q?GR-!vG|6rfmZbGJ06zx2eVC+0k5
zlmGDv?BDc_{*GcSqciy@g(DH^o*`qy(BAg1?oZd^{V5ZYj`Xser#sSxg&pa9`u+iT
zlQ202^P%$mf7=dM(;|FeFfeFZ$PHzwe#uhpSBxxS_QoH}yF!>$F_S7=wTdoP+3;Fb
zm#kK`7bzQ#;U}ggKzscWt;xoZ(1F)VUe!adC2L3SQ&AC5gPRG!xr=97onf;SKs!7)
zkS#Qcqz-0tgK_}ix-5zi?xDB7D=V5;q=8?0jOOr;f2840;yRK#l3J3?^xinHb*X7D
z8aI?BnUgB*?^b&?S5=y&TtR>mPhi@|(whSswfMT{WR-Q*TZR=d4g}^kBa_Et0^kW+
ziY;Bx+`NG2bsZh5_HXKx+bVk&m01>89*8-W_w`m$7e+2=?HZ08OAOkW`So0c3`uU1
zmAcKAe{W!yNqy@MMJFft1*h<VNn~%K2vdaq5iMGse+n0X7_*#jEax^OUACP7{8d}R
zH8+>e4r~p@=f6<~eR(-LEY+brlucJ8HXa?i>aq<!2qQt(e)_Y_7VN0}25gS&sIW^Y
z6!Aum_aexUpF`HNPTDM+5Vr^vaRVPwB@#O<fA?@KmJNdeiN9gHjJ-~Ihkkq{r1L5z
zh1t~47xm(TVVl$Pk87m3w%$fqUzJVnmiy+jRHM;H6DKhTfE=6Pn;4qhMzA57dNLcq
z_=O>{j>0NgD{i96dT1ChaZ$pD92<o@iOoh^a_c$#9z#C01>Frl7h*^OCJ!yFOBk}4
zf7u)`iyr|;<U}c=bh;_&)<D4T6Yj8;3b8(+&e_UX`6{fYK};eBT!xXM1}3<mR0kt!
zJnA*fD8!$H;g6JIz!<Ohh5XC|SZ*cp0QNEY2g%1+e6>Yf0yzB<1pCdx1*KL<o2?jg
zH>}2794FgUXpiiJbh~~+1efn{;g$4Of5HH#O2X!5=O$Qx^I?&}1s@HNM{p5gk<PRF
z$wm4A?12~$q4Hq!i#h6*YVXdO#0QH2#14x+VEfdkip|mf&X3`8k5682X_GMjp&DBR
zZBMI(c}-)k!r=PXhC_kys!&A8DLSXL3lD_GQBIK&ZL2PSV2Lc%=I1PVXH=D}f9Dpe
z_S&R9`fb~(Ol#>B?$idWfL210ZN*$LrihS7a^wLrsd6*y`RmMKms-)a0pILkQiH(-
zT~c8M?3o%SZ$<z|EjRC1)tp@x3}TDgnuNZr?p(Y}GSA8q`{2$akTt1da>{)pfa^x4
z+bpj~kNBzS(uzga#iMy}!cfO7f5GVY6Q!ipUX7>nxlK-?r_E>idbuy^4stx_#lFV0
zAER;!aWDNzEgQ)ei~;e^JSFW}d<y9;2&Pg#6#XkNC8<ubA_0zd9WIG8+Jt>M$?L-w
zm`s2(4Kl(cJkPmBII3-9Ts&NZLKb5}CP3YqmSXkw_F@~yH{ZkYtFBN_fAjj$F4t*4
zb4>-e^HG&^$?du;-7i<>lh1n(uiL)oJxM?u#m`BOqz|f>!;s6vabLb->181u4ub<0
z^gUsdkY$G!99kkyoKC#q5G++au=3N2ljz`FfMkyY#L3$}+Sa&GpkU7%u=qWB^neLr
zFtARdlqL|+*ami59_dPye@L%54o@pZji=RD;Ka)(tgU7TW*APD_sln9uprin6*Q}P
z{aI@K)nyX&s4h>ZB(@6*>*d7=QptAg2@7i25AA3;dH_!I+%FqDr|J@c-qYkqt|Nzv
zE$jZ0T4`$7e<XQOxlmh{r)9YdL>$o1vX6L1)E4|kwYrE8EzkR5e^-KfFylVwl+wYS
zN~0}F-{AKC<h!;LHJ_@sk<2oT5$qxriSb<Sd_b4LXK#s|tWu0v^4baow1Pu+COCe%
z502NXkJx-pj9Gx5JA`_s>QYc9$A03kUCOtO%L*xWNkYnWeBk`ZW5^|KbGAoCo>&m}
z=HnrXZB(tA1a#$we|U)|%x9;En*IYTu-?1Cb?kU<hjeDcgJ_aXrJZ7HI@5=hJdEiK
z^=GI`i4*gRXI1tM0aM#PrZ30Gy5yCx3c&sij-;BHfu2b~(RUZ~_Q_i4IkPZ{UVb<s
z8=ofjD)G|#V5+a#fESe!9!Kzdt}Wjs&;L2GudvQhWk^!vf9vmM`0@0agUGuQdRXUu
z`D4Y#R#yPeaNEX}yg}11*(dqou1$(UIE?x=%$VteWVWg<uc&y&vhGrJ8MDKTvt)7X
zE&BL|6FoneJ`apalbz=SvGaj!+4%t63O*b%F0Q*&77!B40xLT%%j<5mn*+w`=Ax%O
z4+e+oR<BB}e?f-6xt3A@J_cAn=N#K>w&;-m=qH2rxN#Es4wH^^i5t8VWMA#y0~ecH
zi>C0m9s6_9!kbtqYtZ!zIYd4#PreXvnDH2_J6uWIT{}J+%BEdmukpg1mWRn2j-B=R
z!}vJmILrrL2pRG@y7?0|S#)?9Z$_MJ<2^~u{+#R<f1IdwZG3`p=bk)HV?<rZUeeio
z9)6;kZ*=0vFrsg2VqOs$8hfU>!8+0IVAz(W?}qx;oW-xN)fxw7tC*pU=Jat5&dY#t
z=4Y+EtethYNW?SDK3Fsv1FX+6URkoftzinse!F^DYDB+1T<`d!+(5skB(@IfW>x&_
zgpHWZe-CYIuyqliPy04wX(_66R`Q1Dv-7tU+7=b}l_lm3rbjEnyPMhi*_Lu>T$>i#
zl4(sV9NyLlQKal!cA<eQA4KqM%#_gB_G~BLu)NXFZE-a;v<`lHeBW5@1mT89JjAmb
z1Rb@zY4VgGmV}0ywMJz1EUU9%YbvZ*A6D1Pf4IZgv+eolLiacvUp9s(_LOK^7XFAy
z4i(LjND2MKC!cLRDM`FQT~+YtpxoeLc6*)3HK?p)8|_~Qn}X7swI|}Ur9a2>m+d)l
zNaPutnyhN6TbS4znC7?4{BIny>zp6@x8%<6r#z19>JIAWoA^qKVV6={O2_bi^rF^t
ze_qjU$8|>&3-M0J8lp#5M08%gCDBi4tbv-fs1g0ea<V1M8d$#Ej&8h$N+z)2`ZnLh
z>tpW+S$5?I{vWU4cc+;tlf3=7IzGYQhz}-+;C375$L%xVs7hSn$5Q3WgWnLO?4N}B
z@zq~mAT;H3T2zr0uIl^W#D1snu12eBf1vtPSU8CJ9Xu535R$>=!862Vf$)3n$NUyJ
zd^73tr6;`tl=;c#e=RNv8djIXxav_DBq(3jAa3U^@O+6A4nh9c505N~bUdOb3=Ogf
zg@xS%Bw9F<^KjZW2nj6D<AW1xH{=3XmuUk&_a?kB96-7XDiaoI*c=alj-5aNf0RB7
z&+jx<_~0QRcL)P!;bf)9I1Va3v@#>I9C7G!;0=IPvj&9lWUGO(h0xGIQKr}`s@Wj6
z5s>Ffb#_>f!lVT}PL9LKZYLt9LHEL8Q&OSXh@=QO9QtJo$zmVWDdSNEG$XTSAOlI|
zON=}EcUUXgR`{(s)}UKmSGfwaf3K>os;;TjSw!-lZoQ;!{jP0iJ7?&mjSygh8`G^~
zyny^<CGJRF_g6>+waMVLe%te~IP^w?P>J+9EM;d~8a`EzqO&?Buxc>|4OND6oqlOX
zwHHHoT1x{S%@mn_waaV@rzO*GiEnkS48OzhkvhxnO4A4%Jg=vt^GeG#f0H8{zhsv6
z=^%q2wmf%6TYrTcxz}JeMxF0Jb2k5HBf_NS-X})lqcge^BxY?IF4M!4UmO;Moig-4
z@YESRIU;f~F)sr{7Bowk*Y9i;A)J?mw_VU7?J`(3Rq8xPw@h%=*etvLpE)zZAGJAn
zD+#AACt+)FmZH)|QXS{wf9JvSL8!N>t7UFZ@Qc%C;hKnqRL!^Q?mVONYqK-5p)ALi
zy-|^sh^9%kiO76BR|m7PZf~gga#~bUpRQxMG^sNp6-kJVGa8EPQ(+T!Y_64tEtql^
znIJdhI&{{?U<Sivd!0}SoGfQy{|{4V0@c)+{{OpVUr1O)M1(gNS0stD1yCu7Bm_`w
z3kVdoRg+6{foRB$Sy<e-A-L6Apl)raQ-j*pu5Q)N*v=S)*6yV`-8%!=+GV<kwKHv}
zo#yx4;QY`3c=Q}Go}=OBdA`s0`+45Cw{P18BLoBih-0dUmfr=pmfr@Jy?<)~uJfqQ
z_hDPtzP6AO6OsVUwFs6&Y*|;5^)QG;Pg{wT$gdC*2St{yY{hz6SBfpt#4*WqAcc?s
zQwC^h+@bA2+W~c^3=IWr3Y1b>YzhN(T84CJ%XCV?onc@)E%bbQ_WXNx?|*+wX$ZgU
zd;j}CcF&$Yd-lBc?501=(tlU^bBBI!?qq(lHFZ_tx|Naf{9y?Rmw^&~BUqM>N2`5P
zL?4bQ0}l0{IqDSvar_Lo-7^_=zD}LLOr5V)=U1!qdUd`*ov&Btn@9{d$NC<XRaNIT
zs*B)7T)sJSvVDOK!IR4niE&UcUbf|#S4=;#=S_E<{n+1Su6pA8=YLEVzf>w)-_K8<
z=SK(a^$Zfd;E3c43r<FGQ4s}b-`ps`a4etA<dxcZwJosXy&ki%Hr=h+f?Waav0t61
zNam==?m+gKQ#`Vruhpj4elnHG)YN1$0w_|o;2<Ac+)`tCtj<0bE+-a5yv*K@yj#3x
zSZ+%eDz#2gZrNSjQh#nypG|#bc3MHPvC&k7w-C1QIVnd5Pt~X_c@Sy2t5ztHMN+Hu
zR7@;Q*fbaFB6p<Qyw#>5vZ9-l<5DTb@M{RYAdRqA7a}2dggD$C`1$3oWdEXohA1c^
z?B2lPFT>+HlVX-)@fo_okhrQu>xFRn9{Z3C0)Kwwe-Gi;(SK7RN>wCOSbQ}Xdsu`D
zE)3!K{k|djRrLUeNDiF7a$9&!<aiY<Ut@_PJ{mcs*BG~|9o(DVn8Ma%G<VV=T#*)|
z;Fsbhv@s%GNs~|`f?3+^!NQ5h=wkLC;>jWV8-<ten|f~B?Psrke$CI%|6oeU=fvWh
z$NT>Ab9X%c+JEy8e*Dl|Id>|Rb5#|tE4lF`Iy)RyUeva2KV>Mx;6Y9`ecZ@DYP0Ey
zR3_J>GT?2MJDF*^<K2?_1dh9V2Ra}i`c>80dhkuMxlBWO%p?y--2ANC3|uDGb(wtX
z8SMNdCD^G7KMNMDOlCB-IhPBd)am{#lxbnGcbmn$i+{A%37Z?zk;i0TFv~d$w34Vq
z=e#s@h8D-o($nK+(Qtv5S7C`PmLVUfrx&Q_%d|*&C;g3*#5YO{1+l1Zr&(nD5G^|^
z(elzAv^?;*S^9dyEE2}T(sHzCQ#QK*q<UDjOM_~&YaTZDyqiEGK<=cEHxn?Fkd(kF
z6DU~O41Z9|rn-_@Y0JyHuwt3lNJBs^(DcY<U^1jk)n>gL7Ji}O{KP1o%^2`;9qaz^
z?aGPoU@jIKmpN+Uy7VBr)Djz>8dhDpjo+)ytbLRk4z$=kwek<p9jre*WmfY6p#mw?
ziGpptpxm{oKq$xhT&x$z%Hut>>Z`If+~x+0m48QL>Kda`P|r(49O1B%Sa~}V@)Q4$
zzF#oZu@b!OruJ(54-yV|?frN(SdI~9fmh0gYgWt33U8lYKywpzwR|;7-6oP>9$fq;
zdV^QjgDU6fyg*srEnf2YzKJMThA*w%i5ZY{1Z@+o#+@VxkJC6IEyut)Z3iey#bCv<
zLVt{+(uxM|PAYAbN-dK?#2onoeT@=~l{o-*(wcW(WEoCfkpa+Be@3KWbT!S7{`fM>
z52+S>Q`Sn6`7I~6&zh@XuQJ`resu7H#D}WbH#f?JDq$z7+<R|--JfL%=dgmHmCzmB
z88<x5U*;~&QRWw(b7%YnKHV8N6wkRchJORkxHE1Ao|7|~IB<>8hBtV6#x*%397V9m
z*;=|A_m@hMrf3D&TWy1Gwe6B`i={_xe^=EQt7($q`|?}9Ep0p+Uaxjv>Z$hpi*?=7
zQ3YHU-ZO%aYV}>|{)+{t;7{s%vFojdhZhU}YVg|Ykp;rePfGhw%S>)4cE1~tsekE{
z&wlG|)BoGMym0!}KYi}qN7LlYNtyrOx9GyoSA48bJ^tjVDm9zBbZs=Wqo*h<vUini
zx~e|Egql>nXw!y+a6N_8B_&l}5=EJwAm>ta>{sU$%Mcx8w2lt4EJsJN-kqOR=NHs@
zy%=xk(f#WDtU6y-=g+J2Eu!AyU4M0cR-G@a^ZL!IE$aNNI=`gO(=S(TQRipX`La5H
zUO#`0dv{cwKcmhssdI4f<*L0_8{6+Z16)#XrQfcpWlieRYaA3pQ;+c^U~b5@>r&5b
zSMct1=Vx2o`MF*0{E|9Px2t|u=a<xZy2Cxwqt4H&^JR5@q18QqLBUfG;eXm5J?i`!
zb$&^m*LSHtSLbKd`La5HUY*zPR`05F^ws66eRWkrUu{tmwcl5Dv3>P)Ot$lEYRliK
zzEbDs)Hz`6sajh;wS2OYGR~`UFO;!1b@`ZkvR=K_qt4TLhmNye$s~VOg(4T<X7#*4
zkxgB=*+Fqxoj>2G+d-U9y?^a<zKsd}a!$RqE_KQBVOO%EIXkt)-8(6gV$978qKC)a
zi?rXEdqtHSKfG;$j$ju_Hd3aeCFpWT$Vsm(mr|r*ymmbHYKxR3ra^BRWb7-ga#d_K
zCh9~k3M(SNgj^Eb!xIr(Vw-)!s2ZC{)VF}=(YS{q`$0KUNpPPNihtPh3`%V&*&nUp
ztLGWJVl~h1yZEym|9#&p>pt@@sgI@lzk5KQAL#n<-9OEJYR_+O{>8U{@~SnIGu|AT
zUfVmAG@h(iCV@Mm+mXK=>DvqZgL1f23U}keV-Fss2{=OkJDQ60#TJ?nIdr>@3*T@y
zhIg+a`5Ib6y`tJ>b$|Ye3aXN(TpgIeY%LjKffY@0&~pZZBlEMf3rF~ze2@e8^bPE5
z8n|a5>~oV{LE13ttaeI*VLj&=b#IFrX&0-up*iS2(XeiC-9dRAIEBAt@aI$vCW(JY
zVSLN>>4r-R1Yt!o+RRFMTgiSk@P9mgV{~O*(`|fW+wPbh+qTuQ*)cjfv2ELS(y?vZ
zb~^UW^L}I8Kehj@G4@(}SJj*~tClWkdG13pmN<zULU=?9A8QB6NTg5il_PvmX!eoo
zx_r?TwU27a5lgTVRiTGY*V7vCP5XnVO=bG?VQtISU$0`bBxR-ufC23H`70s-*$p<X
z<#HX*ZC?$0(R5w?GWyB*>HWd;nfVWO^JZE{9gMC$Ap?2^x$2@GQ!)o7yPOzfuQm5-
zk=B(@7h}#I0Iu+i+I5ZAm4x61`earVMLIZ~fkeu)ZA!6>;byT`DWj*}Jq@QfPxhF!
z=KRWMa^6ri9!h12X#z~mQ*{}YS-GX;$Df^O%QM(KTG6aE&@&{Fv&m@w39y~(Uev5j
zv7TQwkJ@FgR@2bbL-Y3v8aD3j+}I1y**@~wF7LsBhvmY7chpTE+6`7+sYZTK;`etr
zdrY>~R4#^;`r{Bnk_0+D1t-ut^H#KVy#3Ym`qa(ya1mv^odHY|7ISdEPJ;$|T-F)u
zKaX4^cGh3bmsm1f{^>8N=r-GHE*I(FHCeoNnsHxI1z-#=4|nmZMysP)+*ha6rQYJ6
zs4qcBpggp%2}76Nr^CLVSvY%0FBq%f*8JJUcJdH()_(A<^oVVS^WykWh+A>gBNrqn
zB6vfDG}rJBxdOsaW!OgaVDwS_Yc=n4chr#}yqSu<3C@gs)Ydi-+fsf8-N~#AV4~+O
zu&LYtoZOLXg|DUvW|V6UBSW$?|9Lq-&A9U?<XAeFs;6te$R!o-<C(MG3ZBH-!tfKj
z344vrx);~ELc90o(bLH{$1A}6Iah;I4tR9aT#oyVnhf-K4BarRciEEaHt*c1xXI1E
zm&Qsts1Bqj(sD862stE7v-L|U7VVzOiPb;$-{b=r0EL-x&s$21N||6Q55!Fc*mh$y
z)>qbKA30y{tgM><IW=jy@-Xz1StH#BM9yD>?z<W2gL;L;60{0pdb(5Uich(BOB7i%
z+#~kFDFe;l@}j!9oGyNye_F%(y#1UL#X*eI;2b4-RO?&6E4OvQ6ev|b!Axuj(e^C$
zSH2>x0r#9&wjtyN)6$Ro9^{5K^5GtO0;QmJCLN*cGWP6*X+vl%h`0^E1^F>L-{;cz
z7IKm{uj-?`-X&{Gi`eRer*50@BG7Q9SBA^Yk_MDjRw^kieeJ9+Eis;fh{ci}Te5IJ
z_Dh8+sL4~}C)4~XrN?$=$8M<}k*L{}ggSD?f<qbS+vG>f-YAuObnlzuH)OHw@sr+q
z)SlJEbIlnHm3Umxn*5priW$wGOv*G$wSmj3;hf(<FPBU1MT*K3OR;e}?<8MXNeH)R
z$`Q!-C3^AWt=s^rsfygCEX0WBkaPKJN-TTn8H5b-?+d-yx^vZ&S9kL~Q{CmSH}ba*
zr#8Y5vw$ZvV^UCt-c{a<ohp@bBF`YieVgKEKV1gnxI_WDlzpAwu~74%V*;K(5QfF~
zW9<s>`q8b|WbE;4m(4;k$n==-mxN<D-JF4;`WtVY^B;^G%<UbY0^KEn#LHMINUe|e
z9l2c~i<Xi6r2Bia15Ok)LP<5-D{`RwN0PahP%+JTr^`uYCT<|BC`eOTTQvn+H5TB`
zXllYFbeQ~q?C*Uh-Mf!E_0c2pwsh|Cry5;a%pv<0c<kqZ3S!SPxY^*jgI>DZ2(&=$
zM!Gbk?Q6NJGAWuvF8F_5dejOP%5)z~j-s-pJRelyTzlbvOT**r{PDR^(K_Z1NMLxp
zG78um%rN~p|LUT?XAo0vT+>uHD5F$c&@GVr1MznRavjQ~|BgKxFnVh^jptDE1IOMk
zYyDv6ogsxlkO|FXQ$dE`PjHM==W>7n;1;~bd&=Z@u^|~IVW%}rcQNJFs!=y-Dsl`S
zj&xuI$iWxCm6FKe4|V*w1UcYQZ+|k|Zi1dWk=86JmAT<bEe?L!G}~U4*e8>d@IC*d
z(j@+O9snbJl!%Qym5Rg#=dl{6)6K>rp^JfJ`pDDkVi=O>@~5w<y>!ad3U&Y}`4M{A
zO7+-R9TZWVfAMBPqn)Bd=)|U3DK>P^Z-up{Ra|*>G$J6Q54eQjlp1J4mwOuFMU+Jk
zr9-I;3Qep};mI~`6x|wfqMP0KFhFR7JJ3F1jJ+g2Bqg?uJ9Bbu6BQ4$^G!$20&|5d
zbJ!U8LP_-)QJK8=@(;{XM|A_<5VfPBmt`YzTNjk9%U!)FB{+49E)T(+$+vYycvc5w
zV;8inpQbCq4U`pAT@4xue95=r22c2LBWDG?zs|6~e{lQ48GtESFxUZXIn9`M&(%Zs
zg>nfWO*rLaFUimL^oU&3clbnu4K-j-*s)jCbH}?cHK4IvV>k^x=U9Lff1Kcd`ZpC|
zszmx_6$|7gg)!U{cfwhvvo$X3`CW3pT9QUeT_p71=Er><hdmiTfrUDTzKZ}k_0(Gd
zT|yDbPN{;@TNRM^T*6;kPbcgXF2Vj3DCmC$e>P-D582V}@ImK0cebowJ@&0dB-XB<
zOH9aYBw)rz9ztu*SYZMcwLK%3h*V9e<FN)oa#=C7vJB?c(Mq(K$aGE{?s;qraS(eX
zhb3#cec3JfZ9vX{8EpAY0}_+;8}=u|8mwUI2lHtUwbWom6dV~MK80UmX6IK1MPG@$
z)O|yoM5%{h^C@NpoPy2k4vn|&i8%T8<jf~iY4ALMCj)jL7fDq=<X1yGgvpVYa5M$Y
zsn8ad4rX202)09n7Rs^KC@o%-sg_Q)4u_K{=P#NR7WrJqk6Bv;ZUaVhfcH6{j#6f;
zNOs*vqgO|Vd^vxvkp#B+@1Gx1%Buk6z=Niw_r)kTy@vf!Fs@LnI|R=(b0R-nmY&qz
zSzbIp{YaHQ7eAZ>9l1Qad{ltNBa_7E_`OT0Ct<@Ld6bW4$xMb~G`2Obd3JtF^c>p-
z!2r)w?FW1&x)u7maApT6V!%s1i>}whvqJ-Oi@KHBsJLh2j#!Yi<lhOI_u~6sa@0j$
z@XX^Y=i$sz1POK}v{TwGCgPOZELK$CV_zqtd)6*6DxHvgCk;l{jpbJ;J}|Ye*tu)i
z=k|1n$)azshX};ulfzr)?43fb=8RI(s{ta0WKgd3O(H2FVG5LP8wF&*Q2wi*foqx%
zTABgGs3838`z+$p_i+6=zd^wXg8O*oGEm0HjC+g{>RUYh7DA-3gG~Kfl!k-lSGs5{
z#b1dR;(r7xj>J|-4ql6=#s52*B1_?~0T2ME*drK%I=<yH@8Sxk0M9gayuo6;cJVxn
zg2NaB*kF2@ehi!j`@*~0LE+ewM%or}6DsG8coI>1H6hPsZn2oSaA~s+C%gd};wE7M
z-^6CociaZf1h#v$C2WImFvF;fzu+RKI&{&4B72;KONs{iv={yWAK0$Qww}7+lWU0L
z1$vZ}tr`Ha0<DhA>`9t+&kr#jG?bbUX$Uo;p_%v7V(57y%F@2SXr0uwGJDDY1WW$u
zR2*7mH!#)Q(j-zA%+jS&h-l`4d<+nAD1Xs2cg_<a*g0HQrO4F+uz)&O_GW~&BNUzh
zT6_>&)Qna<n>}g{ai7YSz{jUl2<H3L0Vbte#e2aKR#7TR7~-*hUOv|uXGCZWQFfCR
zK?)%YH>@jR49q%KyBh*Zs0PNpGEYBMW0TPV1MmRB`QAU8bs^da%*$aqkjiu|5>OG*
z8zS2s?>s*|b6#_<4}e`?dFNfE{yT00?SJ~Ofq9nG>yOT6!#?+eHL&ZgNmjjdzTDzc
zv4-XtNEX@eb%(_6eA<DlH?25Obg6aViZ(SI+MzGD@D`!Lx}=PN{_A;^anF95Gej7;
zM=L{xonS>a=5^6%QZyU@OUPL0`BG&3mx^awx~3myz)9vgGf<Zru=@=q-_TY>!IY+L
z8)2mVkm26AHA7rq{iH5g0|piyYYY>5YOyt;;Ju6~oi{SnX3f~f#jo}{#aG0tShF(_
z<(puxVQYULO2P8|{JkOe<pm>wZ4((}iPW8Y3d7RkEG|2NDBk}wkF!B#ExN5SOSY`4
z<Ja$*(2@CBSD7-Fjq{7p!9ci)2s{PNq6ug3;46_FoK)6G#B`77LO~7Z1v96dhOP_)
zp@N%t9t|Pb8;1IAu6vmVWatbbk~oo0u!d**^~bs8`4qZ(06Az<ic&oQi=Rs&bGHJ{
ztX#op(G7)E-pH(BSS$$I*0?n6Jv|luwJgqV!f!8`cNDcz-?FQ*po@Lnr=zjEeo=$K
zBc97FrMMozgN%CB4MzGN+V7o(O7TGD8If{Z4?qKwCdswXg>|>FO|rOovobYHP&)5p
zOqevk`&q{f0U$(EK?+kqx%v^NVLdIVHJ>uIYR2QAdd5wn7sQcH1eA%olu`)weURQ3
z#<+E#0|grMl)f9_THq3c6ajiE3R#UB_yq%j*mbL~fls`xyvfs3D}Uu<yxCLxCMfT{
z`I3M~)zQe9SV_(0!#0#H8P>&%dpW`FMtbs$-pdmQh$2TFLtaCzox(T{HBC!>2vCX&
zii3UoCa;EsKU`tcd_b5G)8q{%LBahHkn;!PIZPWpO1aQ;p-e<1x}x~YVGwUDnDAV<
zu?kOUCt-eAa7Hue7@VG4vf)>mE<h0<)+Pd%di>a@u=OW1TL`(ON`>44O#L$5B@Aqr
z1a%kXS>yaE>WV4P3!W4?dy#jiG%n!CVMR6A!yA%~s)?SEy&^aSY}oL@|Fr4sN&m|!
z8dAjt(CW$DR)ey)<||QQu#8Nl%JpQ>$c|3MPW(k_O#3T4Mix1dupkOt<;=A!{-Osu
z1Mp0Z;SP+*YqllnEt$y3rlQn~y@-RU=2j~Yd<&^IVfVVXEpSK`M8GXVT^d1sTpRv6
zKIkqPfP*tjICdfsmRRM=rL%Dbp@NL{xo$sKG?-vXeB!ra(R>=E>$A`=>4wX_(xIIn
zzDpPftN&T;C@#uf1Bet+ez<e(NP~0yPK7d>cCsV>r3$We*YXhN6Vs5YXDHezkrf`f
z%sPmIYvS4L9d&%R6{|U{v!nA8Sz)ZXsI-&9(F7m^T32a<lV`et@K=E>l*;~qO8x^o
z*^$d#XhqF$<Si^9%r5ZtIkodNyVIhQe6xj8B!7GTvh#8f+Ru@Tp|1!*QcTo#5YZ+j
zydKbVlA@YYq1?ex6IS^1<Y{7$3ju=j%%9_k!aMi~yno=u0GNCw!G|3ZDh6u5Il*)Q
zI9+c6N<~zG#AE2xHSta)8<~F{DMd1unbL9Iw)&WB1+U7jV{ux^m3$zFgjk%(%@#gm
z`a3>Majg8D!IcfX8{(ua7C`jWtTkiegcOV86=YL$Qxk+quw0f>N)P!R6<cmV?>pst
zy689+*|a!NSf2djjNVq2JQk6tR1(|P>npMb_#^HJBSm9Ww8kzf5Q(oAwpaFO(uIaM
zsK1YFm5t?zps<;!3AO^-Nts`hd2D#QKU<VU<JNX@<K10Yzw#FVhcyu?0<)ejYzu=s
z(G|i|G%AEI4OD2@UB!s0sWIl9fpC7Al=EG00{*w=t+|r{czhsl*qq{L|JF0s#^}i!
zP+EcH0v2lL_p5F_5OPh*hp{ups~y2j(n#$Zyy7+3SS_ZEH`KK<XLYEhKyq1@d<{&w
z=V2sV9P>N}bvLt6rCx0AbUJ_8*DPLF*d=+pX|~17D^{FUhpi<pZ;LC|j%6;R%ZS+&
z%#zbTh0V)vF-Z$1$N=s`Sc2aCXzXALSf+~E2Mk8DAZ*LmL{|?W<Ka6rghZlnmLDu4
zK&fzI4xQ~Dq(h{_11POZp6;#8s4{qVI8h3+8EqFe1X{Gy9mNz|YzfMECSHcxGCFkD
zQecsoU=II%o14)(9XT+XfW@QNq$XcV7`;*V<d||QM43j@mJCLG{v~6P_S2LY$lAx}
z+pn`$Hjyok(vlTHGQ~RTvMF@^_S*(I1;?dd-E>cq=9wuZ5*Jd)uYfyK#2_@4-#QSV
zp8927`0Ix*4$~y4BO(RXQ**1xo<WcUDT9e@MY7NVFrt=pbq862#I(0G%F;90Abym4
z!9L+^A7)6d*^rj_0(wgc5da<vq^#7~aUNoUlHEy1=!o{wsE6gLy}Qn1X->;@^Wnp1
z+UXe2N6s_H>1U$PXL!DU<`TR-0iz2E>+lrkcV$%LP8txpAA(pS?bOSv(v`YwgDu_x
zn(hrBd$8$Qytq3>^?*kr;XOt)N9g-3ae}P`<!{RSkju{vsKH5n01#1u%!m8ZevCEb
zu^%894Tsx$%q`(r;S3%K(hIkb#+V;S8e_)g=(Yr*Iu^%$o5_(<0QD0pwydy|Y09Nd
z1krazm$3462~i_v>)Aje+CSyIv@9QBBvTb#7LlViLqgpo+4a$IOsf=JOn}62Ma&t#
zN`GjD-{?f<q)+#BYZ?PUe2-M>im;1N>K=3eTA9<<>1~aeKDJam6|F?-%9nmPIXWd+
z;2E{4OHWugsBFi!q}OG0o_@)-2nw2rYOFgATYz66NIMHF@DYV2!t~|ryUzxE^|qR+
zWdKQUpOrKfnOGnkejEn3M6x-%7?+uX#JNaNmf#h1$H-f)&sY;Uw_n}kud!WyQjBiC
z1`@_KUvza}C{`Z5IxH2GUm<+9hiSQqTPcsmPN`)vm89Le<Yidu+80m*5XarY$&2VT
z>me5G*WV(3HjLm0{9vaUZMIqFCnyqhXW!r03(C|eXyWvivabCU4R@`p(bH_WOZH9n
z)yuZq0E3S!Y$^m!2nFSm4j?<Y;%U0WNkc97g&G_;2a<HYCa;hXdaNMfo}kQ~W+EGD
zCQwxE@_d*X1=HspXfZdc<;VOv2&IKlS<_xJQ2$ahd-^b?K*MMOVQgMXujnGXK)O73
z2W?5lxUMxYAiy?L3eaJgdiwP`xW}RG^9<q5V*&B1PrwVbf7+SV^f@(*C-h1*@I1AM
zR@ozsqaQZxoh#)!r9a}PW6u1CLsrC7pKqZZ_<`IZrlZbu%t@g4EDP6k!^Fp9mQr%=
zGAGx|#)<TzW!uoLWyMuccSI#)@M8LquR;iEFJ}}qCh$O8bjvvs4^cRejNxQSm~;P<
ziW=M4sM87THfTA5Cif9vZ$wPEpEoz7^bt?Q2zBe|0KZEvN@Y!!8QGhal|L8a<+GkH
zd;Y^EBjorTY=0IVv0)>vXPvgNS&=zbTp-Ar?Yp0!#3ek6m}21_e}PhrzyMAO4Y`Zr
zN&FicqS4SjmMy&L8KnN$aLmUnZp1AjGIQH5n9vOv&c6G1G1F)HM97UwY0f7Qx~z2+
zMOjZzR3-aglKg^hb%}DawH|dNg}(FiL7aREq%Fw5EzzA{FrDR77;nzXbrlqEB<YUk
zoxHCil-tsNV2^828R=QHZRYsNdhE{h!C|28At;-5bEvx>dCaY&ZD9#`U*y5hX3NhJ
z<+nz_lZ93afN0~uO5j~hutp684lPLsdA180+sPbT_`(@M9Qw1WdaD*HSAyyWCh~Ao
z_)$4lit0p7@2f*+ejS$j1j0#`M%k9~;7Ztw?92#xDXi+ocT=LSRyOR<s{GVtkaGXN
zI2v(PUm=?MHWu(@O5wg#Rv~DtT^)CBz|MCcSnMx2kcElTZ+$^Wax(1`Km(bPlnxyo
zNu~Gdgp~_rx}xlF0YW)rg;ABb8Kwa!t%ZoG@KpgsOCM%AH60al&`GXu6%vU7?b3}c
zFEHBBA`PxoWFjbgYsCSqfc&1}1U1t6?bqYuw9VVeIRDLqpTfJ+C8N*3qj@0hvcM<s
zJc|Rf%^v&RVSj^X9f_#0b6_$qgdUt<X$9H@4*Y!xgB|voi5nnX?TXzWMYkcFKQ4v5
zz#g(|mc*`e07|>A24M(lB+mAIBSP0}seO#*9iR2+4NiCq^y>vX%ZNY8w&=84`Vrhf
z{hJg=uP{Xk31OY+ny`jKTnShzuhAKBD1Owk&s!PqI*<LAPnPw5rj_vmyLMPRWr|i9
zxJ&lXH2lXYGejM}842Q*)~csoWG$f8so>AQch*m*z$H7PpW{Q~R0mcM0Nal=aaUDm
zJQn84!oUm|Yk>yU$?-)yvaLA@ryXkHx3lO;^s555W1Z1;H>Hp5TBO&9?%GFS0CaO@
z{s-VRsH1!A9nxT{vwrRId<^lTflipkX|C8;lHt$si8FNvt53KqKI5c-DsIb!HcLoh
z@e!rjt7rf55A!2TOQh4eQ^>z$dE%yP?td<xN3c!llXYAxi!jYEg1yiZ?ha4H!p3pZ
zaWb^=83}ZA`4$f4l&miJOeBkeofYGbIz~Hkp8YUZ=^Mx~BP+LaD=;>Pyuv&eL9yvA
z?%-#&v!-iA-gGo_<<yKb#dqIjixN7&<H{q$M`C^Q`zYBd*@@^xtjX-f#;?EVv~}4(
zuztwEIVzO~jx|KGYS_15FPsdFY#c10+k(heX;X=%qLZ^OkR`wsoz{*5o$eZ2p5OcC
zMk3G5kd$8OsU6H*{hINLE?Z>kdGxENz>M*NKN(_%kfCi?_*l3IU12UOCpilL#!rGY
zRU8MgzZQquAu<pWWYWn+Nf6LA3bmV0Gp>G<)lbZZER|8N5TYTYrf+s<EBOJM7jY}h
zgac|qaH6phvuf0a>CIZelpmLFXL&}PvYry-6!L7iU}i1pEqvFP@2g}cVgxhz2o^1O
zCBDA1Sg2@m9xLh>B!qp3k5nl<{+6A5e>e@qx7#@NahdUY$Dv#0Lj&tQ<tIs|uR9x9
zi%4*xR$4qAUBxAJiWLjLGShi@Sz#a|<#(eTYVXM2%!c3BQFX(Cs{b;#*b2Eem^}>p
zkGf7dmGnI9oGZz9BzZ%3LA@gybxtPwW+phjtxA{A1K+q6)@#p_HJkUqsd6*c6elfD
z-8ut&<&!zERQxo;m*wr<iAd{1Z7I?A^w7Kq(j|sND^%fGvy9oBwK9#_ACptu*|8Gb
zUEP~`%czA@v&Q6r?KMB0Y<Ar>c~AUM=SeMXI3ItHBTF}BB>J*vtKXQ>Ro$l$rsLB-
zl<i)&axmw`7G=yLBXSw}p!6fN3wYDDkyj$)n>(A~`*Rauuw-p{k^B?y3M+JLU~O_a
zowHisFPamMBj<x~>azvYn%1>Z!qPd(Z-D`S2{QOh4XZl@t}W{<o>$$st;Y63uU3N2
zC4sL*T!U~Ss8HMV3kFAv+=t8>f>@|fG>V~j&L!l1UImAEt*t}x0KCF^Ue|fn+!|fb
z-(2sTG230?o#7vwkz8F6;hiyvELR%yfUY(u7wtO6w#Q4IlaGoDOns<VP3})usRa6&
zG%j8va5C24mDm0q>v^a*{#_bwKy@GKS_dg{feXh>Fk++FKtNF)q}A@$+yXv@G1M}^
zEd4ZoQzvO4pUX%`qC~oieiNZeuZo_Ye!<2w_d1$y6JhYXv)0Mn9LqLSz7!9C;mhyu
z?$%ZCXV<4+*H-h?lHR0k)#ZE6)#d5A-O1V6*(E;k#CC8!E5O#<*<(KV?Qtp@3l_Wt
zOL}1P2+rX7$$kwvuYKji!P?wf2I!@87v0rcZMKEd<&<0HBH`qOWDBED$Ifwm=5g@Q
zm^66q@<VCV?8)-Ribm1R%uPmT{Sgd^&U4yWQQ+cbI1hC-b!7ynM{~6%Ms%4qdB3``
zhOudFcUnw4+ubFH*RgeBXIt!5^{pnVbJF11+FZoxT*vLQeoZ<nka#XA=rr}p>y%Wp
zUlZKi(6f>FI4UTJ$hERR@1ei<bgPTVK8%^dEHCfu7g}A~^cPQ!G5WD}O@-Nlb+uWz
zq*iH!{y~%?Gz5XsBGeDS2Zb}lzYv8m1_AlK2$v$;4<Jkl9snQ$H%8(v-ypAm*!N!S
z-Dw9s|9X5odw8)mpRYcB=~yblks}HdDru5@KA<Yfy~;6|tyMHo8vuY>^ERFO%IK+y
zP|n|bnF1gGPG>%y>+Nh_uliN)@%cYY+RJM)?4EW{yT8r_RB!L+In%1yZMRpE6tH;s
zKmHwmy#YV(k=E0JVV@HFT{uHICkm%SND6P3xIT#fb!+PZI5}^<uJ^R-TLcrLIc<7O
zsb>YNtHg-?ybdwIq4}Kc_cVbIZJ@hj_mUFIc}dRaIm^t~OZVsg+hudvh5p-_d+jFq
zdpCsFYl7~&Gtns$o1J;dIuXyDetXl9%XCPw<Hw49$#J=k0L0PV>}synn{k!wCemF?
zW%CsN#a}m~Qy!)V3JYp}bf$+iVe|!88`p0go=orVihNYMjrj?qic)R*TAR*FV#EFM
z{C0hp_vgRm7cc#Jx7QYh1eYw!9RKZ<%Rzt?&|a!35;=*n0M-2VRiVhONW3z^=AofJ
z0}WD5DG4FC%eGwR#wAT8#GPyvPfOgL)MHN)6(55ziEdD9S7{b!j{2H6oaq<e@5pBE
zHnX<U@EeeGf72-O^jvA9CS%+^806PTXa$f6X>HPwe{Rfk7Od{7@kSr){q0AzqYi%0
zKpniK5y5w`Aeij$MJsh1pgW@zEl$`jhj+AnQNj4N+0=`hev+0yPMTC$5;D`%%I-s7
zgS}~)b7ezfqE{)U{L>(jSF*V&EnIy?Xm_K~#NAgjl%P<!DZgp^IpLt{uDXYBE(QWB
zY(fkQ5gO|k=)*CDu%|>ld;KZi`=`hYh`~woURnqZYY)%7W&}Z8HNIHjXtm+|vx*yA
zIE0%A>c}L0$tFE{D0N&hp9P$Bgeag=@OxF~Fwey00+0I700RMpffPbLV5W@$`#ob5
z+y2jhF*u=p(#h__J9WA04~1nUMqmVz!t`|SIM(oTOuYFT=u4*<l;WcYf`%y2JvR`S
zLF{|QfAG`nz-E_cIij|jH5{)y8v&pE#}AJ)%Zy5O9_?VRjByvDqZ1k#F@1^k-*&6*
zgcKyzP~Es<h;&k=K4iSu!Vh@+mC)2!$e;nxdqyA8J>3L(jk*H6uN+*D26s#Cxd*r}
zA)Sq4e)s+J3Yz(qhn;eXq@cjtQgR$r<QVDXn(iKx@-i+hH4bujmWM0U2~uP^Yqw@~
z@{l>XJJ+SE>rSg?_(`ES)v@MP6na;Zo-)2zvA;A!r6SvG_nS}ycP?m?4%J_;(tjf$
ztWWXDCwW(-pQ>BusL!B(Nr-Yu%M&Jv?pNMK;slpgf1e8UB1Vift}&1=^ZT@x5{ujE
zbqQWyS5RG!st1?xgO{cTi`p>E?ZsKgr6)GP<-ordp!>0LlFe5*g@Q4L964!tsVK$}
zxArJ1s;@lD-*H25)j|~WFp&o^ZUo4QVFZVjPz3+`P!l^KaET4cTLtN8Od|{W7!{LA
zXn4OJdnV<*AeGG^(0l5s;+~a|!}u^g!*VFBl3|407-u6GlHG?q|7TwT&4Lv(p&F>I
zj4!6710IbgX3|8!q4^g!2IMb{t@A{8Rd=1tqZyL}rO}7ibWJ?%6w2-9olkr1oX=xr
z0(Vv23yBQiy6r!KP-gwq{n8tM+9k;XUK&e3-Z55juzm$U;CI`oc)Q!6N8Ik`jRuAE
z%@XX5Vpwuccas*_pf({!XZf$(%Z1<Y>DBzvXjL*%4fA;vGN)ncCDmIYRwtW{MMz#^
z1W^>M=Rsb|+<on%LQ&XA5I}Y`&0H9?RJwjGl-z6wxwOTWi7&j_uUSJe+Za9DBYKee
zXt+!De9nOgAoYC>N;POVRID(H1w4w)N>C|ztzk+%?W@LPIXNK}mwU*U3E>FebIBk^
zU%rmJm9eI?jFOPnc=np}BBYtZ@>D*PMAfwQ2XyteFsOzFlc9S{C7NiEM3HC{>4B+(
z<g*mD@I<+$YB*|4IMdR?wFXyW$FJ84EWvA6q_$8ipac|Cf2%5Tou<C+enDqx0#~z2
zZ9|qzF#@}5=E9Dd>Btzvd$Myd__TS713%W-48)NzYMVA`)W68MK3P>Nkvr#)``b5u
z?xju9pv6UW+cK=RmWQ@4j?S5}uSqxr9kzGqBa}Hl##dwB-420B6?_c8g1Ftvo6-X=
z{JfxMAXgweSxk8JQsPkC?3!7F#vVlX*@~+x_tRAYuC0r+Np5Z8G-i-H?Mp?hs5`BP
zYCX0+1rUP?0mBH)+$GEy)Z7I|TM*0$i|Rp;wpV~(2O`26bZ9WX5d;&XRMlNwekWiu
zM%sT+gD}x%u~S1oEhcWLf^^~aCN9Ow`+4LJSXx+d733*XDt}YyP+JBONQ_dh!f6O+
z4v7^C5DVd?nN#XDiCA{<sN<jhBh$5GKHuE?nB!8?EXSiI!E$?M+IMJ1_C1>*n{*fh
zITVB<pER;#{;A#S_dMt7PkL&>OLUkFO^#Nx#<7dc&etpk(+G2GyRGqrD-G^<L$}l}
zpzBtZai+KH<2VGD(hf+EqbO<AF(<8XRh41-u!<EdqmJbkK~;^_9aRV>XFG-7Xm!40
zuiBeg{i1WB3El-G-tq$D1BV)BFBv#6Plx+i^?fmv44q8a3k=R<caduE0aE*jZ8AZv
zMK2>8-4dyol}D$dxH!8Y4VR}}hxVT`up*|nQp?Ng!eiA5<q!syMxhi%*CGh?ljqkh
z{|t+B0p)s{9c+0Q-YMnZ^=UmWod<w2b(MV%W0Q<%+SFAH!)@t}1Vtcg&Cl)-)*9p_
z^r;SI3609X;5VVkzgm1RM8=EL?aoK;CkSffHv2AfvD<IJ!UhA>+^<_#Ut09?fnNoh
zJ(jA5U>8cc@MxYqt?F=PY<|{F$Vqe`0dxfE`wK+XZiZT383qD+#FsT~*;n+I0%FZ^
z;!c`6M@drHd*5GDB1kAXr7MKxFH2!Rx1ep}3q4pd8|ZUh!X)MIVDwZXiHz>|BaV!w
zPo-iPXQ)6Kz4mE$F#J)Fdw-!7cxs{T!mj6_R-?wKze>arp1Adcbc-HbVhmZsSKp6(
z$Z517o`RE>mj?IOvhc7@z5&*XdFl;}7`AM^*Z}kjG!JbVAY=Hmj(P{5Vbb4_l4{bQ
z??weE^Q~V~`}^hzqLf;)^T;!_Z&s<xDl4}=3<eH8ZEQj-PH>mz4wn`kZbrP0@G^
zza4MK40W9mwv~|CA^_a;+QMO->%q=IX-UF1kidWa&sfUBti*EI5?0oFEjK3NUUmwW
zNyjC7sP4hvaq`EEH$1rDZ>P#$y)~qJibecgH<L)mzLOvrHJ-RU&$~`9bAvNw;$7K$
zy4s~f<;_Ix1XtQs0E(gtO9o3&L=gLq+bg1zj7sxDchJ5=1>Fc^dFtD|-Q^ZmFuZxe
zN)4mfI77<fj#q#g9>vtRztSJ3?;$UhqdtZ!ixL08WSTfoqE_mG!79BG>^Y8Fs{Al9
zJ9lJLFZ4K0=Wmsf_ywl2Tu`4Q30I@e76$fnlf?odLPZ!f9$4Z|`>dm60utx0T90fl
zHqwkT6&`D=R4okwtGNWjMa6Ji4c##1_%RrlBG=#EukMhKB+2Ah-<|<gxAu6&aN_;r
zoT2dah|A~xLPFod1l_O}U@Q~1k<+>TP@gg-pH^PKU#dO7*ub}X+@*82k9Dqwq1shI
zq;=E_+vXOC49waIGGR1HGa6!?cxF|_?u!%{hC~HHjKUj$tHEZURi-5}tkJj7-hX&t
zw$CVZd$gU2HJ!2(i0X}yxgW<`SjJKC>z`&6LD}0pSS62C^tdS<V5UJLO#0c2fGSS=
z9rmcg09J@wyP#<RBcv@z3dG$3`YPA{Fdf}XN|s4eU@cMh<NVKed<f&F762>%Q@|xZ
zfi~`aECRs$%vGp+GoEhzzjRg2F07yFN5skY=gca$XKl4@TMQ$7)_)mmj#rR$4wBsA
zYu&c|w27g|ybnxAyP%RLF>M1xqGxTu>9!7DZ?tCWg)x>wZi_L70w=W?Oo>+>=om5v
zA`1|6_f1XLW44jZ@vgYZ>7#JO=fPmQ(~Ca&b8A^O<RdC|s+#pu<>px6V?VF$^>q2Q
zKjEz@S~~H2njlwS(k_w|im`StQGDgQ64GdOnq<}2+Qs`J>uDgwKCgG}WVKhnCk(r7
zH;LLrG2B@fZUB=y@b_X@nxt~zr^a-M=Pqz8V90cbHw?_pZ#xK`&<>0){`fpXg&Fl~
z6ZwFD2479$A;8h~LgybC$!=a+q8E2$_=)oYl5o4~&wrV+68P;w+M-NuSY}yFZYfmn
zT&Ph@ivjKJs(JmJdLut!HiRiWd3djbN-dB~L|mP~=O@*~nC@*=^!#fMRq}9;)5w6~
zaS9%)@et-g5)=VIJ|NjRwD={e<7dIW<J9pTmWa=K*(N3ScOaT{hG8GB%VVpFi>=jJ
z=iY(=VMX0~ELIOVH{XchUNg0&T`~yF=Rx>Q6!_*#H~vCEc#-8ba_wu~xX{?grfsD?
z{-AbBxYiJGI&sBrwH2p#&*WoTf(bMP)i=27*#CIDHXmy~W9ce^ZB<guhuEjkga-a5
z2^zS;!pe{D)7K4!#f<Y%R7QG?<=ZeHiS=`b3f~c9oFXHsqQ9YXO67z7`GBpo`~45D
z{&Rx_=XF&K2Wts2H?3OM|J+VJ+y4!1_oYlOsep&0Pm7nZ7eWVrpEt@laVE=xy?9r8
zaP5A2-VR!23UzJrSv~->rJX0qXy`gR9?7fKJ<-bO7<>P_Hu4k|>y!gyzMOLTv*bKv
zTa_m}Cm@9pRp9t@e3li)|9vZEV-7$K%8~*#|NSsbVVVb^gTAzg%>!saf!kdx>^eGn
z<x323kdJc^!B)5=*3d;Jk(DH%yn>P*epx*fs;Q1%xrsYD2KMmhsy?dDel5wJG^SxC
z$v<+LB<lLm6k(_J%F^bo&tUo4osJs9`&2i{YZkGl!uI=o7#;-idIY4uT9WWr^r6nz
zioMvnKW`dyiVfenptoipfvRyNK{x2A)~a~_rGE{5Xx0$xu9mZ)&6jhj+<uYF?Lw>N
z+Q`|S3@6a`^wWY${v8tq@jV>!sagXhcE~mAxv<2AhtOSHeUN?SG)U5Wy~X7~v<PJW
zuD%L?Ih0+cQ77yaSXQTRJ?*aw3#6q(ec$JXQ~!{dq}BUj%REY;0p|Y2T|*68rZ-^{
zDz%zq8TJM2U+~Y9_re3nY;9Ln*yjS71X%0>sf2L13*74qxmK+QJGURIx|Vw!NVh=~
z?w5W_?-E{0Kb&kz49t0qdRp{P1G0ModIp$%fGj{!AW|F1FHu~zASNIG-{FDTDcBEA
zl0SmC%N1>kZgen!`SB&^GJ~1H@|PAZH#Q8t{liw<7mt^NnX>cglXDpTts`A!EdAY<
zK1E*~ceFOBH)yHVZKvnd%+yanl~y)Axn$=vr){k@G{OwMlE?<iXFI!Ou}G6?xPB&~
zzjO}cDib^qb{@fa1LKEuf!f(UU<khh0@-={5aKx@&LeVxS(isqlH<v|P*cUW;0*;|
zrP&ZV@=<(@CTN0+f+sj4*fTP+Kd~)jp26y&y%^`!p7Qu?J@%oehW2*wU-N~%LNtOP
zDSFomR4aPmwaV2Dg6U+@nu5Q@WbtB6jG0Niy;>+1_0+oD9;(ivrO?-~EDb#g0WTd8
zr0xd%`pX}{QmAEx1KqV)$4{)B1pm(^ZkflTpO96Llke-%195u697j0yuwK-#nk8_M
zlDa#k&}i~2fpFL6kI}Y$H4a5<Kk3UruFyTibiR|hLUY&S$}9~;OzG)<LTz`seDs<y
zrpq7&znk<EH8vTWl4xTGJfn-FGCPTCF?MXv`r}q$2lhye-)21XU}Nq3oP*S{z%?qv
zX<q<NushRBKw2-)uYn}y{{6x{^r-^Wh23tqcM$~sZ|E&#UgC7kUtU&1w~-)%uGEjg
zCFR1Z>S$FQl<og}x4U#6i(gBw#U&WNK3Zc&A}y}#!!z#(X0i}PA{m%7LoPlu_BbyM
zSLF^cC=j(bTmyGI-}4wE->p*o-)8a@3sRy~$2{pG1upK^OrV2za;cevH|DpydC&@l
zMaOmjb~g~X?@r&d;MNd<@F{gv3l?xedVXMou#D=YD^@ZvRDM}7*Kl=2j4YHlm9+)&
zV$iVDf`;Gw|8Czn-q)Zk8mo_$>#a-ts}E?2G(c@-)almbVztiWVvD9vrP(sQU{O&}
zfKrS5`kQh<KvIlx-!>T+D<H>@_wLunx%^JkzUVnxFg9osL4e=EezkcqPGXt0b|QAz
zR{Mo0`i(vos$}|pHZ%;xuYKh@(3;<%5F<Nm45DIQJ8Yj`{DwMr(?Np}8?`~l#9_cV
zZU}kSi`t-ue8UiW(V{?q=or{X334#p$oV3F^l}<y)m$#xo?&D)lo3)wXwzp2Olp-g
zM23Km|D4F~F)?;UCtvFAUm}~Q(-~A(4<@w#3(u&656fNLQx%6o_`x1K7xr<40Rm83
z<cMrcE`FGx$IfB@nY>DG;BY?fb`*oYaJMwoPCgip<j(l8L-n`Y2!E*f0O&>i7Zzw5
z3hbu3^v}cF%Pm4n(vP_To3Wd|V7Tt6>`2#wBsA2bH{>=br0&9KXg`<`b`HhU!F183
zRp5oS6qUb{EPXnDSYCCjPR1ZfqZgmJy$p~}DPG={k}DD>Auj`wEwv0fyg>fWF_kit
zOUPzE<~n|G#{YYZhS)vT2bYTd^)+`E&OujDXnBHq=cOndtLC3TMvm%N0;n_Ft+b%3
zhgG6xe#Z=tekY)<pMz2YIv;cilShXTG`!6iY0*T(ed%mo6APw;5}~EDpZt+&<uTEs
z*dVB{6jp^Dsh0*~K#w2^L!u`8@<FVCUlJlogXtNEQTi72MN7wvT%<u#1gx-j^Wz##
zgF(U7nTN@NJ<xo=@jy0(?j(5KaU0nz!E)w=35Iv&#P74?UW~LQU8jEGKss^hLkOG^
zjl2FFkuGhjc@a%*IHj;WeR{*HnHo$-D~K#v5*irQ&LH4-3IO7p0lSxXja%Lhrd@Vc
z%v_4sa4w0}Q1-2fmuto|C!Mvi`tuEh@^DG%Py)Bu2E$2mEX5TMQ2yBz|5kt2nuXK^
z<)xuGQWegg+{q@%6CgC8c${aF`R=LZT-~`vV*^^&{d3f<gmr0LYGuHlXe0_aVrp!8
zaAxiJR|B+POgxvZkQH;Bhj8=GZW@*&pd&XmMv7F3HUN;xMjQO;3s4R$EiDZC0d0R<
zS_m@*8zY^a|C-GCw^fLjMhxl-KSmmJ4+=)lJFuaTI*8&z#Y2(QJy6nsBpQ~7Mk=~-
zqTLipcCACjBwD0Z0$S1#{t23d#xhQ%%PYV4rWI%(oa0j^!24JKobxGH)1%J#?85nK
zb9g6WTEeArQ$xOCANy}08vF-`m#&Z>twg}Eyma2|_H8u>oi8)2g?1Pmd1I#oY5a2#
zwH33Edi}*mKB$}9QL$|pWG><)o#m4K4>f|}GJ)8-mQ^k<f?CE6<k^aRP>%4PyqXyL
zzjD9?&2Qdn65iLVtbEFh6p6Sc7BRL5Cs_bC4KP%@MS{;Q1Ue)W1&t~KmYjL;jkn5%
zZl1n1eb4~_A9Y8hnS3BjFg*wLaCFs7zr=}p5Fx)f?0-Rb#?3<&7U8!~w(xy<)#kcu
z(<!AymNgra_tnHh%7r8QW?wejn9;^}<0qW6zfMnqvJnHL?Tx|b`{6s6KUwX}C>F`V
z(@H_SyMe`7&JS<D!ik7lWHU%odU#!IAN6?r{y&5mtz59yp%l{IhL{C$e$O9a#OjPN
zJkQ^w7(C$r<4E9zel$K3b)@$>AJys}2!7S}J^bMp=vHRTuJ}a$kCt6EvU39BXGEjJ
z`%f=DSUHN0Yl;tq?vPVCVDd7d-p4e=k|@+iDjr#!dfdjMe=}<|T44>Ovb(Sobsl**
z{a+IKE##?JcMb71Yl{hjf991Q@H=WPYxbqs9vBNo^Hg}^lLRux`)0`_DV{MTx9b4M
z|IyH-I6CuktjC@<R$fk6sX)2<vMR2X>Mnw7Q$E?NZldED{Xeuus(2l1&}co{yfnYV
zJ+mYzCLIFYzo{agUmZ~6AO*KZMUgXWFbPS>F;yTqV(vDOBUFRm?CmU$@;74%;~EKq
zgF*OnqLJouWR7B`@grDQZ^Fa^dR5_ZXy=n#0E;sP8e;tCfD<+G1rQ}$CNCzej)s~X
zrH8EJFPxzx*{%Gyp%2LYYy8dL^z5t%#Hp-x^zR{~RZmD?v&N246f#>pD5)JRaWata
z^d_hf?|2xDo)Up76hxc<EuvE#g2Q$S6Hi^fwG6)chOpDij9SBH^%{uK9(ej@c9Nzc
zma2vJf<u8JW{vwm`@sBm@ol3%AFwwmKZOIow?g20OU0VTukrDo_FPfJ;LJW&+sp#0
zeI+Tjau!gDz^Y{5R0@=G7FYFfbSy~=Ya`y~zCSg-AP_O(OUS;+M_$;bQg9bN2LFKz
z+@sBj=)9n~F({F3_C<<k?lxK7%C(a&42KQ`WLdc#aVMaac6&opzFw+bew2?36T$Bw
z3k);uR)!*xM0k9{=vX`t%>U2pqm++BxFmu&1pY@mh=qUH<e~Wucl0dMg9b}EyMW+d
zfE5wCuX;)n1;}?pP-1D4p_OBF(9lth^0=D5+ezcDmRCn+%XhhiAxfqW3T8`;2$1{%
ziWI7$JO@L6za2E&g<ja5(WKEK)B=*(T8!WC#ccPm#d|Bb4QCy5apl!2N=LX~q0_@R
zW{J-sJ+mtWBdqB7bW~!9HgOt;hQV+B1*ll9f?%+Udr-HYWd77Cfdv$$axYq=b5C%E
zn=R@Y%|(+qV)v-$p*}3yrmj=JUMR<bkLt#qG`?m$E`_Kcce){844gn?q|G#u#!N5l
zwWBc#M_0E(mF@QNevK6GuhsJC+Ad*JW@UIU_A!WvPcR>7NLoXhY?D^O_evA4?|fW*
z4%wIwR6rNQ%xeG%kA|Z<Xpz?E*=oIMp@3FYfY$j1WlK75JmyyYUnx3QGW-irM{8iK
zAjIBV*nchCW*zCyGcaEW{$=cf;p{fTwxMaU$m&uV4#ncPciAAuDRxS*00o8kJ8Blz
zQ;6lNSnU|HJZ$8uha&11K_ajtK<%*~KDkD39Sd_jo3!#b^c{GZA=DjsoFSAe2<=Yo
z>lmKUb2;onqnfQ6pPYc0Uvez4B`^=_h?2>Ar<R1pIyM2)EDE5PM<P(1pyncCHlSf8
zxk)s#t{t_Ml|B}&Ps>-pXK}R!d(rhG>z$P^4>m00)9w;}Kk~we!>i;z8Ef%Pqn;}5
ze3M@%s5+NmUldTZ!aLpWGvnXa)UFFeR}09qyT6O3A$ZGW;c^hjy^R4QR%h{_Y#89O
zoc8wCT~C@=j{zEf|Er38SRbr;ybV6T%;$N-e!iCgHM2hq#rllny>`0KvfO1*NXB9Q
zR6}6I^&Ct8R{yV1f`Jkvtz=*wp&{z2R=Brq0`bN2D50^6w7lIFOPCqxP8z7r(uYRU
z7*CxI{f%}CVZ+LR7<-k_QtW+e2r;n1+H{m*U+O~w*$Y@9H>PpV*8ejU?id|8ei2oI
zOaFQXmPE#<P@_n?1yFQh16$O+6stCVS|NHbBY#m^yluLFgp^O3pijnma(u9)O+Fib
zjx@p<qCU&Q?&BcD26iHIOKgw(D_b>oc3jFy<6~qS0u$g}cw(flgmyoJ)0EchR$UtK
zH=5o4!$4#IK_I#LDfPf(v$bi<r=;;Zx?M_##RC|QyB^i~c5w>*#mxD6wG65;rSFmB
zc;+Lm-w-nTEYf@fdCCiQ3I3Qbto=Ja%03ts5)&p-3B&FwjecJu1lcU;H_90!9Y#_c
zn+jwlUYIlJ1IOMqH9WLw%Q)(2L!wrlM+vUa!K|)MB-xS%m5ovgxGgpLFY<@W$7yJ(
z8vG=#*Zi#<*!HvcUnMd|W4mx2BD&ncxZv%h%;37S+O@jEF{ek^Ym~?x3dGAdfiX*L
z^RFQu<GkcBBWYui_sW2~p&h6FLUPXt8yMgXR97K_ukKzGL(|`Dn~+L`JvYNT9iI!5
z-x=>{@fhBU2r=eiv#QTJE#9dr2qLZf`zh#yIq=)|)s7@OvFfb%qyok;Iygozr(U%C
zhwMM%RWf2qsW7;KidbYjPSi9AJI=X1BUs|F?Ofd&{bf6;%_o~RcFhx4gc>=+Q=p?-
zg`7UdKUQ?@ju}`LUxWWc;RW$2H!c{0wGg?;G2xFO7~JboEd4X=ix1Z&zhvMWs)l!L
znyt<~|It=?t<|rs{8kRg=!6<kHpr7I`*N)k_@yW=;V#0phPDrL7)CMWYkgBnPR;ON
zHEkE_w)6x)VzUEUN;sDfYz??CVB$ER;h_@`3BJg*9OPbpI-=c0p+ME*?29Kh@>BQ|
zA<hy4nOL}Zw?<-Dp!wM~mT2K|0f|iRWzz3+6^ZXugH1+<SJPAq{t8<S0OXLKAPXAR
zfv%t<p+SixA&2D%|CyIYT^IPnmz?w47l#3|JGZ2?ObJszJh9OAa)G}4jJD9Um|==g
z|C!_f0TRJT&yU9UpcKoS!Q+CniC)xk;Klm>#7(zw#1DUHSq<9d7T4t1)T6=pqQ{cj
zZVW0*!q)BAA2lzw-i}Wxy=~2>{9UzJ{JfVXme@c<{|c|oySy@8fyedJG<6+2PinuA
zBWNxM4bXyRszrBTJ_)_LjTi9mCBYBoaMbS%4nh<3d&`OFTIB*HcnAPZJnT&fSETw4
z!fg!=$I#x+ti&(l#{~_*Zk!}KvRl)NwpmZ<bVil$;dHwALeo;IP-eL1K{*(Df?UF>
zaYndQzEUscBfXQzA2Z9tOVI=AseF>EPS|T1g+ugk-M2t$t=4jl%5cyTpX=k|inqH`
z@$*pmVq9bK2Y++|*(Q7LK0m8<xr6q42R4*0+4oQ^634)vpEAhbRcT(aqi=GV#UcH>
z`twZ@m-3NiV&pvzxNDU1?Viv#Hj0IA{&MwWL4ptK%+MZ0c^4(0gZ|G*`oWYa_8az$
z`p0_$4dl*AL~;eY>6jp-?*;#K;q=9buJQPd2L^U~%|LX9FT}P#<#7=%ETxB;t;tYW
zI`TqYFjM`!LB>pEk%*y1FQCZpOR$X3|NWhHvLJD%WFL$Z!XvZG$;j^LIlL)5l)^`G
zO07q_U&*<hN$uOL-mv>YQZiz*AmKB8tW(PXV@*8x!-$DVcFv`u8~UcD)AJs8wAh2!
zvmhuW1m!$rz`1C*-iF*&pH=Y0eWf7Cxx}@PzVq9Q^xIN&+;+1L%~`_6amJrV-=tC<
zX$;TuedC4?2|~w<zDyMo*#QzLW#ld8cQk;o2mAIoQiU@;Ad27kCsfXKS52sF${!f-
zzSDC-gvA<&+XamwM6)kb7P$a^Eb?U%28-T=FF>m_|Bs(zw0GdUl6wDIG-hMsT3=47
zvuJg;NrA2F^k4S!a4viYZb*!s9#D?|dr}fDX5jjY#l0}v&3SP=C6kZsvBTk9r$##;
z`E>W>X!A1avizgBHO6hTAw^&D0Eo#n>n7V6de(NrCj*A)&A~t+*#o6WEa|=jc0wdX
zDnhxtsR!{FB8>RIsP>NAZzythjS50O7l@_Dc<%Y(=KFT*(`1S`qt?m~Qwu_v#3`nY
z8JtI9_x-c~@{OX5Y?X%pbT`Z>IY+CJ7b$Ut0MDAFXayI}@lx(}YUXzZeggxSvy1zG
zI?4V*75U^bsJ<HS!{u<hI%iNQ3uY{E6rYY?lT5%rBx(ba;1^aYDD@!IV3xrJqzg*a
z|9RvoMP}#%O3e+pT1)hNfqf3Du$whlE~)|R@d9OkVG6;EAVANl<out822d^cI0R{j
zuf(+mAfe@wfc;B?b|f%8^K_`nW&D-3)f;-0JVwzS8bm&FP~~)WpfPMUE~r*8u29L)
zk5sBQ&%wM#`phq*I>djRNf`M`LD@h~MNn#ttz;#}7~qInA6?o?rgoM@l3=+%Vq!rW
z&7gJ(SAv9M!~cRHx$}?u#^HnG<^9%)rfPQimP^gAIl9F~2?iJ$Yrcs5D6Fgx@FEGz
z%=D9>y7B(Uw!S&scHacACVIv7bVYV4Vw;8Y!|gqN?x)`3=z<FC<sY>#6@>uhLMl%8
zUKF!$`z`0dXlLqK`Ua&<;<Z-^JH61RsUS#Tl4w)k&P1x+W6qw=g9zSEows!4Zx<`T
zk)JrMUt7)$*isOa5=ZPD`lRYBXms$4Fp0ePKLHEw|10Y)!{P{<w$Wv=#ob+lyGw9Q
z2=2jxli;2Ji@V!m!QC|wBv^uLZ~_E};O=sU=Y7t(-tRm7nAw`?-DP{atE=w1tGb*E
zEQr7diO^_f(KtZ@--_Ywyj58!pjqn09zWuUKc`Kbif0?Eme8L|uQm{=3K~uQS@q^b
z;{=wkn72u7k%Fzh)`3=87-C)Y(;`xV;j(LaT7tV87ex^?Zn{V9vR^ClYh1aU8(NMn
z>7B~}C}ynJW%kg@vcdhZ3L=)67Ay}+Ph@&u1Cv0iap|aaFiChP3k{pBtOE`Ywgl^U
zWbugwhh&n_Z)Md`iKZf>kp|m8T?e}oc1STlq(w=#V;^ugNmkx?AV-qVhpPprgh%=p
zr0C(`8W?+VD6u;RZpY@NuwCZ1LH8proVX~Iq{wZ`-r8q;V<?w-(HiHzYO`XPjTt`-
z%jcTyh8gja|KcWTOXy|HOg0N}yw4dHJK4R!!iq`YSqS08yP-K3p$#;M=K8G6^PU>e
z;pBpf{$nz^KfzfWaC>GF7#8sSt^Wf?ST1)o@{ryAvfRQaM+!#fg`x-SoFMbY#>*o}
zzLF;elo&5a1n@3mwTbeuqnvaQ6#4pq=fTV!L;%#A$_IO43KB&u#rC99r2K^cXmKn#
z_end-LN$bD9Xk{Y7ZK8P@H-24ndgh0E3jV|ViA+tzw<lx;W<w26-b`Qn-#>=RJOmn
z1+h|^Q<ZJ$906s}ef0&^q$2j`R*5vLQ;U0XBHGTFN0XAj#oC(?DTJTi{O)VXR2i2e
zGz;)_^3Oxl+M{IR?3(V8!995eYVf5y>Jhnc)ZC1G4)LIABBvf~fB6<nlx0U!c-u`y
zx-9Nnb!Ogn7U?Ejc;+?r2)s>8Gp+X@5R(*&n79bHW|Xs`l~`|{Une<#d=lnBh>UbZ
zi;Bnk{VD9?`G9Y7Z)o3SyLal`_2gHL@2&R(P@9AE<~--g%sVwGETUFmKft}pGh7EJ
zk9<AOJA)SR&%Hx`awf|#<4UMLEC#J4O*0LkXKB4sEW0@R$20uFu`0a^iOA}S3FVX#
zLTwZ*7@$xDMQ~R503Yhb9MZ?#gPMg+u&PczZZy+7XP8J|c*XE?DB=c?E3ujxv$unB
z%B|&`MKxD3q`!V}0cDnm&lDH}gMxnk9*_4AM$qz7JA97K&|`o;e!P6!gv|f&3D2{B
zuXug34UJg>t0Pn1eYY)C3~GhbMD$(9{kh4~ydDZ+jCweGb)vT^HTcl1_i!4yD}t=n
zS1(%@kaP;{%$lDlTgu@a;FV6$^ZKpy&}uRRjU_Y4%P+_UE4O}XqU>w>fZ-ahm``Q3
zozLDW>jqI}edl%4<H?1f0SUwX*wuBZ`E9vJVK%LaT;O^T5tVZ&-*7?V_KOGmJycal
z70RR(&d0hM;2#&9`1XrGmC+QhS)e)8jb6pM!NAFLIAkG&rsXmAw1tFqZi#LCh+J$&
zAk4}@xed*HBrEuvg!J~7y3z*=KyR=~0WX=Q$Z%85WylHqv?39Jhyx2(FphE~cApEF
z)Fd}>LmX4AHzY~pgEWmAjyTu#rGq1spHsaIU@8P|1j)8eQQM$WXCm8r3r>x+>ermZ
zNo$Dmd?oEO{hKp0opc~2v0!(H;kGDf;rXxp(URsBhI}>n)hII6+&76?i{FcXCwi)Q
zk-q>Xi}D#V?r<Nx?zF#^Z&j4wP1MWcv8~o(8zd~6rlBaw(xst9$kOG)gC}hSw7pg*
z-F+GfA}mXhAETR(HqhAn2d5AW_TPS7hVRsUPA=oYCvRVcXs%L%x5~TpahP-&!~$SO
z$H;78F@IRpF|q_vwvXMH13S`pZb`QNMJ)<z&^VLJWyLGl+A%T_*y#`K?iiVwgNQ0Z
zQul*R|CsW6fO!iPY4CVK^I`rSMw94Ig{;8l4(tT1L4z!j&N~lu!VGzs`Ux@{R0y|6
zNTBWAC{@KGrad&hd&Y8*|FX;McjsZL<G#lCPW0I(mFv?jh4VFA36<U(SM2xP=Q}c*
z-~A4nr+8D81UJP_IG9Abg9axPxRCdT3V<*hxflRSlKm`5v~3ASQzZQ~N>9%&?>#i8
zyd9uh>N%sFzOKFIXpgW!5}}F>rQ<}KngD-%?%`|vxfG|%>fQeO;7*ahVEMYrJvA6-
zdIP3}zgF+8@>m;7bPz|zkNK!@KWrhe5ms(b`0iDtHcoPLVH*IpdLRW%Kaw%LHW1{W
zlKYxjeKfu?Gx4W2<Umv}?4(jXn2GD=JdH8@1zM#|0gwR_jWSSJun?3LD3P*O3Hiko
zjssRiNV3c8XP0KmMvG(b!+%*Z9O_qWGrU(t_bK{F`>_LH^y#S4!HD4lL5&Zs_Yy*1
zY+{j{nyhHOi$jW8xJMpu>Qu!~uFm5WlMB+#Ri*MKhfg*5*!;6jOMfzOV2>B!kZaSs
zC`PtM0ZYS|PVu7{=y|)X0qywFH0v83?SAJytXbv;*DH}@1EGc~%8M4NL%FZ$>?(+&
ze-i9u$sV3dRpp#|HdUp;bZ;q>N8qX6KJR`IUR5{tm5a~8$-SujslVnfkABRY$2cnP
zA9?U9u&poQy%{5!m|y<UAB(y5p?B2)=54T_nt|TC82G&DE(VSdqLbh@eg}6O;qMIi
zP{J=hRK|-BwJD6?;iZKdW65k>Qj8-+1y+XKD3-2VmfuVo+C3W`tO>%J&VZEWBG}>?
z@=x#&7%cZ3nHrfZelsJulMB{=j_d}<+AMZ~903RC3G2H=_JJNj=kFJn2NEpWboKe1
z9yxzGG71}yt}dFxpZ9i|9>WvkvsOg15+-F1CIW;5ib|HUHxzYO^^PCYNU2uWV_$zJ
zt5UP-iwMWtx!Elb6;wakJ;)_hi1b$7hLw4rTo<_0TNfrm-#p)6_UeySIg9c>a<*|_
z=REcA47TL`lYq)eJYPD>lTSQM;Ff%S|J>HFG2FTSG_`DWaVEFu)alpOe(!Tr^33=Z
ztkf{2Z>?5`k9t8|#1yBjvkC@`@&A~d`XJPkQY{7#qF`HtXxm0E6|`Jg=-!eWJ++s6
zR-AFxj)`TG=NP3zQ}cLv=5&L5oFC1*>5AE<X5L<CtVRC#*JOR#yGq(B%(mVO7Mu<z
zr?f(p`l5-kcM0r>=n2$@XQjLN3yBIveY?Om>FO)OG1KYus#7<b__rR8m@%CVh29F{
zaK8hE_+G+L3Cj*j^y|8RD0hB%C-*s%e9xo|jk~%K6y9r*@Us^jfmW4tUT1OtaHfDX
zDy2giPYwYz>%b>uupimu+*dGF6UV>F(aUF#*a1VjO*F(Xh`wAqXy+#!dHj%=)7ibl
z!?0uKz3Nf33M#Uy-<LCO3^AFemT9Ksg(wZ}(xecQZ26K1&y+Iuh=<;DRk&Qhxj7AZ
zv$e3{oDoBjnTjAqq{;v;4f9N$O$oKKQGxOq7?_KUzQ(K~c|~;?+pxs!+j{7s;Q926
zovh7*dqv)3B}!tX^#YzB#~t%i_d8{yuH|I-YJ^rv={Di17RjEjh8~P{|0qTQ&<=Xm
z4)Z`7Se(f}JN;H{?DySIxC}_)SjN4sb=~Y;2$~WX*V^}j_cI4VT6K>I=`uDRMZ3_b
zv(iG6S|UIPYybmXi@>8qc&PNLmS#G((IyVdvr1g{`DtqxUA;bA<h(Mxf9Cbo*OG6#
zJL3F5!h;{$EB~ZeaK96iI2GxS*ikR*cEm{||2z|VYDlslbGq!HW^#K6+nN>pHPGWB
zH00oiGekTd1j55TU{P8{@vU&Y*MTmSKON_}{5JQpR=iO6vJSsce_Q6Qq@(rm+h+$s
z#u^t|3&!6E(fKLq=cyRZ_*&=FZocOem%Q*BmS2BYG_%m73CfvGusX^1Uhfo@by>}F
z+<!pEGs^q2@fNS+&x$<m9MiS1{IK1s_frOA?FSqlM;+?(vxa<KxeKdYSu%HM@AmGi
zMDA-|@d-6L3!wVNw%gZs4&A`FrX?%~GCe9O$Z{}6>I3ys{yV9MqG+=%2JPG0v&8ZT
z@@YiBpdrxEvLIf{A62XFlEL5Lz}vS$3uGOIR=Mx|4Rz*W6(WV9LoP${ItZ^-;Sgv~
zyp^*E%zVn~b_b@E3F#J4+1;n1UAQ~uGqifOu5IP2W6PTk^R1zG)cqbA-#-jvD^P6M
zu3}jwQh!G^I>#SOQ79UCiAcDiP?E$cWAuehnD+U|`5!PJVZ|w@m_4d{X-}9DQhz~*
zXDo|{tF<IzGMT9m)%#^};~I`jXzI!9ag8iM;48Roq+h^h!C6)9Z>JAc+at|Qz0NZy
zHdeHd#Sr0?U@bDHnsE@d&d&T{G7sehbID@7)9V~bV4P>JK`lfv(}1s|&r??7=Kvf6
z?+~(|N!F-X>~J;&B&3#LrhZVGCl>q(BL-$SL4`p&(xQgSI=MIvT#qFPuzmC~YiXl@
zeI!OfgEx&9DN?tFm_t!;pF8vwwCUlcjLSvqYtrN%iZ?8b6tdS<zNoRIz`d0hCl?gu
zy)~g+ya%+{j&RZ>^jSZ!#PRVM`HsqAH)!yiC-mCmhI7>Hq2^++^QIGeo5Q{lvxhK_
zcf48R_4Q_73m;hGA~~eKY^ax^9#}xmV{YQg+s1FV$=*0FLOl-H*$EFm-%Ebq%XAN#
zT)?oW^t$A#AUhlwby-88uX^nSry~74Re4cJs=T#X{!Ze@V%jTF4!4ECh}h|0u>st{
z93FvgEcl_!zso>8xP_W|?~$5hnP6+G90&{nc!58q%ej$p_ue<w>8sUaeagIdm|mp?
zDJ-uthPHzJH=rp{bQ4@9G4vnwiC%gU|LP}1(Li$o8>Q{esuZ`dzYxz)wyQFc6mKvV
z%;1Kwpp^dbHcre<ze}Hl-^RVU828fBz_|I9qyP@1iy$+sH2Ej;2TwQu)JkSEA~hPO
z6yTb+TQOOQ__~dOqj7oyPOE$cT~jda^<976N2<r^7A5GyTDO2hgPOtxRztbin<St<
z270nz8E>J?)z2B>PXXQnBLHHY*InkU6HH<llJY(_s~&$8z_G=;qa|%75hf<RUKG8@
zRFgQK@A+*?@0&h{J{+hg&9_RO!*}iO=s#}8_z$PWNt*JCE>ndDN<y;OiG5G%OZ8?5
zMYIl|pv3V3GNJS`4RSV8MWE#uX96&jG`3$}@)!RC$FzjMM4QV#K*&!t3gtgoNe$}o
zFJNj@@`rYH+{{W-UK)B&f6%U2Qae^fWkrbS)egv_=7Yd14%ghp7Vw50d8z#!TnX$g
z=~_YUTIChP8Nszg<1}1HJ;cs)*V(9qo-`(OvCA8*48d{V=rc#g8Qz-6f7Z37kt65X
zke~A|$oR^;Eoq`R6oQt!4&{4wIZb}gyqMnIQXEH#Zp$3wKxu@#=C}}-+_j$~fk;wm
z9KwB6{;noKXWu=-s*bBK#4c(YT<NSM^h0rN@>NqC?ucQq$6UF1ezRNMi-v@%Et?&T
zD{2^ZG1>-BuIGDR39);Shn3>pr|2@Tyv>_S%B`Tm4n)l&2*B2oPL!wiwy8Y{F$VT_
z1rtuexxxRiTr*j?q0gS6G!pze9gE#xdUd7mp7i<Kk+Uro)0>meXP)_rr=Nip6ussZ
zpfuK#__X1U{~4}mY81_T;E6z`xc0GILr<CrY`Ed(7ef`I%0SvT1-QK`(uzYUOZ4=m
z0G{*9K@F)>)laLO6cJmL*&R`fm7ZD%1EOkw8enGMoIW#9y5ljUyPs($^P6ZdiXyeX
zCK5aA=JOZ&s+JgvaYk{&Ir5Pu$!M$Vc1^eYDY>~kYni{1D=LWZiM*iiZ>jnEH--!y
zP%d<WQ>Ap)z$hDLF=X`7VXU?9f_3Pl<LNaFkQPxyS#PPVq;3Q7Er+oV-rqX32t@F@
z*?1!<yXL;+|G*opsh8PR?m9Q-!`n<AS-Iclkqiu2Hu}zG|Il<W?iadlZ^!@@qWywK
z|LiW%c!{aAv`Vh8Le<N-$%%%R>}Ddz(D!x=9OlU%WzVMk#wtPuVv05SzFVEp@&66G
zD*W7LsCXKZ7c#**YAyzo*5&GUW!9o%PUQ)q4=fJF#((=5GD6ymBOi{sWQ!Q;2-<G!
z=JuJY?1?3Ggc4k4knHB8atTbWC<vlz{;(eit8+g5kvX6g3SEjO5*f6B^HM_cgpUNZ
zGX<eV&Vu%(J!|F7`u`5$%M;_)<w;`Dp<7KF?+`&=hk*64x{A5l-P^URFl18RR8B~3
zVA;P1l|%lOAXE~ZVJ(#vj*cRL0HDQXW^CQwe6tDb>;qk8YXD)4O^^3O_KIRTyiIJo
zBA2+JW}6@f^lsbLy;ep6v*+AuUaZ%5Z{(cE_J~EH-Xg4ZY&B%a)w0?dNC%3<1t_6%
zA4|z0GQs%Em~c`E6GuXCn3E>*3g}56H|Cq-{Opzr4Mab+QDEpyALghPxNA;vUR;*y
z9GbQhq*B^$-0A3icHIpfOL8B4z;kT%R%-iK)3$>KwN~b0U2O`AO%MtBrxdxKslYG{
z;4dfXV5`&8WD-+CV9X+=NlI6{u<4+MC`Xq%DPmGtM6idqvqht>I#aXzfadE95`9hM
z#yyihGJ#L-(BnSp!Oxt*1VX6-xsp}Z!l<1w_y;JZ3xq*>_n#=Wcw^~}ou97D>~}_7
zr>>#u0Q>HKjD};H4Z#$(aV#*g#?GFE$*7jiUtnITOu13ctAT0OM*6(8kbonetF{#2
z@l~R0vP9@-05#JaG&ZT4qdZRk`R(5M6<blZ&gwfh|9nN$P4R^~L$1Mf`_sRUc-egT
z-Fzdz7S>C?4E{i4zWbfHnZD=_aS9t%?*-_1YBzCeCx#s8N9`IvL~~OoRtVR|5v3rl
z67YKaR`_LK3#|_ToOLg)a;iW4cCY51j}C6Ym`4)J%W|A17d2D_o;g^LCA&MFPopP>
z7<gQ3MN#I{Yto*y-S^`K8iZcY-dg2Af#`=v&Ln;X=4P_&mBw?HK6ezC>dNONGHCXi
zZq}T9;As-6(bPMmk3McIEAs{=4!-Bc&Bh%Iqra|iiN05YRU;9`13{^pVrbH+c@6HQ
zqmLzzd@&Mo2_=YIG8@MSHb{XEZem!YFWH9{&4wb)or_mOR3l6=8;Q|WozlcqhyNU1
zrdhu{M569=&QATk4<L_7BqgWFgLbHxb?c|=?mhe<dp`TK{giZXpR~;%8iC98Oa1n$
z)Pich|7JO@p$JK9O;0=&F+vd+kt8}NrBV`%n;+<bgQl#V2U>r{5TF@$GE2C1XSDlW
z^~_>Av}K09%=~Nqq4PZ7PO;)~fn#TdN8us&=NXZyxAY}XmPg#au%0kX5VVwEfi^7*
z>tkc{xLv)L?Q!Xq8gl+u&EZdZIe;f{Xzuk8M1D;31#2I?F5jN5LLEkzz{B@q`^bfm
z(Ypon&1MSSyj^=_I213=m4v`AeHzWUsybQf^ExBxNXZuMwLkZE>$`6lSds1!F6}sv
zQmfwMAluD1NulmIyC5xr?iK(;iv+~-{~6%ln!N<6k?eMWEClC(;8wxj7hqWUB_EL#
z-U0L4Oqb?@c$oNF0mO>Z;w7!6249zJQ6XZCyeOk+PMoQTz{=$CMhkL*Jzt?Q+jS?6
zS1oTeutO-<<Y(Z=Pe8AsChHK0eEw;fj=hb~SLO`LvF!GF^0jSdo$bH#qCgI~!UY9a
z4b{=QocymO(I4-2*G795df0hxEY2+AYwVIpm@-(vPV?w-?{)GWwn%saHi7Nx%YpUH
zL2=cM&e`0BPuMF7J~j)igVGhx+tT>HdT)h<$-jcXbx@i=r=Y*PAd#?(g}mbDNe*7E
zG9f&);-o=?@S{NT->?0dG%$#}W1w!50t4quXk8g29iEcFNP1f`ttwZEa}|?9QgpS<
zb*k>)j4Q9KAXUY7Hzg6vUWxWiiqD&Rz2(r*ch)m>q{ZUtE3xO*KhE%cXAa(NGM!vT
z`8M+(mK~1P=V?)F*l#+Tr_#o~;2mR;{!k8$O?9AaeYngxv@Pd*3C2)Ai-Wf#&E#lk
z)RP|%z*}%P*P(*2ayT6??@Y--6T6C!6K_LkA*$?X%2xp$M1NIWS|D9txW!sOgw)3y
z<+RE_(v8$p&(O_CI1wcX46PQ@I19buiV~XVyv%?ciDQ(nDhzT;-I^aVJ(G{gK(*nz
zy5SVE3Iux!678rxC{x;dFmOZt_z$>*RtGe?xF}O-W$0oQ<d7$nzU1LhWO)3=kRScC
zfAKuJNq29tq-mWEtFt}RW;c^rw!-|Yay83&CD)uw^CxL{`E#*|l)=_vH@?2M4VHA@
zJA>0P=K#RSL0tj@^Q2m&dA0`C&_%f~Z36DxL~R5F8jkIQge-@J+?2?E80FwULG9RO
zueq$QT@!wjT83`t3GQt9>#|o{>LM{(g8K&WEHs~@cM-<J{kgfS3AyBBQd>d4aqzQ4
z@mfL@N2W=mY#u6;D_*mL>jKz<@2kb1Wo(%nUL{%b=o%w+)q@`Lg6Px<p>V_s$VAC}
zq41GEql4fh2cqF;f?i?I=baTK*6f9nmJ1fkR}G`3waA*tmYSN<&}(xs<G#$kIzOyj
z+gB`F)5WgEU)c!Q#-e9cj42K#CW%_jh!Rj$KK3bneP&A+DqT5hZ+-i*8v3cMMh4_Q
zmI;N*0(;Mt72GN`1}!E)=dN~Pk7^<^sjC*T<N^|6?p6%3krOyGLaaTxMLh;0s$abW
zuf9*<V&oQf6lz<yi;IvdQ)T2WkPsO?iDH!$4CkEmBmZr65Zn0!!}0h_(K`6dvvBov
z)^9BLgv9%`qiEOg#X-@72$gH^FE;bRQiY0=)DI_Bube{E$F87#6*~@#tk)BbXn*>!
zGj{kD2<S3TJ|z}QQoh*24LyJ@{PHrT?{kv>vUwH(T$}Za?ZVFp1CQ25)=>|PDHHk+
z+I#sxyvE-sOF8kx-(ahmrruyP1<q?4c7HJ*7;+97QrrEZL;QGNx(n(W!V;(mo63?*
zFqpC7P=iKl>E}OLa|Uv#JvHP`Gwi+3<22cLIw`dPmb;0MRn9>|cgm~fbU2)@)IgQ^
zA)iO2uBs8ai`E({qjc=ot+<p{Per$4xH&y|ubg>)jvusb=j}&?eRpa`FHU_3#E0`T
z2;IrR`@y|URWp-Huhx%EYGI2R-iP-Vl~>eH#}s-`Q#-9;>TSIC6Q$e?h=cWM0!TU0
z3(M0IWe}S(McEu9L7@oAReCoIKg}0KeX>FT$3f1swbzS4wB18lvA#oG#4d{MeYRpf
z0*UM{Psso^kWedwgfnEcCz~zr`V3&S8>;G?e>#Nup2lLWZhUr|XDKowUc0vqI5Za$
zYu{Da$L$!^^2H8+FS@<+yxSdL6Hd`$hIOMrNT4j#1Xrb6{Qi-Wxc)aCvbaoAF5A{c
z6Z_@_)nk172(nmxs&;PYo`wx-#Y_R>RGnawrCS6CS<tpmw=>-ys^wR%j6iTiSIhv5
zDOa|xxlkB{m@ULLd>US_35Dx>F_{&3yW1g__h>J4P@jLH!e+|qB)F%wM1RzluzgSI
z6bfBCp)r~9W1k2#Ch`*Wmdb(ma$3c)-hBizMghWsLQ&-^@?e3+%sloQHUBtQDXzhX
zT?(bFG*E_u=$m<08^scFQugm^U-NI#fPrlMjb6*olxn)SE=Pnv0fQxCB+;tlSfI}c
zle_zTmNMMA_PfsywFPl`5z9EKuhf}m&`%lLOh!O18ah!p06qY=kB&<;8NHU<Nj(wi
zL966pkNRf<N!8P;?_&o<`1aAq9=*RrZOr>tvaOJIdFYV@N!AFHxk`!hHOxoo<q!`w
zu1vR2N{CuXxqZTd0WS74tgq4kfIQTaV0I{&(51r)snv*@{=}9%=D0)s2g5y7;Zi=q
zmV`rP)sZEh1-@1gL$zH3v@^9Dn9slGm4}DaO^yQV(NxIC0uJHI#<@#d*p+NSVf(PF
zwLknY8~RBJxwg%6GVO+ik;F9FvG+CzsDJhRRL?-4%zN>=-_LLhs98DS5~b;*YChxM
zr0k?4#Cm`k2XRet^VoxtBB4Lo-Zurg{9$VY)mypdh7hZM;l}H(jVfxR{jjXqv$=zj
zws5x0`97eGx1|o{7c?@NR;?HSc_<00^8Nz!T62Hqm_0C)|KA(^B_MzPD*YR);m6mS
zsotYZb8j~YQ}1TVEvqWEg=-?llr$(j!v1|BU|q{);4(bJFAI<ew1kFE1D~=re}s$6
z$jFM@FVv@xBh**=PERco^Z*S4iXNlzT^D(?^Idyu)zbGR@jQ@)cw2(5V%D5X?WleI
zd_TmL#}_mcb0Fb1Q$;@FhAEq`b2^ol^P}bdSy^AW3?10tP^_ogftD`D%W;)K+4y^y
z(JZj9GOLx7pV^q)p>VIHWBGrhUMnz}+Pw!>jeG!X)aM`e=LcK@tR?ss-0y8aUX_0n
zajR-rad<UD`DlUFS7x;nt<Qmw(ET;R{PKggYoFS$V9iacY$z^M8KmLIi(QNT9<#Ei
zApc|KwQFT!KQa1wsg{I?>EyfW=jDad5G>E<e@7gjZ}XwhN2X4?;~CY-ap>cpn9e;D
zzduV*mri?AbGi{KJTbQ(2!p(#jLj9jKPsRv0tyETG*a|#*Ok<f)p{h{9Yh2=NJlO{
zEt_vzkGg%ZRvjIyIM!5CttZx(wee!~A_=CY{WT19a8Nci->V7I9bx(a?-(Zy)18r^
zM8wr?a!RPMXsCaytarH-sfDBck8%R*+}<J$_?h}74Q)`9G+C9r{s7#2oz*fR1_zdO
zQW3?8(6Se)e@E8@)7(7x6yQ^w=`p1=YUk4+eAZLsbHjo<kN+(aoX!B!{k01Ek|=pE
zwQg@ijhQWHbD2uHGi7rm0q~a|m?M4K1jG9NE<h*I`N$aAXJmLMOB{$64pT}0z8Ka?
zr}==o8dx5Q@og;W9K?w^KHZ=9e)=f>*s<dq+@=dGLrQ^i0kl_I$P*B+4Zf3@p~G%W
zimgAt(zSP5;14jT5wnznHR$DLSl*Vh0GMQcO<fA-+Y8pW=77<m$ra+IH3U*#fmTCX
zb`G2kjDPKeSZ1lLys7++?3_ZZQm9E>_(<r8&fce4F^K^bNOB^@u6dFd@(I%L7bP!l
z<UT-2BALt3Ugu5<yL+76JNW3IC=CHdYv~dmTPcdVluSG#gW*h>(DbPidJRedcUsR!
zX~1(9^j14N85N9}Z%Cgp_%YuNl_lF~Tb5keEsntK_uHGc2n}WY$=)5~U_O9qheWwK
zBPC-(O5w<n!)cC~!apRPoxDNHj<E7hb#<9qtSKF-EjcG8-vDpUZv(Vxlari1_~RpG
ztDlt`C7XCo5G~KxC619z7HkiMy;mSyRuYOU)5r_|NbP%(I$qC)L(kO@P2SBLfIn~`
zsxUAQEqB++-|8*#Af=$f<iLY~lw{XQiNbqJi3#;I#*sa2e;<8{)#2%svIJGt3X<2p
zF|<B9o4^IJd*Ak{7WRpHI$Q04E|*lkT=r$SyDe+-rcb7AEnSF#rWRJ2bhgT`8UtwO
zS>W~XL;{5GUaB&{)%HOFMj)^h!dY{hModu2wW%<HlMs$kp}O_>$1j*>ojJg_38JS>
z?h`TUjC-c_x?4h@9PKan&K1uM(V*16(Ox!8l%B>gR0ydS{Wdk3V4bbYKDwIvIA8l3
zPs1vGon&*|G{uZcW0$d4NTx-K|MP*y5CX3C3v&EfK+72F0*>)bAVk^=R~uT_Hj^5B
zT|2nhcADsps5cCRBH(9GO9|g$(kg&&!*WvEe+tDZ6iowsODpo38F;4F&)~1ZxW(yY
z@_uGP=*Hm>N=(p7g7qAk<a(BPjgZ?PNO!o~_kh72r>x%_n@}>%hB&bbFx#e|fd$+j
zNzyfo4a%%BCGC81DYIp-N*dy!ri$!t6KZ8`6=6rZjPb`I?@<!Rf5*Z}R_iNu!3l=~
zK#!REln9rI^0-O<vS2a&2Q3eg1Ck6$vp{)Y45}9;d4fdlprd^oV)(^<3vT2yM~dZK
z78LcFmS%(+6%%ZPt<>C!Q4@$t@$Z8<6rr)3fB{A@|A@V+AKgIP)qr3v=Wk8yfOdk;
zF)6KvE3}~~)=oOCDUB-48-d7x)^#V?g6U4$izc~;g%BU$$7Eg%>B{64`x=ic`BgkA
z1?e5pXF2{@)F|bQ9v(SGO1Zk%cXo?qbm~hg3ay%(-ae68hcR*Ows8(R14UAubWr_;
ztHO+L{C>>OxE{$5*V)Lc@+9vg*}=69=y8OJG{4U9$za4{K#WpN4%?%(0aq}*w+;dG
zJ(zqLkFOU<(t&g9t-hDEbIkBtR8VnT+C+)Rb^FR~=jh4FDq~lx*?hP-Jf0`NUtDY=
zA5iL=_77D_P|Aq4X&gX%Q5+Bnp#ZhHs1BuP>J5ox*lN$$f-Q|NZdKnogj#m@^Ls-A
zOCC<Uo2$vjGqE{^%Z@RZH=*eOtI~3>BfQn9S(ol^cKL4yMXFs})gohy`@2>IX`C{r
zv~8a^+ir6X6Vh$;^Zrir`o9!uq{+nPmir14|6|%(Vz$uu*P=VgfDWMCFQWs)A#6gl
z@&g+)+A-=Kh>dBXoUtTePl^yuuK-E0AjqJDUIVG=vn{o{*~Flzyi+qC69Zh@AH;!0
zgjwskl5%xI)Tt`e7=k<$-3{>RLsFN9v_Z{KfHvR>UG!I_n(Ua(9y-W%dW=!_7m1lt
zNQOMvyxS`izS5KphFWc8y#CDPr%{j@LI2a<SRm((sr5ik0J=k{7*i`~^Mk6nQU3QK
z99<2NGeA~;L5POR0W0Z9E%X*4PWijt)Ikq}$o#0YG5a6lzlTUO6n#(mv|sW}(#Pp&
z04?RhgJvt|B(s)V0O|V2*B)zn<54D_uy55F#p%JtsaphfE{<3kH3RAzC<L$QVvYdb
zGtrCnZ;4_{6DzDSU#2YjY(s{kRUss`%<2aJVUs$KES?(qv~+rv0Hvl1GneY|P-McL
zJzPMi2A6dwAae1K^^D5iLTi6fQaCN*6ZUo^-?(th_S2MKMqf_;K=T(@n}@FyqbIi$
zj#YFyWYD|mL)x~Y6ti={NN%W70ph7jXa7vblj5Gp89i;$_u(UaA^Y$&EKZ69ULJ77
zg`soW74d$-7x05$A{ey-ZC*_V&vHW3u~*qxMMds!@h24?wKcZRQbOL6=$WFvB@r@3
zm8k%sa|OMrQ35X@&?Nn=MM+R5nGc2ll&nS=lw@x}x9J<2n=O9?FFvodCy6henVoj`
zzDhW%k4JE>jb4Y60wVD{>2L9>o9bnz-L&s>$sOo`@)SDY9`(UoEY9{O5d^f<4GUX*
z6|3b*=Ow<WDDXdTLi?QPF96gjjq#CK0isJC5(<>q0289%n$8hxDfxo<eg_|xgQDr6
zq;p4Y5n}DJW7wXyAIZ}_NZju&4LU@8B0@{#4>OAlrYp+bI+v;1Dx>(xNaYeAWgI=M
z&b2e{<Qu*$#D%+Cl(qY#HejdVvW$G-1x&hEZ!tQ|0HzvNW#qZT$23Gfix3@5;7}|V
zX@o_?A`HANO@^}>c%6ytK1{Qe2wgY<FiQ1?<(u<o&A)To$~0Hq&@EvE7jHFX$R=u<
z_^i_cP9YUF66+-xI26v&hgh>YhFirC5R@A;Nu1<rF|^7Dp1`w(hcth?X;6H7z3d=y
zcsQA9$r}mYYn6_INPB_}hN<aUo5HD;7_<YNatZPir4yCQJ?-YjoZ6wGMIL!elag2M
zJh5m?RCy-;1++ltRxwbfln>?Y^Sl0f{9mx$9*ADR*zG7glcx1n&ps2%Mqkq}bn~!E
zM3PT?QsE+o3|1jyk^vQ_xua6k^*!Q9%7c@~@-=1^C8hu6=S{Ms*8;YPpH3tTXv^hI
zD$JzW0y-@-cfBbn!zz<asKWWYJs_wm-*m;5NQCz|r)s?H2VFah$CSj`l=~#QNExQW
z>o_aW5oaSe^tJDMhQ_F@#9E^hB~jOzlaq^kD?+}hZs#lrU+j$qmjj+Wn=O)Tx2tt_
z?`4oe5!<X*#TQ4Delh=!y_4x#U87%^THor1;-Mzqelf0EW-qI;|ImLHV`<M<NPF0K
z#3+0&A=$cto^qw98ZRY6e(|pWW<Q(LxrZcW*OP}6zgk9@vp(%39bBCP!+irAMw9IA
z9^h*ENoVv=_=Ii~7ZQmibrZ%~d=Lsn{i^#Z3=$VvJrTQI`wht-k3)^XpE9bU1FDV{
z^GbW5*goc(uZxoL&hEmOlvgQz1AKy})|F}O#a01!r;uP3k<tpr2ct7q?e^Fzhbw<C
zm$|hZ6Mcy`0KuivksOVn^z5oHS~b(<Chg*_vr9S8H`14uX)))2KO;6c+j6!ck>eq0
z*XHA8kJ5s$Jhm%3B*a@B@D2~54H*aTv(O6{YaVQEQgSjV5}f}jxm(=VCtHzq5#Bje
z*M){=A?HsfTHpK=jj9Hxu005S)C)b&ovuYEO0>|RRzhvCN%MhN7x{Oz|Lh4htI+z|
zTdQ3@HpSo3^F+mV0ONTy4Rfe>Sh+MnVoMT|;#nJ{SDBm!XxF@I@ZRoFW6O`I<Q=}$
zBRh4?M`E=5rR!PCa<<A>Gg9^<F@2mqw6)8OZpR;%5X|s{wR)J9X(~gmuN2|WV>&*`
zI8q!cjxYNzqB#nblsblvE~VW8)PNT!wUJu|h(C>EvicXDo_NJ^w|_1&z%cGurza?n
zB#$(UNux^fnPFd-)P*W1wE#id>sJA{RVTAn!Yc-tS9M|lAu)7WsqRngeebcV_S}TX
zlg_@-Bw{{ot&%zkYQrcGkbS?Bg0IoS#zI<r0d7MozWCklsr`IuDBy7}$KdQYbFRf%
zem|FR{G0h5il9ABNFjqpIM+^yYa`cL(0Qv<Kq5X-xJfQ9BXpxjzs!_}V>JfMxFM}|
zQO>wgW9W!QPy0iHkB_Ajod>fDsupv-tz+d&vhl8$`8|`IsUMqIntrH8_NzJY)4v}5
z$&+Bh--=D;d*j{Yv<7fX9&Np2as>@|?C`j~kwO`-<d9A+)ayv>74~Q6juYmm>Ma5v
znbue~YugFiwxDS}D4X`lHEc|`<)85bctU?8#CAvrj;_wL&Rkq(v<^7xN{?Mf+$;gX
zthN4xZ!#<M7VJwzLHLNzzSeL|>Ie$foM5#|$hd?GeDG=H>$17`br=LrKTi;dG(MuL
zIsqzAtUIJsa@-%8!9;tEdfq)Apd9aPH6j?`qyjSo%3WKUToFkfjJj5j@T3S{Qa!DN
zkVCtCo&CcYNWRer`O5lfbS1AU%I#kw>Sz6X0iW9b;q$Ai%$Z0CSHyT-`hKHuhdVY5
zAl7^-wAPCBen(X%z3P^)y}8-P;8Bku-oxebcr2E)q5fXg({pl|=y6}+-!hO1z<hUG
z1BLR6NtrDuhbsjVz0vCoXlVOs64=m&oq{@cBt26KkNs-FV@yoYm#V`j_uHrhVIq4y
z@o|B_>)J04pw64|fwUIa?Ap9U$iE6c>9BtlT<pf$=rr@T&M}Q_BXVX%tc^wdt*QqA
z>83CL;mM+wi14?IIuhIT=NB6{Kb2h52s-6y5?x>53^O^b*We671wC&ORYZaiB44}3
z_G_*tCl54;v5>SI1}Ee8pD^RJf>GFN0DlZ$<dltNtGpbw+XGRfkUBf?H@Z`Z0;1uR
z7^igwhf3I8`80?XH#n%OZkn}QlT|Aef{LZAUx2V~YJyDd;GD4Eawn|Nv3yGeebaYq
z?v8^cs@ChQ53PH5ibj-1kC+d*?r+?{Hydhw`)@+T$ux2(`hR>Je|~*A#Qo7jz2Sb$
z67@g>(w-;QJ=|pyN?L2^zpQ;Df>$WL*ETwAlZgE*>EEGHFJ#NsO*nlyBKOxE=hgCT
zW63u`G?WU<$Y~n4FFbq+-qNF{Q2$ra?eM@3sjB={JrzAiszw{?IK^ovamg*CCvo`s
z8he+`@RXzy!=kct&wkb@u$tCUvfbUnhdR-&dpz~~I|r|aR)qGP;>l-xxgGcIHkmn*
z{X>t|kB4h}M0oF6s!%O3Fef%}XMS+C&iNYwh$}#7an=QMTEUrFoP0>N@0%w1##6Mm
zK~)slykGoyx)!bR^oVu~C+nwU#sl!1e0e{$nt2jhM^b*i$EL_|2p9NvnNY$X*5^K}
z@O*l<Q<8MI{F`sR@X2sPY1fv^Gi<az)eNVr+|LUm4na87dW9aI5@4UN!ZD5<|AtXh
zLI|NA(=?~Uzm+5H{ouSAPKr|1M10CZi17amfaSzDEiJ4wMwvectqS&ym;T6elnXPL
zaJQpHmw4O2`VWIjQdoxl%?J2T9L(lxnq<B4x?b8E#AnLtaBN8#*4RIHLR9p7GPPH6
zZJEBFm*W3VCWjLcX|d}fi1>+`gR$M94((RV&PlHC(Hy2sK~4SlJNFpguvm2CaI&dz
zcgtfh|J=QJ_&7^E_DyDjh`;aiORxxo9}Wl>+2G~I8Mo_BH+p(x*!VOX3bh512uWO$
zTCGY8a!(GB_8edqQ)}#yc&tkEjILn~6eJ?oCX<nWDdgy`S$DM0qJakz{e=ynvS3wO
z6V0I*LYKCHE-$y*Omjz{>4f%L?Idj?m!DHYr4)w;uLVnN)=H~c{7Om3I(MUV9{>7G
z*7h-8==J<%dfwO>(T;5FqdIAq)GAz{VJsJ`BH+eX21=pS7fUbwLUsRCEWUNyJD=$a
zbLN@?*oZ@!SG!jGn;|0PO6YpfSB-|a?J2(x$Q_Hg804D<a)yX8H*iZZFaZTjElktM
z3a^$0sW#Hr8IX7=Q!({q2WH?wbw~iow-IkO9=7!JTzuhd1I$ajm{N!y6~{jAY}jyX
zy#G47VEA&bn7mr>4^#t44`R8CP~>?-zPYSii<Fm6a4x7yQM|=Y#R%H_XL8m%-g4T#
zn*YsP_ukorn=-(4uas)~)TN!`MS{Q~34E~T@xw;s7h{MCmXQRfHB<dZE(f=-g5?Xs
zu9O6v^#1=q7UCY~>nMY2jf|w@d(M+9ukkwA7b#+L@NG3ewJj&SXI8vYXeu<~W^c@!
zU_OFtLv}|x3zJ0gzlSC?2B-tssaxTpDfFr}!svDkn_nx-w7sL+$pB+`uyG3Q=4qVf
zxKTL>c5>TyxR+Y~FjQ(7npvw(7ej&9#g+$olOXD?HH7{>X=e;UV5DdB3BE$UJ#*j#
zj(?!6(?}g(D71mE0654}!0VZzD9#NG0r5am$h*?>wMRB6cB`%tKGuxaaX&};vvBlv
zVq=dXtCl1eI;<8Iy*H#4`_C}A;LFU`mL#59;-=R}#P?)$EMQl3afFEYj4mAA-47dJ
zXGqEZrS6uX)te*!zOpL!y`_?9dD8nbL6hq~oYR3RNNrAk-Z_<?0AeLS2jcT1>{mwT
zvnRQ`E{Pv>xyJ|3_@DF-wzU+FJcw5j+Kew;jT;RBNw8m)jH&b&>yD3N^J85JmBDJ_
z&A!oYJ=+$W#l=p9^8Pe2E*(lKQe+a#!>@JUp34hmZ;e;wYp)LZ!Bm_gU4;4UXlC$z
zPsFrzN?9lb&4w-Dws?Rhu#&|QL;%+^^!EUtr=c3ETToHdmI!y#<2qLzM9~`2npN{x
z|4P%6%8TskalVPGZKvjI=t75DApJ~6lu;h$5^swa#EB-96>wqjtEZ*4Tv{~H)S09B
zf5mb%{30SM{vRTy3Mt1r`8MxmP)AN??;Gt;8kO(RR3fznOJwXdf;-(F`^lskoH5z@
zpoTfNI1hnOR8XDYY@ydt6Rk?rj028piK|E`vie%Q8ZpQXb_pX=MuY!9v~m(X2TOdC
z@Bd{1{Hf-D0V@r2<ZQ`d3A`rH8dQ(M0$slgf0_^H5LAjpe5C{OwwVjfhWhd~b|9z{
zEUi6-I#7Qn5NnUQq2)*ApaGRW3@Ms3U*D7p&BA0Ak(RciceV3+Yn>-7eNoH@?iS&Z
zU34P}3SL?)X=7;9{@~(2(pr3Pn?p*cnNh{As`24I;fB3(N$cf)^8u;SuGJpN{bJHm
z@1dU7<MLZXYl2$am;CJFIGg8o;j1KC7f@9a1{rjw@xrn*x<0+8)s$jSmi%d5+7ce9
zJvP@zz(N+ls8&$F27ih!A1z(a{<@ar(GacbKWj?rr{Y+@dgR3D+jp#0=!Opuh4{7k
zM7U}it7Qa8om|>D*^Btu&A2&*?@hc96BWbv?c=KX_v)>7^K14))gAvRT%I96aB7~f
zLXV%14y9ALzXp^sz5PDPxuI&4MO~-Jhm%EMys+sskh&QDFC$_r#%qnJzFTK>djezG
zdtOx(s5W-SBJF<2bysAyz<m@n@vN9&#Xtxei|k^Q$*`0f1gkwl9Q1S%s7Y{hRmcts
zi<GH6eoJfBB8>+n*0ds0m2WEoyYim!Ksf^@tNFl4vpXQnw$2`<GP|2#R7ACa(v#BZ
zt|o9`1z4@gcCqXWkKL58%jdcyeBnQM6ytyf-EPWQxVNNczYdWVI|;vGV8Ro_5M$9s
z)po#q7xfvi|Nc1K>k`z|z%MVGeO_)hoc}OK3iBWT#JU7$hKbxMWs9j>&AfF9^}sAq
z)H^_qSsBvSje<X1(&ADfLLG0EMa9`pAQhJFS~^K2a#2JY2lhb7k)}^7;G*z9n2xdj
zWdnqmeM{6sVo&AI*69Ltc~!}kP~!o_#Ii;5CAEv}XMUpjHk<zi@v9IS^Z^0L+f;3B
zGVozoA<9T^kqhSbnsg@Q{vT9~X#v?-6)LFOMqieY;;j?ACNRdShST-g-mCEv-(f@A
zppP^U^ig-27CklBh#Kw`A-OBvIDa|yBTtZYhm;6VJ-Mw6DHu-!8{M;b4Abv#4D{CC
z^?C5|TN%p|Wk8UA_4o&e_ie|F`Bq7raNgqfF}(0fdrN)`3d=L_G<Hw{vYL^d!Fa#D
zKFSP-yxe!?mv{Gn9Q`({K4NY!v?|=K`ObM>Oy%T<75j?CmgnUp>g`_*woLJSZXI)8
zxg~D_JxZl{^$^K|^5jB*)Y{1EwNPNHVhX;E==)lgZu@t+rsJ+|4?#8TNq0`{??K)&
zw6!ft09JFmyMLV|dI!DHyf`;`_ArmWjdblcHoI;>H$~xYiS<aK?mT@+welYYm%QqK
zNsdD^rOC?x*qK7o)2Da&bfY(R@_0rwbSU<vRkqu+!_rh4g^EshxBvR%qkhpFx{r%$
zWtgDf+vQojU7Kc;WeC%3XdFf=99voRnHjxRTVCUfM^#{P*2l;ibN&pDvX1b@in3;g
zOW8k$a@#k|VrDupO7K0-m|TbwMc}bbpbaC==MX_Q;3~(F=ZsYoaZ7`C=7d7O013Yt
zl8Jg5<>s9RU5EdkcaD|aM6a$Sp8s3kJ?<4G6cgs-0-=QQ3P9Ll{VtGh*gGi*dr6Zk
z1g_au266?5;6h7c+iWfec?AbmQQhFe?w~t_hWn^eH2Y}jkkRWoOKKTJRD1jyjSl;u
z_-QyB_w0C1X|ZvJ)*;)Q*KtK`eEqJWx*iLCQmD=1gGMbnyO8~X)u3O^@tN>2EpvtT
z78{3tRDuyqVvKN=p~b&5@SJ$SbObjk2KOPc1J`@dJ6N|;JF5^ivx^8yWGBarPIg4l
zUV(9DtN#9sRLNE@(lhuw70E)ZMz7+(=Da-=KBvlB`8Nqs5vySaJ!<`&WS=)n>jkFo
z8mHbJaW{v;kyl6*kf3E2r}H%!%m3!Q`8(5V-f8FXX@`KCm57v{q`db1NiT25`qeE)
zK<EWAJqXO=lGpBu)1d7F?P>kto^wnN?f>R1)j#cvTjUXg6L^~Z<h=S?sc=tO&Y&pH
zm%G$)af<u7ce&A@s<<u6Y?0>ogs3o+{8t9Y&DBlHTi&+E??2498q*@%v2QOvuybr3
zNN11dv=+U)6RioA?MS*7-|+5difm#kOnc+({<Gy3)BU+tFd5OJ6yfV=b?Eoh-~YrC
z^AE?~I++y49=AOp!{8zi@L{P*5X@!?MTj^Hj6eW*pyMzIA}q%R!qjXk069X1g}Xx7
zo4-gwj^JP{X+YCnH%J`@3av5kmtF)A$Pwln2zdv$0vid0D1djclW=fIVVpq_Z1Mrx
zFPg>72%uRvDiAT~fB&^`0j&sNPC*b(aIyg`F9^bd2+ov3(}hh0K?uOPrZ1NWU=P53
zICdCYFoco(tW>f12m%6qlLdh={`Y5rTJ2#D!4N9)zn=KW`p6*A00{_$|9`ZY@_>~E
zLnPsi{SaU$@eo27I0V86?*RR;qzXuIez4#Wh!lKE7y>Mh2|@~!2uDDL9fUwwz{%k-
z;!ubzcrhAg914*H*CoMnfis*VY%LTb4WE;a0OQO+Ab^R60gXp;Vb)>5%}7{j7(^P}
zS`0gQ5xrpS;ec3L33Cny{*lQB1ejSP@SeeN2n&2%3j&PlI|3mLJpzJFQ8C?^%=Yp#
z=>G4Y(fJ(#rrHX;>s<td1&#vd9RZO7|M>-LkAS=)yRXaX^91_Gnf?EM8yf8CrD5YZ
zOezxiS1e(Hkq{=bgwivcEhG?#|NqxpDX?FWK>Nxi7$gd4Zw*rd@J%=vEIJAz1(yUH
zdpW7Yu%m&C0Wi&IKuUw9yqq*)b1xTzV5Bh+R<aFfT$2<c2-Hmr0+Ib6kHa5k8Us-T
z-=V?EV;~IV)^~Mbr+Huys0#^%^M5pKriSguK*ZtadXQmiy~y-1)mWf|{@0!oAfS)_
z*WY>Xf7+44Qe%PVEA$HT@-9-?&Wj|<1bKO|^ss+{5Ny~lX5hdU0zm~kFvE`HAw;k}
zW(X=QE)IBvzAXQ9<#!x}4;;h#KLS-eAbe%}AK?=qz*WKW;vsLr9UL#$-oTB*j^ZK2
zFwF#@-7*&}A^{=_4BcM|5Jfm#7-k}b7ghj+kb-~k!;BIk46w}?p+q1x4H)JPiNG|t
z7KCjkLge6yg(0xD55O3$kp*U<LJ}~KUestN90<e)5Bk44=ujBungkKY?i7Q7EF8_%
zTpXQTInA7$V9r4hd>F$U;73L!13$7s0(O!F(FFG@!Q_%5YTyCo7nvT`mJH#9U(@>U
zH^Qd?(l_n@N^f4ID4qXGNiUMA?tdgQ*lG$eZ29&6dyg&^xQD9$U+LqE^!NXj8eXJE
zga6*U2PANW;s1QO8VnHPjbH&V2rW!15$F$8Ygi`?=p0rl2qr8(5rPh;b^&@w7S0$Z
vmj=u{8IS+;S5_LJ793zBX+XET!HCm=(-)Y<%PA06n+{<_$_oG{0_gt%pUD$K
delta 142420
zcmce-d0b5G|37ZB6se?5ixzvOLekz)ZXrY>DwDV=rBZ2M4!0Itwu3>NC`l^r_HBlu
zP}*o;Mn<JF?afrv%zUrw%#^tA&-?TKeSg2l?+??NGuJuix?Zp6>-l<Kuh)U5FKbC(
z_F_^1iCnazvwF^~Sr>(7%@Ub4YnJb64IeiT=VNYe&g#A{r=K4@Y);+2DA?{4=R)a+
z;;SKpqLgLQy4MW1ezg#IA+r7Hai14b&C%ViCW{_$NVOH`m6BUSaC4hmkBrtHIbuqY
zI-z8E?1P8J=%1{;=t|p_D?TPOV*<4<Nm$)oVtU~60>q*{X7cL&$wE$-f~k3k(XRP^
zH)cINW~fUI>`PWL+hDuQdwXZjU#N84%C9ft87h(cuUg!-FE2CJ+W7IH*=?(##jg|d
zkKSlpYd&yeh1Vrj(ww-Q&2pa|4jVZ*XKZMko4R!*E=F~}a@VZ&AFo8=wIBX%xr+Ur
zv`l=r;JSb~n;PV=qRKGj$c6BicjuVeJo;b|7jjb?KgZE4Y2+>|?@7;utkl}9pck^Y
zk}M|gU0LFq@rcf!`M35Vy6U}D)}{x-NwwcDi&QWbA7oa4yumb0FL+g7_W4d#U~t$@
z(In%$3*PwN?vzV3Y&^fxugGnaqoKlQKU`wi@v~ls{|YHJqZ5&LFQc~Ttdsb7>GaBr
z8Rw5R-hA@LTKw&vqo!d?*|%!hPiCn*UJ1I@@#EwH>A!D(m3}5@bpF;M)dgB7n`7+f
z&)NR+;g@>{FH&z<%5CuPh@*ULo2Oqc@cHt_5`1seu{HbNSq{h;?ECsyIe)VO>SR6g
zt%_WD?901m@{S#ANK2`@_DJ@!gaMRqZnS~8F7-#&f!En7Bc{!nS*Ey$TgQy&I;@o-
z1e1Lhe&5aVx@C7p<u$|6m+w4j>-9z6+f&chN^DzX#prvxAk6i<5Z~Lumh;C-^5W*~
zIjur)baZw6<EB(T`PBj^=KL*Ml?RhntPA*izF)f6*~^l>Vn>F14TA1)9w8}g@xfrm
zp;#@y<qtZwbnX^Dxp8RcmB@mf@AsP@JUjcjUvPe)ld#*+ZHF6~F(>)nd-N~qVn{na
zx4HI(>Zm74d$HQ*?c$XN$Q!YZbNTFVDt+#Iud&B5Z;MocnEr#rdsz}|QoBk95~NL<
zy^7b>$#~V?CGGB?R~VUXsWrN3>slmo@z(u0tG7B!weeH-*<Fl#Y$;Xkq8ZW~=(PTj
z+B~XZv6hNcju)XlPQ&F(et*)1!RwOBEd*JM^!MqRLg{&Y^*4I>SB^&Q*#DhBFvB)9
zJ~hO|@bxUMC@UR_R@_>*l!J7N+T~{k1y{~5{iMXlSRVFA<&M4Xx!&8Y?*47C`z4Zd
zti$N(Sc2GDIkINY_igoh7B(*w?&8{A-Z%Ij-aa&0ajJA3jUyp`^5RgWqVRmG2gl%=
z#^d+()s5>WdV5z@*y)unHIurS8uU=%J4HBSc2a<1XqS}(dNi_c$#)X2v7*SlN?hu+
z#^A%(iI?!<O2-sFeKfxvbiVtvMtj}r1&9Lmm`3Bo>JOwh?+JfL6rRX-UbsN|nWm_=
zcEQ%t8p9)+w)^^zJzYW#d9`bD;T-YGeS6FW7H|D3r!h94`cYQBQqDTb)d{z8-@PS|
zQWNf_I;=@;)Vf_ICv&r7Yq8_eOINm)zh^t_y7F;pUmE`z`_MJb^Z$51`zr0Yf$U~M
z>!f7lFOtg%{=52Bc@LM_UaX>dneU%ByV>%&eM_cX(2{KjC!ak(Q~BdU`h(<6ElUPv
zo`|gX-RNv*K&|aN>6z7XX!Nu8rwe%b1?03G&Xs}1&ou_Fy%`+67Si6>{q3x26YA*U
zBc{zLCtK%V4fEZk8=rc-fx|y*7Kbx?)?TyObHry6D|QM9r2i0VTDBmO@P2ri%A8qe
zJkhFk3drpvZjtN6!}?d#@QM`vb(F1f2kKOu6P`V&^UC*rwc|No#p%Qy+B9<il68Mx
zzI}7&ZWp79;(!Xj>kjqd&oT%}H?G!87iC>pYu#0FbX3ozk|K%DIc#w=PjO}1sj#-E
zTkEY9@a1&df_Fj*ANY*bG&A-&>3hlDcXRwB{$qAV7_wSbUFFdii|0#oC2ouF-g`hV
zrgz((KMqA$7g=7lAE>?DF><#n|8m{4Pyy@3b0<2&ToU4zUfx$=e8cdY(}>)T0+-kk
z1G%X0$%oW)zNwz*D)6vAm3a8co(c1q14gT=FJC0Kdh>lzTao?e%KdJ;^WHrh>SpD2
z{<YTZ`#T)}ifmzok8LnEZu-~zZeoeqDnE0*ly7Sm3d?P=yPs8eZm7-b4>|f;w{zqD
zA%7U|BAV^;dH$}d|5Y@9?AKiUVP98+`JGpe-U@No+fn@X>#FEd*B@%^hslSjUo?vT
zS|4{k{x5lh?k%t0<vx&D7?`A)HRs3)$7_j|ga=P1_KDG>s|yX95F3wTM(kWw`9r(y
zFCS%#A2zDK)p_}^H4EzlnVYS8!tS03b8Rots7OwX`rf&EAQ%~c>LAostv%|iu8UMt
z^7*eNdudyyM0~qkSaa8xfAlt9HuJ^Y=sg-EzHVDJ9-I&RA(*!;-=cM3h+p;dDih@m
z4AKy5>51M5KGw~pPL36bnc^!X`PjrmoD^!3-q-B7@KJ*Qryb`X2CkM!(>t@j!ALx2
zQ{0OOd&fMa7PM%_RsC2cUZ?(f__W4+_a%Pq+qYG%{}MDj{>@_B=k-TvOHLgPf7wf2
zF5Q*9$VcFieuzSY&YA0Cy5{FD6e`aXciX<A#I>i?M6F`^*~+F(PNkVa$W^7JeL-&u
z`HvnKAM^ea>b`*_+|aPaEzCeYVTr?+*D_-@caI(yDqL?d@OJ)|!R80T!h(;=tgl48
z9(fY0p+CP^ac7B7z3)PiRmFWt^&F}wRdb;%m3}4R+>Yirg{$7V;*~mk+;$!QGAHNs
zP(hpf&De#}@)Zy1i(G^Y$Up}m91i&8aH3l6JZld=$Qn#5+Uu!PYcIQQ-JN)q@BQ1I
zN)OdUeR|WqH+r+kjhF{+oVF(aI{NT;>m7wx9(Rw|-pc+e=+f+?Kaw4b<dQiSWY!R!
z>4p!Qq?pE%0s{RfzYpUn!DG)kBe7N!NbvY0&d65{t4am@#84U2hlBXC+%J?;Y}Io<
z*bYpN+nr^%_Q#R~CsW7>hcV25N#P6AjpCxg@Xw#jFRe_=zV3T>fknT^=!nOY^BMUD
z0ne<)`v$v8DF`#I-;NN({75Eo=#f73oBH`Z?>nd?`39}*c6F=huLn3Mthznjb%#gJ
zoP42K&n~|*=3Y`Jjj+(*$CdOB&8GqE3+8?kD_mBS0)80bB;vz1-tZ=NvC*@7g?fQ^
z=_ZMuRL`4jMpfx$T{QBp7`s2$`F+<hcJ=Y2mj~V5V->#L?MGE{IO#(9DiMvWdt=)*
zV(r+kixO=#IHpL^b>!HmE+l_NFk4A09!xx>l2b-aMDSDu&!W52E1QVs6X~pB28Ttj
zr}X1F&CWse;5PPiO5o(scRNOG8)uTuPArbK%bz^aH(_*yJUPT3e(XbTAu~%K+qDG;
zk8Dxsb7L?R<XIDgRD2)eKSD2i%*p30#t$4-80#4dKN`}~H}vCeN4YFYl*$FOOjCD|
z6r&)Fv!fdn4w<KmL@jfbTW;*MeRj9^;Q1fBHdXBx9HHX-@p45CC&t%x=XDU7=8Ws&
zU9@mhH%gEnXR!D&!>$hr7@-e$UGHxrvmWW#8M(TByxU*(j!>*Mv^Ykv&@Z&>Sb)tQ
zx39EPb8?{}d620gfDGhJz6e?obW@-|tbP!+-z1K-oyyMcDSkXuzB7Z&nHXl;A#Xj8
z)pvTvUlFN%KQ6tavK4uH(<$mg;eiYh1qIe5Gm*w&bXabP4?qH+U*qhhiauH15{CR3
zt|xuUWX~Gc2=-x0bMEw=O+i%j#n>wf-WhGipMH)P6R|V0i+qzfG?4kS=)|bHxk4LB
zc6&ZjR(!KhfF(R$=if^%Pz%oE#8N1Tv1`6Tto{+ihto%OBex=B-L&!dOjfZuBX(r>
z$I@6fwVD#l@d%EbJcDph`64namP8pJ>1G!bP3eE-{V3}yraE$>MEdWU-jfSil~-9F
z*(4$x8)*>e>5=E};admb61h3E>{B?B-O=<$3!oxrmFah%ciPqZuiCyvDhRuUcpor&
z+p!^Nhd;9tVNbAIo5?JH&iAhCvFfn{v3+<lhuPlh^`aRWvsAFxD@u8tK5W%6LF=+(
z(+6pZv1}S85<yb&pSvRQlkLI7tBLU%DdA>)>~FV5o*+4YvQe`d*-!1akPdV89Y~IX
z`h28@FxdO*4%@QNjUKKs$10Ir@GdaX&CUa9F#7CsJ=VH`6*)we`m5!BI3s~&`d9h=
z;@Ckw&u?$ri#OiaO#IXy+*BTyT+H9&;UG_HZXutlC~Ro24C*VEYg@O$RM_pu@jfx%
zvBu*c*k~zn!nv=!o!Zg>VlcL>(zrg{?I=<nrOUqRo*(N+e-jkdB|`ZajX&?^;UN67
z4}35Tx+>)Q{N6|98coi(@#NSh;>V<^@yG`D4fkkfl8&Kjm)QubyI8w0ZHGkCDy{gt
zpKtotY?j%9R(H4eadzgd_n#P0dviU$d8>$BTHB4j?V6{QQrabuV*OZBqDE@g5s#<y
zo>eI5L_OOfl(f<-K4#;MZ8d+2Kco5de=pe+>cmtw&F;RPb}~`^`?bWAHOAJ(yWcqF
z&g~iLs(j$Go_%=sfz^9=J8f4>T0R<oe&elGkN3KeYxjQ4QsX?AHr%D3O@A3P;pF|n
zYWBy1GfF9!DzrtDU9Jd)Z7IR0oxE}@ZQipz4<CHKVQpdBvt#zD6}z{^J=pCc!r83t
ztzzKJOd5DDJ?``{f8?e7o{#aN8DWtZYyYM;##*KCdx!4R6GJ{q>e;y@?iD)gte|S(
z?EL}n{P4b%dc4-Y&cpg^k1@lByJ}Cb8miq~JKqwOu`uh|Zg@&DBL4jv%k;(yt7c`(
z*{w~b3u=GdPMi0@uie;M?8LLB{JF!(l_7AQ0K9Hf`P=@(P8KFkJC-J`7K*>QQ99IV
zlh}lleyGz!8>ac8xChZ-n5Ks9cIQXCGK+oboZ;t<;vLE7pNT!4>5Y9)vnWnuu5Y~6
zIIRNT>x>RQJ((D&RaGu1Rr6rYewRqI1!UQmwdh_wDeJu-53aDoR%DsJpCseh87g>c
z_wA%C)^@@n7ml*g<ZYp6Bf78jS3GS`n)Wulztz)|W}#{G@-nYWJZn_86WTaj6q>Q>
zSZ4B&%eTNClgg23m67-|j#tFl$ag_q=6TC8lUgmLjJuHqEykWlYv@{1Hx=ziH=C@P
zXX`GjbRZtRsV^>Tub#UbOxAU|ffg!RBjdX4pekkCNdA`6rMFNGeaWRKlf!K?YLx9F
zngz_Ky!0XarmE}m_{)~4yOFqjq)wpLb9uL#(7t@pnqAi0opUZ7N(q#043-*tF^;0=
zw#x9a52GpiYtYTc;tT#}b-o@v%$te$()3HkWRqi~zNq?0|BaSyzD@wYU{zpImzxDp
z{2#JQVt<?4#>-!(E?=?m=@X_3OPM)kfMxSlOPo5I-|c6&p(On!@&`p2UTVOHIS~V&
zf6lD>kbhwK3hw%4++}zCWBD;2Q|93tWT2uu#86K|S^2`7XFpg``+vDrBm2OI;!0<(
zDONAI$UY!v35QssFSf1`n5g&J3+;w(`9ngHtbJ?GxYJ~zXv~8hf~SN)sN8W|-b@zq
z3=ID^bp_5G-MdYB;WHOb*4}nE#VCzS&8X=1<@{DxYk|!jP$dItzR5x~0k0;*iGBd5
z13ZewJZ7^$nS!3e6m;LVwfxO?ah}iTJwpRFuS6Ag%*DZL)v(XC3q)BF`+dW|@xZ`m
zKt;b8ujT$(qxJL&`F8SISzWuu*`gMI{K6aGl5e_R4b-Y}S!NY+))ZSs+7h^mN-%3R
zv}B8n{8+$pz$YaxA=7LEyg_GV$OnH|^`8vxIc4yF_s8_l^8e<pk@_s^(pzM0F1Yy&
zy146^@n_Bar`|_M5mWYD$hD{Q6o%K#)q;yfuj7?xKfqw8f;MhboeNN$+X-(r&vtqS
zi+-O0YPQWEtuheZr~zCwyb_D7Ur3K6(_Qk;YI*A_kJ{}%@%J-s)D2vIX+6Ga=r8P1
zs<U~2aetwO`qI(>vp&ptzzx~IAVnjG>sQXiw|1Wl^yQ9Km|vwZzyAKYMn|BQaMx{l
zm)X}%#?Q8EB`IabU;B*CtJ(elIxym9+P1vi-=5u^N*Kpsz^$CJ!Q6iyNi0F!R{SH7
z{NB5S0Fqd}LM=bSfKx{I9M7lVk?}Dbgv0Ld;#_KgGPbWev0t7ua0^{yx)vF_MHNU|
zRvRDo`IerAxy<(Er#398)w$M?v^RpfU9ThAU9LR|TIh@zu#nFG=cDoeS2vGqN*;0t
zBr9i%uHLq6W5KcK2aT>3eAW5gvc_81mV2v!>{HAlHo`D)pAG|b({}kq*Ra_5FHSD`
zeWX(dS!ak#h^n*y^WRlSTvPXsah<>I#OiNeJs_Q|S@-AjkB5jajgFg?lw95YKJfL`
z))m7-8lA!4N%xZPz0AM*QQBrhR!M+v{93zRd(3t2|G7)qeUGyJ&iVUy-m@sWz4*!P
zbqOKLEAQSSpWLPFGS_ctOqS^;kCZpi-Wu;zUvuAc=Os@#7|{s7-Jywm=$`L$`>OKF
z3gwl%e!I(?z(=>EEN{I{tm(WpV0p~g&oh^<loqoyiu<IRACsj$H~tQ^(KT$(xwSsw
zjV^rduQzG1ynRdG?C*QG%*r}!eN}QZ{{+v$9>waFx40{!J|}Uttt}d}Q)-3D6$_8R
z9g_P!f^(w;m33eJIx=lt;_4`SY+x@KcoPmp;lSJvzYa9lOkCY^5*vtKweWZX2R_B_
zSo`b1eyzmSa;M=y8T|+gk9;_=5W6Gg=Rh>yOn(8KsfIpyzBe3gcjcOeM+Y3;g^eEh
zIl8yxc4FG0fQov#I(ciaN43(<8|qFzFFO?bQt9~dk|%%K(_RL6d!rShx4kPGX&q7K
z_bbL@RZn?#HmyAFTtGDW050Bxp4%mjUf;DuvDCTpl#K{`oPL4raqbgB=x!OeqNZ^k
z_4{$Y*LRqAp{2Wg(esvi=);40bLtJ_ThP~sl+kkpA@sGC3QDtCG}}u=85OnMgyWzr
z8{LIS>%E~K)w-Brt?*cMp`A2R;aZdXg5CiBtr%85<wLyAIOAH;aO<U3TbWXa)pNt<
zTW7|Y^UOCUls`B8A3rjh%W`ilR=ozGw;`Qgb$jS~eN3{8;hMk;hIXETDlea`S-Hy`
zqQYMVVD!^|2-6sV)ILe&Sny{e^ljVGQ#&ttb?z>?y|@d&HxVG1O%OKk$dbSP<c-JB
z#M!xMrOmR1zVLb;@=(fQz5i<I!koPI37wa}-tKZ1##_~(N3CU%I{7A-319P|4`=&c
z_igCvys9Q`qj7iKXIo70+a^y^=e@;(S1eA}$v^m)kEY#vQu~kLEOxHl<hJ3-?faSG
zPj2fZ-bM=O->>f--+!s&+i3TsyD<R-gW(+zhuujqB&OG&YZIt~;>`t@NMoUbo!{Br
z-!U*RKZQTkPBj))BCHZEl3hC;MHBzKV^PWxJ!lY1JMAZdbP4Cm@dw3QHz)7O&^x}n
zr0J@cbg$;7KTnr8++G`>5g_b*{qQ}3TjOM<75B||<eQ}>D~Nuwlh<@O{l3BfWqH%^
z4-6rtaB09BUFg6biG?+}_keF3GS#ai%g}=TSGa(hdhWkELI}h{CHWXl*Us~vfFmkw
zw+dPI@Z)`F;?)$XvR!j{Kkd4IIKX$0vZk}hZb)L-->DDUs^}}qE|&(2qmRh$KlU;=
zKhOZ*GH4CK_})V~d-UOe5MB2!TEF@MmysZ-ApJr7tb@jHQ8NOcBZ5~7U)PLS9-ANS
zheDDvyn|*P+O#n97Uns~l?nfGB_NvCF2P$p2<7rB^h|gE$|nWv%b8t)Xz~FSBr|-I
zL+X(YS%kHkqP7SZL%?1GQ8NJa_2(B1Lrsf^2gsiiZXa@J`}2qT@tv2P?|@5IlqIy(
zT`1CSa9+DQ&3vQb9e^!tEj%D`qX?o1OhQUB;6j4(%DTl|FhTPEw4VzmRCK?JFxz=0
zW>qX~FbepO>x3TDAkFZY67qr`?-@*s`{_2`?=#&t<*q3QVs6uPzCPu&g7AW!z{`$1
zyX_bQmae^9+GT$T{`=~<;qY^H5*HG>liuhJuL9-)DGTEcL<42ptQGDgAFSch1@Owq
zf60Jw`SZ!HyT*qg#?iTl)RA0o9_+DGT0GceME1+ay|=dyopY_pTz}#u?d5f;{eT`~
z_J1gEGTHwDPY57zmo@(2_|E6bzwunrh$V(fkL-H@n8EfhwGRQnKG$^H;7wdFneZkP
zj-R4{1m%}e1xAJF%OlH#%aN4$>9pMauR-?jL@x}9z83KJH0LdoT(-SyvdJV;vtAu?
z-QfU25QHh(Z!1Rt>ukW{JKmF>6yKT<Fdu2(RH?jDQZZqYn%PyGB`;2T9h0W}<jsRe
z)3Nm{vAz5;sdZfY{jr^EH~Xvbf|<u{=qo$PqfF#>%MsT<P5r&vlQ#PE-FkP+lJ8HP
z0%wcG*_W5)&hsCAh<|Jtl=kkT*j2{!=vVEb%ws2RtUjN(JgLP|aHrOq+J}}GEQG*8
zKytQ)&<8JjX+*X4;b*;J8JXL9{0TB>;4$@iTXe0*&mBOmk8eW{*>BYCThr`6aCoQM
z>b=jlB+W~Zx$QLbpwTA5@`A^aLz}=&O;vyX*6ZnmjviYha{IBw^m9Lq=As5iRgneL
zH|dyYG4>lA?y8SrYmNq-aIBAO4e^$3I^xKPGYp|GY1;2tX=9^o642N*QMe()EnV$)
zT#yLO)X^=ju)eEr4W3N5oqXQ$O=aU6FX5eOhH+cEGgoh1Q%Db)mrx&*asZra&fVFa
z=@6rO+xj$j?P-QvMhkzyHRXylT#3z$+RR;43!G-o9k4ieRbVFSLHa>u@V&RF27lCq
zdeAA_Pe^EIG-f?lbnuwU_72A~GSxLkHQOV~rgP+sF!tjI-o5`Dd%1QvhFV0}pl0^#
z7eBsZqiY?<b589;TS^(4a&*lO>cMLVe>x2=`TvD46o2!D{)a62wYL$LpMM&s|Et5t
z<)~<!tYY-OO&VGS+f)fozDex~VMG~1uV-?-M*a>5|7b!3Z4-LNO%l0W?^|gW&{%Ot
zgGp_vA$<fRyj@w=?eyi7KWrTPfe{M4^FM}LEpZ6mSFCzf)77_Ij$j|<&OHuwKbg@Z
zQF7ls)gK({TNM=PP(6J^-AjbhMsxMk=qK<&^6W=i)Se<Cjc95xcNz>cAq}lQFde6s
zv{h}-h%yZ4BZehiak31vEAO2hDJI2c_%fD7v2&0HxJ87K|Ea&x!4q;zGhX^7wQE`D
z+Ra#x4}s<!FjAv_9$nuefes|hlVcql2A5`h#TE=lW*Yf))siAjH6lcyS>%=~|I;ks
zHiEt*HASd<u_ShvmH&R16Q&v;1>jwzqGkW}F6jFB<r4oo0aWyZ3~KHuDDw}Gyv+@w
zjug34&Y<q`;wbC5AYv!q^?~#<v$l-JoD5Rv3J#%5HU&Uycrr`=XwYsMSilUECD>EW
z6q|KT9WP1o4-GmVl?+ZdR7j+~a2o@D0wa1SN$%C8or#sjp9GoA1lFu6+XHNT9<aci
zQo^daJLu!s0<OvlitLiROx(19>mV?wj`4TC9WD9nNX@}BUhZ)yE?z=@6u2_ebpf@X
zC`)KsP5>V38n7rf16~JsX+rm9Etlv_2&;GO;JF+?Fr~89FB5$kw_M^Q7*~B6`X9q(
z{X|Q&6%(yaUnbE2W+am`h1UP-8rg<|Z8jW!kLKL3S`|SX;gWuthf-%k3G3H;rVs-0
z<%C2jZwk33Rig#Pg@_?(gE3{K_15F0A9NRHP%rt!%8dRvmH<sHgV8wYb~rc3Alog9
z&=7D6|4Q|TtgCNmP_YoSR(k?~d(d$Z1oQ|P1VP93v)eSZ3o=f8k)R7{7gY4iPBOlg
zvoPD~*)ANc(VaHz=NvAQOISUYDgH@?r@Nlj=V?Y6Ezh-^wkdRvRxI;6XZ$+C<{<3R
zF3^tY_&QV>%VyQb;#pE0MjD4rA+x{X*@GGz)tj?>M^@8Dir61cS)lD6V(1NYo}!-S
zRs1Q}MNW^-?G-ZC5~x+Qyl{p@Gzp;z`mFf;=#?5;eN{$2&){^3)1qq!jkMtJ*uXAN
z5z(yvFE{rtpN$UsiJ@ow`Ip+3UX0i)R8+knP6iBrw&m%(_P{=+B6_C5VkaN)L|OS>
zqnD!3w&++Z@$OQq7*%PwwSkmmYP?%?5jt>IW_I-2P3UG<@p(kX_NQKa=w45mrKzeV
z+rYgXLw`=uh_T3?X{0b;>kwKIE{k|IG=QngrC<-mo?g)<uQci5>Z4ouf@#t29n|hE
z*5u;o6W1C}U(|Hm(LB!3EoIR)hOIZT`UAr_+pW2un%rzo<v4U`{q*h&-GRb^vRviP
zk)oJ&yVe`=$5m`u@??p&K(RP=p8dUJEsCFi4EZ=}thPxGvA--$PFw7B>^vCgx~NAk
zWH>impn1^^qwQqJ?wq_cRLLGW^u-m~#oqaB&5f>cb>gmYqAkGa=)FrCvp?`Bq3x%Q
z(RWu}QC9fVh4r4j<=vsJRsq?)g6PYOa_gJ&gPMcw#+}H~%%d#%3LXHjrD&34Y#jDz
z{Fq;?NA+A3=2aqO9DQNkb4^$Dm7DY~J%0N`4q4teUI^j3FN|2JEwz$zZ2<%JM%X-^
zH#LFUoKUAl^n-5TyQk>*n4%X|(rLG!5E$YKEn1=$)!$LYe+rGgq|8SSMMbX~qgVWO
zP&apN-gI?LlqP8{dY=CFjM_HZL=kOOMsro4alQymDWkM1#yFtOT1l=y_qpcdJ85)R
z3MlxKn%uhTyh>=MV~yEWZ4UbMS~eOLrYGYfuw5aZd}_*KTmxbAL-Sl@1SlpK_TtOb
zEN=y?^V@JF^R_(oL@!-U0TxTgVP@iM%10|N?mgBPc5Y;gzrVft)6omqO0yw&rcGX}
z_<8ZLk0Uf!gw2vV>FoY?xe)tk_X`92d&~P>1TKbH>!qsi3HRajC~6CgrvC&Mgtfif
z=mksk!`bC?6fLQe=uv+K{$6}V&d<rXZ8shp<=UgL>i^0fSrvhX*%eU)v>-x8`sv%w
z6U@e)OX}_qGF5;-1BHuTfX9s`q3UN>{Q2*TsNXavo*bGeMGvvYk0~Ai4i~Wi@%_so
zEoCu?MyZ?E$)SJ(fX5+pxC6TabVsrQXm0K`E3JKNh3@lI;vZFT0EpK`*SUL7`F*R>
zB$d0)grfh;bxyjY>R06D0b;4PD;M^bd%G5fx>B+kfA2K`j?ostXI5~BIB|!3K31%@
zu=lEL2nOvI#YrG+O=bCNC`F$H1B_D?0&hUb@+X1d`sI**aDFWz%k$2e)D_JXQ-RDU
z1!40*JadPFU}Z~YDJd>?0>~RPLG8U{=Z%k*g2$uh&gntWuM7T;oEsSG((K)Z#04h_
z(DX7Qt6WX;1!+bZ;Z^b`0Sjn;&Z_o~8a6g$%MiLtR_MBEBIy8BQ2AVwh<EPJSpaQZ
z)w|1ak$?1jA>%a7xGmqkPCDPI0xM5l>>qu<YeC#WDZpkUdSWsmv4<Vh5u@~q5h;3h
z)wbSUI{b0<_p7+S5gd%cjmqm(z$u#T$`L)yN(ti>b$DMaa)VDs=T7Dd;o9Bok)Ls(
z5RYCDkX|<IX73nygXeRqB$uo;!i}~!FIqG|^X$NuXJ}Qp63!L<a@vIFY&XPstSr|H
zkYS%$X!B@7^KQrNxYkf_g(efn>v4vm^ny%downf`VC0T~cAe}Dx8atZInhi<N^!12
zTwy4k1Zs96U3K^Eiu3?|9>TyR09cEA3|#Mc=O+qMA*{O;F;B-@I|S=yS0EtEQULPD
z<gy{ZVO)m=0tk$17#AhEFh*#$O5mzW5REP1*Ff-42;^?Jb`2QQtvR83{BbfE9T;r~
z`HXtO5-@|&_JCvvn2JBXQQhKX72>V;6HLHQT`=KA*yvEol!{RF>KeW~Ht3+233}CE
zo5z1=5JD72z$B@>BX)WJ+}fyyPz^O`C-kjIQrA3BL^n3={7w&IldgN>jROQ}L4Fzl
z94VSokbS0?#iMYr#FH6tP420S!J)ntG#8iTi_F0_z?h!|g_w}RVyTiCnW0hvE4G8I
zdR7o5AGRa`CZDq~`OKiwXM<aw0rFRfFFXKO-nDFKFuRJ@Y+xmj`2u(z`^jlh1;Ycy
zxhG78I->L~VDBmekWUHUy@R^{hkOb=!ON#MoI=g%eO#sYcZ$BJpPy?qNXV-{Pv9{3
zW6p)^-U}T)?S47c_ZplQ*Ht0bhX{c0c_2Ul3dY<%-M4v~K<ybioAbh$>);%BL12^;
zE+^PWOQ%3fMS+AI-B^*L5D$p$(s|6T!A{Y+r%g6b*!cR}BZ8U1n_&X{EiH^GLQVv7
zOQqd*$6cGJTA{o&8F&N4h)!(4cQ<=kzGZQDg<a#Cyc|KEN0si0FHv8nz|o-s(y0^2
zBotR71?Zyf!78(dKrB`Jya0C8Mob0BJg`{i{EuKE0;dlFK5eEm$9l5%k;CYQ8CU=r
zHNW)g<c44jSQ1x{K#rUaA}p(E06F5ha(s-S6KuEga}VECsNpk_ia-!YAdJMESYIGs
z02%Rc1G&}}jNFzCgNsMSsV$IDxZ|+YNSu*XVD5vw@rx0Q+El>zGr%B-VC$G-?SrD9
zOgyh$Bv4}p&rUx2C&%nC9_#&IImYv_!!}ilU@OUmoEDf#sR()zEW+IhF;ABQegWZ>
zD21Mjlsg9a9<Ihg6|5{!m>X3#`rCb7qsI?`#Fik7F$v@en7y&T5Kfxbg`ogSU653=
zJbU?*xZ{8&I;n+n6N)YnMq|l$g#~KSK{qi)r<Q-Ldq_qmM6Xm0vWG}bdSQShPT|OW
z^5pm@_|8-!=PQRjO5rf;V<$`T>`?_y!DJ?S-cw6hpdIKU5Y+iVC)E>Crl%aA##!{H
zo0z-}%L(a|WP5W%2xB-bKSJNfRiL{=q!H+-qVX1!?12`&VH-fOIbap;GaM}7bq#RE
z{pubNE#*2^Kr*IB+u*milHB@F#D(oOTL{ge(BH8LfE*-LO2%2+BT!>Om5Pb5XYPX7
z79hf=!Dc1!|1Wg85XR~hU7|Oys{E5I-H~8y{!FL-|As?U?P%Gay?Rt$#UXvEjYBY=
z3t+HT9x+T4C*U}63<?$pfIqLsrhspQx>#(qC)VAkV5mT#9{SxZ5cfdYV2aS`(s*T6
zPAH^*ro0TM3E_rFAs#4GL=dU3arf#5_Qvdh;lBj)F`x-d6$%yQUJRU6J9}ZT^8)TB
z2$Leig>uUP_pJDgDxX=2id@|~LqMOw2V+vNAxPtFKIv@!eA=dr{Hi{a00G+ijKr##
z?1KWO0qTGrJCX~VvuO+<p__BPqTQLI!F0F>y@ooTU4i&D24_L$n<RmJAsx$2C4lnA
z{bvAX2E=)cIh{%WDTDu^Ab%0izit_96u-}ltGiua1@s|TWJ04MAO}G;VS6O_0E!D#
zL_c_Jo1Yp&ju}_@hPa?Ny&i)+s=EMR0pr!%PNfCCnI&$J!csWFxV3!8Ey7`6)w!<c
zZr<-3ob^C%Otvp3hHZ<Js+y(yoyHIq6BQaCwViuaO!(T45Sf8H&q4_gFQbPe<;7~f
zI={zilCOa{;tv2&7?TS@cL&HK<(|DqzSE7!X5(pZ!8z;GidTEfmD;QIhRu3QYwcWH
zfHL4BLAMVwg1Zy|Swubv30I9_+m%3g9>F5c>l$`$QHfV4wy(+_AVMa<ppUWLqG#?>
zP=p@AK%ow{)HYj#IdX8jqSc|cQNT;sSgQ|&RCfR0Y{_7}uf}988W*)@b_d85{P()i
z#rJd&#ey;K7ZoESJ;_1;RxnLZ35hE#&mu{=x{M>G1(`r?GOCP>nG0#o<LVBg^3OG;
zVDyGUiTmAa)kcBBija9c?Wk#kiNymzd^YDAKMkFWZTv^{(gTU<0wQ(yuecE$5U4G8
zIYN_QSAEv)gId*H3aZQey=LY3xI)*IMNVGlF)iC8=VNc{AWWcXkTR7NCnf13bP<ab
z1)d>5ioiA>AY%YyyvX(k*2z&@)(kW#+;#}UEChZ4wF6pyl$R9L;d7n3zhD|v8l~J3
z;A;s@uOu$V&BtR-%_lBE+hQfx8|#pO-0aL9a>7@r(Y*At7gu<an*($hqD>Btc4a=g
zR|XuT$CpoOMdN66Z@`je<({FyrAAy=x1<J0LIjvX2AI+#C_7@we(U{h##D89$_IcV
z*p9Kb2qZsB5gw8v%oYZidc@{!tR){0D;^Ctg@7MhByUo<JF4?g2tZHQ<_Ko@1349`
zGW!nL=)b(<j~3i<1OIdc!v`uK15y3jHQF5%`6RVMsQN%H#;B&zskVn5PTI_GZObP2
zGjgw28JRGxNo9vaOnb{?r%8{SoYCXAln@Sx_F>0p-Jlm_C~u~-1H^QWpcmXUUOhNJ
zv*8THH82;Hd)P6CadKKf-H`^cZMGRpyn8KKP#Yu*49&l-6KY0*>_5ISfJ_d7Mgpv#
z1G54@RlNmH4^;|NLa*Kx!1bXwZw8?9*R|*8FJ`~vs8O!qQCx%)aOkdio&tV%K8B!1
zk;+ImyT2lYF5hJ87#kPlk^;WT8E)t3Sv%}e_%Z+YbwGZB`5EpMu>_`Bnc@Q{a*XRe
z_h{V}20$oYZzQuF%pns})v-&acNxH+ad+>LO#<$xEOvU?u72S2gCR+b=%KgEPdl`Q
z0;(s6BHSVbyc+HjFj<VD7%uilN*gGdxL$eJPcha8dr3@7`e5~x&}JXq-fZ-or;;E5
z0;pLPReu200>WJrG&YKY__}9QL>V;{!p%a?KQ;^L5=Dd2Wng`N8fOEd5xc_<ow=0f
z{p~GW<IoBiMOQGi{73zljwL`?j`HG4UyvC&$zGjb9itI|j@8rRq3`ED11JYf1g-3h
zt;&IldU{vZ-|ta(Ap`87vImTTW(t)Rv4B;Ad~P+)7u#-wJycO!5Bziy9cS5K$sijh
z11v7wrCcc;FnqQeqv7{ffXa<7rdhV!O9NczHe0T!3?06=3IX}8car%bnPrfjs_ClG
zUKt!l&&(XIyI(eA%{+$wsd>R_n#&BJn9*dP2DresesJfMr8)n4-F>qZ1z7W%;&v>c
zVI6O#ZpIc&H<JhD0K6bK+Mn~E0vgDzJ>gesZvk$H)c!v%m<yIX6o;-AaA9>}bqX}-
zPAZJ|`JMt~1(54Ryir#-DfCdJBEoRuu&|K*=@e{bGiFHNP>J~yZ}YRnS47KmXblBK
z!1$S`rZ!4Y^3B9NcX42C*pln}hx$1zghN5t3hc`LWHuAerhN?v=rzX&CW_Frqn-#C
ze9q~>YUL4$Phcm;0~X_JZGxPhwP$`*AR}Wf12tzs%n<a#i8AK9K^vg|?_sC3v1&8f
zlG?XEsC%BYf{RTlXtUHi_TnwUXkD!K?p)Yckz815sv#tabz5XNN&eo1@&etK4nzM_
z(V(j%yR`Z8OYmeZ>p@tz$9fXhY5BuWZavjz`{$rHAIr>XT6N_u`r@VdT(#?jrllw@
zPj+^e`C9aKg7{p0(6o8SYue0Rp0)lMxXUlSA40Z2OUHT(U>UX{P^0arQL-eWuKLcg
zL!yc1#SZF_@Q<;vT9kc#zyWW<Y--9zsCa$-w8!tM;j2OcKNg%7PFv@f(=M?}M7yBq
zTYDI>0v=}*{Xnt*{qf1h9`G%;Sap}Yt8YqutKU+ZEWU`;9%co)G&y8&RKmhK1X#D=
z>cM^u7kS^~pm`9%glz;+kmUAgd?{nqgoIE1_1za(!+V)H;1Jjwa7VZuvq}@ttH~kz
zC&NBUWD$}{>x!)!sF5G!`3L?E{F6^^!rC;ihWDaMS&9If4A3Uh3rCgG_0h;Y4|H9g
zs|YZNL6i0`20?%1tX$9}!tEr1;WD}FZKuA177~>W+f59(a(YDdGqALh+@6Gw7yhw?
zM&1$%iS*e8pMB+@wS(RZ?87m*&7MJnAE3|Sj-Uy-%VtaAYticGis?PM>u{)tn;2@F
zp|~iBT3=0apE%kNnkTWKsf4<nltm1(+w5HXhx6B_a@#J{-$zZgz@}%Kbrqw2*p8VD
z8fDkGo(B`anqk1uwKHZJ6OQ$uN{08smLx=94*ByyPf8oGJ}~qc%Y*8-^r_)jwT%D>
z8d`983grZY3GVTjnDtlk6+86xQ>ED*eoxaypDEywuU_M{qm=IopOMON@1;$@7taiu
zdnB65PWLjc9Mf!U3XB6pXv;Gyt4KW{B>0&n9ojB)t>R!y$&Vrc8m7f%%x#Xa-`b{q
zG8uey=Js@e29s4mhRqjXRz^hCfL@EXI(g|2S=I#>t0M?m9yQ|{W9+!au1(vR$_5QS
zbH^6DrZsI-r}e_?+ez-@DTO=3DQWE2ZDvdy<|hM@TG&I2=!%2901Pn-U<>fIJB||^
z8b+iGU~NM-x6PLSBPN`7K+pe_>KDJKVJKg`V!GLLpy3cXnk=9|P7G=vCV@Dp5_p2A
zzYKJl3E7~_Y{1Ab4EI!s3kstjAeUA2I#R}#Pj%M7(y=ZZY&F9sr%ee3m_>~WLB9=x
z9y{ALpx36&*1^Esk2O3QFzlva{PS1?4xib!yWQK@mqu5K4koj!KvT0D3sP>hK`5ZY
znM*{l030;11eRbrv((YeajJa5Wb{m$F`63Z2EMv3v?*kBL#d4ncQw+8S-^eJxLsdy
zC+K(<Xx;`fnZdD40h(q;+QboWf+@2k_LrIbwoEv~G|<OPh~UFoiy+!OTBAWg3?|Yq
zB%1*)x`u^Zi{12Hcn0FFZ8xtc$-U4j;LaYh9pa?=ip#4I*%nmjH?C`eUt=MjF_;&d
z1-!9=Si`8sS3Z?;0*%d6nfC#UjC5SwQXF!{hw;N};%K(pzgD%<CDMSZ0X@`4?G{28
z1qi;`KLy`M4pWwh0CEJ`hcJU$X1E#juTKs8-bb>)pI6-3@S3dUcMGo3h1jQOkEC%L
z1Cjs>fyV0Zws?F1QtNbE78_GU+LxLiAfIK`J;EG?;fmQ1!!?gvx%5<74BtW^^gdY^
zOa_Te{xvHBjeVgFsA(k*_ZBV7S&I}b`^X`a!OJS)bZp;YBiLUi1svLap%CCKP<YCf
z(-Qz_?XMz$u(hWwLF`6rww>qUvE=l7fb|>!NU1*|s#nT_Q|<$f2U!Asde)jn@=uM}
zg|++F0O~O~omSJ$=ry)^4GLQXa2e!R%xP23WhQ6$0N#b|c}AI#22B(TXetO#FtB(u
z{|9>hsmknemPLA1q9Tqj&j7uYwF*IU3oFQJ1sau}WFb(?$2KBO*1mQmF2V~zDubQw
zVn|CfLn)`Q+_M&(pjIBlLJ*`Iu&R@05bY;^CPAJ*VE%MRV8h%WeqwJc-0Q0AirX=5
zjBVrU`CaxHc8N_3KrJ6Ai)m)I;4TC5QsDu>*lAw-myqpT4MZ|c3jjBPdnciU)b+Cu
z_GzFu5{%|%!oWk<=e5meJO(dWyzUEXM14}^5hf86q0AwJ>^|9P5jsGcWI0lFf?hB{
z!mH%s3?_3d^8w6(W2n=hcknhpEs{2xm(PU!CC~F<4qPHH#dB@uB8`NH5wor$kcs67
z&B5y&AlNEBz_`bO#At4)QZgk#B@WR4&)m<$CrI!9$yk!#Z9f^D+n!*^hbbi(%RF*Y
zL9eGS=IixB&!x!=msFgYh=>JZ;nejnYzwq1QEPSw_V)#HFiio2Z7cKde{1g;*bK^0
za(~D^zQZ_?T|dsa!|3pHZPjiuDvD)+vV*fdWz0Rp4eV_KzzV0|J>jt{myG}iVj3Yf
z1z>+b7g`PcuTs(=6`J<o3r5Y8SJPPkhoyjRx#wtxQCytCe9HrU_*4ipu{VgO(lsD8
zl#?ulE_}QIxLWyNWzWKC*~8`PO-LmMh&BLSBZ$};@6>=(7@KGeW0<~5P6I+>YO$rv
zl9^X>;mq?jM$BBb1Tz$N1S%EW+k;#cj4=_Q(EbG0mUI8)A((y(Yr*1pum<k)6@&rD
zW$a#`Mpkg9RrmLVlrKF)iRk$_MS-S?en^JG==sOrKwi=|b{(DY!W_g308RQD(4^;>
zmlo2tdDz;BvsRe>y)|nV)!@cQ!R-$^Q#c%}it@_>PW|^(?N+Dj3of~Ktd#FLy1r})
zv0n@)#?P8?1^#BDJ(coHfQdRiTY+hMbNxvzMs*I#Ts4NCtkF^thHh*3BDqZl*#Z@t
zRwm-DLE{fpfC7*KWdxvG63jk<#8-20QsM=l$BZnClY{Tl81?RVt`V9RxU$m+YW~0p
z2kSR#mxxS|yG-(hXbwa&4kwEeKF=3a&9Gw?M%KS4xsReApVuJXf<T1~kwj$(iOiB(
zx7Ey&vDd+*0=JMZ?pdIDip?tB;hB<gIIatb2#zr|5K~tDvT^RD5jpO)r3dsT*)sTs
z!VHBo*d&=y43c;%Xc%sASb<6H2ed;6nW`HLGE57?!=#8YRB$dK%!;+PnbFQ&16UJk
z|4A{O(6<aHLaC%jl!;^^mHDlNT-HMLVTm|Gr02yrGdjj?Pq|S5jf}S7Y0C{5(oI&5
z<Ozqyf(m*BrI@#O7^va0EoNAd&l~e*IG_`-DV~Qaigqx*Sz8_7PzeT1%5?z`&3rql
zO9zStY9QnzG>^4F5`K5=Z><1!-$Nz`*B?CN*-<i{zP>&T$KPk?nr-EZM|abfs?^gX
zYM&9COBobKr6;J_gwm6dyB~W`&roUD+!DHoCUbB~mcv2R>*+z%p$jbdEMR#M_9f%f
z@2P=lrF(%49R)8c48qqJWb8XLHD+5tzc=Yx^4SU2C<yULRqYC548Z(wx_{#Z+#K4S
z=1LUTtUO<$DXqVg!!D^sHJeQkD`I%062br4Fib5KFoLnALefb00#7OL$|G(PsUXrX
zGO9312u(vvKTQb-4rj3^va|TOFN;M07ZU+KfYU4BJ|$4$T3z91LcM2ea^FHC<rIiQ
zOhI8kMx{-(eeBKIX^JZMD2fkLfU$W$V>bhkM$-mV_?r6BEln@bSLND^XappNCQDQ}
z4G6VaH9HnPS0{mFxs}&}4Jkc~ZIrs5GePFq+EProO0g<9DEo!mq+gbsZSV`ovX$)#
zzZ31LvN1Quv}A0Vprm&yoBL8)w{AfNBLa^h4+bD+Y;g4q3;=6IG*0LN$CL!7g1a9#
ztgiqs`(Y#vY}n+`ND{e@c_I<>M8Sw0W|@M|I@pGklrG)okDG(Rgh)}H4RC?JrEEiT
zXF7a_Q%?3mvk&L?f#;6evW(7RP=v3}WmNthq#zHaS+9o6T=>pk$vDhsm^TPcQIOqr
z>>hgouUNH;clK*&lVFwyX_Om!B@BDk+DIOKq(3M%!3leLVMc2uwz{UZ1f$Q#)cEZv
zYAwXH3gTrEoIcJ9eaRActnq|)DX)V8Gev0=LEq^wjm+HNn%T_b;e>#}BoDl}=h-p+
z%wJ}hR-FfMlkB=+m_d}Kgf}g31MfisZ$UIo17RFR291e}X5(6g^Ng@S?JMI(8IiI=
zBoDlA8HQ&<WJ}T`deN0k?LTt3!!SCU4k9eBdHz(RlCj+o0!R$95go7~+z~)NWe()*
zOr+S=qjuv`%OFK*S#u!OawiGi)x=(p<kH)-*c0eJiV8oLLPq3>`^0cw=)>YCBBRvP
zl$^<<`AF^*cP$~NisHoi$t0Tw?cgZ%%a}NEsW@&0-<Ui4h^4)IkcvH(sPF@bdr0lm
z!NhZ;lW#;_B?vCB{rAY2#2%EFA^3wGHKbWE4<^gY7TZxrCM%$?Un%{|oEVK@v-+Ce
z?>8MqXn(sT-vS!ypT7xVa`eY^3o`t^U`c33>|nwZfEb|A6|)}(R6xYNgeC(nW57It
ziIj2DAOoXCK&Qa`13^$SQ+OqUDc4VDgK=gVRM-8$7hRGtw}BjiFQYRdI{-v$TOrA)
z=!D|zCPp0kx}p<URvU?|AH{Oj77im2yjTMym3juVO5QkNAx$}>tBP<inGjc)da&Ov
zt}rP3s|2@P4yc#xGpyIBor-)qct#8}9LQkp9YM=C7Jvi?D*?56;A7O5F+>_<*$#u<
z24pf&M))3kf_G)`IU)lA6$313{;%l~V-1j6N8P5<BUvQ#zt4{|)8n{aYE8A74G!=K
zTKq*Z{d&C;PK1}VU{NlBM%P5E2gNmQn|l3ITZvts2_QjO71nujGOiD_fF@5Is|PNl
zSvy!{`n_kaJSU!?hf|!NOakVCzY<^0!-?Tqh`YscOSVIAXE0p3aXfLv=Jm%+SqyVL
zmj5YE{tcVgxLJW0$1|O{D8F980TgTan@R1{lSif}??O40;-4E7$O+>7n%k%Ag4_ay
zKUXyU=iJWL;pTQ&P=gSKb_FSc`|2@vDa>(z$P8NANU_d@rZv-C|G3ac-;SH=On7U*
z)(`85T&VJd8J6tOo%MgDZ!1^CiAXVue|U|*_U3rx7kV?L(I4-mmxEWLv)H5w3Ppfh
ztTJYfwoXzgIc#o3_JLQ*(REC5RB33X=)}+&%{MUAxZ57XQnclb)_N?22C-=35&M{t
zTuMMvVQN>NRjaf*`4iZ5V~FL^1zKIdTC|f4L^<y~_DVRqzE7QxVu!}Hbt4ATR9f$f
z|K$Ze-3(&wgZjyG7s|a9sDWKrLAE#9qX;KAhs4{w$8m-2FvfCluLnwvGq!tBOALT|
z8KsI~)eD&Q9%9D;B}DFNPv7W%S!6es(jnVTi;n3f!`ylrs-WXW^<b0uGRC>fOm;5D
z(7!5>{Znp1w~)l7|B+2F9*yWXL66jL0Nzo;3EOdD$10=In`jPbHCY0o$);z5&1~}o
zvnj~Wka4};)VB|mn|LCEn-94nf=7f?^T4J{^D=}}T+cZ@!wM0#x9S^7gP>j#>HM3p
z;;qp|nj<8n0X_vSK)N>kYPb>8UjWzJm|Qswq$RuN;5kS_(-|O%ivS3Qh&nRl{m7z8
z7Rar<iXzn0AgQA_O4p{puUd{1PR8^kjr3zG$`piYq=J}aW>~YsSUO+@^hnvk!<bv9
zbS4%ZKvahl*=w;p4)zQfqo-y_wAkijtoCy=f;|vyPacoL!036h4pc$F-Wse2$Q}ZE
zW?)0QbJsGQ@R8VQ0q4vWa4_}kSU{`y5d;*8B_<$nrZoA~WO$&;t_QpfFfo}9w@<;-
zdnH@!t^h;gXc|jK9y(@v`q-jiUNkaD1?8Ul%xvSuxG<bBk9cMv04=YSm`yfjqTecu
z`8a#A4aoZ{HQd}*LO!<bSaQVMj*aN`t<}D@qU^8lxAZhs`4>Bm@Lv$yE_sE@&aOF@
z`s_KwGL^MJtw>HMp`uFAGOsX&oYqRL_w=HiVJ<}Isu}&UP@Z7^n6U^5DagPQi+jdB
zn1^B$a=v0H10u8+b*@=w^>eKXn9v)#&<d)||D*$`E&q*#|4kqusjzP#mcHnR8cye9
zZ%;M~iu?~b0Y({iajjwAQcXdQB5{UcbnzxnM~&nIX&{J`8EI8*!PbKdrU<ML%`a5t
zn>0Yb7wX`|(v?Whap-!Mv}^`&RlY`L*UkVY=<lR-v73#GxSOBWblfW;KA?|8idG8-
zvq>ByY~Myfw-lYkb)`QoO2VN@V@pxjHzG({6$yC&3Z7ORkd(Mmg8QFAAcIe_2%v{7
zD2m51Z1|_f%=}Ly3?a6UhX)B__K3V|m~Xf4&kfFW0w}M8p&QH9F_`$|YMiCNXluKs
z1w6^e-M?gSnU4#>q0h!-iC-4r9Mcs`-{G)jN!@zCNU(l@w;`qA(`DcD^DQKEx3QpD
zl%|Sun&hN4va?4Snam;oR8TmJ1>M_FI_pzW(0D&8^wj`IfeQP?|09JxVFPIJ4#>>B
zj5{qIVa;G$FCdV#JmqqVook?i({*1FAq_*&kOXImar1HNxGq$5@CA@ouCrTvV^NWj
zRp^c~(YxX}{-u+izpKC*=0}6eq=f*HbE05mLmme)D5(NSzaO+1?heLQ>45)((+0L=
z+*AvNU63zU+d!aKa?$tSRxN~07;MA%to;DGkFhrW``6_-!JaAc%*sQfOJt#PmIhmo
zbNLGBvrZZDRItql^${RWfMDebQ?&Yx7~!|**Q02sVtZnck3o(-_e<{nk75)gcu>Mf
zn>d_BfdT;ZW^!^tuX;=gqg7llx|y~Nb?KBuB$^oJ|B=7|pr-cH0Jn9Xqk*|W&ns)#
z9N}PLSZ)UvtjBUvKKOZ(*Q}Yj_s3*+T5oP2XcuA|^{ExZOC{^MTdc{WjGEwASe*!#
zjEFbD&O!{xFIZdYPot_VEyM!he^Jw9V^A^rAJsG~<ENT#rR4iX|B$UG1H;V6@B}+)
z)4I5fS>n_RKKxSy{3v67seY#(b2}&nZX=a{^RC3dDq|v`IX6{K!ZHhNw7~)sNQ!Dy
zJlLJ_#5sTz*mHggqE2Lk)dV9E3O~Sh5l9D+ihd?V-VWF~BN$YnKyDmkNyvZ=8@8#$
zs%O{+FK{VV06YimgI;*D7*(hfPXE%afD@q+$lNr=iSc22(a=Rj3WsXif@6{iy}6t$
zo{$b=z!lJB$>CEX^0(T;FYf;MGhZEmHsf8VVTit=scqH<u89stSg9#rI-9s*iIobl
z${9o;*uih>1*drN3#*whd`r3Dg%P8cF8@Obw~$*naskN(oA;{U2-ai)NE(=KF{?xu
z3~0;2r<MLvSLBuKOnV8$k~z3Pe$s+q>lLOwJrCQ=5^sv)R*19u-9orMoVXy)Mh-(e
zmE(n8d}EA|3|bZr&dA-|O(6jGNlXM*V&yCDh7V>r$jCFwB~vwwX&7T=07zye5il($
z7z77=!piz#1rZ|-%vcpxLH(WB-WR>xq_B7#R&#m3!>TF9D{43f>OR^n$Sv$-K`utw
zO>!>4(E&Dyf>k_coXjcwscwTf8UIBA$>+Z=AYnNjO)Fc1=8wpUVaCT?h%pjWsi-<b
za^Z|>@4s+!8u7gtZWRKA3((_G#WB;Sq$&xqZqR1)QYGMMUa@O>f5dCNz#Ti(;#o6l
zVkJ)RVMWpm6VgAo_%k{;pyh%!UO1o(Tq8dllpWAZ?^mvw($)~6P>$5@wr8_FKofM%
z&ssI}1-F>T--B&LJc+OQanEnPa~007r*MUMP$R8A6RjjmK@o=9vF6IQlO}n)B49LL
zi57#Dzc7&?gj<3D+RteR!4#ba#8f|Qc1#sP!(_1q{My3A(mv22uvY{IR=4H*f%pd{
zGdECRs0aTSTbG;Fxy3Rboq!4j<bQ6~oQk@iNmDI-&Lrs2b5kFvN)m;Ia0;kHz9_ns
zxgEXoO=ljv8Wg=~=$eXEBEQvX{<U5tG*x#aw*()_N0Y~7fef05{8K=31^sUVa;o$Q
zqO8e)P#;UfylltakU&KPQ-#&cEHk6L$gTNKOCqi{>7p^93e3;D5<OD26K99ES1JAO
zNWuJiu674SrI|+HM<%9rh9#U~du?5hmd)ZJY2WU*p6;+~2s{0r&Pw|#wfms*{hJ9c
z8$)Hj%+5bh+4WTm%ym$PE|l#n#0;}32n#x%{mHpOo1P0lQ$0t6bAt-mcfZP{0il1T
zewZ{knBi7n^ql}o{+`_Hx^4UF0VFz*V0Z`YIEYjc4ea7U4ht$)Bj`y@U;H|G1T?iL
z9)kao{EiW4UGRA*=&7Verf(AXFV}C))EH)Jgyd-W>9xNBbVvt5*YSkoU`;L<z}%}w
z7<D^Ewky~PUZ`4N6cqRrTtRRew75b9H~N}D%$LH6&jy)^SS^LiM6&$`Rlw_7su#Jx
zVo#ZI!9o4P&tE}zqzv36f9cQL9Efc$@Vz4slJ}cm?mm5eax@qW5?x1vWLm2*oICff
z&ngWI+JeX0?Y}g{MsXe^v0tz6pFDLLZ$3y=X6wDBJQ-t(bMAeO^?B~Se=@LiV$-I#
zWb)gu+HceLPdZ%Y>=`7}N3M;%@c(9a%6M$!AB(&eZ`DxPKc~96RD8?G#QHxL6(TJ!
zmHctJ=9{*<DN^>tT(s8SY&oY||DE`jKwIOX#$xfm@zuLWmTZWgQ|<W<0aqz*0Jpgn
z`F;1Fms_@`E!+QXmDB8TXK<{s9Nzeyc<v>=`Cq99w<>)l6oNVQ)yALsUhlS?v+riw
z{y!E;jO!hkvrlyEAFhv<T~y7Ad@68k>6*Ih?c!TL7Yv@btk|<c8~(beH}*4mj~_l(
zG;{NS*E0by__CtPU&Qy)IMJnf)-B*$pKoxq%3n{pKh-7rY$Y@~Z2h>H_&^3HE4N2l
z8(g9vgI$G<8SP$rQ+r%`pUqsN8W^F=EQxq3@b%hi-krfbg8WUtjRtS~d=58#ZsvjN
zCOEC{?!@ylII($tU0`ZXM6xt^SY8NsKFfZYPS`o=ef#;bhato7{`oMIzyRCRgxC?Q
zg{6vm^QzZhytd`+!bis!Exqu4$<|V^yk&ax+)IZ~P}X0xGMGB6H*e6_-!#znbla1+
zC8BRmy>y?mZ}pZaNm<iHiQE&7FO~LO`DoM#zIW>RE!%S?!u&5pM{UzJ#bAe*e%K?w
zuYzYi#CTV@&vCatEw|<K4%e?44LaEAo00H}7I^<}VDQJmkzg@tz7onC?Fjkt-Dkh8
z>RE9Scznv8T+eQ?ec1|4WZ=PCrT5oUua#FKmS5C+4_yDpzMGMUIPursEn2tSX=E1W
zV2LdN642A!gEtbgz}Q~$xuOzVS_UV1AOSx<H}Ai=5U2TQn+S2e98Szy0z5`Z<*!3s
zH)Z#UzFBJi^9~au|NR5DPCxwr=ldi7Y5rkj?3{)IqwfAozhZ$0kCwr$XBU3G)>TG2
zz9`N2CuqJ7f*1!EnnQzsIz|<Me*EhxstDW+Poy6=iIR*A`WpfR@fz9+;1bLA`DDeh
zVeFCByWvUb>xkvr7#w(*I$0X_R66`uIB<ttOJqa>hq70ZoJZcdJzA~}fN1$`6^Ma%
zGo$?o&s)9P)uLNdRHY7cp#~$X<;}!uudOgn9&_VFninTs^-0`#hfz5pIEc&&SC_|u
ze|*{M^0Qa>AS;B(AGY?&?2dXiYuDD&IoGTn=Lg{~|Fyz(e|%W{5AXi6exl;axTh+&
zZZyyz6^d#ax;7uD?tS`Uau~n2=Ks+2j?tMlUDs%A+qT)UZL?!19otuITOD_7+qP}n
z=E?nh@A+SQ*IKjYTx;$cV^_V2rUbB+A#v58FUeWkI%^?ythF4Jr`W{UbpoY;X3QnA
zeYC{fpt<%Yq}L33E^eIE5!L9(IOOCz^@fKy@dXO~1Kfm8hvy-Xuyg@Y>e_8q9Eoo7
z&?JS(F$`065IuvJx3=^U5`2?$bBxqN36jt)=u$=348Ga<Sg+{di?x<fZ9`cmU5J<5
zcz=)p^^N&ep-Ye~S7vG<-8hIpEwMNKMzI4mm92O}+ZX4(ZXB**R`t6fPt+U^;HW36
zK_gtP1W?kL{WHG_!J?BUrUgM_)};k55zN2uG0ltYuBqLTNCiiB4D_dHs<RxR&T4Uy
z#z~tc12L#i^_Lhx;P<AmuH9<pZ=-{HyF*bf(TpB__=jO9#S(70EsYMkzT17sq$`4I
zy7jhF!xiA0MwI|gEEUa@+DixA;P+>@oI6346>!{atL{`V9&lp}!p&n%(QgIs7X!{X
ztTQT8nJG)|awTjzK?jA$Kh)Gu>CE_W1ecx0)tB2>lSg)0rb^-&H3B|Ug`>A(^!Xno
zco?cszCFaG%2h!e!<Dqso@NvLZPrsCJ;D7ykYKUITvR6V>V(9Bj^<#*n7~V?%8&vu
zEfTtj#*LbeGrFLDS9~uGt4~@=6~UG2Fc&0@;D+Ukk`ej!B}#?ewK=TXnVMmMWqXr)
zoll_E^FpKyWcmAc&ij(_LZf8k(Cv%Rt?KY}q=WmbZLWk&2ua_{b5qw5hS!zD)^Mo`
z;@Dc3!pP;FcevDN;Ob+D1{W9Rdou#iR+AlIsIz_Xmjme3YX;df|DM~k))Vc`nhFV`
z4WQtbGaKn+b)fs*o~-`MRHB1qS($y~Uc)qud~9m{8M8pfwac6WG87)n(2ALFYXXMM
z9A0jpK4?Ada&E@X@v}6ow>X=iHE`0l0TXfeG#%1G>{(?UNFr)KG+Eg=0n`yGLlaIj
zZwik|NCg6Dn33}JHCi0~r;$yM&o+Lb_w0(lyg_%(2v*!p7xbH(sUZP3xWO>ZAc9L4
z!EiKmiVvTRW`G5mR`hNjVW4A*N&bBt%&PWGV;zjmengHG^QSlSf4t9#NE!k|q+#h8
zutIFNXv2QF8R#JAM+eAXMs)N}_HXR|0FTaZ#3<>g2ZREd2eu4hW*aZTOqk5fqqh@L
z2Rh7R>+>TpxwK)^ps7&TWN<>|WfLHEqnhw~+uTHMSA5$(jPt+eKTOKC>1Rd1l-N3~
zmSAtr-r-nLJ@C6(BKP0C{ZANBq{B;HFE|}ssx1|}bx;6Gf?5qB3XW1JYu_GBC{Nx0
z=$L<nzxY6ISO-RrvWn<C>TH|TfYt9bVT>c^S`ZO16g-!vg_IT_178*=I0yCjH-20<
z{CYjC=*}V~zv^g+eNf-vKjwO(l238h^ScPtoY}hAYy}g6o`jW&_+xc6cnoiLE#E3|
zJENb80Qidm*I~0{PM#S+X0<be(Gp5?7`$;wVYEH8n9-6y#K!mi(R$&Gtq}-fDo_m7
zl;uo6YKOFQ!jX_psK-Hj85b)oNch5vtNY&<@C^$CY;UcdIk0wO)-oi*JUdDEf8{<u
zu?TVvxt>F5^iqI@CQJRHuT3WYhKhi2h1LTEPLSYjx21yv=knD3R&YV#zyhDI7DkMg
zu`r3krnamrnq#}?L~X74ZyJuA_)TtpJTYk|Ry?iK4GXnH9T7x7F4XLdG=p~0jsI%g
z`hPVpx98UaecrHjd~=KwgWIHDtg&wxEV`He+5a>KI5#dos+p-+88lQ>1I#t3o;1%h
zKtK={QB{&?JyzLm4jhT6g3ns$7_)zJ@0zJPVK4H6d8{P-Gb0IhBwS4V|7)#aRfox*
zd++*S7<CYV4l-2lRyJ8%jEd@3)o+gS|Fp5w)*l`-Fg@HLypjMSlb{0Y?XMebi{l9Y
zzeV034?wE727v!oq+$;knX3*|^cdkDHKFj&B2)N(+NdMC$>?KM#git30Gs~P<zn=w
z_sE`rw&e8HW%xfT-TtIHS0ptrdQt3sQtL2MCQ*D|aQY;5OPfe!e|PjF9`+yoozxm4
zD@`sMF<~#K-R~%adL)cUS3EHtI(R7lloJ3L;lxN;E1hZXS^W}helaj9`zH;YlBys!
zHxW(ekVi|p7LwHu?@dECl?Q}kcKnOb&){GQj`=P_O_tTsML3s#nVSjC>_%T!9?J!2
z2*scYcF?S>Yu<R@i23cBMO2y{Il@f;7fK%;6t`paDOPQT_c>GtlQq&<iCGf?pd=u4
zH{r#yAVcLxItE=KJitI=e%|OMAi!WeU3d9FA}rp)upO2<p_xjPw?Gn2JAoNJsP4P=
z--o*I8-S%SNVS3K$bXIrZJOw7B}XrRjoTj~V9=$`_56^6nx|Um?O>){YF<ME`5tAC
zD{&X`c>8N@oK~RJlgd}f-7wk!Mm1PM*>FVI3%Ru(6*}{nKQsgM)$ZOP$F!DY@T#{a
zv7rPCeap|wQvpeZpocZ=|Nd!R3qQ!KD*uZ68dO4=Hj!o1x&h9GNA@NEo5>Kk5j^>S
zn5B^xI0)Salv8bcN*zx%Aa}QB&BAgGUS%y!Oav(Yq$^mX2Ozrbvr-U&2~j1@2U@6H
zxG}^rEY9G8$Nj(6lLdojE90C*YJ(OO8$z{ZJHR&TOWsSxZ|#$2{Rx$#Z-t@~`%gz7
znKml#WNQo%1#Eghn@OFqevfCYPNF(1Y`~nIH7V4f<1`j8@-k%*iXseFqUb_dM5jJU
zB<(Q*!0vzDkEo@>VushFQJLfxwTXxts^V=f_Dm<FvMND*#mJ76Hy}Q~(?yRy6q|rI
zZRdVT%4{$J!q7=YT$Ce!LqX^3M$71buK~&@u12}T(jx3h@ZNTpLHS+!#{_63%O}k_
zCShnIfT-8qdL7T-7L9RCrZ&%Cn+Sm%kRU~1(2|-Dkz3>xKm315=db~lpqdDYLIa^c
z%`VggbsuDTTA~&MsWAwLr-SGHsMEibgeF%00xU1&fS;KT=$}w40&3MQ?1i)r>{eRC
z-G4k8&v@7+AqvNe1c6x%n*3`GmC`l!r^Q%Kt(BXD6;}ACX^_ZBF#raP;QXYOfl1gV
zsd+HOWwEnI6Q1|KmZGI-#m9|}6$jPgB8mB>)qx9okLGj&(t{E8Ve0$P1O1uCIG2Ci
zNj$NeBnudjlDVju6)g`hF28ZAAbZ%d@*xgO@&Ec?SU_`(6w}!+d3y|A;1K7l6JAyd
z2c&-X^4`YD^u-Ope@v2_fTqt#Wimhu#R!=ow$u=G(d1Mu%u!_!RbMgc6n6d5A2{>|
zzaV^pni&I$Nw5s4U~1wpTy_3j*Y(=&<d3+z=)#i7Y*DH@xKUsibrMR*rxo78f9p}-
z4#cSX{U6&5ay2!eR-}%T>7a^Y{bmnd4Y^850T)svhcHYNKge5X8jF}@W&|k@(fd^+
zNn3$1+gn=jVkL@Qn!6`);!Csq_y%1JFbVAp>Y}rFLP2^c@2E8Cli8NzJ<-BGZu{Wm
zJH;rQ|6FJsB})h$unrEgpJ0git$0Z$#lNH*)ZSfP5wrh?JcuYrodC8(hXD*g3uWrY
z6u3<ADx5f;4oc$yJ|6k#HzDpXiPwDS;~+%%?$rKhAdwq4?A~Bu>;YE>SN2LXj369c
z3{hb)h+ebkPz4rJsGpy_`cy%ZP=*!#VCi^tl!1QiiFC$K3ATV+HW+fOwx@MJ@31HH
z1&8ayfp_ZdC1^*|`iUgG%?+UA52YwM=eHtG7sM=Y3sf>w5&4Pd<qfKf<{8`=!qFKx
zs))T_TE%2OqIH#=pk3vM_dCgmJTu>nv8;%}@tud`Z(uFo%NGZ~&sG&d@%pRP>$rgJ
zac1%0!@6C!PW95Iz|na7BIEaq@#pmM>!n@yN361JTCSG}CUlDwy)U5FUhp=fPa(df
zfQIfOH0=~w_H6yRdvx&Q%kaI%bE|>U7R3&^yK0tcm#r^bS6WsJb1!LxWaujUM(Z8r
zS2?TFIfHurRqNN&xJ`TdHe;s?&u>2drt$TwVvg-YX4!9Vz2>b+@7grR>(1d<>&~@`
ztER0BkA5$^<*f(b%_e}(!qb>bvV?|M3Ft}Bzz3WE&7RY**9xH6P^|1Q2WL5x=1>20
z_P-Y1fC$JG=GuOF0xBM~ujDK=Y(YwXAa(+I17IN=I}g)et2|i7+1m=YJxuzHe_{}<
zy>0{i=lvHXd&euC6Bfwpt5))|Q^L)@{ck_E2v+u;xjOAS53K+^-I>>2Dt1lUw#D_A
zJ%~<?tDfxwa$WhU3O04`rK6Ww)xPJADt4alocdE7>n_ia`uN>`1>1NkgbAQrwk5>a
z&~eeBLuf&4)-=|Yuypdc!ze65!tvPMzlC{&CO?`sbq`}#3f#jk-z@pI8?K*=`XhPX
z((I9XcVgZO1_l9ocp%J6LiOaoJeYRR$gJ^nQ{lwkVMB|bIDBO-6^X0^a5Uo;s07h~
z7goN#q=fe|#8qz^b=$4hNNM94zoQ9NMCe1^ai`shJUrdwL6nwn7jEPzk;z6xBoOUZ
z8mZ#BzyE5e1hbV{mq4<#NCvg}pS%&ZrAuQQAFW_phN1x0YFv9qp6x!<ZhE9{szH%=
z_KkDlO(`)Mzo4AJ=->lG;J5g%n5+$wBufA>G(Z(}RJh(q?NntExd~|9zgfgUvlvl>
zMKbpN(}Q1U(qi_D-}kN0Y&f@1vpZhz#;y2y77d`jlQ0pVR<YB@Zj<8aMG!bCK1S^A
z>0IHwCOiRJstW>xk>-2&K$N*%w5AXGyZ@AlMgtpijC?9eij0S|1}aj;ygpTUYp4Q%
zu>0bmo%mB*^2Mfc1+k%6W!0s14-lC8oP*R8u5X`usGw8VU!O8LbhkX`S1UHH-_)+X
zPi+XPR@!WxdavVc@23|Na`v7X3bS-7yJh;{UGo6#kr(<CM`tX}4h<J{Jy2{I|Gak<
zFAXc1rUuHiS*l@${d}TBt9|}(l;8Ukld>_~GgdaAbEu!&C5GB@oWEWk7(OnpR~0sE
zNt4#SHf4EaUOwpQ%@pYZEIsHYu0uJQ93AeWzGPy`P-vtPg5;pc0!CQMX5qPA_3EPt
z((nLxSH4T-V(sZQ>-^QG_yJlK*XxH-=&PM4DsI4tyuIl75Yg782l0U_J-Fn9jDklv
zLX^(8uu*1$@SvvK+hXqx+IFw5>f>BFV0MOm<>`$Izpny0sG6HJH|?Hs=DwQ$wzR6M
zv_~!?5Jhd^b)oGz08O_|!3tN@?AP>P7BK@FaIo%)?FQP@ZP%9Zg}5zzUF(dreA1is
z6*|!>9cvsywpP|yD0&`IN7x=$7NoKc`g98s=NGl$Cr;d-m0K>>Tk-bh2YuQ9dO_O9
zvG!3IO~B$ZLlJQ!Ah0AzCs3%u<igS~ztxVvG%Xt=M6J2ILFTp~)(KtzT&GC>=*|In
zTmd>-uP%SQX1kXVaOO<ntW=KN;hLDCz;r`|2Zy8<lSd=l>JP?OXWC3jKhZTS*e0c7
zz52taJMnGZxj2u@;P9X>z0wn}DGMSyUxD86WjQEdFdd9jK;g>#o^9GjNs5Q%Ona>d
z%QTewn%{X0>%r%-Rg*tD|Dp8jsQnedM|2t9+;5(LD>ywUFB3L>=OMENJgyL#j+bus
z^u@|@PNYOnNO119?K#4<etPCHiZPhJHC(}|(?*{b=-c*~LjOF_>NxL-yR>{^_*`8#
z)v>s?K0%;fer0_2RWZ#s82C2_dC+lms8wL1yMK^S_m7+!2XKamH>jv~cpg0foaUjD
zu2c;obKFk&{YIjw?UUYM#ru6zyWPvIh6w4vxi%f|tIVxik59m+W3}zCt^OGsS9nn*
z>N$cvC;&9~OdAW9js8Vxz8~lpOqX~M51jQof_VySex~nlH-&T8&97sRu5`QgXt&{r
zbWics6AuA<3r9r}J)b?RSVnxn#vIJS5ef&iCP@3}xMO;aX<DIC>;68KDWJ*BlAM{q
zZu;rx0y_%1`Ns?YW|s9jO1Y&=e8z~kf%ESNv%9+>iuv{R=;g0k)3U=&7RfBeYHPsv
z>~L-Y+!Nw+bTF2_V*ZT*QaQd(vU6TP3P{O5EX!#u$s7R_6W}@eqN*EE9$|UFal8bC
zUPy4jX<@INSH*(x?;&)GvVxE$DR{%U+k1Wl+iIa^{QJO*+hr>kxk~y%kxVw!COXB7
zvQ-dW8`!-Ld8ONHz5rW4e%j`1zL@gbvh!_!J&2HAPn>;oI;#yd0%M?xt<N5@u+7At
zj7F#pgZB*0Cc3|1szDo|4jRac7d<XFo^@hL-#xa*t%enfj_m`bQ<rv4RCS9=&%}76
zsc4yING`jV>|)GRnV{6!mE+NwLgLgKbuGxmwH1FoMtq+iqtI;-PB9Z^;d)aVPMZ&Z
z9|r8Ko$I*hQ4lY(mJ=PG8@}{vGq1BPYc60S2>3W%VLU&%7Xkt-FYwEr@t#t_k>jG4
zAo>zs6q*jOMqIEk&)Z{*K2}%zxGj!URiGJIZrZ9(|B=t!RH$5M&5&GC?;27|a7;@Q
zf#V{7Wf)rP8=iww{JY}WE|Ga!C!0S(-W|es-S=|BCHLIioW%m$C9oL#DkqqRt20Ws
zuOl_mCR`Tn#v26~Yk*E)x8%Vj|3zDUofLNK=~T`xnrPdx1wY`Hd>rl-j2@4PtP&UX
zB>Rh(g0$wllR^j-LmZfKzIHb~IZo6758-vYYA@7#XE<j(8`Ay)C-&aX8$xoEY3{g%
z=rbCH1#CHDBv7`75P{Y7cq2V!T$*fFU@?$XRu1$J8BhSg=p(o-O6cDO33y^rh68zW
z%Oe&ud}cCK8Q^Cx&kjU2DXuI6l_EPWt2?P@B@&FSBUikzX@xM0YZsmCX+3bgVZBmt
zZti(gE(a5$xM*D%;&SRaK#-xBjlqjV-i~%nWDnI!($Z-Q;cqC{4T{=hbGcL15ob!s
ztWVYIV6G3qnEfA?#u0EILoS<g_-7dvo}o_>GaH%cyU1CFd6-YYyFbZyE2TX`$q~a-
z5MHWdhxqJ4@)2DQ1=&G_CKQeC35Dcqo~i+V=*Xg8LE6!*l>yqwtQS9Oy)BSLL6*s8
z9jfU*j~`cwJ2{P-a8&TtB~`WTy*WG6*gi^X43<A&3iw^`pb@W*JPrLbSRsXif!cn^
z&;2sAA_~Mya<PXhMwj}*6Yfen(B-;4>%w>V=+%t%_jFF1Wm{B{MN-G$hXX@Y$G&W}
zs?0*Qs4>gQKp?+}eqb3LOr$ai<&AKyaRH0*`SwZ=%8U@gj(Y1G{-|4BI!IREyN@S?
zTjnj`du1f#{_ULd3U0Uvj#9eJEyM<B)kG{0PnbMn9-bje@yzG^*4M|~{Mhr6e(ltg
z%Ok^<5XggIl?43B2J@a8%_v=tuWAQ^!AtU^&<*mt5#sw4W?f^+y&&8re>DUrc7j#>
zCR{CCae{<bI#)v?k9105DEL!@b)sMpsP+o5w38notMIG-)CfSC$k)Z0$uDQVv093W
zY!pMj>I}vj(TP&^tOfl^OVohC6Cep5?2>Qq<4$;Nr22_jn*-uGjk{aH0tU=<$cmzR
zHSYZ7C{Yc$+Iw>|fD5wyb1r*PL_=nju;f&Dp3xJkq6P)G9LVsnamtoRA}t<atTzb&
zgTK=4=m~BYZxi~#fDDsmAVBNyD+<}DHf`J*MQhW0*XTuk^A<#il8%v=S<ap=6V#?d
z-^s#h$jjNQ4x25Zwb2@kwGQEfmwBkvMGBVwL%r;hTc-VY|7}!!-|aOXimP@2ub>GE
zDGhVtU?40}GngCcTd;-W@L*>7$pt4M?CW{90B#)9Heiu51#rq?si<5^PLq#FWU4~<
z)lO_Ncoo^6vPp3Fmg|q=aiw**{EvZm`k+pQ4h8M5jkA9j5tGeb*+mk^HSc`R_Qlm_
zrY8%3(7qH_;jHb6xWY@cGl1@xtA);kL@ziKwF_~A6?9nLvqp7_ukszU%bW_}o=Hi8
z@t4eu5)3JL;%GpbIG%lk$rPzX3G6S*Ia-Yagu!U;fu-7?KcCJ%EzRBsOkWc?jJY$(
zSS=#z7=P}03vc@2(V?X!8!E1cIZ3sD|C*o5rd#XABQahOc=yqu{7dsTP|PJHsL$^A
z_JDMg@S@2V)<}(U6%@KA(p!xPusb8AWcfFnuOip!5*zy*J5&DjP>4z!KCxUPdUl;>
z9d8eg_jDfw2$sn{REysAJai{EL$sO1Y{{`B%(nCWcl6^(hBK`XF094;mk4X+Z86Gm
z%WhsB9osW(DEN<k?Ft{x_b<aS{a&i&$x46uX_8CO7cSv=l@SHe<ez~6GSzqjjMfhK
zZyjFM#6Z744mJyPlCY2X7P3|Nz?R|4qs7@!sGvMZ1!)UuTD&Y8P?9No;+pIZ-fnEC
zk~#G59&B!2$b2L`$W0iniGs;~?<S=nnZ}U<O4DlA1ndLxqfdPZZC7S(w21?F14bsa
z?zVi|+w>K32##3jR|S><^)a2UQm<{aEEM&FXV_CKmsZQ?or}j4ptjf#E_BM{v>n{f
z5iue~a>!)C_UwvY5yF|ag+z(Ua7N=%R+x~g@0tAWn*H)0;|p35U|IrxXOLavEMf?u
zoqm#44)RhXDU;<3@^dWnFlphM{B2jg-)}T1mrZd`vBlt4JEMGncJK#I(cW`vlBQ#P
z0Y8Y_6hhmMOuP5TneA6=mOYAUF1r%AQ3RBGOyn@phQ>56^sMq5rpxSw<xmc$i-+!s
z`R99WjSNXw=xZ>xknrSjlDkqDmqanns<l&JGXs!S7Qm|z4P7aIZ3yriJwC5_PbmdQ
zBuQALH+G@+t?dlpY7TAgwCH6LoccRM%~f*>PK-!%7mH$xdHgH3W)Kp=e5&iA02c{w
zAS4beDGaWej3aKBy-Gn(lPs+ck{@|xDe(U7h8a-kcuIrDT}Y6=XX=tgr7axvZ5o!z
ztu*zwwQ1r6ioZfSE7BQ-WT-KbCOG?HN&DRY*PH%2?!Fb^T5-YmF9Sy6Dc?62CT59y
zo#rU>6|v{<Y>#kk*gmZ%lHBPKrl7g490Hw>Rq>b4BIECgRGZ=c<f?rGT)wT}GLF_!
z#wo+V;0eSntl~;o-ES*v`(uhr|Nd^-6sgyoBCNS|O)RgQH+_7XDm;C^Ywuri2KO;O
z9sRz>3vs{#kU@7^9tD$8NW*~RjOEIAwhdg!(vj7m)TB~FaEiD;<l^o^?elE+_-!;L
zes#NFdR9+oZ{0)|r^WG?#(D#tgqym-mEhL-trE8oMXSnDYW_aHT^7DLtNgC7JVdNn
z@#%MX!IAfF<hE*960K)RH@=Nirfxmw3`(?C-HVq4(AtJRPu#$&qNMWHA+)b94>s!Z
zRn7=pIE#DDN*70P-a6KN#Rwv^_&E|Gd)KBnz6z2Uo(u;8lK8oq|0ub+XA%OV>j~AT
z+L^9APoibK>0U&^66)l|FTm`P@rm^nDp*KV;qAk+7K$J?*b79Sw5lL?ZlsQ=y%ElY
zrwUU7BE`8$MB=#M8ucc1D1xpsK=~CFp~5$}Qqqv|JadKKwK!bgUye;)!94~Z2IK@Y
zjP!-M$l5V&Y{3P8v*-kb7tgVfpe`Z@S%g^5C_Y7!l-yrBdWuMZ@A>b87+bg!apBl<
zl54k-8yB3Zy6OIYID{_926obWJ{lg{gzjGh2-yES*~P*qYU+C1K>yiS=8!`Jiz194
z0M-p5TPUo1AXUW;3M#mTyO^N($srQ77dLn(czugc$^`mv%OtMrk&F4j*EhF+4*xrT
z<pxfB7G`qDYv?uBgT_?%E2jj|IN1uSHx|DmumLBL(?pU%b#ILzO)SgUEn1WVou@Eh
zpIY&0THoUfE>asgz4PQ-v}7XkuctnzICn5)L~nb{KD~?}&YQv_6eK(7!q+LF$}Fe5
z5S7i-QF>LRHouRD%S;KF>Ygp!6@*lSi~m$ze5?`MJAe8q<eG5ey>>LS6;?Z>vw3{C
zpVLA4SWKN_h1gTBe{eoTNuQ019)}K)TR;_pc3dOIE+RW3geAUl(Ukld=D=dk*hl;4
z-jk^NW1uzo7hf$RU1TP+Gbj;8)4M90k66qdi*YZHH%k@b^`7y`m~Yw7$p&3XGJL&<
zw^o@tJrzT-DW6;Byh;I+W-gPT1~ThNm?bWzIYcneH5y0Zw{Po5CX_<%kTRlxt_94Y
zek5{{XBdIOnwMo)_IDe^X?%>YkGbmaPA&TCknI8JBFD`jxd;xjn?eIERfvOV&jxmM
zaU*x=H&=@E^lgyR!|$92=xcsqLXQPD;5Gv}8E2S~b22h?i$#$LW~j%dq4B85-DbTz
zXZKagXY&PWZnlivh9LK3V@Gg6Vvs@|k|9_!C^j^@2$}@5<x$s(|JMy+MM8QHld;a{
z*4H1N&ee}!zb6!sWl=6ttwu0iDAM_F+zbtvqK0UG3BiUW@HBETg*J1*p?UU-ZC_@#
z+ijK*DCD9IIH+dSb1V#04TfdAvkRhYA+UgH@r}cHIoXBGpZLpPUA?&i^c8d5uU0Vb
z<Z{a^rDwUq9mH|wB>DzQfP)q7j-IN%cIu{G4LOeaa{yQ5PKpn*J6gmGU7RLSBjzZ`
zNGeO3xJbBrVHdv=9UcT3AE)`<65vl3#0H~W5HkhPLAAAXu<OE}m?)jQ>V!|1LsNZh
z8=X#%5pblh@VEu~YSY01WY%KXm9Rr>CJQ^-feS<Y;mAkk)$&*;X12V~2nX95nZjAz
z;RdILQ$*!g6ip_KVem>vYDBr3PUS#RBc5<+4&2(RcXt1xXG_KuNU6Id1EsHPTI)Vf
zCCVelhE2#xh$ErX!>pKlM{nNl&)9~RW7xdPIN#+mY?4oo7#(o|_)YGbrykEIHQn;v
ze{p2`afbcK4_Qka*}~)c>~{|(gn&2@O(JX4(U+wWugtKH4;+U<D1}8YV__T0z(Iwx
zgBe%_7epP2GblI(Vx|XnjuJL`PFy++FN+}(CWzU0aEa9DC#Glu7ExKKW+K?QEO4Ol
zqd%bub#`L8-Saj9!T*F`=92>I*pa*hH(3J2q}71+{uK(ZVRo$6z%^|C`jx+l({0Q`
zx3H@chLe_SMTK%BZg7mos==&|;TF@@OO7u>JdDc0_+s6DA!GNcmX)hgpu7WoKM<MK
zmqEr|)Mq(`7S-;Q2K^5rP!6%758};h^%sTLNNN3wc60L{;M4EbI`r(qEk)&!t%mdT
zIL>zmaqg&ZSY!e8#gE-e%mB0l^St8u?S^2A575iS<M?u5YL_0Vp%^OO36xpw=9Vu4
zxf#zX_zQ*0gM2A#w!LS}LLzNufNXyivx6%Px%R;izw7(OOW=tBNET!JN%mrpnlLr3
zD@6%2o{{-CfOsJqLB8nXnc0Wv9U9j|V$;d~_IS#e;duiZ@lnNWAxn%2%1u=Z2bIR#
z!Wvk;HqTB&FH=hnjOZim7GI&c$T5Btv(ZeJj;WENMFhog10@bK>ao%#N1)@4&?R9=
z4ueC{#E&cZV2~xj9b7iU9t9p%*zs&=YKrMTzhPz&5b7u6lM|kuWJEdR0S<#GAu@BN
zr$$=bMABtOz~4`d5zl#~lp<~ACCO8vQZms}xUwD98xqv&coePM0UkJ#=dCZ#w8BCL
z<+tIO#QaaeO6pL2%B&bX-9cTO>JXEfYr9AOx^}bbn3aq;jVT*VnO&-Xx!0iGg!JD~
z&;b|@AYOQCY>*dmP|uiBh+rd3aRM@Kmk~;M0eG&D;a2xxCRi3vj8EVAb@2ctT$ghz
zXf-Lk`buJZAaj3jYNcGji)(rsaS=G%)%l)NUM4%t{vZrxFWBH>R8T)T@6-AhYu`-h
zXYR5hSZh`8E2@bU35PrBo4mCrAIWc1WOSTfK+R*&uf(o~Q%4>zzo&VIYlkT9&0dPj
zlXu1e)dGdA$>sWEd5)La)RunJ13M%q8XS4)-*YTveIjAb1li_@M`7w6TPLSa21kn$
z3{PO%1Y*&#%<W@hK$_rvIL1mZrWl1pg5mwk`)@bt*}pk;JX51cEykiHfu)=c)HuQ}
z0k{@+qM3W?X$yN6hWcn`w6s<W*GxbH4i?Bp5^R*h#Ln6Q`a+yiq>}p??s_d0Y3RqU
z1x~C>vXP4S@G`C65in0AYNrG)?tie;tlUuECl|jMx!TqQk<Q^Zz*6xSiXC94v0~Ur
zJq;{O{MAkzSD6dOE%KvRC#DKr?cyJV0oSJ^uc@z!|1dbj;;;D^%0IVl+r#!_!Ej9z
zU|_vR$pE@zXe)GhiJA!ha|O@Mq$%IONGET&@gD-FNyam;loK`Xu0NnNJ}Yas<=-cJ
zOh<Q3P=~11$T31bpvY2|nugpH45n6kC-^(MoyxI{qrQ|)eWQefkF78wPLVH!0b7zV
zSt6`ho}8e`F9-G(Ym2zwzgU+a1SwaqpKRmUzzt(Mvj~}DW2m1?nf_fz`)pugryjX7
z=AQSz;}*%Up7sbx+0mk`p=rqp@?5;%fOh21%3hP5pwGvN^F#pKE((q@n$oRnr0eYU
z=M~Y>NSjngaL!XLW0|7mUc}qp04C&f#U)(7M%!^e!a^SE?TX>l^yZol1V@dI1HKvq
z8kEGb4$!$?84-9e{VeY<u|)h`+QF}Gx1MtR&76$j-n4BxU$9l4>2GKL5JE$)br4I~
zX<jEkR`XRs7}*&MU`{k-eiMrs8bNnf4?&~{&?*Rf-M?Oa2@K$UqGGsx0EGIGvX*st
zKlxBZ{D@IelGBgpX~Ez@jYogXc>E5mX;)ih%p(WE)6ZVtuX6AtalQ1U8GV9Np}{>l
z*?wYlo5Aj#g@?dAvfW}q*{t@t*ghO{@hW$X4jepW<crnbIyX0Wh9g7ecK%z(TwPY{
zKH>oTW`@PT>e>OQi7n#C03irLJuVhvpL%rs6D!a54cQmQ9I54)3q4T!@zxJ|aZ@Um
zTNN-bWG$}qaM=u;Hd<HDmIk8~yKBC{{&W6jI8JcIwW}krWQItQXxgTWe)eHgGDU1-
z(<Iv5szP0GAm1hRz}VRr7KpY~0+!;fSz^W~(*tjG3(Asd)^x`rz)X=vP8%C%TVG+X
zz;+chw0C_b&WSC}__?X&Xk`40;%;=;!P;M=-;&yhMN#f`(omc)SRm_#Mo&X^#)CqA
zHF{5v?c)RxHW#qz(-%!If-j1qg3;v=ADW(iNkkIWQ{{^BXa0-Loj!*tlkDu)7lJ(j
z*7=E_-`Vf@1?B<EfWh3x(sm+-25+uE!IxC<$l)YxZi9^xp4Gz&NK-D;#h0%k`>u+h
zPVS(>&_&~yUupY^-XGeEzajQQCygv?*e42L%wXX$ePJbC@JC5+ASQofg<ypp-fRKR
zf+5y{g*1yviv?WF;@uJ61<f)_UIy!=T3nUOio-;3E1Jg!04`?uI*$_8B>dFuG9pvO
zAiyw=IC0kLVaAFG9wb(296O<X7h|;!8T-`4{RkGP`eHuCCj5rz2KVK>H%jRpeNJP3
zE4}660VIVXPa{{M!DVwgC^<9ozN*8^idM#+;C_C3X;u(-s9I>qqRCJVn6DnEWy=$O
z))%qg8KLEtfRS7fL$xpf!<?i1B$I!)9JdUdA428Cm0f^Nzk7?Y6y8Pf{b=&|LufB7
zZx>PU1!|xo^K=Lrum?fRpBTqEW_(hisg4)JneN}&o^Fxbz~7v1!$Z{c17Fa%IcRZc
zp&TY~=wRV~)DX7k{4gHFtM2ZQgj~1+Rj?s|a_<0G0AF-U+$koyF|eNhNWIy#@m`<v
zM3;Hm=#FPD`JQP|?}at?ipNDM*a_@LihSJIU*k?$Ce0L$y%i;dYG16Xu5wBKuZ3|E
zVL^@hV95_89U51wg+?F)*&gAFr28Qypop&qw=P&E>mGR@Vy<7ejuAlwUF!0WSoB2D
zc{Qmt0N!zIPvTnpk=ju$rs^-!&;v?h)R1sP)ZRQhn6q+Cy0+l45GUE)RFmu11<e?6
zJ6Fup8j-svS8^ZSV{KaW-QMo`Gp&AZdAw3BwP2)Nath#oW?8TiGwIY~n)nokKyo8W
z)nQ~U-EqD>@i0d*{qUb)QfiwTK%V{UyJ`p2fX8ZKTNBJ*U}jm|`X9qF3+>+<0d^CZ
zaFGARy_Ik)2bHe}0x5fOeSaMxD$xj&me}p!+_VUZ!cv{QtnpMZ$IIg&`sQlv{;6Cf
zww#XL`deS~sSgAM^!<JC_qWsfNXozO2<@uuW;zm7H@8(vd%j_2S6Mj?iRu0UQE*XV
z6hN{2EHU*sH|1ORbTe=Qh=m^+*{Yh-y&{8j!>FvuQCCIh)7bgp;b7|G`upj@=Ai)n
z{(<E|F-`2J4woff$xJM&saGv7CwGJs&s+8Q?0b$a;q};}b=%9Ok(yq2`$tJ5z@yfa
zmay)PiCM3Nk@45~p*3r#mzziX>PF>u3_!fTPLtj@OJTVD(9@&y)uAIRHUh9wJvRI3
ztj3R4zj|V;HdXxW<f4m#yQQhGCtGyhu66rzbvN&*rYDQJTzM-VbKVwS+&8c^2Cbqm
z=9@sZjL=xyu@NoOZQdc|)p2xZ)P#qbdFpt3<;dN-pQ&&BVRshG%^glwV>CTq3K+BA
zR*xAbR7!gvLnLLq^WGnl-(n4~;e+;?$rVu0$b2^{!Z<uKY<;tFzPZ=lR8Y5iZPoF~
zPC=x^AgQYxk<Zff&`YDHj8R5UTTzxmd8G(5P864V#*13a4s<%g8w+mJw`-o>l`V3!
zqVFe2J)bS?V7M~JZS2_Ap})pN1*k>6K9)u&x40rfaI2K2YK_J7p=%Qq_l^Z_7)G-U
zpQR)6bbBCeq*g*l78FIwdDNFZ6}9PAsk)dwvGUfkv}T56|KS;PcPPQL38fj6E7U2_
zo#srLZr5dfEu8F??O-)m#=oD{t!>qfExK>l;$p<i++;9b*?(XBaZGRH08fu@oYd>G
z?ya-|Kt;r<QCo{;8o9u8e$W0bC9lt+iF#20n^V%^daIPvxZ8X-suAb%<YJFBJm=Ej
zrY~u9Q*n_0-#=Nrl};Styz&9)_EpR(wW)Upf3wg>=sBX^vp;%EYSql6+g=aKk9BB@
zm@=1K<>bazllDJ2xxX6Z0BA)*);b<T$oo^m=r6VEP35ctwRa=uP9PAV3*KvK#n(>_
zT-n*xB2$*im&lZgwb$A-CLiwM6Hgsee0}_O(QD02lAzg7-dwFYYOZE{omwTu@cKD(
zcd!gLoqC48W2n=7t_|1ZFPm(Oob^--G-G&`j#+`pCfqmqQ=fNA0Nkjfd8g+}!>MP}
z_Kn)P5krpsdbW0Q1biKPGt~o&7;}t4p{vK0)Ig>BQ^@PP<yyunW~nRDj6|HG3-@Jp
z<`5;1l%=75@iy1(#NiH(oDU|%k2=chVq26o?1Cq6h1x*}1&6cJ5mz~k*Ss7ppQl5E
zh2yu4<>rfv7|t3e!0+G;&3UOyO)(>vsN)PW)_B)V{_z+dD}Iln2ecl(4gRvxIvqRR
zLxzq4=wvXUh**vDciP*^^HYJb<6zHs#7>5<FS8R&0(dA^fpOI72zNBwzCJ6wP-v0E
zBL@sotZ=ro@IE<Om}mOz*?AFa3YO<gBaxC%PKzme(xnd}z$OFXFB$Tjj!&K7#`2H0
z49v*ABArgIm$d@cSm6Q{Ikf9zF4pDrauP<FBvT1_9Pl+)FF6C+>}PrcQRAbW$kU3J
zjO6xQDVvB)L*y^Ru-0hCa>O;rQM-t2MsDuYg+`a1knA}YCrXp|VTbH`se9gg-EDWR
z8Pq>bdw^|j0Ec`@V%4p+$8<~@-8I>{(sH?xo_css868Eei$!JC*rWJnWyEb!M3L0s
zOXfiC2Y{q@Mj$1!4taf3vO+_wjIwWz2!@V_q7lvqao=<>28NVYwHCK68}q#upPSEi
z-(c<-0(*1l+_HUZq86fk=Rq_mNxb&<Lhv;^xO;>YKvKxmA2!HMBr=qro^3sBYs%Bb
z&#_dZago<y1@8Rb(At8H&T)KXmGa~>Je$SnKoH}Kk3LXZV6=_|&@_zGHheA+!24`<
z7)tlue-UwW#=)76>v~B8A4Uwj{NU8E{=48v7umvih3!fkfBQ%ai8CBJDSx{^602$(
zD$XSYhzPxpR)|a0c120V4f65&mkj>$X1e<M3$SYE;36XHNeQ7N$00rSS(?QuJL>1M
zS2j`KLyZ>-Pk1Oh0Sy!ybv+=oR1XBn>T&44{{j*e|7X>JdTe~e=WmjR5Ln0Fif<C7
zWx{Iwrj6dEt5L3g%2>BIaKok85J>C{7ys-iKxEW*ghtMY6>{Baqh(&ndoGj}J7w&-
zh_jt~GBxtlthJ9YOVS}=fTOAQ_AJi~oOg+2A-nQ!Va0!xG_|MLoPKRIpeGtsdHnCQ
zFBL|?V~Y-2IknRGo|4o}9T67yS+1OHOxjw!GzfEAod*aDs9049uwy5u6OS9x^ryiB
zpdaOR(+TohE8cW3z+v7+do^q3_A=)+8+Hk(Fw^s;Ot$@C(1feBcr&gb^Vn4($fmg-
zjE^qUE~e&I8$H)P6BTho;gf8dE_OkKF8Z*LX6jDRl6DCCr8KzrdX?g`La=Ah+%~b-
zcq)qyl!ffJab+!ifCVFz)q$5%=7VV&AYZKUS#s$*!%(yChU0`c;14mSs)S~MGdc)m
zs3UKFVcvu*A^zJ3;?Q7X+M)D!P#JKA|5bIwquHQ(YFQ8TaK>PG@S;liC=ht1pNggA
zMF(9oG{LB^%QmRpF-*WWoPTMd(XCnrYuP+LG@v=275d1tBV(!ekwG_2?s$F@KrI3L
zl``mYLbJbO4WNTt7Z^*j3w79|Xst{nxLLIw9twcvbD~`|GyAh5lndN!tAN1UB<$Bj
zMC{`f?oy|E=gHKv0MCh@E;cfw663JuP-|&=Ki}A<jUIVhnRb3ze(P9ERU4M$pMaiR
za0r_I>70i%{G=8WPxd_h^|jv!C}(rym6_XMJ2upU7N2r(bQIuNSesOyPd((hbYIFk
zpFAhaw@jlo?f{rIKWj+)Nspcj(pQhGwPFRv;QbZPdTD}S8_Yw(3E26$<vB^_u4jH|
zcpA5O_#e+@iDFG;anfJs&MZDgF-*#Bo?4D}M1F2+%28gyNmX*XaK{=ZfNVrrU??+X
zb7bPc@+QKF<!}^)%6!m2m@=+EjjiaQ!mp@K%!b=zfsho)xtf*N5e}sk3zC}P9>%iV
z4B6j{P51qmk>U<`<4_{wjXIShs7$)lje#rkt<sXQ^PG>Q<L48|{8q*IH0g%3L(vP=
zm@8q9&dr58x18Md_URs$fCSu)roV9@fxs$4MKnd$xxcKnlC--{wN72#$y#rLe!t`0
zm?}+}s`zz4T{x>Oj>J@jP*})0`dRN$P+-=R#p5~%{v~UoUgh>6l;3UGr}EO2y}MW(
zp=R{JU`HH}CKG`LOO~vSQ5EDR#Nv0F&t9~EBztNFma;+3;WLQz2Y7~9x%I(5c_ox;
z-uF;*m@*)8&dP5;Swa#g<iW4-PZQXWgv>}qRNoe)(Z?IF(&e;F*V}Nw!L3Lul=fQ=
zV<fDxAuYACEbPlP>P*}WySdR$Z5JvP@c*&(dbxxdcH&_qB40RXC9JNEJ7@R%RLOcQ
z;(Yukff#z8#uUD)1BgG|4@%4mpd1g0E?!AD<^Qv))$%4OI#0tVnf<_*!Y~aw9!Ff?
zS^`zm$Rf>GLoXQ$q~x?c_GWL?jL)=kStp1;t%q(5UTn^<TkY`cPx!wxteU3cYPLa+
zNAoIq-}T!Wsp8s8ZhrG<gG8WJ4MV|Q=0T23rWi+q30v0PCV(-5RA<-lT>8j;uHMR6
zK!IrfVa+lL&4Qk|KN}*|iy5C;pUp6;D`tQq-#n<^BEoVA32WEil$=2aBzr*!Dk5Xq
z2svWv3Fkhc{f<2)S91kES&rt%IS$ksh9@<&b_&yLCBL9fQNP&wSf<q*=`dXz#_2r*
z(I<QL>E4^>Q@}pyB88flO8R1W;jC*un=I;No<E8TJs1N4w^WuF!b|$oM)u2q%`jy`
zjd!Dyt-JHH26{DpnY+!OaAE0PaJF;ug7Ve7h#-eHEV-2ZM}m0mSl`u8pM;E@a!&EV
zL7cUr{0|3yE^w9BJSkM`*4dCl``!4#9rczXJb;4p6=2n;I3IsZ($`_Bw1i7@e()f>
z@YA6ohyEga&8npR(8_62bY#8ho^$YIT*#DuqUMi`RT3})1h66?MU=r(9O<7c;=_Iu
zDbOfGh{@w~=3z%fy~N<xKW#?yLXlkCoMZUmej#lg1!5}v;zx4kN9o8!TPmkoyo)+8
zX&oy_41kh7#LEU~N9*N`pmKz{$*mLD3)=D0em;%2?b7kkKuWv;*0YiF3tJ58js+Zb
z99lHWWj%%EaqAFklQCHMY3RU!j8(M4m#(gy`Nc=(Y}$6U1a68cdvLX8)Uk`QYFYXF
zs9dYo_o3CtmA;(bs?gUq=I{HZY7OO$gF!Q{FTm}0Rchq7`o#5DG~v|8b34G*=#rGC
z8CZwl@EtukLPNE5givLBF)tKV($fk-kEh9ATQDqXj&gp_tQRyrhItitba9k2)k@c!
zLCqAFFyg#1gC26J`CTS*Iq@-Ux{$vEZMwGbWt{;=1O1Em=R*y6M0ZRo&;C<~X%tG{
z5+LdyNRyZ&fkBRB{D_BJjejT!bB~r=HQG>KOoI4FLFfpX!9D2EdWPR;w4R$QW}mqn
z8uT|-6Iit$eU_M-NBw~R5O!N>u;nR&cZciFJ{+vKdP{D=K2?XDp<OjJf$ac8)flCx
zq05In@jJyNTMK86yDS{-p$HxK0rSft1AvMceUo5j=?|pv6jN0{&N?tIxC#s8Jf01}
z<OP+gw+Dh!Mv!c-3qhIYt8aFO$dw4^06}mn9#I=poX;=L4T%HpKvcc=6(a<Hv@~Q!
z2O0j5J!-0b^-f9fSY>L27)Qp>C^7CLDFQ}prpN7NHk_9h2pHOPB_47=b;F!V6Tol%
zfe&U-34I4VNDSgpxY{a{aj9ie*#)5l!}_(I*yw3PB*KzMSwJ*+t=5W+OO(t`99nIk
zp;kkOev7Hlh*1Bmuju3cnkwhe=t~)oJSF>GF4e?1nK{4DWrc5T6Ll?o3}mryzshW{
z0JO*hO%F@+_fTRp^C6MnTY8%M7@!(!3reAIwnDdGLT+h_u2rc3b{yA*m&09y;>d=a
zILm@s2?THqtFg?|;yVPb#($UcWG3?C6ACS>P0<x?m&q5zsr7%Z2N}O>QK*#fKRoc)
zRtcB$xf7rahf^Yk=g<;WEJ0<go0Avm!@-}p<%&kp?-viM+rNvsDeLGm16*eOD~)lI
zM2QDFmx<W*A6s=5ZUu2O;h})9AcC(ioc3-u)_(q%7LJ!Z>FDgl_|d>k(7oLxsp|Jy
zS|_#>WSDfg(kI(Ogr0^3b##I|?!vlFrfx1i#f>*{U}}Rry_X{unUXp{w$-J1PZUQ0
z>e$tzum`6c;Lp5;3ef=S3>Zz%P9@vij<-pTw)osQ5Jpi#YLa9IA3;MH=9}==KOExJ
zGhuaZz6QdJ`sC6@X8%x?1)3{9sBm;|b}ETsBK!0)eNJi|tB<nS3alcu&;olI_a6+&
zZx$Kufd%5>t4-UExh1#6se$5|n-r<V-cBjkHI7*Os>mMUJVpW81wgCV$>+|U>i7*t
z;YdOhnT1W%j9Okehi>FZj{KG^A!9V3ETjOtdZBOMe-|a&oV?@&?Fm^+0Jr|v6GMgr
zp&hv!PrDo%KE$>I{9pj?%cB-IVQ8=DB<XC+0tChE>$N7?*q>^BZ;~{W*F?QIAVszV
zc`+m?4Z{S)vd31_2Pmxn=oQA3JuyWaHpl))w4hbU&J2lmgrgAqNu<8EBxnu1e{Bo)
zTJq^?OA`O(25d@<jjGa94kcoh40hM!SHmE<tU}8{My2%AGmlA7ND#4ZVqhJAW7JPx
zLOGi?=BXG;m=V=%&o5w(Pd<3AcQsb^Gz6$Vx_?=(rW5wu0bocJU@}l>`lX93kk(T~
zs&(R?lV(0#i}v81X6gGzT$K%`)l77i<P>W4puA7kf_cQ$VRIm}VMVpdu6?C#IKy0o
zCuT1fK7M&q_g>^4mJs{RZeJJgZ!cvUiT#`$Wu;Xi4_tMT*|K(P;DG|q{4_$IB12r)
z?g3P^(Z0W~1qcsv-R3Mk>$^s6(?msl<6EVbt77hgyI`;6ZvEgjX7J5{{4<=7f&$<B
zI%UZVv=NZ)Eu!zqW!1t41c^eaSiM%F&h%cK;p@3)Ac*O7T2eGk)GNV>jd#K6dV;RN
z#h_}i*K;|_@Zmae+({M;8KjA1BhYL5N6nX5C@Fuv74W6~7Mr-jDP7Ejp2cZAY81gp
zAQw<7lOWpeGA(5ps<_vc(|K*x-pHzNK1a`qiKcr4qXeQKTgTtYkg-%0CEmUu*hYMC
zLf|=rz&@}GkKI<dm5>EfeUn>!XzBKMMaTndP&LdVbtYqD(q9#~O_Qq4RK!mzRI?Cr
z5q|AT3xKzE-*;uRRxh@Fgti6_#LsL?xz`I3RAi`lxLCN5H`$VR_K%8vrFJ{?7}93?
zqI-e$x_&aI;}UI}4%VX!?UX$fs~aK&tM6Nt`^H9++t=cqZ;RW)>yLwz0+M2XgXC`&
zp2Vz*qGh5#)#hv3YCZIE8jA5212GEr&?hsfD}bA$EPsMxvw!{$vcli3Y<Y=neV`Gf
zmLWGN#_N`5Z`$;Mt_DO`u3><~4K?fLvPbXDk5ipMa~6TZSG))17WNXEnO{V$UT1a0
z7Who1>&;J>Gd+YDI2Xi~(glUHgv}5zsbjBD1pRg`)cy#;Gn6X4ham|)#^Y@_x6}~a
z5CA0zM~uF#8HdW5n7qOV)!abWnH@w}oU`~V2wB8|BHrJdfnc)%J-B59M~GtxH}ttf
zy$Vm8BN26IP_4sO&7k17g`iFH^%pfZl@(S<YRkKC8=I&z<k1LH`8^eacyj|lv~^x#
zzgS_83MnjeR&9BFzdi7g)`jV0quO{HG5~$0RQ$QQalkv;b2UP*1bQ`SNb@r=0TTyI
zl5ayBuD5%?AbD?B>(Ug<hUKIEF|-B#zPEG&O{alX!8j>9G2xdD12=jLr*PKgJsVoL
zamcLvJi<1O<H=}aJ#E=rF)z#tnoa<FXiD1piceRpLPhMZdUS}v&_yF|#&lcS48RtX
z(86gY&|A1J<p~2)F5uI}JJoRVaChf4xa6HY@RieY>?HUs(4j}iM?P0U&t{_Z9n7M_
z1t<F`NXojs5S9({%MC|--zllNJQ&nPSYhr?jy<cVx`+z127WU?2Jx>lwSbZwl|?O8
zpCK+F+Vyj1GQt(cg(2e$-m1Br0SxkWj`{7HR;Oe}+at*1DJVl_BABg0F|>;MX~5WE
z0wMVjRU$j*qnDV+Hv3pIO{DsM)~wfFi~?Z*GlrSNm?Qq$QIY9C?^(;=g=wXusV%yW
zZ~iQ4$;afo6Y6&*(FBUeO4M0#VpdIpk`&y1UR_3uw(hoDu}Q^-b4q9Q2CN}~zmh2k
z8KEfY!H9hiSHH-LvZ^*47(HY6H7&!1cuZm<WQwHC7=vBYpz83DT||hz(S$35?${v3
zo<TSDHMPTqw2uFb$&kdlElh?;q2$_+UCCcvi}g3z(InYjoDW55;wy5`!@RuIonP=3
zE>_fEj)oQml2_s7ZS<%G_=AOUrt>n(8@$`PIh%@>mF${8L|k>c=aAjp=ZW?#5sMOk
z52g`~CBLxkdo2_<oFbS+pP;gb^3maLy^s9KvsLv(WgSb6ygjSEYNY+;{;YD90K}w#
z#U-D>3|bNg|8K@o1rhahc!71^mZ(qD#*KRF<UL)u0g*S?a+JUXu)@|y5=XN6{{etN
zf4{tJ6^k?i=h?l>jn#IV;Y*$7APb(*>*kukR<?BYI<$pRVXE|&0;7`*Fv#h~-Ut!e
zd*xhzd4!rO`~Hb#c;avdnME5ch2hi^*g^8oz|cpNl2PPgh%TnnZ4D_Sw?{rO^^|e|
zeP9S<j)h?W*+78Lb)&qu543-Tg(dHu$~-llO~wzDWg)oaa7^I<d2D$&O`gm%^tu6d
zLWA~HUJO^)<RxLppeDr7o0OOnvmiEfDYMdG7@~FMXo4_!A@Ja+UFw`%H0>sxe>9>A
z)HFN8yec}9(yX_t)Nd+=DP*#WJF#V-?~{!?*qPEIeD)rrOhAI|vB!Txs;-=2vJCnr
z!8ky;G=*ilw>qOqbOqZ}8s>33rc~+sw0<wus&YkNVmT9TkNkxbD+D19T?AU{;zS%n
zWn?Yl9#W>%4VfZMD?QU`d1APXXC+M>^_#2F*QwKvyuBXPgkWKGRT(YKNdg5|J(Wix
zvmnt#o(XZi4FlE5V;FyD5i)C9N9dCwSwYU#Jrfc3dD?5JMV#p*=H*<r73}i)%?dT#
zYM@a5gytvxRrtBd-4a0v8g$Q`goQM&iwGZ%nHFQAy<oxcAg+%9WyYB|UU#*?=$4<R
z`DhsKx7AWoHP&>hnIxs!<RC$$;y@bHXlGLJfCFVR_5u7NH!^?S(K6i*?PopAA-C(6
z&u3U7)n<d>ada)A`$xIx@_{!Yt$<LU9l=QG7Hu;k?9<#U!-!p--4`%h7Bmt||MugS
z3x2$zDiPuV4OJ*+0+FGQLnY7yG0TD6V+3TAo=Tw6E&oh?;mkeKl<)11=*D0k%Q*&D
z$P`!0FX!S<amasW7jCW*g(63KNg{}Kc<e0K6cK#t%RPs-<*@_tdP8vTK8i7QWxT<*
zU8!0bI_ppQ>eNCTDu|GYqOj+9wv?8MnjEweX)yJJ#Obp<Engk9h4A)G=QSU*@?|vU
z&`VHtgf(r-GiEMrO_Vmptv`LzlQ`ahFF(3jVZ&JT;FEtZA>~COmj*Q4Wv;ZV4ehNo
zt@u6pQd^`P!s4I>t{57vkZdW!uTOp-*H{Y|ALsCAQ5Xb>$07GERYW4NP`Yc}$fk@K
z62;qn!*6-}z#8W5PjsC3mZo-e6;zW@P^`3^_fmnUGFxL%*b;|nA!dtYTLP#cFi7AL
zJLid$_Yi-yjED_2Y~nzjyx(D}$f2QCM5qAXO%k6{(<X73=2Q(9Yy5=wx~)!I0G-nE
zpiTMQsS?N0n75j%Mz`Cf{Ja$5`{N{YnAjmHGMWOQE0A7raXGylnubsObe`E(kDqSq
zi3j4gpX#vNV(5X5c+E#aSS9_gJ1TlTS+yyPxio)J(XY6?nU?D}eFHiAP<$V($xq10
z>G~(+rCdWpJ?0uVzJ}7Cz#QmV{dVvovB00@p;$o}Cg{=u*3y&;Y)kY^r->+`OD3u*
zQS=0!ZAI=tVvN_T!5{2{gJy+dP0@XFsxCx30=#$h9FeId#R;j3QkDy(x6^lW4=SYF
zjsJf`a&8;8c7I>pd5Unt)%|of;V6EyX|w&y+48P3=M@pUyg@R#@ypqiet^gEtbDVz
z5RFkCk0m{tb*RiE6KPm%o|6FJuyVbe?orQ=(8cdL3+?zzw`B_c49_Nv0MV@o2!=*x
ze1o)+A=FJ2fN$i=3Acyf`w?NY_P!Yg!90K4AvQJ4K9hT%E{*v}$#T|xp_y>%=@voL
zS6UUgi-pTH2;6$~PU&50Pw`brg|Bhyxe5fFhN<OH%Y}D`>qAFJ8JPaar$FB55#TT)
z1Jw*?UNv(2+OeH^vQI^CIU4@l`2$iQtdE31HNdzLXJ;{wf@X*Ao<TNiJ9-<a!gzmT
zvwpMbrVczKk^7=<&e;TCk2EGe%4`R4!lt{n2Zd|PB7<oE(cD!=A3q{7NcG0#Ne=Q)
z%!=hSGz}y52$0nyMPNkusj+e8I+bQmHCMUdD!-YNYKe^R@~k&?CVgV_(h7<81!`V)
zRaDCWyx<hr%AmQOQJ@F%?rwNJFtmR|#UT%2`x*pBnowvb(+v^kR#xXpprwO4+tGTL
zb1xL;)1lW+LJl<PB;<(ccrjcbMNJ~ldnVMjJ!fk|wtIATjZ<Xy^vBN18<AVA=hUpG
zoapdG#RC~VSTx{c{E^Wu0(g%$t;?k|<V%Pyb%JD{4v*NmFw-lFzQdyNxE6mc2G#>o
zazIVt0aJKD(%7eg7F~yK$M)&)3=L}-+%-v6$b92=nQaRj_!tIp!p>SQDs2q8-0H+C
zXfKZdS!u$j&Md0{LI!HWWnG4ILbWT_owd(TqN>)k2ImGL?X9#$!U~vXAlj4`D#fAs
z^(pP1$O2BFb_G(BNNNRPC=h=obqi%1B!aylcDiqxX{%oc;*8HSS<TIJq;aruv>W}k
z4g1t_n$cMcVhcP3gq0;gTY#<$;zHyTeY6tOgwxO!B!6lvN^@V$pt<Ze)9ajOA~umQ
z6%0;Hl0^q<D3CX;sWAO0DMIw`o<uv)KU+Gny^kmz&bSj$l!YoWl=^?dw<oK#;f}&n
zM<F&jLN{b?)m?{<2;<SdMtqK{Uz~E?2)bR}Q)tKIXA2}Y_f+j0o(5bA5LCC*osv-x
zT-feV77WZvq0TYt2(a6Yxk<!xxhf#)?h|ZFO><4fvvyD2V6AF^e&@~v3$0JGh`XKg
z1C9wY)SMvV8tH=f@MC|%tK`B-mr4nzAn)$J7X7n^1v*<bvD29y`s(9HmZwaK9HzFV
zWz4=XTroWqZMhkfdzdJ%^&HuDG%P20fce>r!0&I;yM4S`O&i|#ffCU2K`OLTsXb-;
z^F%Zur0-pr7%s#v)NG|kkjsTUC&49jUmDd`Xb#R6J?!?t?J<9=X#wuC6DHmXSM9=!
zQ>qb2*!w;jG9nNv*c)8T6!uq!k0S^~FuuEb{;4gajIPcz+(N@4KV7s}w{#&#D_T|J
zkGE%}n4Fjj`g2_PiI$$r{d<@sxD63fQbO^OJJpa=?pDwJ)Rs~vkb2e@+d`lFux?-3
z*a1W*S0aKkh=_kY>hTPpdK(?_Fg2)y(qj_S`qiVU&=yUmHZrU()9mdkzaZ!(dS}~P
z9!C3Jgm~7r*A5XawBDvo9z%zVPB5kP4BFfR$5EG)A=$pvX}lPfT4|2#7RPTZ83&@t
zKBVUXLt2UD?QSZS_)f^{UA*e9yD|lZM-PWPd(r-bmIr@(A(FyBf;pMyZUVi%D|58J
z!*~7ur#t!*KNTx9h1VCe@_O^`()v;07*T!Sz6K+&Ug5j1U`a3MyPxP|23D7!0I#o?
z&=R&ka8Iy&?l02Gd2v@D1M>^Ft-ZVCfuQ8JyC~}2r7(cF^b^Y7Ex+eRDTHy-yXm`2
z6k45-8*qQygzo@T#79q71y<yy=?*y2yg_nOj33jEw~f3#AHR)ejB$Z}MZ$M6j*Bnz
z*<$^6KCbU7=BnZ~(hBop{Uh2n3*MAUNwML_)eWs$D{1+W)-0;1TTv{inBHae*~#sa
zo3bwcy{yW<>vxx5fUn>Gv|U6V_3!%q7wcQr;lqFA-K9oLw&hFZ5TY>6`o#Av@8Uu~
z4g2TS#r7WEdIe#(kOwYgYg}FkKAa=fxBubi>9~FeOTJpZyZqnQ|M{0+Zp(6`f2`?V
zzgAiZ?|%|a|K;laPe{wn-~aSwvU)pS&fbSVjdm}0zxyB8*YByY1=@G_Z_4kg_gBk@
z_qu=nwY=Q@PTu!4JgV(K;l1jgjOuUOET6tnZ~wV`d-E$j%i`|G?r${R-$()1wXFSn
z^*73Qjdqh2evh2zpPBgXHLutf_139hA8ye<(!Ocqv|{dB`^NqT`vyOYk@%HUIsR>i
zatmMa%{LE19QHTbJU!dhW%Iay^3Br@;6;DmvbA{{w(`}C&f(_yRV={$YPR1*7jrPU
z|AlyOQqE?WY(P)B7qs=8Lo4NVTPYuX%IykbP0q1V8Y6YaHtYF5$n>E-@Ed9TF@N%H
zb`VjD7HHeIh2PFdaaH@>?XTdwG{vo7)ll{L9N02@H}%S1&gu4YHpu6n+)lNVcF})J
ztvAqL<=VuHc=_eRJ-UT@qoSdn%ecNbFzn&FItl^@K}bi~vt8Z8um_=fgsZ#5o~;==
z473_%Z@&ZoTv3mBss{2T`m-&ILe*~{<-eNe`cQ>EpD-j-lG<b!{q$Rv-bj{fgm*jQ
zOuxiEjlox5qGJ=;-Hwnu$q^$R7Oj6b!tFolE)w0#<}Sj@v}5OQv5S6QEd_=8tN5k=
zd0&!xf0qs98L;R>FY!7XsLv6yfxfbPe=alRw(AZe$K2jP<{OxyUyvP&X0wFb5ax^5
z-8+3N$=>-Y!g!s%(-YEELGhnDZ*O1D5Qr3Zd+QtzXr2f7fH$qm<9N?=d{%$YA|htD
z^Et-?;b*w4r)a7LFf~J^*L7JtXb8mcG&Y2U+{g9i{ZIV=f|~>1UH%h3A&eiJVl3(i
z)Mot&Dl9P5a|;S07paBtfBx%o3w#1meuaGQ??|YwvsqpvLs^d2TnkxD)`I2DXCpG*
za1>S-*<f_|5a7E#6(O%6)9QbIiX-ps1^}3RyV=||kk`)dFTae->U+J`w_gAI{j9u@
zdhfeSX+Mbz`fH|uoc|1&X+$Fpd@kfY(a}K_fL<q+0V1aqOJSo>Xsidg{g)SL1Ai<R
zH=ElE(3}@vc0ZBxTwajfO$57^H@6eJ{=D3Nxdi>6C@cUoSC8Z1o#KDX?wth~wKVt&
zZi-o5t}a$LSMM(2@W623YqlRye3`CWZ_AtY+avjc?U30b_1DRB;H&3v*MH~!&i6kD
zZ~r6Uz1`2-zt*)#-*t^x#MuYf&6pGb|IOpO%L?MJh2ob~4*<_a=(JiwxR$=74R@WR
z_aXgUup}JmQiEh|44r@au#2lDoWH$(|DVMSMeu+5A^t%Qto){0h{+dTT=T4@BC!$h
zUmpDXpRR5Wo^A|!D-VCv`fH>5pVp6DKC1h1f6&(34<-x+!2aVua{4r=!&KV*hmYLO
zqZ~0ZYN+U9(qj!DGWHNQr71I{gB+Pjk$JB+TJw>MQT|SkTx@?$^VEO6qY%68on8{4
z*^LYi9b<HBI1q_KnEO};F0J)-mT*x<$Mhsr89F`s19s<i$c{Q^dSnvatLLUDY5Me^
zqSykPHMF>61({dw$)@ol%aZ`2a>w)}vp;)!++Zt}qN<=a=&YPGGeX?%nT1xGx%BbF
zFrpBPCJ<eb4sCxn3AY0Ium@c??b?^(?uRej-q8O4U<!b@x*s`;ktyv<33Li+L=}|+
z_!bD!W!w<YjeiN+HNUU*J!eM&*7WQsZ5wDJn1WpHE2cdM6`q(diTEjj_MLe`Nd2Q*
zIw`1k8gfXILEy?IOF~z5kd}lDfO4u!nF-xpWNbY+3}1gu?~i5ar1`UZdZ`EP3YrWZ
zh)9Au5n@Cr5{cd*(gsLuMTi~zku9C{diHo=gdRgg2bC5@dM-Q?`Z}#NaA5hp=V1uD
zZ20eB>Hg-t{oC0wW*s;6Bncz3mu3nBEzOHux!ctjMTINGnmC&@@`obm89~MoCd+H5
zFcMM|MNWVDzubd+F<#zFu#W|)Ng`ifl&Z8peVa8@1?`JsHd{W#v^@M)7a+l0J}mC;
zH=ls+VA1S<nXOjKRr8l$R&P;BC)u$KJ(h4M<s`uE<E~jw0!N<f98DV0HW0<AEY%UQ
zFj~00NFSX2zy4s}{_xiy_OU><V6DGfXBHpoomPMUP=~|qsXe7sPY?5zr)!H!m&l`f
zob;N{7<kwLEAw$qRuKCREZC#djbysf5BtEiZ@PaYvj1CWWdGe~&6TKDR^1((B9Y>7
zH4CkE{NcgccQw=Irt}lDj%C*I8H?PT&wTe;qY#E4<4RJJK$3ZpSP4nw>A$5B!$XLt
zx)y)-=vsf2S${k|>y%k%e~h(8DG3mrxoU1k6q!-3+j4Q=G^5!Nr*i~6p&TEb^(UG2
zryur?p>K!(cV^9h4kEJNMP46>-}Q8J>xV{PI#e3MG9C~?L=ip~%{x?LbwnasdqCp9
z9%Giv-18s&UHIR7y8i&i4Aoc&r|fNu8_ZZ)>dYmm;bt-~OxOSj+@~66caH5oIo%I+
zc=x-mE=p}_&LI=wLgE`F66Er-P;qxf=+Zo5=o3CM-R<h?)608$zI!mO;rT&%s(?iP
ztiaWg2#8hK=llPc!Ab}fx1w4E3<e8sj7hIf1pok97XXvdFc`PdU<A$qe@^2-4Ez<8
zA83>8CMjww-L;hVGb)61PsfQ?@cTH)!Dhy@`-o@kb!NSG&Gz=^_4R(d-mm-Z``hQk
z`>txLhugpF-`lRLA2-#0`!X7Tnf1P_Zua-bzHaO7>SMoMz5GWHqtC92p<0>M;`{__
zWiYd*U|swP2ChN6nswpYe`(h!UCp|1?dcQZ{Aug84%y3)qt$dmaT<*LTasEjUXlWm
zj*^t*n{Mh!l9Esp>7+=J5`UH?O8hKIl=wyFlx_g--Kyxj0Efrny8zFV*=j7h8Z(o0
z7|q(D(+;CqJEYr(l;+P8DTQVukC^T9jL_?<o$RS@n+;VL;ccqlf9a+#gm**cwe?Aq
z<+~4~y?8v}eEfm@1EqH)yiMuN)y)3Xc}|2!de+a3(?dA(`6RE&2j3TS&8pW8B8>K;
ze1Hr201w;|D1M+P{KPoDUXu^v3;7WD@*z&wXYv7_uf9Qd``+wD`2ZL40UoGVTJ<6B
z<wM-d2e^<AaW5a@f4=$v&&!wE4L)A87v%$7$Om|!$7S*%?&U+Arx5uI`M^JV`2g>H
z??XJ-`-ZiyzR_Ni4{<La;(;E=F%a(LBb=(^ME+hr^!M^1-cfJ8Q2cE54RuC7vlrz9
zT*wD_bfaTDH^uk85Ao<m2jOmX5bmlE@s6&~<b(Wj^3_eyf8{p=1p%3`P!N7m8BgEP
z43tkO-w{V}^PLH9z`F>1O-yiQ?g)HQE(dP2E<$F?8&7XXGf);1mjo*214nR^-VwN4
zI06qVCMY2xN!Ku3giJ#<o?iTBpsW)thps7b1UJ$hLFfcW1fdfUluk$x1&4%GaQra!
zmTMmYi>~|CY0m_u6GU*cn<KdP=?FZ%nV@un98^8wKA%~>?IgV%%|N-HVC`2r0l^Jv
zK0@h)5qL~<1f>&1P&(m1FH(=>deU2*rBGhun4omRMTn;{M^HLp1kvb`zyq0&P&z?`
z#YmoYTBUz?eF3+OWduA32~(01so)3z040~vZ3Gs7TaTMY6n?MN|A3JC=;dOrE89_Q
zuhmFt6lphVANqnZ_M&pJ0B^mi`d|86`pbG|U|=v9Fc-&BcOzvD%bauOTt8;cc=GP(
zI?Rg|gtqTZS>cXn8Ot;MjqUBG?3bt2NMo5WGQ5r9_?|UoU#*aRH~aC2Nf^C4*5k8f
zMGTOC@WLtk97X$kjtk9a%QeC~e{Xs4m#rVTMg*6^jtlpJWo$w;$aOf8=M~O1Y>$m8
z+`DEIBCZkqaoCSc-`yLLy|x`Ydd0L@#x?Ih>^wg()((hz6ePoBj)D@1%rPKL@ZAC*
z*ERz`^taI+(B=H?);6u8xH_kEhM7?U%IzqB2{Olvxw#*MmXsteuwHCrK6W<o4(`g0
zLdNtDUIgY$Z!z&-K5XEoBC$+tm4&|nJ@LQ)`_E4-H=A(D@Y!VRdl?l`12X8&Y!ZHD
zUJM6l2<Um!cl>~fz}!Fu-|-CBil0~*j=c_S^w`#LZRa(<EutIPLz3rQ8|;Od#~k8+
z{}1S?3SK-K(HFC8O{zJcM{DO>%$E<P+T&<Nr8Jd-K~8i;XfltMYp;E0Q%`(dV}-mC
znhSjy-EN+AxzhVnkkqG_(n=FC<y`pn%8MvX%bY6Mt*7j2#p9n|3{MeHQpm|1T0{Yr
zmMR3U@~B*N<s7w>&d-t+aYl?ynTRZZNvgQGz@Fx_5rj~N<IG&hrMXE^+=ftkc`c|k
zWKMc4UU`DU>8z^av~ZVhG<%c$R{&cGaD_PBXlqvJqga6fx<xiB`y>8tEa|$Yh>D`9
zygHUu{UjCnUg$dpW=NOkalw1?`7<lI-GZ|>-zx@X_p+Bxxr}(GV$iUzNvgzutCB1#
z*iuFHTu@91TYy`q*y>DTY(X6RK~>?n+^$7&1>%VOU4Kf#Ss?^8X**5^aCrnx;m&LV
zF9VSkcq_PIlFv`CdjO^$ytl+|ji0M|dKVb4f+#m10C8k*kQBQGhQmn`U%}5}fyq#k
z0mhE`*GO@eC@Q~*=sMwMdmHP2XaTARP>&FNf4q2p&dWpdqU*(gQ%cy-2~q^lR8;}}
zsG5%R-tYpb1Dh_Hr=G>1ijtI|Xqu)=V?mN|ni_th7qh`(0nxqogAFW3q%W}O4K}_v
zn>f}s0v`|T-81?f`Fj)yeiXqQ`)snYjh*iq4vGRYf*uL07_eY5Wus?*Sa2Zku1T=Y
zMf48`5Mq+>XgC7PgT-k$00bv;Hyja9viTfcYhxeWbe5+{f|_HjM<PbexDvr@Ml=;X
zZ`PX;r=cK45BO$^EOn^H_Rqz}=_tzj4Z^M5q608!G~=2W?KahRI!|*~qv7oWX;>Z?
zYQ8^VlKc+k!n7Rc5#{xN-?nMZkRb0Jx730slzp^hhSomOM?ite$GAMi7a-laK>%mZ
z3}TG^-g*6WaMxC_!t30a1-^@bXm&NnbuGJo@7O!fwb0ud$b<)c4*bY6BfJieao0I{
z#7rLem`wuYtda**(1AZ-3Zg`cKgdoiG3LL@aq6xIj<#}abIRO*vf9et%yC<5`0;te
zlhO2yiT)|uBKQIe;jyWiXFssNf^yIbI;z1e+IWd<6J0}gWtl$%WB+6w@yb2IF~{wB
zue`Q!*OsS)YUDb*fd|JiianLsE%sD$MIyG=szVA&azh+aogM7k+OUp0m7Kx3b9v<?
z+;D2e3t$ZrJ?wUW^+rqSk(Sz(77#dBmwHc6CX^}*_E6~z#UR*(w;6G{s?1iPxXWa%
zsK=-jl^5|esprG{lonOX&I5vk7I<PVRaDS|o$_kA>S$3w1vXe~i1nJoswz`r`qJo4
z_L5_8C7^xfMuy2FrZoR1*|-Xd4O#Vwk7o(J%<Jp2SgqlI2G8PDUI3TOavyk1RbFUW
z{u;PW>#QMAl{_~U@U(%a(vve>ocH2v(+Wbi@z%jnWNo<Ag0&79=&TWMQ>u&bzffCl
zdIXPcT&r<4xDvP(zCkS3`I*?bT3ks<A_a&5CY1o^(`uc-qXd$7NMGm;xEy34B_#_u
z&E>1c7{g0{O@X;9Dz%vL&Z@Q1ve-$PZB&=403!vx8<(CYmb^r;lU0{XYC#T!zyt;c
zA$ZxEUL|UihoQr$-}l5z7d$YEBk|i<m`+yjuqGo?ehJv5YU!Y2^{Dk4U~R>q%Ig1H
zymqN>NWfbN*Cx5Q0RpIaA%;$s?`IL{obF)`Rf)8J@k(sn`g+^tPXLZLEg!t_-?V&C
zHE&uz03|mqp8!zpCIl4weue5%r-yu<E6wEfuje_W(^$UV@NMTkMe$~~6!3AD;*J8w
zvbB5pC&6;6-_vr6*V_9gO1)iOZH*0Yl*86I)fbWLib(g-8PupeWq*eL*ub&9KS+83
zEV4d-*ba1&qrLICv6pmMBx63IHV22wN7R70oxU(2vdH78T_K|nX$?$qD%58yK*){^
zK|6ujkhm{59Rf4m9J9_307LjjNlS3nF`M@1l2+Q%o>>m)*3(M*E#uC?vew&XWKxk9
zNq27tk<w!?q<i<aXvHUp&bBJQsT~efUTngDtlbs$!j`sWrJhR8FX(r=E@^_G$>Xu6
z^BS)|jAB0~t!AV)LyTs?8bN5njxtsQ35-MJC#OV#0uppK>6yjbB+D)NW-;t<rGfG0
zmJPzYa9ZViD5u#0mhL4G&hlKhG^5-K=q5tnWPlr7Qy>Sxa${|cgA+Zaf1I+}=U;Gt
z?>``|<f+g0iyvVUQ#Skj5gnp{9WeyJ(6J@p<pu|Qf(gM#`XrMg$`A5Gb|x(;Pnw`E
z)n(x}&#T&!Iyjd+E%Oh`YK7}Q#fKxjq37{q2<I-~H**N=Df`#MT-BEkD{-Xpb8RGz
zEqSEN^W{jE7W3tDrSl@c_?!AphYsIp=zzb10vas^={|Jedmn;C;fVqtvwKsPx`<VX
zrvzftvg@M4zn2Amv>NlmNKy=Kq$y*0w2}pJsYvq&c_mY_%Pqh8f#(Dv{tgKwynG+o
zt_5hG_zUq8`Yt#MTvkkiBbMN@@AsJfm%&O16%Sd!x>;EV006id000yK0GDBe2o-<C
zS=(~kI1+uIs`&?$o|4*7)Xf*AY^Ai$%JIZ<Jd)$7-4_=~LK0$<U;t2#{6qU8`(txJ
zUF<>AiDxRac}YqQpu5pH-F=!qdh;bq*-~gDRes!PH(L!R@>nG@pC30qUX6mo1~ZoD
z2~SlnjvFgs8gB+a|8!)GWjLFg<Hmo&+TwK>ns^~HZknnPIaX#$XWZhao`<H;f+uDn
zgw4{h(`xO98JBs3#j4EhaiiDoHdvX<&!sq7OWOPW#^A`v!I2$I%ZLr3;3%|%qtMAV
zaskJsT@ktEwlu!<L}i)CtuKBj=L=tUp{$FEoJo=RYv=0D7mY<C%gmR4Kp1~~*{Dos
zGEJ%0i*QJ^DlM4IXUbogh@}*FY+8RyZpB<_5|b-sdFpGr)M~DUp`l8Zp*~(|JQ;97
z{h0|3&<F+q#J8ygG9qpS`#3rG_nv+{d+W;_d<^iT`CW4^?V^lIBXq2Ci|1;_Dhr4A
zr52&C?j7umm<mJTqu=$B5($4hvmzt6bPrU&@>a}vnObJ0O$EWx?vfH({nfX^#99^>
z>BL^B>VKZT^mko}c#*4A&7~l2o%4KN@;O}?zMuMfhSwyTQxTVSN%60Ij+Y@&|AiMk
z7lz#OJ<!Jqe*dZYy-X#~*`?C9oR>8xr%+g9=pz7O7lJj;vI1vW3ZQ=iD7)8du&A^a
zQL~E81!9lAn?0NI#MF#&wno9jxj%+P503OD{xSD#$x{@xRwEo7#R#=_8Z%U|wv*@)
z;I-cJ8zAk<ovC&%xHhm}9qu?uSn0Ea|NVDu$yxaGMy5zgB*dB1IOCa2SJZ?nr>{-H
zV>pR=i5ysp21@Nzq#}Q|xVqh<X7%$=sK}6{8?2xnSGDo4Irrxy@VE$9Wr!sYxF?9d
zT1c~gFt*@^<*2TaK<=eV-6A=;Wh+7I^3?)Gh2bE;#^WlVT)r`GjEW_|lQ^W<ooYWd
zE?|WhMJi(+rGlXwF(d}+ly$z!Il;E)W#!?v3A}<AuvfXn;Z}dH*sRp<_haAS>mQtx
z<Wgf)72G1{c}y$x?sXY@gkXTcOn&jN#cxS?`I0m#z9hTM6Ln!*Zq`OkIjb>B8`&q)
zjBiPwD#-O|P0PL#kP~HyhH1=cMXpL7sbEu?6?E@A(r2BSK;YW3e1aYzS^1L7)B(wV
z59d&w+`&(a&!vCVw2_V_dc!EZn1mllXBhJ@Pp*yr@xeFmwwu^71(n0i9lr=+f3h(j
z)-jP&&5H&5wG@;pOox}g8N&+##6pthH@rM!W1gdV)iJH#h9h<f_QSQW3l3`TQk<an
z;S5=t2sEMy-G~yvOQ9?F2~I*frlS&IlQFrETe#tLVR(Q3pL!)59(J<j14Ltb?~A|=
zP<d*}?Dd+1`zI(}8ji>0ef}-X1<5}MX;CCsnGj5IO;ouYVIRO|GI?J;l&>bP$yF4g
zn<@t#7-~-qucr)jAg$o?<c@XF$W?^BQ~H(-i-Nrc6i}*3NzK=LZqNskC$>xrjo$CH
z(7NgnfysXb>rg<J?-#*4PUne}g>-z1fh{M}VVctJiq696rK&NSkl;^$J!fM%UuOu(
z%+G|?Ux6=V!q$X?sutEd>f>w0lo#et?PjBDvh&YO*Sgp>PfL<^JD)J|<umCfLxhH?
zP^HEgF+%&J+VxV>be;&z2f$ZS>B9(_AdRe2$t!<HCo8Iv3z2{<M5|r@-_&IXOLFrm
zSQqS2`9hT`xJs__Ri;V<GPa2_gKZ8%gPUQpiybj}@h}MGJQEdp*iyAujy$*l2eVyK
z+LskG!GvuwHp$q$@h^TQGw@`d6|emj)J7s(*H_oeEiBwEz_O5n;M)%5u9!YdOXTeL
zo5O#2dVjMs)D(I1lcA6O9nB#-m+{S(;rw4so9KtwjZy`}R%!IwAL2kwY5jKGm+fY+
z+3|6F+Uhi0M9N#eg9F}a1^s?+FX%-H5BlA1H|Whey?(pB-|e*zNqfauz;u}tXroLp
z+DV<X?t{ccn5qzw8dOHR;oe`Hoca=cZ^D1{QPUy1;^0sm_M%|_V6PSQdQm^<Cwm7$
z(vKqE@9uTF2ZUY6sVWnz6~3(z_7s{&ewpw&>hUdQeZ^C)%EE-VVzqQ%Ji<b&rF1nk
z9LrcMqh_}GUaYRG#cGQQzvjzUksl0kknn!L-3$6r3$J<DZwH6{ZXE3O_T%UvYW06Q
z9a8eSp1V&3zAEp!&(Z8(ccb}PxBa9t(CZ*qMXBck@xc^c*Smg<Ti<YMW(ktMgP+j)
ztk7-2@b`GJ)oz~oj7IR=Wx%B-y?v+YZ-831Li#*Ew}k$rjI?Td$oJ?$oxg%_xmD&8
z{;(=YW?g`k`1?i}aDCZ2;e9Es4E|w`=jP02-#0+~6&N8{PrmB6LOI2!K2g<w(k^=4
z*?t%OC+KvNe$eam<KQrA$3e2+>CE<eQKui#KSn$%!Y|BAqH{dYEStM>Tepgq<32d2
z7_clQb@;6G5aJMjc^Ui;li?5)w`_g{VLJ+yPH$Z%2LJ%LBbUIe1QnKv2nB!aT3K(~
zI1qkcVE=<w=)*1+iX}@vQM<6^cu{QH1Wk|KM_Qt7Arz^SRE`$??>j?Ej^esGnjm{6
z4~|F<hr{`1hSZFnzc|mCb4sPk1RuG<p6@!8CnC-GYUI9qJNNpoqcq_uVS>|<dqI`^
zV*KL|&y!)YCQ=_4B%uy4;c9=FjNG->#jw><$(rUw?TLbN7+VUN6AewdYNe8#0rQ--
z+P>dy876MUfP4pooMgP7FK;tnESFhAXCf(c%C(h3QbsgrK&`Vv)!dSxE8Aaj%(Fxa
zC6;<G5qZlpt2YJAf=+9*t1&1kC7K2UKXOh98@ayQ!cIo`%63rhy*q!lol=xMrD-fA
z2RIt^c`}?ZO(h3bvEUk{uJo1PO5-_^CuQM*xCLx-k+Do)m~Fe`=fFE&3($x2hJGwF
zN!7?rg6L8O(Onhb_gei{yTTPV8$?5;FBr8O3j8+iwzXN;h%hINEl6^Lx@iz^NH526
z;<hqymN6rI(3xh`Je+^yugsG5_&FIaM0#-~9Vs+|;HV;*XHw|{qVy4wV0VFwUZ4-*
zXUW9b$fb;dEo5K~*biC|@{{YFNm7hl^|2(9x(?w9bc4pUtQ)b0c7S^%L#FgGZrwBr
z>?w{U{!8id4M?Lt0jckUJPRXLW`4_&%fZ#q?PPWWF2}{Od2)Z96EFgp0*+(0V8|Cl
zQI?@=`hX`HD#5aJo-t+`=!Z0B(rRCy2Zn}~`74pyzHSF4u=1Aq;c{ua!@9c#ENd<R
z+|~l<Hr&w{1zkcM7`eaZ++*6ZqhxD<5<8Hnt${=tqo@^QmZ?-_^d&)A=re$d@s~@@
z8M*ZsVFMd-K+u2WL^(efR5~eD*@~mY+Ay@7P%GbN=QOoh@pb@e^2-(<%2Tu(MDd$~
z!O8%7t2RP-(8eYO2+PRDm589K?Q((8Su{Axy6FIJ%=FOZk|z2<Y4juT7c&!iTibfF
zbPTlrLQDUKNg>L$Az6&kkm@K$N-f@EV@4U(wDRfdm^pvV=vg>3VNmElD!;DAAQJw0
z#R5}W==Bkm2_7%zu!7K3olFzHnw&SNL4r%(5H1Dy76`S@k`qo<^X#havth`!9ba$R
z5NC=oZJIbNx>-tPDg6Kr|2WGwSHolK@m6lGRxqI_5Q^*t;zE=d0Fq&m(Qp>yRSa9F
zL|(*#iTZy6VNN0dff|Iew25Le6f%WC*}R#gM~2Nd;i6nD7_751W?gsUkOb|?Nb%Lt
z!5uhe+nor^?52Z@?P9SrB3ip~61XRcQhsPIQ1!uSxZ`NNT%k#ZGJ_dj3AFSagD)x@
zo}5y`sr@+)!@eKKk=L1Z_r1s;#NKp2Y<v5?_N;$B=!Kmyj=wbSm3O{XMvV(qcUbc5
zV@Y3D-u@X5aQq8k^#QCN@B7|lFz~$~?9KMOooE{Qy)Wj3H8Pvs)Vlz$sxaS%zA~MA
zLT~SI+qZ@%=r7-qZhE1(4fNr|LT^AzhWCU%tS)s|;sbkv{$Zi-JS_AEw0lDzJwg8n
z0l$Cuu+SUO?hSqC3HnEXe(<o+8_@0zefJ6aM}U6%u+SUO?hXBpyb@kXYlFBZf%J4A
zc-Z^E>|xELXHx+8ehV=9&}Q24$vpm+m&Ca@A55lRG?_)-AZ|~+-X!$l4Rsn$y3?Cq
z5))$Hd?7XchA#0PcsZUCwO$A!)1RKbeAa&*!cP!lViJZiJy}u0V>K7j4LFgP`7RcR
z$l~ylg&~Xy1Q4^DDI~=rrQ_cylt~CPD_!<tLPW<<NvU#JeQUmjb|9r;Q{<2&8T&Zx
z)CgFZ4b=n~$F3!4-$W4JL=fFX(7B1AdlNx#Hv#M!v|cIGHVg!)3k%9WHn-t>-6(&E
zA-B=)c$4WM@S<ri_NU#j6L%-qm~EB#N)HxHnd;J7oE^{=<XV5HTN!v5c~77g+Njeh
z=!=PdP4cRIRV75R|Cq|1{Z~?`4f?4`p&e(RzGihm3FP4ppomkYPHnynGBZ|ez~^d~
z@4nRnWZ29m8ikm=qIo(Jl^hG}J^z2xg2muFD|7$xirii56l`NzXm9T`b;w!ec2#;Y
z%~Uak655HHR7STVg*Cff!Kl-n4))_<=7s$Zq&kDB?+yH5?)Cb!zVEktJ%|d;M5_$%
zoNDd0{IHpAl_3`K$qWRAs@-8>z7q(#;4bie0E|KZYcf%06IJ2F=34FW&Z&RkfUvtO
ziC8!)A*#&K<FT6gifk2JHWlvL`L9d6FILy2+y|X@$8{1cWG|t93y*n`LQ$Kqpoq;@
zP+`V;_V?71gWa{{{_SeX<^u>@?z%&z^EQ?Cs)l9@q_?(T2$C}6`j~2{aj(qru{M!<
zE(CmzVXH4>MPCuQ%D6H`{Jkw6s1`r;*z36td<kIw<2MIpz)r_j=sHWo#Wps)V6n2W
zRj;kZ@dCB^;AZ?6mvO5E6_>x01Ru9b!356*3W0f9ZEXku03j`xz^nune>N_7ZEWmX
z>vP+<5&zzq{tqn2A9~ZFMT&Y)q#K!vZgTN!;@n-^Zx9Jds6l`MK-<dA{qJ2oC{v0p
z+i{#WIr)Q3ycWP>_lL#qzWVVdr`{D7l5jTkqr=emFiUwx*kb7a@_rihd`~LGGDJDU
zLw|*(|KsSde|eP-(j^k=f1*Gs_J9bJgLLRGl_~~}hD?_@NAi#tm_gf|iySE^ibW$6
z=o*OUw9yR1PQwuK9Rc(i1ad@JHC{YsJfF`=iYGiRbIg=og}@Xk;DB6`LRQq$s3V%6
zP|Qgxxa4znnDV?~iB+2dVo|%X-qi@0lp%$qe%SJ^5FPrV-_Vs5f3bzFz%2OX!d41i
zvJ7Vl7YvT0);~`NW2&%VKq}!(!Kxj<@<(wzN8++90$6SVo176!)XHqzAH4$F$&v#<
zym$CRNd%TdKaE<qENDHI0b#e%Yc$=t!e*n^K&lnRc0*Cv)Vpo0=QT^1B1&f{z0|y^
zbzXP9ZPx?0nW0A+e=*V@iYSWB$Bq6KBwdbPp}~x2t8?KAuJj>zvPh>yNOg>)I!6NJ
zF7mY&s5AJPQ+_@4F{L021f)UN0~fgX=zG@!6+>TsD3QRvhgb^Lz%eDNLZYA?={=$W
zmFhxo-4qI4Q=AL^FT?Y9up0Rhy0$`C&&;ffnBQ{fGf*|He|Cagg32*|VZMCt5`+MT
zfZ~`fnC>$qF(q0xLpV<~kerfiN+>l2t%o?F!g62TM5Yfd^An!gx=uR;a(2CCem0-m
z>bR<I0Lh999Ng9fT5Xu8Rt25|4h;Q&<Sd}dlEY}L0VCUx%B_Y}8lk8dW2SMeGW-(2
zEUhzeDwV#Ve}NiZD5Og1{k_1#Q#f5RPWfW>gI=UEG+;1%1Lqr+B*2F<g2CZbDOzo)
zrF3&LuK8zK!ZaJ#6+n%e8a$ulR2@sDg&Bm_jMTL40q@04qun<sZkS~n543h}3EWzc
z>=|o8s-Omyioe%|38q+Kr&tc_uL!=5CkBhS`lmy|e|81=>R+~|>3V0lP|I^HQVsIv
z%80CXf&h=%VtnH&jlQIVTjBs(9K;<~wIt~!!?J#ZR03L)<Vuiti#BL`5odK7hkdW7
zk|e{w0d#+zY3sA;%i`<JT%WC=T#W@r_8MRDQX@b*m?05Q5^WH<(u6q7O*yrPy?_h8
z0L#aoe_%>W33ocqY~vLYs|4U{<Kl;7!{$s$=FZ(o2^SeaUfrUwpawU_J3QAbn2#n%
zE@vEx>~9A@AG9?{nFi>RAi#6osZa^n9F?5eg%rwz+3aNk@-;f;(2fO}6P#%xR|fA2
zjj#Hyu87%!nS2eg6`bz6kx;57-Q1U-TrH1)f8I~!GaV47FYGt-Q@nu7>B<=%j&mt8
z2Xqgk-W+rW2X79d*s*JKS8gn@T{DlB`Q5w*5<lOPFdf$%w}x=SGd%hUgPDh@naP;P
zrgr;OdUu~nxOo)%DDAQ7`&}Q>y&aklb%-D8(0Zst`=Jh<hdOlc?f}ODTzAa0g-YVw
zf1%(TeJ5)cz?WAFu&91d;<y(kNh@eiI<JFP*iV9^*Ksp=-EB^q{chZjljM(@&HrSJ
zzg07KJA;yu4<&x%E`i^{xH5mixYh0itz;Yq{a&vd^v2V1I8DY!<7w*;hvu+mqgK@}
zwD?&7*v0{)FzKL%1FmK#4!nH^4xGVDf9}Qf-x~VcrsX%O|8F&fyxr^nE)4n;>VNcQ
z_1`GWhW@*no%(<L4E>*$bPkWA7c>H5_XgZB7wl{6sYdGm+6Xw-AaJ|~fjtNq8@)0D
znqL+KjKXYyfUDUF0w>RW3<&Ede7VO!>-)ih6O98WdmPx~zy=P)Uls?9!ffDxf2-Mv
z1E<fyfyVg7-U7xo_I>yQPPO`<?$v*<{u}Ba1yN@b1+C6eCm2toZV*p;%~m_<_LFY&
zVP8OYJfqS?%9i~47%#wO{T6QpGN9#G1aaM3%uzyJg48L>H$7sy{sN0T>o*+H&V#1=
zAC<Ei#TVpbofLR0)=OKU;y041e`V$FUXMkE8#3cJ*0qIhDql$_YDKMH)a~5W(1*yO
zgSFcchAhmx>3s!1-Ppu<?j<c#1R=A9W+E2^9FQjXYZsdnc7n{>wEN|@V`hB&8!SaP
z=iIs3XLilto|@*$yLIyoedp(cfE_Qvt$$3|CC*%kFdgLRKU};AkNpV*e`zgo6Z|ty
zWmwAnjS2>VB&=7!z-#oL+hx2=AS>uNU)KLq{Ivg>;nVLtZ2IUp7KF|rok3QCC9Q)s
zRWoha$+!-4{TmA>W4creMnO`;jE?Dox$p)=#BHj>j6zIV;_YY_<0mCm<oJq$5ZAN{
zly0rR0AF`0a&3KIUXfj}f5zzLPl9ARv~JPX1&1l~AUmMnZnk|d)yV*Jh=IdrUVv6h
zwtz$c;DXHw_?&orbay<y_qcexNg~nlx}AY)VDhIM++)|*&i&Y97l^6Ng{h}}JO{gK
z_QMYBGEGNVU1RL<YGw;nSiJ(C=U$|sXd3}zW38FcvH99IAO56Ce<^!Cc%B}Bl+m?h
zX?gpV$TLRWo4`c|Ga`#4$Z5HhV|Sl}k#6tkyP~G;&Qbq$5>0}**M_Jm80JAgjHW@i
zH|d38v)k<^VLfUp;wQ&VyNxiehfYPTvnA0477CeJXN5_~j5?q$kcbIwP=AWX(rjWQ
z4aPR#ITTp49aROZe;%GN6a9+P*?wT`Z<!xe7RO`q7iNolau>dRBVjw6?J+5h*79(c
z(i3pJ5QM1<tRR_iVXUnsMv&q%<s5Qkj2&5^1%@}$f-q^aB@eq`f9Z_c!>;c^%BA_Q
zlRHg=9j;5U53eyz#TM4IV6w8XiA`IRYYTLp**y9$00030mvyTI5x2t61mOh<e|zDG
z+XestC71Dx1QwUV)dUg&-IvwX1SEf)<<bFLi}t}0Z-<BH@|}<D;p=72gBz+elVTXg
z2T>SMk;;sT`7nHcHL3N&KpP@5!lj_Ya7A_adi3*8hv^_)5M?e4lF|T#2t7!L;lh|=
zP_OHBL35%HWI+Xt&7{hSfu@?*GevGec+TsMDC*R$kkAVtFA$IuCaU%7DeISb)&v@V
z+>@BIR7ovo<{*`M-3hA>1;XNXeSNAC7%3x$#{H-j+z>ttqp*&hoQS#WprZEv(se3X
zii~E7R07<wF+WcSN8C^)KvW`y0j<5g@+Vn5C+fN^YM^cbhnzCb%*q}+936t}WFf&G
z!8`h~WQyuxn8vL;6SSUdfT&yV)f?V_uW;D7HPB|osXI^{HSo0c^}bex3E_N7(rdKM
z#^m+XyK!8&YYbdv!w5eNGo0FwCH^XwE=GrBFqPTrLIp}1bV8tubi$N2r$n0zq9E?#
z5VOFX!_SP%+hIsKhge_`4cHG>km^$y+$vHGL;bNNiiQCZDRhIyjH()mfp(04XCwoz
z%_Sb)HVW)1E)@RB=<FS6qd&paRs{M?tyawbmcvj$s$tqGb`2>f<fZ)zgKG!^SOSS-
zk6@=yiKd)kYDVBsGSHH<Y{EFV4a`HDaOJFTma(0~%lu4cuCLRMK%CRJ%+F^t*WIkT
z>mag{0*>3+0MkYUW>wG`;J`3{{4EzXZk#wub_OVM1F7B_NVN@$$}n~tZz^jq1;)ah
z0k2f~LI!3urkc$~aHL?TM1q^hoT7%t3V@aH4Q8)bVE`Y-Mg`90WVMx(+HWW%8qe87
zpbgg@AdTA|I-AkdoN9xS3=wNrqHO2gAF+l|_YKAx6&Zp7rshtxtpmw_`4|JK!WmK;
zd4-KJ<<wB0RUYUIE)9mK1O1gOF=QYdNk&wH<#XM#K;Z&%2JuHTR}^lDS|yUpt%3j{
zM<Ke?0n3(KF)UR^eX4r}T)YF4yrVN*F&mAEUQ8uX*)Ol&ziLDnz;*=YBm@#2XB8%a
zVq`pIJ534`z;+I0(!tGt=t9XklnadlZfqVDn0E-^l_1x!JFio(O0$20DUzm8<1C2Y
z!yB7`k1uwmV+*VvOW%}OZ#-bDi&u?!@Ctr=-eTK_^NXR#qy0pgKVWZ=0amYM*qLjq
zJC>BljE<sT?Jkx!*^XVO^!7W&y7SH(=t<`_#C`PBgA*E$O=v!UHlg*{g!W?-I*(20
z?w<gz0E>G&x<(ar-XU~}aE&H_ub@;=X+I~;W-m&TR;@kmoYY!TKdBv`G#j;(Ze!f&
zcbn~Il6=|Vg3o4xtql^?8I*#3Ea~qaA3j6Twf}0ZUb|gu9Zy=d<5qiIYaC6Q{Uqs~
zG)|%~wklekZDv(}r@+v20Fa$dxwfonA#YFV91!dex>MI+<O2bYzrjB>^d-c+CAp_%
z9xbr{lB&J^7gS+Z-jj1&PN$q+vQL|$K*P0aWLX_L?nbR{H|}+9cBX@!kxsAQv5H{9
z-a<&ot|MExAC{$40xW2bwvdW}qL$A)ZF45h$kH2gV`6515qs-IWO*Sy_nx{GgUFiX
zCb&z^VfcmuLnj<Km@L64r%YVa%(K39kdwcpx?<_|8Sri=-10e#{GiIig9a9XL)RJz
zaQKyUYV4&a0r1p*yU`AV6lv)U*cg1~1t_D%94IND17AdT`VwXs?`MX+r!hl&ok4>1
z0@hUP`0V(9KQZ<G3yJ!7PSBrBn&6TK7iWFsDT@Vzb;|oe>T?fC)t^-P*vHlu7vWQW
z1flKvFudKZddlJYqG`oj+_eU3gFGv_VW&47l4~Q|0cO^~0_eCGVKx-}_YsCWy)9t8
zQ7pr2oI`Ve7vbXD&v3Bv{R8d+)#%s%9#6mey7vQrxW1j2g|7mx4HjcjZ9j0?p<`-p
zDfM7Abq&u&)~NHfj}MS!n^#Tz{=oFP;GPTGyA*ITri){^+Ft7;543YqI1t*$klUT(
z{z(##Yt3F87;@a|)%sC9sdanfUKBOD-EIOLwR-%8*V5**IdZoiH8*LpYT}D28H1wm
zKyzMy*hks81GEms+XK8MN7^1@qa@V*@ZP0h95~$;g9ZW(RCkQ*8DIQ>9q!bH>Tdp&
z>*{p=z*Y78qi0Wf)^wcDSFmR!S)rIPm(;+6;@noj1tsvDF_9A9zHNao;C&BB^_&T9
zUrZ0Wz<lvl{h%8L@a$^;;sdW8aLcjP41vBCqZHRz%Yx0y!oA_`Y>w1m{l6Qdzmu^r
z6}P(F1k@=BHKa28KLr2)!<Ux^1tfppbJ{o%e!rRfA9U_RULarthB&|sO)tIPOxj+_
zT^~9b#<2xfBU@CK!RcRryOs?m;WA8Vf@h9Qz*t(ZR-g2Ff7tyr<ODuZ>?{UGA|ogE
z0vft;J!GB~v6!m5Cqicta^u%ua!K)&q?k^bM;(1wUz6@|4NX1DjUkNF7fyd1xO2+g
zdyy!zaA>Lq2KAZBy0M@6p*!E`A-=2JfngerOhscu$FRT9D%Jg*66Oz#N!o<JiL#oe
zK|CR(AG7atU|6QzY}T@GgMf}XjEpj17MZ&$7#LxV>wc+axjv*cHx5QpQruDURj?>l
z_Z+l_Oi`&VBVY<DA}~c?EX9A_z?kAlFh`lhOhkE$R+67g8RsiWPec**6i#JeNcdGK
z77iEQ-6kp-kXkgC>o-bRtbi$l5}Qq{V-S7Ss|}>|d`{*fW(sU|+}l|2MA37^Cv@eE
zMRiW6$}#O;>$KaMtMj~7iMeCjaK2=|3ZUOU#omCjS)d%t)WYBEEb@P8>X=$#Eb2??
z&g<E*jzZBB!0I+pN<;%g83d8>1Q&8(=+;ZuqvVU-y)lS}Fz;Q0VzImin4!0QlPxIh
zqbQ~-6h0v7CQ7W95Y@uA0KL{0#lrEa0^mcD#MI-=gGGFD6{Juu;#Cq`I0|gJ6)BjB
zd*md9$@&b}69nrnR}Oz#gwu^#G~>lMQ*9&Z`)pBMikjdGHj5mOMzGaRhW)9C6qy1T
z1LFd^ZY2Xi^cJ_8+3fZF2F5F7LbGWMe^2K^Dgw6v?~b!r5hci<;}7rq4OBMlH(*F4
z7r`x*Td&Vk=YlgB`3-Q8e7OAzleo^d=j&{x3X@akN-XGSrh<P9%6XhI6||+!7!2Fe
zJc_(P$ZQBg&T6D>cWcC~5xWBiJhp1Yg8yc}kve5zQ29}^NNH1smoASf%9I;%A~^O4
zP`-raUQ4Z73X#i@yH_sU5r<!zH@}SoN|kv^GqfgOV-cb1wM=mp?zKNgxGKYoY*kRK
z)L54LXPaE!s1biJL#*#`IgS65!rkYfaNF9I!q$<(FHhlj;R6a!r3kA@;ues%ATe^;
zIs}PXhSy|u%c~}ndwVkZ%zo^PTg^3*JFSu@Zf|<x){({sqcL|C1vgyUoj=VHZ@5;w
zMtYfJHNn5aiDiOU1x|Jj;#ePYa)S4;MDj{<v)y_QFMEGhBIkoZxp`_~+*}08?IS%8
zM$fm9ngm4BIN>U;R*;NQaml~7A$C5Xdz~RrlNC@^43^LKrm@|7l<!*Im5*(8dutzS
zTFCE$!ks55jCm-9as`wKp3G(;OWdByZmS8rTs9P4c{o(x8!vm=Qprws6~>aCnM$Z{
zmLg;?OG36}pP5TSb|U*uh$3WXhU{6!ma%2VI(CL(#+c#f_s6}@x#!&X-22>f&$~VE
z`+lOoh74K1*LVK#8HwTSmrAkvdHPv=uj1kRWzZbZS9B_v9du$@43XJ>yZLMUq3*>m
zdttIZ%td~WBrq|X_l(K9&d4%{9F5(SsXAii5J5dK(Y$=<mrNV%U|(M)E#PThhxM<i
zh9k99X?QC*tQr2+1eAT|1d}k@0Vl|!g<t7V3{(5=hckTWxuHOpJ{FF#h+Dl9ucz%x
zAD;mXskKSnwhS?&&oRPTFtK_&m;wKCM*fKw*wtgnx1#zad1D?v7_!t$#$3J4^Fy%0
z-7A2;LcZ}Xd&fqCalqYp#p2W3A>|?k+pwa3cfscD>)>~&uK_jw`j_m$;{1&EkFBXA
zQkRONIk<VO-VN;4`Y@e}JQ5uSVUu1lJmdTZZt)jsjB74&aWc~ICw4pQ*->f`0sM`h
zKZ|Q-iJ5l~u>UPvzh15M^Txr5=C2;Te8z9<?R@l~%@(SiY3HpQ@XYiR*XeV!I>wLE
z{@kR$30Rx9Iis4i3Rsh;u4(fN-{a%3j4g=bu<9D2`)EdU6!uAUKmVG-NJrwY{tKca
zRiS|hTfvnh2aEa`J&ObDKRI>Q0ygN(8tI0C!tb^N?}9PSJJN10n?=wf9Sa-Hf9Qdl
zK{yzf>xuE%)%urQX1Xb~`#U3e7Y9WVDP%Yjzy%|S^M*Kxk>A;Bh4Yy-huV=uYnPi_
z)sweB_Y}RfB#7$|A1ush2f4eu8(<>?FBT?0g6NRNK24^du9J%RL(gK&+Sp8vXjX4W
z9jIQ#W&7kj*tl@!`N(;Ze52UlQC5;|LW*wY!<i2RhT<QOoQ2)BgGA49ma-Cub=4VN
z0FAMxM>ye}gp~V1ieqfW4L5B<2xi61NwN?Ah_tb;+ZQ*8Za)lS9Fr}6lKAdXn#i_p
zkmQ(PvA?iQ1i_<Nb1XPfRxb!N#`$PhdnV?+xbemH+r_X)=At%X1bDGqQl<875!i+G
zut#XoZN27;>$=74!e0_k>DDERvy#|u!T@d;(J{Tmk|c2S`#WR3i5}Wylj7N=oqM-M
z1s<w@e19H;P|Q=@lDMN=epBFnGvoTwBfX>@9rcL!{NJJpmx`}Fl1zG?w4>cDw0^Nz
zt=LFJ>l5KtabzMmj^O+#o5(w?5<2dkGMJC+^#T_>xw&*b!99_i<L&TLSrL?4Yjj@o
zj`*9~JwlK_+oNO6hYgMvrFRfLoUQ+}npSyMS82Y{aKQF5CE+Cj{Nb5u=reF}Z&(q`
zwRifGQYyo(!?11Dzwfx7b$HE%o_X|0r+AgH<n1KsQYSzgE8ixK1Sp?#=`gu50{-g|
zciNQ<YL?s~1x!ZOE&BfjQaPzOUp8R-*kJ;gdAtFcB}I+_`@CPz21`#5T60f*;!0S{
zgyY-~Uhcla=5=i$nQpSXkb<qxQlly^MkU%d`piO%yWW&-KEkvgaw{^}H`JST`-<Q*
z1}#n!;EKUiQBRV^e%<88sLEHVmr)M~oOL&O)%%v0h%mz5U&v{KissSeB%o!dwuh}6
zZ<i`~dqGL(IrMF8%+=jDbH=0gqvbGI>qXsv&h0@kecm$@pFHZ>PC?3u@|VUyWL39A
zRMvP{Md`y@(5$dIiluUbQ*E5lR|oF3GX5CU`}6h6Pljaz(1KTC9|~kQGZE?!udGyl
zlX&O3=57c1902*&X<2++9UvceEm`A>U8(tzo*K7zaJ`A8Bjs?g#HzbBh?JoGsn_I`
zBKbV-YFmBksA5CC?x=}_o13*&(cx3EH?wQneX8GjDf<s*>;KakI5@QqkdZ!HdtgTF
z1+iw_Z{ci=uDV0xk|{4GNfMe3<k(JA-rhfamRb2XE0B=ZL&(V}?gO}e2Djk@b#d1=
zLn_s<J14@=XCD@(SsFCyNyJ%yd4t{c+@+}a2S-&iV~_qtgyUroFx^+$hz|(!tZD22
zybjp3L)e@8WfPLTCGC0bdepwzm{)|CdLPdad!#6JDf6dmA66~>t9$6jKM7T?U#)i2
z5PaM*=rJPevY7Pzo#?p_g2sx*x?@x}L&3q}tsP^z(W{-8jTNeA0%K}XSvwl3YN}ak
zwmE8k%Txa{rvK=#hAv5h;cFysZ}VK`ndHY?#wS;sI_?TF=6(MrEc)X~tP?V`(bey$
zD@mI;B=K6IVXI}SCycnb2+I&)yuB9%UQ{#!puHt=e0fv;d&@w2kO=XcwQPfi`5!xS
zuD{rr8p!vMC+dgmz!ZJcT<!pv+E)@;sS!jO=_qo@Aq@Qu^N-gG-0mpqPgcAZSp}B&
z@ly8P8yT$~2IZuy&80UTtaWrnu=5*2m3*;Xu&kptpfZU6qg8`YdQ(HtU2iYH)y#}*
zdOO64R7v7Lf8gB_sZCE=GrhHEmRhi}m9*6FkkKWsmoOLT=x0CP<G3-39CV*)yj6`C
z0Ya`SJfH_Yts;Nks>QFKusNMlF#qrc6<3p|8{B6;-EUO)-dh_T9Qu-xLD>4*;_=M}
zKucB`K7YMKA&rVkI`>|4&epd+&r3c@5HQPl`1+dGO@QdV*je{Tw_|R=qUM{8ri2U`
zYbkE|zH0Ek_sYIX|8}z4<@fkOjuZ`t{OYrCD_I{(?5uo2&gDuS;%QHz!Tp>+H=F(x
zo_xd`y0C*6q>R80QN4G+n1e-h`P@$(>VUI}$^}um)G6hofzawb0^+lRPbf!r3#Y%C
zf5i{d31H$W?d@hPZYyXN>gjimh9Ok+;FvM)=0Mah#u{8N<5sY3GVThCg0&&#%iqe!
zPlol+p&K0<B%c2%8_o-Vw$tD}@>d`zo8%?@S(5lHyG2?sbSM04PT<{{TLh|e7=4Q6
z)|YEhb|q_B;q2eitFH*g(qg%%ZEuO<Fr`%Id>!EE)W<*N_|}}m8P5j#+s~K$I1B9n
z#UqR&$<u6i*${a#t4@VGcJrH8{x3>r4&voB)p>C3J^K#w)<JA!HD{^uDet3RV2C7Q
zk482A-F<rIk^pgVwsLwr(18kKW&j#y)0#zg-nlF1X4qX_8571DtGYT^vAkaoInn2z
zqXi72IN|>G($*bcy)y?EM>Lj3a^J+YEU2r`92wHt+OxtX=Z2XY8N)H0?gC}SC%Y4{
zl~vaZ$NvDX!r*E+&AX<?U7=W_)0E4Km-BHYt9~|F3x;k{VL7mgsk<aVHZWljg-gqC
zGhV=D%sbkHziL0A-)wfQY`|LAd-3Xy0oSUm(9Ac6YQh_2S_j-Fp3u(K?%h@D`*q(f
zc_B|xb@R3*+G#UrxY^?cdQRf8hSlU@wC}&#O5Zn~6Ilg1^61#YKHvW4$`@#*&1M%H
zkOkU(v)RptIHY7?k?9tjk;YOrl)n69v#{W?Xz<MMJL;#kj9SfGb}u8m5v)yTWWY}1
zs+|s52ttgzeunVEO~N%#Ya<VmrkEv<<pxK5nIMX)0$?z7{M0QT;<dGg4~t~yM;`T!
zW>n~7FF3lnF{?Y`Pl?c-R6t+Gj+kbJHiNflsimrgr;qL+gO=J3(6HqQJp_ri&grxp
z`3f^t=WDO~f94*R{_N%GKR~|dba!q0b-{xS$fr{4_QA5QUfr(Po~s!@+}uF+*5_F^
zV;fjkonVt-M(^T*!{KZb|D%`U=Kw`owa?5{Bv+-p>s>fW^yZc7)=d`$>VKcEX&keP
zINY!JKFRolcY=eUZL{Db$SGPRf7aR67k$Q$`dPnaW}*(pnyL*i)&UPWB{uZ*-8zo+
z76hqx`#|#YZ1TUom#ekZ&BQ5dX;(`}bI`|W;rk{MNVPtc#(_&Bbw5qxxQb=J%4@Y&
zOBz`f829@g8%@*6dny9c=cn8I%C5HTU4E%uw`Lw#EqzFp3O9|%W8|_C&x~0|O7Tw<
zTcew`_&G;?kPP*4Krdodrkp+~vm;-NPj3WM9+Y1ye|b$(cLY<ZkVcNUlaJB-aGH2K
z)Rt!HlvI3v$5+?<(lvTYLu@`$PbSnh*X5Yf5T6ezY0gh`ehQ}6a}Xq-^JcN)GhpOz
z90Xzo&6=e4HakI6mYu!)_F8r5FLDcv?kw^z&D!ynIyaDapgRI7SI;lK$hroLF$|1q
zz$r$v6B}dL*8F3!XN`YCbKRi#fDR@ys{CE->2D5#Q8~j}=Qc4fM0FMuU|Dz1=;CF<
z$|46P?^)Z6V88hMv+O_Z$xIE-=yQ^at81P6d3^WJ=uK(08Z<isb_DOA>D18$sheM<
z=5i4105hAB$d%)o^QMVQYuS~0b~v<M27-AS&P`nrB>^U;4g~Yq{Ihz?3t9rD`N&|s
z5kSxPULK;a1a#hAx%h<VRba^^du;>8MD2X0g-i|t<f+q0<l*KF2LY(y&1bIyS<^?<
z;q=Ps$v>$SEEAdQIXhwD(Ef~xoL2_0d|-bS*yt@qEto->ULtTR+MNd3K7iSFh(o3X
z*0|{ptb5hIsj=wX_AWbOHl?*Av+~C%;?q1oVVkm(cME2!2+b%~fpw}Me+Ylmx{BBi
zB!Ga(NVZ)p&#J8Dt?}6xuUkIRaq>TbE#CT$Hkc4i&?uMcR1fZ#|IV6BrUKl?@F(j9
zAMFTk|G*i}_+VZs+=<fudsM^JElu+jvSQ<u+A-hXkkR(W__yZFpc_9dxBn|(+1wB{
zR1ZBP4aa$yzkA<OBZX_&1lIjZpFK*ba53jNR$}^_)Js+e{w(LY>{kp%J|m#r$KrM{
zUCVb|c|bld8+DIB;anwSRRF^hB06YoNUTRoGn3rX1xY@|UzCj(O=#og^>?x3WlcUh
zeqR+%zV-fCH3xEkb@!oT?w^A{4rb`(@mjI7eW>x$9fq`H5Xy5TKr*8A?tJ_LpVEBv
z!ZllFhg$wlm0;$zPGc6MU{h?2JTzt%d8M<#HCq8C`sPeIPQ{*-0;sT_9&*F$8~(`0
zEzGt#VSVH&nnOt5PDMf7&#RsOZ^-XhknMLIICA0_xPn-*;$bI#5=l~n&TVSgz%VzS
zPR$#upd%@t3~t2uK<D~Imd-Lgp{12`Z=DCvzL#xIL;a5qgxWnK5q>!Az04*C2oM?s
zIzb03!V$POojnU6ejzQGbE4&XXVu<JJC_5=wu%|rfeqE<f(CwCIMGzU6UPmYYoG(4
zzvK@zqlfK}_RXe3kWLi?RQ3TxJ}^Or700llHD>sICrsd>MK$Vm^Q7_8V@(8D(mRD&
zB))X8MIgL1e*JW!s-F7ahP&w!HGM9dX}xK1vun9kB?l-$$~D7G0@%x9xP*$fpClwK
zX-%j|o{CH&nkzl0TOrH4*QOD@ZQ`+dtuS~?u=b3M-=i6uT;TWS2ctPQnBOM>SJmy2
zu4P;+`3Bju=mcW(QNVu?H9=x%#RS0~FhaBs4t~|61X^plWgnk0A22rySRVw?QIDZ-
z;51r6fb2xxJt1VicXjf`Je|0hoRk3F*QYVOTpDV<tOel71J9EC8NXX${ph?Y3e;lB
z-pEd6BvKp{^V!~rmg1HP_Ao;3DBTxoD8=l}B%&I%Y>vq7-MI`D<hSD(EzXk{xo4?p
z`m;tYYCW1>sJgVHv7uFYErvrwL%wP8P#6U8O^&B+!mI-4Vr$lXUQ<|F(bSSI$V0+c
z&0Unwb6E)qVEIeKJEXED_>Kxm*_KfIkyUeZFurt8WGKFiPUT7pDipw>B~Nom^rk5X
zR53e4`Ma43+bVKMO$_Ta4-amTf^o4XG<M&kVGC4|KA6KqE+aMiP;36Ze-4nmKp|r%
zB`K|yA>fk$(=rxqsPQ!2ZvV!8yH9JF;ePYBdFB7eYu-DH^haA~m$tA9s}XMZJSe_V
zd5e%h$d*;Q+|fy&18Ci^PZc>#vb!UNOQ^*d@;Kv*P9)A~6WU4!Vvx5F<ibN@>=2vP
ztUQWFv=Fbvyhk;aZ^e*<(4}2~y#4$!+vDMp#~K?E@!Lk7!~}9TG%s<*BGp|=v!$@F
z#bX(jVD!vZ`OT>aSBIv}g3JfoWm^JBF>j1uqiAF?7zccJt}+g~(Ovb$SM)_GF^JzP
zDXk0`Q9h(6^*FNeTXD3?AwiDLv?m%#(jVZ$J<hc|MvAW?<Gh~S*>(Wk&pZuDe=)0o
z@ipH|RnkjOuJX{UsX!J_N(zZODX*;dm-z5M`d7OoWWuM=tVdj2Yh;G~HyaiC*+`)I
zDXw%Vn{D~RF`_k`sDr0=bvL)hI$)jOmWqa{j;);*<H!8bGa!Ted(*qWNg3qL4?g-p
zF7Fm2tSS0PGT|K@04UTrg5IicP~t8sW-X22&lZBg*fc|U6a@?I-X?o8QmKi3zCYo`
znv)z~HuqbRLRXvE)+B#vMzu1KUVC1GKD4FP-2Uac5(q%V_IXE6P6}4iDaR)TU(cBe
zTCZ(Uj}BTN?2Z+|T-@0WUfj>YtEQf}sUBLDHS>(*T0qjGJuCR{i(uI&l{9IGwj?i%
z3B9cX;RxY;sU{_1L8Fa7H^SMTB#SZZJ!dC$FeoI&sN|U^6!N}lCv7Y8gD*bXk!$JZ
zNjf4>+*KOy7+u4q#cfm?<7H@1pK|Rdqqrvr*=JRqJpMbzYVKN;R=O@vys0;o29xUk
zL{s(%xDd)S*<_ntBnLS3u`wPzf46Zw+@IAt<5wT>E7y6qJ@aK<vQT4n&R4v_jEBr4
z4aOjN99oBG)Tdg5C*|Pqy}DzA7*eheX^M-<eF6_m6smU{4Vdh5RLkh;RmqyHwTt{2
z*$uw6K{QD4oILpmilHi;G`@lhQLjfAuEFGh9fXkBk<th)26aV?Z4GuJ6~zC&g=Yv-
z*&7-8-NZk9^4q<HJG@oBgu`4%dZFtR_Ko|Q?K-<*zDH%N*U%>p{a4qDf*|r12K(B5
zLz{zoP7?fp;*iCi1f=ar_nF3dI6%;-%EvLpAm!3OL~cjgv2ZHb)sXsS&d1o`sbM>C
zmNBy8q;&-`;hlEMxMKePII4fz@fsCIRi_%<$G6m<7O`Ym^B8TydexwEAxqyvPccIK
zj1M-mIN3RY+v>8{l70FKY=|;sJOaZkG!ZRC7?J(+#us`OgqTa4a+o>%5sH9tyQYzb
z)??RBw1r_@kh>~<fNJsXXFJ~IDgf83nd!*a@)|+gmSI%GiuWZeBK{@x8)!L721{)U
zZ5~$(Jbj0uHp*h6*GI4Q(?9J(AD|@CLSqD&2)_!B&#xqv1RH3B>tKn8nj_<-5BzSn
z=dn$P-t)}tzda*Lo(-<WoV?l;6mlYM+A^k0WI2DPw>Hr0;q=aOWPPUsG{w)Ef;r$j
z!eodFLI+|;YA9r<4Q|ap5q>9o0G2-%03F<bS8acprd<%Ny@lJkv=z$lT{uJH+cR9u
z?E*giC4PMhyWhGvARK%Ri-1MXB;_P)fr2mQ%_ex*?IOJRJ=tI)yJV6X)Cz99m{u66
zO`)9yzqI7AV}n4LCV`x)^`n^FPnvQp9ZJx)rR?W?G6#_B>Plop2}Z3+MeWcG!3PQA
zcg_1a^jj=C?|J8xH$U%^^LoH04>UhU^rxO3`?M&Y{l?St8bk<=8oke$2d70>)<hFz
zBDa#3{TYv61z#6%wtzTNlknN;bD7@@k<LHHF@Ln-gG#(ecOc$#T*!P|jtcv8Znry1
zOfz8IH}{5?E(-XH|M7oCiOcj<?jas86J|+#j72!faCZ0LN$^vGyEpVUp6PU!bHOT?
zNX;voPsPm&YhB)2Al{V?x{k%58>grj&h9_TrJW;IsaN|J7Ol_9Q#_Sqk2GJH!_(i|
za!>hmD59u<zX9kddzW=jm5W0_pPjHvp9At!pE{$wSW+?p^3&k_{<8JC(gETVc5&G7
z<2<q1_U=;#Xmh{FjB)hnnKe2q;qQqrh#lPYqD=<G2(}1g^xMg@WguiQ+1}%CpeH|%
zJyU5_=#}U>Q>$VCQ>T0ixsq+LHC4>32M4ydHUUVCaK(i)9R=EKgekY3L1n(}G$X^o
zv3nH_ndDPliKcDS<YFeDR5<bxWI7?(qE=q7K-nAL8}8T&Hf~AMf<f!}G@QNP+#S}o
z7%*2>I&|KO9$Xg>o)qeUvkGu&**)Ni?;Im#?FEZ+i6cbFsxMT641@a>;B(7PIUq8?
zJ5>v>@sbBl9Dl*qARF}>153_J7Q+FHdh#s?|0xjt5P2Gzo+s6NK8+GH4>COC@`|Xq
zvs;_L6A$GD*$=iqPbI&!g|!H8I)t1Y{kQda!Zu3l(jNMA#haq3YaNmj*Oq?d#0tgk
z?Ec9+K`A)dZgPtrHE1COl*w^Xm`4D>h}Txy830JsXq}V;bVu>95ufRGWJ@P>OS18F
z=@9v1PFUR|<Ct|R4n=qBe*=b3@LfXY>vzbOyw`ASrD<t=cCM4qLhZ9*pJqpgmYlp|
zXGVWREf2mu+<N*7J`g}lu;&Ut8}9$HG~~bM57kBK;Xsu1FN3|;|2%EbSORbx#P`E<
z*n|grxx>mh=<>5+&Z;;vXU6d@8-z1?^j?z*AMUmko@2n#(8<qRi}zm@VF_{XA@$=I
z`~kMY-QcYX_3BxXCQ$E@HWhhqz9DjkuP<143HM_>e(~Cyx=zS$d|rZQASS1;duAb?
zF$G7ZevP$y=?og#zJe5K2SEIGU8+$6Oncu;xHPU1#xZ9-+wI-LO>A2|hH-k^_X6Q*
zJ!uY`_Oiu{#-0Qf(abawlIK}RM&v8S0JhMP*dy&DCFXKkUN#|@qlK!GmOtBWJ0>tk
zuPUyQ6Qtg93DV5zK7R=jDdIa0JT(YYrOX$f1wZj1^O*_|SQzPn?FIAP&UrV@{M7qG
za8PQkd@S7ZN6(D*kf1J*mHA+)Nq~8#)`bpc!FgXu@C==h5Ba`&4}^aXASCog%qK+F
zI;pTuCUTK0Jt3g3$MwuYbgklcct`IY-y76(gBEogUi^h^6zM`o%`OiSOxTe*#l_|W
zkCg5w=!M^)HUXk*Zsn{&J=<Z&>Hr<Jb)%Pr45WkEI0>^X93h?PsMlP12@A)tO(t?g
zc~~w!EuYF2mk<0W69(2i_2j#cd0vsvzPUTAHv*|B!3KXk#0!Y7aXsfCygEiY(oua}
z*$4~xruTHz^Xf;`i~@Whj)@Gq1z$-p|NR{gMKb|p@h=aSI*&H~b*}T-nFo%P%Du|2
z5;@)HI*FJ~b~25^1G`LQ&u<cIokuvB=$cje(9uV7@Cp+dXDUQEw;WyRU{+2GkcgFq
z4Gsdvd_2GOgtzbDL~q3Zxd4HLDMWhEQQ7}0eCj0chjI|^xN;H%iu1M3zvEeT=I@sg
zz{)~I0YSsn#*_{={R{am?6uJE9P@S|8$-u1Vx%jmoPOlFK`!$2>=MRV@B#ANP_GJK
z^NfHtu78W641ZKk!PM?e)8i5_Y<s~h@N4adsqSOj3aDEz7<YNbKWnNTXn=ZD15y5>
z0k4GuR#n6v^zNFz*;EqPSUtg0BtDRVVb288X{v0D-&0+Z)&-0y&YzBQ<HIiA<i-}6
z=VT@Lv-NnRA)Zg6GLj;Z1ZQ!VJWRusoY#aJ4o|_sQ^5+`;+U1ijy5TbN@2o-mN#gf
zwx7E^prY*sf7o2bIQyc?J4&VD8tH91O7d9d1~TvGz(KJ1jPaj}xPz7l<O_hc<QqOx
z&LuSW*j~<~+~e)^l!c&f=N5`>Vog60v+gr8JPqA;>#;x9;z52}@CW$`=JDZk;i9Nm
z90;2k^gEbr-bvceQiC^iYjIL<!)d#B5hQnhB&1NLW?)~ydMA=+ycpA7mx=i@8ZkDE
z&(b1WLG{8hCpy5%+l6<)a3)H=@iMf*M?U>!90okgN#3sIOev~D{TwcP$GIzx^JiXJ
zep1dXcm)1b{^M$vvhGU6539hc;6XB0{;jl+IVsR&RliwhGw4OrE7i?K_8!?H8Fw+5
zr|a%QE_ESE_crPTlR;onoGHlUaXAW?8Av}#Gc}_2KxGDCN~OThM5z0ZPtA^J53>nf
z1MM0&>^kb+^30Xw(NaH$Aud9_nexJg8@o8x7M`3qwXV)b1|=3Q^?JUbTO!^brQ{Y3
zt`El<p!~kyR7$*^3#l113j{wiJk|Y@B=iMI|56%dR`2B@niQ``PgZrco%T<?W>=us
zc8+kTmltx-t9=BFrZCsbFlUW_G^q>mVasA3yZ$E9D~Bex$Cn+=V{Nox-3=2kv=YF%
zh>iJI(g_vc{VeM_oCE9hb(~P$+<o!X&j~cM&~}xKc(W(?-#%yEC+Ir+N<7t$zGuHa
zJ9*fne_-RuhRfl7PgClD0#C)et4H41?O_UD&AwI3)dfm`AF2wyaRgH=RGH^14mN+^
zjuF;#A9*2LK1C|e39EIg`mR{Z=M65J){Y+5i&a3rb*3S>GlJ<`SK3d^k9X&O+AfUu
za#xnQ)L~jo{}p<eG*s-rocn{V#lA734fq#Yb)iaqPjGLYDVNsok${=0?}LA9L**yc
z1Fy4gghI*yL1SWBbn}xhty!%_VMoOyrys(AYpR%xPw~zS0W+bvP$GU%`ae6GVgK7j
z0rUa0q395hnpdi)`kwd*nm>Rqz=<i(n9lPRH2z!Kg!_E$M$87!VYaJ16xw8<-4Goy
zpPDSa_kk940j06$f>mR*rO)-nGPf&ov<@^GpG*Ks8<ur;|H?dwh+>S@wO}RAf~qjR
z>572JHuU7!8hf6$ysJ2YqMXPmzj3RocFz?0-d!ec^MfylROWNU+s9~3bj>po!ikHW
z-aGl0;y-$qwQ49zV<l41|DVr3Nq!7bc#fCdrZ=j0^xi%0nc`7ZoI;K4fVvcQC;h*-
zP#(ZNRrRYos=S?x1=crwG0itMNhMzBm@7nu<y@cnxS_q5+2IcM-K$<Y`3+nQ=pPk)
z5Xd-x5!Mr0MPtOe;DGeJefT*A^9lcRMVz%m;Vt1Cd!S1~V#bF8ROSJpE^%N}&QCS@
zJ}2(3F<bS!tlf2M|BeL0?&IgLohu|k$YtQOgCcu&ded3oAZ-g9H~<rs!T6djM^iz=
z=N-B_WBLi3S%S5(=DGL(WMfHkR|~!`VGub@2yCSZKCUURK$S_h%_bWK)|@(x>Ykgu
zP??OLnR6eH2&kT)Guk82;vzNM0e&MSO@O4ZS4g|-EiKvzMHvJRIeahSUomcX0%*35
zUWdf+PX%0R)by;!i(~gGQ$2UuR|0>=p+nFDo59xt{)RS$#vorEJa({-Jm#Bb$^*Y0
zAOCsNz!OQ_YLBOb=aYo%;jcR|E0JDOHgG2V-%n?W^B=&%2BI=NuosyR+Zv6Q1{Gl0
zZe4>~)zbSzDL;I{7c7gN#B!X6fgkMl^GP2K8}7XG#7(2`<Ug_5O{4Ndk-Gt)^1KRM
z+iuWyD23~(QOEU~UMJpwNnxXpU2M|?(~*{~rvi-wY%&+phyq*35<no((Nj9Y6)4ov
zW8R^+3|c-5MYyy%3m<uM1ayXSg`!yTZaTKd%$mPTS%T79hc7~$0>ife7^<iXj+y<D
zI+3=p9fd6HogOt@G~qb;cQ41z1hTh!4f1<teL&;)tuU(5%>KYY4?p2)M3VDSsayYo
zoP{O3U3j){;_A`Keh=_H+{tY4*nh#QSvc_|vTfj6?Yxnk8S*LQgGUV2FtlVd5hJ+4
ziR?&?xrLR9w8n*i)b{|9y$D(mt^c&|=jN>-T7ql~f=SaA?Sisuw>iqDoFA&x2ZA+~
z$wmxIqGYZ^hpyAvpln<KTaw18`9f{%aY^emS(PF1^RDi;8pz`ir{FwH(ft+oD_ZQm
zN#9bZ!n}$n0VVD;yp%1ER>q7s8Ct9a&mYXQw`N^o-3Vp`CMsy#+`@F1J8g+~+HLlq
z(e8Xs5XY8^3T^fNTGxM{J6YQq%W9m!)$pnk_24AQ(fUt&rqFL&hN;VA{5w{U2JPgX
z;fynK=nTk3gQ(=S@$ZGwE^b1Xs_u8C-fNjB)$XwTkzKIH+y31R!^N?FCI<aE_bT!3
zpG5GSXlqQ-06qKP!-?(_dg^MA5aLZr$2E%{uE<_$$`tC>FO1Tu6IPZwc+r2|nWOOu
zgs<I(oT0~OL$;uiCA(~%mx%g=m=2ntnfLpycc(p#KY+dQyT33b*5O9M?n{=YUFmZ6
z@^8zE>at=>^#M<Qvdz4EaWSu^Xnt-;d-0)46S_lW4Jd+JU2e_OhDKL^<7?aQck$hP
zDQKR^bvPT;E)`4(uVRVF@{^4t6Pg3W&$N_;a1fTB{ZmkA2S$O&B5*^$NmDKuCWgE!
zU;Mcn;33W!{UW7>R%@;YydTtRE?XLVYc7yJkYN4N%Gz7@dMYVJE5T;uAWKeg3<;Jm
zE-HZoHke3x<>K0z3>u?Uu4ej?y;FF~fM`{Jlg`6$_J!85TK(jid#CorwgOy?^IpFI
z4pKI)k-$9xwpKdpMZ0?2U+uk|D9Zv$<Kmlk8~pdnq?Sbs9&BZRnPB6c+`kN9>D;<E
ziy*%fw|r04MKc4ePbG<~w>Pv@-u!CA<$hXVO`OeX35LB2sliK=#P})9?dEtZy7R0I
z7pwrIVe^VG=>c8d?`(dZU;F9tjtUaJ0og)m3!1Z%f;4Y8+6qzXox5KcSKe|GS;s8)
zTOaT=tdZD7_fM<7G3JjSU3j7O8^Rn*LD=I#G!;4|T<F&%ggv4B?amqOcLH)<RTbEF
z{0IneAH&c!eEe0eAAxIkO=Aqlv8ND=ZPx{aJ!#hOT<T1R5<`qM_O4IPf2Kvzf^_$8
z_pG*xIe2A=6?timyp=n6`rEgoqm)K-w|%;F?n*Wi)}c+A=vHBXKZMO7S3NJ0o}Xeq
zceoGw{!@Pcr1TLaR%mlm#5BEC04Uh?V8Bo%{KXFX?3DD&Al7=gkm^>#%ZupZB_vx~
z4`#ph?BtS-N&LQ@;=~qYz-h2C*|C2S6d?3|h-r8>=kfPTse)rdX#p-W50HBjBO*gN
ztRls1m5&wTd<0xLxB=Q%mvPcNR;nuAc0Em@4`(KRyug5?m3W=!ao&|TfiIp`7!`iy
zBb^lYuu{r=Bq{tz72g6?>nkns6Z7n-&9q`fxlrK5(Hl|hQ%4z2*7(qk-o?|ay`E9j
zXcFYk8(Q?AYa6fXRQeAOxM-2#ly1Avu!om4%gYnz(yYTxDV(_`gRW#=FYwYrtw2C^
zf6>qM6j6aQUE9$Gf8TT8F@FH>b{Z+f9ktnB1ZO*T4kZd~x?EHRDq{5B*j$iB{e26)
z*m$HNLNG}mC<$Xfjy`*d8c-lLQX<*B($0QfZe7EofGs7J;`v*QxwJ5QCaSCBzqiJS
z!-Mp5R2!W9qWLFSMZnjQT_PQ-`^h~22Ip}}4z4xfbMU09|1hw=Zbs{SS3hHAR=(=d
z5acjWI>Sfk#Yh&m+;iV1Fo><Ag&|YHm@~@vQt91*8bEW5q3u?a^H%C|=yIGoI5^<v
zZe`e{6K)2}Q|FU1E4x>wHNL4pdam!_emr;qq_d|fca(s9n=4N?qf3?icN{u*zCByd
znAbXd8uUNfF#>m`QA&z#q$IJGHz=AlF<FNOMOg1%;~UAVX~I_ZF`n<AoJ92_<Xv|y
z<4IT6xr+Q8Pssb-m_fOJmgit}eRbI<jISgUqn#k0f3jQJ3xAcqLt(blX%oQ1oSMgz
zFck&PwQ&PmzT;=G{|fjAYFEFzFs=t&AJSZTw3J?|g9Y3f=Pw9;K|kA6pGQ8Lt86Rp
zY~EfpuWRoW$MD1^KS7w^+x@&NxK{=>5i-UWt?<Bpu1K?M-bNOKF8cSo(KkM^Rl9qY
zi=|uO9%%pdk^xpeaEW}mRbK2AtU_01>AfABp;xar>7v2*pY@~zzSR6?1Jy?!{759M
z?UQsv5*pC4d{EBQ%rbn-=bskc@xAi-^@Fvg%vNJXZ#6rmyPN&Nr*i6H51Vi9P=67x
z=f3Sf{q~Vk^U85Ekm1mfZ*E?t_?dr)aIXc{g3<Out{-;1T|C|i<wn1~uD<$>Ey$eT
z?IP)O7@Vi^PW)f`Gs}<gOAa#fa{~Red!0w@J(8?IP!b<cp0wO>=oyHa&d+*a^oyA_
z{d;N9dx4Z&oh`vUc0fwqQRNT(otyXyo%shRKnh5WjHb)=$3AISWNT&BRC;(Csg)Po
z^F=joE8$H1-pEco-v6yuzc#!JS-Vnt&LxdUNx!<j(s|}IAmXYXzHv=D`5Szb(f|Hr
z;?yZ{dw8IIa$I25SwBO{opI$rqAH>RyZleK2hoL*6|tMV7*&xLnuH5j^wd73UcRFW
z7@WaD+eQL+rFQ}0*Ngm(o;rk24aFLw99`FH{26zJr`}C4{QIEI-qOCw)_MVK%9zU_
z>nFV2a4zG+O|dl|Q`;E~JC-Wt?KYdb0*!#%KWqZ7Wirlb<ov|ug>HVvAcStNW@_De
zAyg7F(EKVvn~n5K8x`Ho%+^Y;x!H~jDHRByZFI}~qP95i{5K><aCQkv1Fj@_u{U<P
zY{S2v3xra48vpIu{q`JhOKc^~Oeo-e-j@$=%_fxkoez`g&kR&78l*C>BI{1-0J?KZ
zcfQ6u@Y$8drp1gAZ*z(=>l`O?Xlz)Oq)+SLmhggpCrGH8O_K~R{La2FSfB-(G1S@U
zhLE!x%^+VE#xtguKLlwydWu!v!GENmIQ~d(C4YCt{$M+6`|CZx{+USAEn91N>ftgW
zYnUh0>&hl=S$XIkyZ#Khb-5BKIxY>)L#SY@zat6|@&0CrZ-}p!8yaEWYX!Nvuig$A
zUEUr!;tm}3-cems%(wHK>euv2Ym>R?KRtW-yz%3_VP(cs*ATO2Vx?7us6dn=s^IzR
zw_iBVV3+n$&F$myN5s$;isENoYOTZ@pp2mWW-k)|dn4<aq_My^AR+vR+v?YZle^w8
z6&loh+ActOTzI1bzZtd5@^@z6#3SAex82_A!~gtVEJBoRdc|k<v_8RSG;19HqOz%&
zbv_~QNqrL1HI5m5czxq_pqfHi!uxlL6upgE-9?YilV=Sq%Rgdk#5+-`4Ql6W@s~dU
z$4_7#F;ZJ~<7i|l0c09vuoacQbQBG?Rz|YZISZx!zH;{LWZIko?#Zw;&@}ayA>!x`
zqx6P<jLo$(%lVkh2Yg4ts805?N>@IM8^~yzG+(q}ug(O{(*Im(+}yc*{u9m8?pXSB
z-BL_yw9Rl}5;zf_r~iS~!k5OKm9E?fWV*B-MwKpXy~Ab+FziH!4PW%{zJIP<d5_%a
z^?x*1tw49qIIjn2y4f>}j0dpDeL5Lv76<|{kuBt)Zvim-xtM)2;mkNJpL{rH>ujyA
z|Gj2u0v$DY=@)&}O6t&bcY}fms>CR?^7R`?9)%|Ijn@cEv~|m5+SNa-R(6(bZ5|=E
zlUzweotJNc3g>>V7+E~(OQ@jVz0Un-&993E=Re1*pU2F#`Sz$B-XJ*84Nbrj$CF2@
zE%Go|D}A-vZ5)8xFNSZo6yEq{PHGIIX*mSZq12ulq2+3~wYdUj<q-pK@?u*IFpSi~
zFfc1Qf;Nu<jB96ZA7E=emsjnZ?cF<(N9OG|en^0J&WRYqeJAao^OqX<EY*fSuf7wJ
z*5Q2X16ocQ#0z+Hc+#BF;906sG5KlKFKhB}V<m5H4)(O%L19$guDynn%_s7!72(aq
zDPR^{*N${t(?%gfxdc=<zZ}}93s|;7WIGMk!elz1B%M$s3z*qoy5ASE!R$$0Y#7Md
z0F-8*-k-jKvIP;WAHmJPWp4$tE)!Wz$S2vQY;vh-VbjI6yX<9^QEq#D)y@oL(|ad2
ze&uX)UqKYTwHx}>0xD$92JXcf@V9_#pxp+(N3-`K3_&}$vTInN<-$n4y=HUjaoK_Y
z(BB0!fURBp#Jn8RV0{vZE#wkG*~F>=$gi3Owof5ukY~^vQb7~gMl}+MriwiYz*lW~
zdxRnu^X)Fm2EE!eXAgigoyF3kUP6tv*CM+)%_F~`Eeb`Q-WW~o6s}k}(`AHs;I8iz
z^^dbk3l)zU(P;70dRO-MF?k=_bpI2srbOSGl_M4re(sb-`kE*G_lVQe^Nk(Av9>ht
z$Z#$mrD+`k)oyqhs9OoOBqs4`C0#vhxKB8t%ePXB`=aW=$35GprOA%hYcAG+d{Q(U
zL4RekVMuq&nOJh)s7BiLh0T8@in*&2zIS>1V?X}k$ZmLx`S>?sLOWF8=Suc3aTBoP
z*|WUwwZbRt)>{#A#1I^-5FZN2pU<Y16!YuxFcKv2Fv2c1eqS0THB5aq!2_(DChAUL
zYRidr<z?d=NKZ-UoK5wCsO*8pY{M+Q(WBFLszo&khPz8P3E+dyNxx^h6|>nCL-96T
zfL}&G;d+4f{wGHg8HT;IdC8eQ-8<QNWrufbB#%eq;|W`3MS?1nMH{G{SDoze>>mN|
zQq`x?yXjjWRlHvQj0c63tnUFqWtci6R9K#yK>r2*AEM&eO5b9dxw`m?ke10L{+V@4
zz2<iDO7|)|9V|I;;!6j(jDFsr*q>X&_%+5G$Z#@G4ebY8FBZmd$Dr12bor{Y&974a
zXiws9jXa@fx<;lB0p!<9E`zw=iLl0b6z0|TY<m`U%6X<Cx}I$33p2oLRP8REXw(;7
zKF2VZ{A)6Gv28;usw#J&U>6}~D^#cGJI-bSk}~?vE?W(5v?X}k`TkOgf$MAR(RfAC
zP94azS|1%ggUoZ5qWwBK^d#qfpyx1fA1G`;Uka=(f1An%R*TlIU3Fnz)%<Sln*&W9
z_)y}p=JAkaPlf!1?sTV9i}u*!0m3%nzK}rLtIgfdE-51isoT#cTRD;sr&5v1Yu20I
zT%`5yy`>7dMQ>6CPdY1gzE`;5q4Nu%=rhsHXYXO#)+|{nLciQLwmW=(H>bj7!fY!w
zq#8)LpTtL9fEjCEY7^ui-d-a$Df1DDnmV#;W`)Fj{(jSr0{%n0-68V-UFe%Uj7a;7
zJ@Y<N@`|@X+xUYu;qy{_zQB0Ylz!TIIXd%ckGI{v*&V8tTj$AD-u%_x^}lUeGXITM
z_T=VpDAv|*HQx8TrsoSThc{_w)w|A&6-eJ4GrkU7`yeI!=}I&ceZ=lX?JET-1@Akr
z{I`Av3<nyS*IKGf*X_0<Pt}R@KFDD$BBJ!9@UJSYs|-F<^4$}}|7Y|ryl?nJRRUHK
zdq<QcLi){wxD4L!q!9S9qR0*27I_f?<DyB=Wq;l8Ma4g26VQB;5hoI;y!aVUXCp{i
z<`y7P$pf<8FXDA3>a=;xepz?iZjl=DT>axy+QO8@)O1M_w_GyvI#y$ieW&C$0y8T#
zgXP9}0)LM4gmR~N&KA2Y@K^ebEC8u{=sxzNO$aM^-;G#5Acd@FJ1)CQ{G+$MQYCpi
zQK)YIbzqC=WQIZC?!P>Hz#}YylGS#+0~~s$E2HX<W{YgmsBkSxnexEd6(|?oy4wv;
zW^|3Wj~~@+Cg<4yN~XTEeb5^JK}XO#a>->x!j|PP<Ty<)39ez{@w`QEuDC9kwb>)1
z5Z)G!)esFZF4{V0Dt=*<h_6cxCk$f=tCD%1p$S{DXBsoIq-TDw`JjOh$t_qQre{|x
zPt-r>osM5WI<j!Ik=r+SreUn7<Hw%+51<Yb;Rn6sAQ0*zhHr}B`%&CrJ_&<fIpYg3
zCWqtMJ592C?p(6{MD224Rw-}0(|3~K>WM)<(uO||cD9J;IJCL|DW^)QyXHPBkbV|S
zqSi#cFFg80nSKKvc!2<8!l1z2D$;?q5cJJ{Fm<KP??<@0RY<qyb@!hyw??)<?Z@%D
zSN)rAL5joHm6v1g@nf6A!5noCf_W83O`&eRd-0OVr>`6-mj>CHV$*&rQN)f^J1}oB
z)AuM+JE8%ui<~V*ZDGz*g@;BFftiUI_IFr5(V4906YS7qk!8KZu-gFX88!bR{5d2&
zZ1`CV`EWiI`tBoG14|?`!wB;A8^61@Rel&P{_EK1FROP8A?OV~aoQ_d6@SgMO?z_m
znr}at7~1fHamjz~R}79ruvfiO>y+g99HrE!qB|HYv-ejED#(uxQA@zhgivc@cB4hd
zrs;PFB5fhV*3Nb+zJLI@sW&gWNBdVLk-D>Ui(o<_UQ|&|PaibJHdSaYK{moPt5VZ(
zc(P{GP|H()rctE9g-L<df-J%h5IX*YG{U`UQX}Uak}VBn*jO#PqYB6Q%-H-qi(k6%
zx8<kSo}o&@9-F2%)z5!8Zd;|Ar4qCLpNF(dm%xKofp_SqfIpj5oP=@bEvL#a8GJt`
zS}INdyw9f|%h`s8KKat<$1JE3v3^K0U~kZp?nR00T<r4<q{K(!vp63oa}Hc~BBvOA
zZfMl3R2dWATxgAq5v&YoTwREW%o6knY+PE%jcm|rU3xXm+(3Rj_EsA}N<W4&^=n6{
zI;0<F9D2>m0Ry%Kxdfm1je>>#gR<o^!x_Pypnc66)##R`SAq-t_=3nleXlOu`O_t=
ztR`Y{#-VzbcV%{2%2N9WX%0RuK0+ZP11UaTj4BC+k~)INuf6&|>EG1;xwcRfc}K7^
zs8Lyj+L9!ZfGj!vNmJ=Y^26G6eg^eWU?|C-&<sC7Cm!fCS~8Y^gVP5a>nnIr?=5?T
z{Dj`k_Bfb=^rlSUH$V)T4qW%uU;JzOu%J=KF7H_K?=e~)dNs?}O5)%Of{plXP?!=@
zVV^D<s~2npMwwsQ@#kA65;__0D|KLqNp!ZJ^4os;tKNI><{|qz57fKSkI5avl)bX=
z0q+3*uQ+^-esYj<Y^gpvpxze~uyHLv?7Z6a^fYlTnYO#g?VAzJ56fbf_vu}w(fyM5
zP3ajG-2ZCL$yrAXMl2*c1!^5!mWT?}l&#hejF|RQW9OpBd@#Qt0<w1*zgGDwV6tsZ
zU2tBRe^2->#pqbfo-xAHUnfmLKch7=@Gb~g>F3h2K9Wn=k8>=SH*C&~3>*Y)`mm)%
z;PvvI&AqP_>g{sRC#2=#0}TH73`TUJ7&}-9*^0T!l2uT9$RA^6eXR<?N{cz~U(fz6
z*39!tblz3rT>7}kgO(qBA0*M)Xmx|gwCEAMf8Y51lb^`1*BQHn<q5d(UNz%0+H_L@
zr<qOkn(kC$_Y6qy#p<lT*J|Bfu<5)-{K%hNy3gKBXwdN%N?F<$L16Km>}Ut*jFQ&e
zkyiq@lOwRh2k<+mtW2w-7^CQ{Gcy;Lue%n$(%keBT_v`>9yDq)=r)d&u`kZ+`RY!Q
zhH?o0&^;BC4X7%gc+7jM8_%t|Ee0g~w&!7AxR;uW|HY@Za!t?XAAU-@5BqS)v+;xd
zFNfbsaqRfkp8ro)X}^~0rL{C&VkHk*@%v=J2)-e>-d<GrLQ=mr|HarhUetTn^ATm1
zS|epvp^wgg6`(z^;X@X#knybvDbEhr^k0^$X2g>B^X0q?!^mfN1v$HM;2yjK*6pO)
z7lOKYAVsrCrBK&}Omc|cnzwt_>y)^7Q9)9Cz-6fTYUwf)T}fy4$TLB8=wDw}y9>D*
zWr1Hpvjo}Zudg4On#)^9cvwZG<wNX*Pz0AVtLSUe=Cc8-S*P)#`nuj9ypPAb9yJ(r
z#t!6(>iTjD8V{;_a=*3$eqDEfKUO^zi*X;4Zs`$vu)E18^nv}fu~;!sa!Y^a=ag}0
zL$iUonY40Z)zS#rsHuLzqG6{w;+ql1OK>~>kq9JC`8Ib+?)lnWj~QmQU(@GQi7g#=
zUz%pI>T%9LsC>0C*o!Wh74sdIx{(tT;nLt1@y)06C&8+7A_J5Nyyp4l6QFu~H#Y0Q
z%dmRQ`ewxN#E&<czN>Dx3dx?lsHX1@>FT?@CBrXDA0e{c6wZm~<$Pt&JCr&nnq1Du
zy1eBh-#tjgD=ZmD>o_CW#K&YDG<}DIq1^!+b8`AQE$1YtvC`pvLFRtu!=oERY3k0J
z*(&<f<MPx#K;o`FMGdVoSmT($MgRq*H!M$2ZsAPrH*rv>JAtWRT{K%B^#&aIAP`>^
zq?tXbdN7IS(l80n^g}!O!I}vcle3anlMp)@zQYVLNxF)IU-qNPRW@I9CnVi852blQ
z=dm{}dmnO2UIjoLpe&(5xwNZAEM3n3mOM<n?`4DlhSd}ODR=m6ea9U*?fFcgE0Rve
zBM_48ikeM$7uLBQ#ltp5WEp3a{RG8I2wUC-ukUy}b$7tZ@?53aTQ2h-SJ({2JaaM#
z;)WkyKV90?$^gM8WX2^gxmq1$E~hVUXZM*u&b`Sdu^t`%;V)|0U7)0vJ!U5xA8REC
z4grAS*?TF0G?7Yw^;ZQ;gnDy)Ga6iMd8})?-t-o0ERx3lb02pxS8QdsMYbM|ZM1%)
zEDP+(E3+navSU*3*3FZ9YUdks2JhCEsaVKas9Ugz|7d7m39;}yjhWn^P-6#|YkR2Z
z`Zm7WfBe*-qht9NHnn$`7e!uBe*HYprNa`)^XW3no0}<SOIR|#3l0h2;m*~~TfeOf
z$@ZS@@p=1N(Xxl1lx=TuvS+HNe|FRCEnnAb$ZQXi4tP7@#i6j$P(dl3L)%Q5X~t-i
zn*VeXWg8I-v}|{3XH9h}^W2QGVm*tW1?1f|XGMxs)3vSk{_2dXmec6DKTB@xbiWVS
zRkDFyV=7A^{qo)Bx;nnID*PcchXIKHq%4iZwX*lU))sz69?yvMI1zKMeMh{>;P$=a
zll_YPL?$_q&CWk168NCp9JW5UDA*&eCk<cEo|V&#F?}|>w>@Pwt8gs+@Ob97fM}$(
zt^A}$q|Io+(M81XOA1k9B-cR)>XTRisz$FIn-|eAuME8ai>-ne4ysv`Beb!UoIhx<
zZ&$Q&Epj`g%Xb!OCb=^FZx0vZCOIY9nw)LWUNnk+dED!@kNv(F3HtKMDoT3ObFoOS
zL!@$7TSuN|FU}OWXb!ZvP?)8j+*vK1o6AeQTe^PjHRqGL>;+%KtfoAne`yR*I=vFB
zy&)SF)8H)N<rD4f{4*w5JVFyhzm#zru^`qH-}+(W_`<C5CA30rP(3T-o6z{LMjDvI
zv8`K>A@3AQvZbU#$)_YwhP06Yyy^7;^{;Ozk0$`N)l%yx)uego-{g2DQbkXdy+Icm
zqT?VJbN|MyHd~|CQ6g269n1@aK?O`4+1*4ug9Una^|TKD>ZhoM!N=~lvO74MdwWF&
zPtfmP<yqrt{BEDo>(hgw&q`Hk6*?S53+t#KDCs5TOy50~-imGg%|uN;u=yOpuP#<?
ztbdD5(BCFa+4ks@J%1yE*K_uBfjmK*9uS{zHF=kZ4PCjw8;*$d?WO_^x6EndSIrRh
zk~KPff~#)9BJlA}8TJECaFTv+r_GZ*^4{TNX^_9We_Z6(o`)3_a4b<%{!jO<@;92A
z!RV*_Ba$w>AcvtPs|dS$fJd)_iEMCH$>Ro)<ckyS@E2Q-Gp4LUAqLn@pFSU>gsQSp
z<;ym`a@$s@<b?{GU)I3MzxV~77uONCpC~lwQsOP$1aDJpnE>B%o8R*MKlrbKi2mBV
zx0(7^3uQWfZU0;lM7nF@(gfIdgQnWD0_l^#N4CqYC<^9YgT@r;r@olk47tO19uC57
z6#N_A@)TJ2tcL!<bIQhMbu_MZQ{a+WBA-{`T-p2+e0CZ|fgQl6q;96P!yD*jtq)bs
z1@4eoyw%fe)r-Nlin&W)ok&cMBunl-NssWsddXxc>Sj)g{o`}aHvWy<P&B8!e=h!g
zX6|6BJ>I!Ks^H+RENsbnDrOye-`T>A+c1oUQ*x~n$71q&{AY@e{9qSOz>ed?`@PiP
zl5>@d>n2!5;vK-~xcpUR)$wh%KfArIMGJU??sP^WZ)h8%Z!%S6Nhlm_6~S)*a(Lx#
zPSF&z40o<hlWTOTCq3qFuKND~mq2L0^bAvntr&-{uQ;&}{H|iL|G@)VZ)b4ft1ze!
z_g%}16SFwLxM5iKH%vzMHxx_#cP*VVlHhAK*q2!Ub2Knk|9Qi#fB%Bw1nazJSnRE0
zsdK(!LF;hF^*p?7@~lI?QX#6t<ew6pV7;Xj!+&_u%^9ZtMU!DYR1`}+)C_ZPyzb#m
z#ac#U8y9@-f{qug_l;*A?i$ZB<{uiAov&z6Jz?_|CqnG$)rrmD;A;suULJJ6?skno
z3o7?st%rlK3Y)}`f2UdL8c#nYN#{}e+l)(lm`C_Wd`_|KMHduf|ML-7BsLquqxD%X
zvF#?q`sC62k)AzEhkAzZQ=WQOh@k`Z<Z<Vbo;$`<&$;|SpS*{8L_EtbV_$K=Hj-oU
zZCzF;4?Srcc@#YLTz1{Dw#jqdk^a-dV=o>1*d8u;xZ>fue}|hMZhN@r;l77?)H&Of
zd8Is@@o>(=Ji0uRuNr2bY$%pG=Mm*BV+xl|;}2pSbxfY)g~y09ofGI|eZ?}4c=U5r
zhoNFjd!Kh{!?N$^;hKke<T&FVMt^837Q56n{t)^=&*V9#cD%T$M<lM?A4w|~JHunW
zqduP_M!AmTf5PL($<xm8$ZqCKJF{t+dh+ORjf;H=#cJm*9oA3Z_-Wet52(D@dBaC(
z=M_u+<P5Wq<rOFIM*Z;E?P!c_czDypZHqgL`r(n;k#0QNn)+j>%<Y&w>nETwu<@Aj
za8|L@PhPRuA0Brd)lb=Y)(?-Zj_QZUQxmg(w&S=7f5&5}ITl#1T}y}c<GxpU_Menu
znFo0cb<}^dilu%khGi~OEd7VCp@_=T_3)O-v(NM`P1=oQLG@&xNhwx4Y*_5D$%q|R
ztag~#`iUINZ2hEd^6V!(B08!E_h$xekyI@8kTT4Dr_f{?Ze}d)$+QjAkLtwo2jm!J
ztxw$Je<N@E6+C*FJohWMEzO6pR^?I5tWR0XKRRfO9B{P%#$$+mKa-e4w*Wr67tiC4
znLd5aw#ciW+%cYhc-PW-4x(GeAB9g__&$xx^=Zv8*OEMfIMTln%S^isPlm?`M|y6G
z{4IzySj*f8+ybv_mIH2A<2vfeBY#<zL%0Nje}l<9aN2MHEXUE>o?*>+vEiOf+i(){
z9ZQq8qDPE6Im#ys9@D&#t4kAupT@4qoZ*AOdBcZ*c{DC%W`G->%%;cls9VZVp2yn~
zGacD%v$#C&HR5@EEpZAm1;csxgcZZgs}ti>ZYz#^%I$bOkDS$XPPw#)vxcYXBN;vj
ze_SC(J<}~{7*F3)j#!00#5*4Eikd$8q=!QfXFQzsaNfhk7$0;MV(9P^FUE7PBRMa5
z;eJiVr4%PlBj1eSByini<le6FXTdiO%l*W2nvU#s5Sy=+QeOA)O@?u^h8edR%U}&+
zaXCG-4bx5Jah$Ak+=+KZ#kh|dy0Y<de=j5EXI(Akr(A;=`Xq7LF#Z7IZkjyzE;@=~
zpW*))&os9^o=0KQR*0?k(&y2mOdq}6;ijwTnSh>hEGgvoV_lpxo^cDFOi{7OR6LoQ
zCsX%icpRqMH{4J6WOy7Vb+{9kjwiqC$@7R+#-(ma#gZ?NK#kJO5F?#CaN*IGf8>wj
zzH`NRj_aoJY`dPN^AKdV<8%@(b3yBh{uPgqjMC2=X550wJczjESO)gfi`((yZp9e)
z1&GbI_l=kP0v7jn-WRwy$afAn+Be{lk9+MoZD7v$lfY%*`{X`L;98oF*i0U`80|}U
zEPd`@@wi2`X(!yaV$3Niw;SUFe@Ikh5^1c31H-s8>UfkQ;^Mi5CCB3vi4S64s3?~H
z#^Vs#_YPohWJ59L8r-us%>BbQvDHb}c-BeJ;@*im**0GGAr}X82ai?UTPGZTY4AG7
zVGoTms1wc|JPt9MJDP^8pgM+Uf#;skI(Z29*LXaj_5rNZiA~Rz@zj&Yf0eR~ypPb0
z<)@r`a-e4bJW9_b_;?SKGNxxu<ZTbr!wnB_7~YR)O~WB@%aiGOGCaDEI?UkG*SuiE
zVWpO|jNBJZ8m4XGk#{T?_eHCQxi8A20JTog=Z$|6G96-@mvfgy20nJ$l?`*Bt!|k6
zY)!*S@GZmKXX|(}J;SmFe<4QthpE5u+;dAVYhK)QOA|xp2rfK|jeU}P0&T@uC*JLP
zCX>R~JWdTV)0{(jBpUH7FprKS=3Jj8wt28%yzJW;KH+}DwG`u#HTcQK(+=~vvdAv&
z8b1REhR3ZT{WsnN%%jJc7v<~3$SXtrmB-dta*W4^kw1kCkKBVie;)0^y;{Yyci_H!
z(RkiN*)V<%e9L&I-;epTZYSpPT*_*s!<5S?PSQ{2v0SV}#?2Ye{URQdr99?7#k#jo
zT)Slwe|2Bl)(9Py!F(FHuE^;9I39t;zQl2~W$COV{l4*Mv3Xcr6B*e*?<ki2^RDry
zv46g0JncgUCRF=pf8geTWBW-Sbr|aw^;PiE7%Yp7?G+p5_^Mi(2hjU?1QgR}A85w>
ztlLzKxe514jb|Oo5m1olzQMN1aBj+9)^f?-onrAf8pP0z{d2>3=G8LHXE53pmur*0
zmrn3hRCdgk#OBY0#vgT`c3I<(;_I^U2hg+Rh#}}nEXNNSf94TJk=@ub`6-lZ$M_Im
z^SC6|3DZwKJ-|GUD2iJ)o@2ZQ9PfvljNdLC;~U@)%X7APu0Uk8U3hd5)11a-%hF^$
z>=+jRkVYN0i#(4MitwCbS+5m{&A;MtK~bAl46~lAUR)mS6Q$GjaNol`jwq5zdpPG|
z9t#!8)IGdue^~Y+6ia{D0*>lxoBW<WTm;nzAI*2UXC-~d`HsikME8pehC@(1eujJ!
zmrcU~a9iU_-|l#rN7h93(=*KH26-$G%ffrCyT;R2q&}!T`z?>G(eVg7W0-zah8Sg;
z!zF9-C$O&Pu|KpeNmxN114KLv&#tW)HvCSvWjMjTe`UqEKZ|Fdo)h_G0_mp|3!gTg
z_JK#gsO`diaO3yE%g)6-d|hJb7UEJgJ_R4UX8b+iH!SWnZ1|R8J|naf=X=m4e?an@
zCeLGDkT2#4>~0z+pI1CfzG7IO^->&?ZyJ{8))XHh-!oo(e&czstsnDv{?pQ=%&zhB
zD~b<^e?B2`pm<i+L5fq-j>c0a^l;k4nOGimt61i;tnrMS^Kjn71rHbFxOkRHagsVz
zjAuGk57#_g_i)3*8*w^Qu1SnG&EmqNL!$Y#Zy27C%ltXzZ|BAEt-x)=;(Hj*fKS#`
z{zq}i5@Y}E4%qfB5A$dd@<*|X&3Twd$VB{xe}_9B?t3`-g37bc&ncchj{Uk^%+I>2
z$Mc8_rq4QT8&4fNF+b({ie(Rc$1umyu427k^MjHO?v2j4Br)pnBrc)x)TgXCsJmdS
zYBF?%-G?PEe#U@%ABu5ruA|2w*nOy$$Ma|f+7tFe9@U_B1Adh8*r9N{#L$5*LiQsn
zf6p}Aip93~i6QeaE<46^A2s_Td3&CX*nE$&Vr-#yo%{sf{FWa0XrF3J;tu-{r;)@q
z_{e{l`>3R^zm*WI^LUO}=F^8<(c`Pi<9V}NT|+VUX%9I5Y(A=omc?cL^JnwXT+p?2
zSk2LMVtL>m_(-3yF6qczkS0di_v4Z=e@vU76+B!n&aF9(i@gi{&cefGm7nzU<rt}$
zjQB-{Ifrg4#-oa#as1gmZ7-jn;ZO3_w!i3-hS^s$ilq<mr}?Z0_Q|YbnG^Ywezb4G
z*Wm;{6ikLX)D2UIhNVLtI+ho8*zt7WPtc=zA@!2x%YGOdrVeSvx-UfR`?~0Fe`i>q
zCPN=-V}#6|kZGC>_lmbH{WI=o9e?hveIB;-V~Q!mpJ}rm9)V2Gc<RQVS3?IjW84S0
z4BL!l@btvTDWiQpBt}2PuUuT(Fvn)gF#A}?F!k>NNBwO}(i!e2cObcK@Ve)Kor6zE
z`qJM*V%vjFE01w8?dA;6U{23^e|#av=x-8N_jt?3A8|ETH+}(0x0J^-sL8R^CnaCG
zPf;{H13#f+7?#o1J-q2*{`5AsIfi9#Q?azQ`(dp&>9>Zt*Ug`CM|GPro@<#<alq$1
zGqF6LF^JQ_Z-TsZYQT}5sY{x}^~^SHfL9-H3Lggb91z>@vy#fo^EN3De}{%=;cuiB
z<C%&Nxt!v}0r*-K57!OLb8d!N-c5_kzSpue#V#49t>_x2d{1>le}J!U{N22lVd+pl
z{1JR9HXnBz6wCT9WBjuFlFJ$|`5I>2cFga09pI=AyX5!y$+QnW@R4nFoU~<M@pcy&
z-pBh^z)_!1li!oh5l|WMe^ELGFP&nX4(iiOr#2#;5b4ytbT%z6{q~m0Cn3`otiQ$U
z8a@cVZ}@iL;K!(^KIfA)OqsG_+Vi?$+W)49TY`0;xkGGg+n!;r*S1XNF!MDY`w}ks
z<0`)&^;RH8U7cpW#$UiHwqtx5eEKI;p1ys<F!yJgit$V@ehF%rfA?5>iWA)D@5dOk
z&C8NblKnPCY`%I%dD*YXn@k>eFbXk`{b$8;ueoJBW!f=6<$|A7J>}k_;@~u7QZbLQ
zOpJW*#-(cf0>)R{FzY1T7}QCI7<J1!sT*b)cNELLjNs3!{8?N=VwwAJUqCVH0e*sF
zDf_13L-5Etim~1~f91A~=Xlw%xZ?jC|1j_B{FJ0GzF%IkJpWK2M!AY?N9Dx^c1`9C
z;`U-5Yr3CS`IES0h*3s9*H<;3eWq@_>|+?uxub17pIhEBd>499@>7})?QmW(e1Ida
zNNj8Nit?zFGp=SBPs+Lt!(1P=O#T9*bz*ruv+*-pcJ6^^e~FRiQC#vKUp35M@Yf9=
z!c#CCim?vOy0-DG+bzShsJU%RGenx0vL*dCE+MhpPrub|8Ri~l-!S`z`#F`*;Zi0R
ze+m0PhWT7vTX8al{@*jqzR_1aUF1$-Q{uw^pK?XT($;0e+$X6JqwED-swPiAr)NBE
z%eL`+MmqKLf0`z7)-d-W%ZlY0>8fIR&be+p>!)EnpOM~(dH7eKmNciSPg=3W%^2o0
z(sPFQ!)IujJj>NlEM@Exqb&5VddA=Fe$55Hpmj+3oMQ1U^NM9%Qy@m%1TJOcSr1ji
z1@|kiZdiWbA@cV74&&uMj-`K+_i=tv@|E>S4mg@qfAZw_%qjGr3*e(?bn7Cc`&|u7
zC&AxMSX|CQo66(f3Z9u)j6IW_>w9?D!@)0UJy0g);k1Y6h@l(j%AE4@TbQaRQ}^(O
zhc`Xk_Hft3Tb4fCsPCm8{)K^V84qVYocD0i!xazLh@n45k!vU~`fqwNZ4Y-nyyfA(
zhj%?3fBf>GO;f;8n}+1~v?=G`H2BC*$XQ&@r+F`KaYWpE*bl)+dwQD|S9}ALPeP_G
z*n9(%k^LW&q3zu<9)7Y*ZL0p9n~H{Mb1H^8FK-zZd!iV9EaTi?jLMGvJ;ed%%`oOM
zCmQB6+f`y)chrpM7^z#_2QfxAytsYf$bZ|Bf4H|Gfx)^a3%qN58hGwkw9X&Lr3f6I
zfzT1&_KFQ3h0GQ)=B7h@(BdyC=H6XsIOLfUisc@C!NX+_R}CM5EvhTVnmy%O9`1O!
zXZR>iui3V^w1>eJ(IIgXIwTc~T`DM+Ik#v$Wy&!R-y1lpt2X&PeeXd~9q`e5A^Df3
ze=THRB1LTV5E^DZWDT<(3W|d}-4$0=ENk|b@v^5B^YFc69=}PqbSTp^p1%54%ul&(
z;7I?z=r-Kee!Ful>_8?ON14B(WuYHCCs@zA$r0OrPSNlzc8Mw`L-~gBDfGjp;vj|o
z&{mvy+0|Sx<`-P~uWB2827FDi_>FTdf8}$0=2Nk>U0t!XUBmb%5O*Wy;amQ-f!#;~
zkFpyn@bR7!W$eCiR^;{fUpd1pSJiL;TvvJ7!*6(a!^2GvZ<-F6v0Tge(7oW&pV9iv
zpg-gcldpRGhG9M*-c^i8Ngi^2!<;MgzpClTGbF_3zZH$=^J5j`Gc1eoyhpI9e;B^^
zv}>D85i-eN({!@9REX`Fy_RC!^DVk9!%Sz#<k^?pUl;l0Vfb}f!;~p2#ywxyF2nr2
zVZ&tDpIgMx|504phR*`0eqGX(dks~^;*-=3%QLr%#RqE|Ccmjz`c<14>CfQOF+L3k
za?AK6_5T}M-e+CMH5H4Gk&H2{e=l*g=VLr=Z`$HM4BI>B#jOL!_v0k)=<(Qr6FW8*
z;83t0PHn3qlOFb+D!9JPu7`iGBHZHMy|TQvKEJ%aCZ7+ucb7}&pIlm8TMsXl*5?=I
z*XJLbyaIphYQV$9_>Z5*@VOU%#?w}Knf4ft)wvq%s*uQq?!NJ>a-0$Ke}8N;bSGoE
z^jIWF{=S&cWPJW4;ulPka;G3SF8LIP<W57bZgMQwv^!lozjEnPX&EJ0Tv-km*Grey
z2Kw)VrVUFWDo@+X=S-|mXDFXS%=d@%e>CQIhUCx2JZ{q1KbGV1m=E9X^Tn9Y4auL2
z`TUUlLd;i(<S)d0P2_i>e=YMZ$Nc7y{1Y+X8cKgD=C_9Amt%f=NWK#D!GvF~)tJYR
zWW0J<kNLSF`KMxDe(x(WsDCx)%R}<d#(ZTc{pVtSV@Uo(=r2u^WPkZKuirmaT3thz
zk$ygjej=y3L5BH1hj{YKVSHx1eeV6``PEW*{|6p88I6-&%ZZ;4e;~g6irD1e=pHGZ
zFW<H_zkKoX{KZnZR$3~ZX9tz^*|)C-a{8Nn4)9riNo@JQ#PKkx6-a$P9+$89-Gh3)
z;;47slUql;hDlKGggZ08bh)$^u9ZtAPA8K7XEDy768>t?w%CL5F273l^z6s!U%{cB
zSA!i(pXFx$shgs7f7O13cMLw?jPG;a_bg}L`<~-dPJ*-iXjy9B_X&KK6XERp*W+``
z`~D61ET_SF`fhvQQ(rtjC;!wA-h29ft&HbEzJTz92p>lH2*Qg9A4RAm{1C!R2p>cE
zIKn3oK8e7+;0D5vAp9u8k0Jax!cQQ)jPR2P8wlLj;hqfle^9v3@iPcNi@^PWCc@7n
zd>Y{w5PlKimk_wF;o5*cKK*L?$MjF>Ptqr&A4H$0g+RZ6bNa6$a4zNC$2o~}1?B|z
zS%g;*{wBib5dIdz=MnxkLI>gRAp8cx-$nQW!rw#qBEsKC=py_BgfAidLxe9Q{3C?l
zMEJ)DJ%oRPfAAHAe~R#12>%S>pCkMWge`=BiSVxw{x!nCLHM@_{|@2bBWxr52ZaBK
zz-IYR2>%)3s|f!Ep^xxi5x$1--w=Kq;lCsN4#NLH*g^Q82)~Q)zYu;8;VQz{5&ky<
zC#U~|@C}6ji}3ph{}1605dJ^H7>)X4lb=O@Mt?vbf8j6a*`L{8=B&T)GskHb-|-*E
zVS8YgOiKAz26oA$mH*tpE_w1-;Df;~#pzyg$z!lTUcNH#dij1KPDjocjP?0q%*XHM
z5IwswpT1eOSAD(|^O-w+{>w367?S_Zf!!IB@5Q{FH5lvjm6&e~$^X`P=)N$XKu1>Z
zp^aSFfADW`?^`dIR>P;}R~P5cEtS@!p0Bvx%~yjCQg{`|OTqTeUns3V6E3R-i{|mZ
zX&SYYoH}6f*^c;`zWif8Nq7I!%DMR^KcmOo)yeRk%p=75|B;ojyt1?qLY?sPT50vz
zTBwf2`r2)9oYpU|Q9g$>dCempuTA@0v(G(ze`bE~aPM7NSiG<Z%e!8xu7_(YNO*o7
z?n!ulemOjc8DV{8wX_f}E{6}k|9uaK7gkm;&8vZC{Im;?ho?)IR-Qr%ON+~;@Z4%?
z{>im4eZIW<_Dndxybuz7_ggi;?^5~7()@WuSXjA?y8N@3SJv_2>BaSOxVE@_aj6t4
ze`O8NeDDm+@$fxMi<cIc=P7&+GZu4MEm=|$`{?qywaQyx4pQQRz6z`VdiY&b&eW0=
zL-#vq{e9RI{@w90F+WG#&iDk{{Povx#~{me(nv>gGM!DskxFa&hb^ru?wBFXg(*hu
zJ&A7~xWLL@Tnpz}e@~tWS5@JqmGkpUe~ZtGx2W<=mos8%`E8fiZll>8PLX=P#l2_k
z{CuT^KC!&My0V1IpI@CnzYZ57T)TX}9L}$Whrj2r^|wi^y%v`%m)E~v8vk8kNg{uL
z94S5c_5|ah6|oa7dW>P+f5iRX_&Ca^B^vOr$Tt)6&8xV}am>9R-Y>d>q>m;Jf7j8^
zF0U?!$Ic!@*TSb`XYub?tk)@b?^7#_h;XTb0fqj#w6JzU`ux4mUWR|OzB<3WwuG(_
z-kW~_ZBklWUJsvMS$#5my0o;U&4Lj^H^%hkOVfVZ-H-OZ$w@yE?VhmjkGbC-U&MN(
z2p@p`?cG+7Y?in-I0)u3AXZU=e-qNRFD|m*uUuXi)mBSumzUOAJe9Hj`wjQX<jX-z
zmqp;%P6c;raTRNtr%O?L&o4g{R#w*57BM2M9WWX$F0XOO>7X1aB4hN@;>Gehhv@tg
z#@xa))M2&6^6rjvA|JFz=)OMwI(+{6xZh)*<oXLf6ZN^(J-qTXwb34ce<YW}mGkE>
zudbGsIZ{_HNC{&NqIzYTpM|aDFI<?1pFY$5c6TqDeYGTwO_PPXLVt_L;W6|e)_Z?K
z>-}E$o@!-fbsa`c@`f3T*MApQS1yI6>iN<VyU%?1#M;X8+tePxKuHh2u((vhWcmvJ
zdpY2Vto#S3V1lP5Q=fe<e>@YJaN5Pf>(oA0?8;MCVJ+ovTmJUsFHcszDnB8+I>}R0
zuTEy<Z%+Oe<u6Z4y*k;Dznk*6BY(H#?~eQpUa$G_WYnvZbMiMYf6MZ>X5Vkfr<VNf
z%3q#)dUbNwzE5K7hWe**y*indzXfjR;2-&lFg&Ler7@o6e}fAje^_2zU-V7O70fDX
z3y-<GCth`L!hb_%jz(iXo{?ZD$I;qXFjKya{`BC)7_81i6SM<;v265CMt}b``95@y
zj30C36YMu1gk&E5=9rtD2oXNZv_tmQyC+^JV^tT*17^bA6@DL9+>D{+y@Jazch7`g
zvv$4Dt|#q!%C0%&e?j@cuKQ5pN$gXF53Q_J(8*U<E?<P1ME_r1c^c)$w6=l~jjIeV
zT58(X66_7i5W1~#KI=(TKy9!d-Xw1DKBRii`Z>RSWPG34A1&n=?vrR4o<MAtJ*oxv
zQ|@bhpn{!(Qux40WOo_)!GI6t5~2iC;;_Gp)l<SfTzVQ)fA)Im;>zkXS})k$K$+>s
z90Q_rJ_f{k;59d~VEZqO{|1S_cKMu_gy#3Cl`3@mEI;ge#Oa=j)7A7sWc@0<nD2lu
zbP2PNDI~_yPkr|dv`@J>ogC7kJ>qG!yz+!v*26w`e`y_EPu7M~{xhb}F*jxHKU^<t
z*{J-i_elR^f6(9O&&KH_hWN*0e*X|(jQQjce=g<^4DkywKRv`(V*bz&ziRvu_b^7(
zF&9F2>c1Y#r-$U9iuvP1d^P4z4Drv#{H;U$b1|P8;-855!$W*I=8p{V7h-<Kc(&g>
z_w%rUp%di%rArl?8?{Yo$j_~;ES2V$Ptc96z&2yBf59Q5gMjJcnbO*A%PUa_fIA|r
z^#|E2cq_f)iD=B>?2z%n_zT_Fyic4H`H%9HyGce57N3*H+)?Pv@xarlUqS8jGy5TJ
zGp{_cn&ml6e@zX+(=Z88jXNzT!i%Nl(kjR63S3~co$8<-#}SuDYHU$@8=B6$u1V*b
zRK%lYe;r^D-KJybHX1{igf%P2)KESg?;M*PS4Z6G3Ho1C$dh{C>E5@z^b98A`GxSk
zaOg1$T);x&nM!GuUT3&y^E;g<nz#8yI36gA)))KXlC|%f-6Iokc4x$z?u+fu_hOzu
zUtWQc;_lP(3g&H11vB$G@l3*d7Z%_kt%a4<e--4q{>%xw8_Ok5-7AzvF{N?efBD?J
ziLS4#Kmpn-9Se~TZ-EYD?#-?cw>#VR`f`uTT=Si<gs+tr?c_o02lNYGD?LiGUt}Q1
zev`&^SVv8Z^+&k?-?JUw;kCmftEgpm_iwHlEdAx{w!=W*NG7VMM<<TCS+Vyu_(ZB_
ze<Z_ibX-u+qJ1CD8(0>}{6w!g#J>-s4*j`G`v>Q3JdGj$1~YZwBJ)4s#xZ+GpE!dZ
zf#1y;Dw^*H^P=Xfd5uc_b<Uqpu9w5UJvj{g49)5K=}$U(l-El)IWpY?aew4W!=LG2
zs~ijPxmOn}vg>-i{0@xBPpt{-DRBe&e@?ik=P!6QKio2j*UWGK4di#T!)C=(i|0$%
z&2#^C@*LRHYdxsfYQKw@7Z<KqpCP<U?Q`rAT9YBHWi)qu^X)h8uAj@)h+K63iSp5P
z+R=$uCZpLX8gGAe|Kw~sDBl!D*81w@(!evOU20&j?wjj}lWsV@n~~my`K2|sf0z2&
zv=3RN$1C?9LznjE-85S7EUfb6HD2!Z+bBSvz&dYn{h4dqDLqkur5Lmh^E>Y4cl-wO
zn{?+_)<%r!<3o9c?u3`mi5tl0CWn0#tVFLZ)d?>roPzD;bL$P{Gv(G6FIAS%=8^r3
zM)9pf`DDC&GB=RVxGT?Jn@46(e+z|f`Ub`i`v4rok$r$`K&Co8Rzr8_2J*SdU0j{V
z0Rz{w2#2m~@j~|pwx4q3hRPRh&t5O*BiG59<E)1jbLf8G@}Ie(a&uSs`c`-5y5$!C
zSMr~|p>ku7PW+qem3#KO_Ws}v<TvT)$X+k6gReQCMeFa#%lUz!{e@8We-?BdeGmMh
z&(Z#k>3-6;<7`G0a;>a4^l|?*x_dh8zf8hAdh7(X^Vj*4c+NO{H=J@T9L!hZPP`>D
zYCmLO<WoUzP}bo+5$?}$e`W9f#HYsh?$`|PR8XFAzuA2XP5;_dkNqKgUjtj!b*;Iv
zuc<=_aR{L_A<2p3a4*DMe=dZkgqI)N{F#OyKX4Pjlm@QxHNL_2b?@~BlgUI(CsUzJ
z6wx$7R`m3QLiB_(QRRvHDjZc2s;UU}p$t<o6;nl(74j<dlvi1!mkx@m&V1imd!L{C
zV?#sU>zlb2oO91U`|PvN+H0@9_WCtzgrn5{SLPe9-s{$-a=tNUe}*ADs5X*oN=C9&
zex&aUkDz{+j-T?glo9E5n;lPPt)LtTxd`ld`l1VeNCP>|Bx+V3&)fa+e7b#e1RLD<
zM&(<jTv&J{tBvE^U&=U^w;DHU12NM$&cy%EJdW$WlyN+Hw~iym!H#3)ad13IwQ<C}
zw(}Aa2<-Ap=XJT9e^Tm&R+mb0%F6SyT#|Yt=4B=M?D|>f<)1#D>%Wxoyl_`3ovl0`
zvyJCse>_!38XnL}bQYYI=u)fESi-5={Cwj}nV;pY#?8ZaJW1={Dtl|(Ecp`0`{9!D
zrZk^2?NWMNPTy}f*RtbXas%**Ism2f9hS}?{hHzv@WIlDf6DkU8$Jc=w&h-DUAKdJ
z*Sl_ye<}D>-fG;e{SxtI?H3+T@?FgI#dR9+cjKqKhZ6YDHhx&=Eq!-Zr2$2#L=PH`
zs}~);>hdtIEMZO7%&TD=#<;`R092BRmCmcu_Oa)jk<Z_VH*CJfH>f<&Gu!aY4*N_X
zvAAs7&0{LZf84LUE2Y$sCVA;m=*D}C;ASCDF602R0m?TsV=&(>P<t-oY{;0c{F-vZ
z((jmAE*0)kW!Yf>C+=U4-{JVK()ZkCMzcd1z-(xw>Yngf^zU{vG_<O(Z`Bd}d7Yi>
zhlbV{3ecC5`bT?EDi@9NlhyDHx>AI93DZqJhirouf4^yU<Hm#Vnq#81_50%H^SbBp
zz0CG^3i|GGoISG-lKNhe)KgP9X_lK!`8=!%4i7+2PMJG3GaR8n$qre(*!kF}`|EGR
zuYvmZwmxV!13B?Jv`@W#3g;8CGooQWZwBi<Tw6W6Z^%viwFSn1MUr}ZSh7LGr+=)E
z_y@jaf0gL9aTj`RsiS&p>H(!^zHLPdzL|QJ5usW>-}f|R2^p=5j}eOieUIvW^MK)<
zMq1iTC?r-$hnBZ``r{(9EKgz|pmqoZj@0$Lf6+XT)%Ha|_Na`;9vQn~$S5wF7pSkR
zf503P-Ag{yuW#u0Ly4U8hSCRNRwY&})`rU)e@GXG<6?3J>jr8>aH9`O`rH9@-81?6
z_aI+)`YY-YmYeN`10A_BuQ})^nr`+U#B8Gh#a@2+-jVd^fIQE2@E(|G{x@K){{9~*
zAE~GDqh3FS8o~JXETmzk7qUXuW>s6GmSBV)`$pXTUI;^80A4J?^QV9ha5b)ghlvOt
ze`?E>(NJ+XiiMol%-os7c>?Fl==L{YVI-zz&RKvuCEs#{HbN*Uh-tLw)wXB%=W~Tz
zKP^#C#CinJ&YSPo@00e#P9%cAkC=hc(UHRXRjY<Ghx3_3+05Z&nwCh1Gra}iTOkRf
zzg6jx?5fW0?yfZ(a)qH>VVBgSC9sdjf2DYSPVk&sZ`gLov8l<;3z-MF!aR_&>zM~V
z(3@M0BrK)+U^qiPC4rFbgXu!HUv+W;h-j#n9vLAJUCm;CkY*3xEoSmCO@bL2NLVJ%
z@$7;==@sDmF_{5Rz$}@z7pe{9eJx)mQk0irU(sr|Qs1ejTbql+A|s*oBGiRNf0}8H
zX0hFd)w!B@QE(3vE~p}5+{CG{2E7V8K)LoAu^({nr<_>dvxe`%evQr2R0HqmW25*P
zZg4eBulxpyPt3UMp$$ra`1;3WR=)z=X3GJcT10(zf0j0o^y0t*Qh?dKqc8sf(G7F^
zq0%HW%lirhsH}QEGGYvT>`Qt(e{x<IY&&wpu=(7oLn8*JqM&uJaa|V##`ol?%Z;`Q
zbGXB3CyD;PYWwTq*Q9yUc-^$S;v<LCM`+0fbF6$8xJf%a>X-elsR3I6sv^xX6?#O9
z^<D@nuVVc9|8@L70XVf7t`MFXuXmaZcmv?x_rXIPvpht?yn((E&ZIppf99{nYUsG_
zuhX-WezZZ~ehTxE7E<Nw*u4?@L8wHi2l`o!Zd`#C7U{+m&ZHY(H(Q5DF0FAZEzG{P
zYnzwA5CcW}a)*Zpb5NO!y_r~K%7P+hkfa+jFS))2ehL$j`OD14pT(xM9_KiIab7op
z&cJ#LN4;*tFP0y*=W%-`e|=;5IeVUx=dQ|;v=wd0u}zMo+OYk?k$<EY&0;^pPYUdK
zIp$$+3$^F^o3dR-+`MV`18@5BSgt`_e~Jd?QU}5C2?pgvdFg@k8-@3lkXo$P2TClN
zQ5E%_Vd^OSPKI+>;f{ETZO^oN?N9E;;VIZsv_FMkFc=lZ&~h;ye{%jQ@?Gt1Ka+m3
zA6rbj5-omIs7aDD?NuQ#rS=kinf^3PG}*&VFf^vzmNmCM!x8n&C)QfTS&G)1^x*TD
zQJ>VQo#@9U_v>Jb8#f=zT|WON@cI*2vrS^2z=+naMM;@8A4_?I5pF{$<4K>cG$JD#
z>EpI%yaQla#NHE@f34fMcX?cCFyU!(ayVPa_&0}XhYd4v+~zy!A;7+J?vbaaF0Z}q
z=g`NgeZn-XPl=`anBEaPE0hzCcL|;lh~yh6e|09Gz#T;=eBVi-_p311KaiRGw#ARP
z>wkbcE#_^pTzV(;UEij?VPTYJCm=k7nNeXk`5xM?dxeqAe}1k->0qk$W%H1s!-%cb
z8_DiJ$cbGX@iy9-2=fs<W{1)Ci~au^IF*gryw{GU<xu8n7y`qr=wPyo{15LxZ^(5D
zQ{+A70cQs7ijxFixf9DCc|m@5qB}b}m|6c=a~F(~0B;zz<Zwz0T!=R?UKws~1$RD}
z!GA1>sOxi+e+A1#t_ax5=H<kOZ|&Z+t83TJ&0Du^0-VkPPLt^K9{;oUMA>7(kGCuw
zC(TM&pZCMI7pAx&YVB49N2S1<iHR&MjWANg!nr2SF2~8Cy(QW@?jPdP`n$kY{{Mxg
z-;?HE<GMqj=gZ$HG@iDd=Y_^|&F7ogHh=Sfi&+D^f2z1SEp-00l)LqSc7YFCz8Z6N
zFav%9oCUUu{m_7rAMPJa!}zP<VI*J$-RI-o1ZdNb%IMR5SWTR@+>hmb@6KB9eW~|j
z;BmcyBvIyzXWkdP)8U-<l=fg}QBU{`=(#81$=iM)p8<iPAb40-_w;aX_{dPMNWTg9
zC3H@uf8&GWL1h||zBuyLO4g)n>(=E@gyFsbK6v3KxRN?3-wjx@FZ|<tO^Dw8Y(42P
z`}rR3O`4rPcdD$Z-v!J(+j13d)!`1g+b8_T9urzf44P+_xz0aEEFu+)o1a+vy97S$
zZXZJaTeyWNIP9jx@5f$pl@EH&$z&3<=uj{1f6y$OGmZBxFxz+cY~Qvfi32(57V{zI
z3ZmBFjj=iKYpTDBTJ>hjrf&4+C&0b;>Nm74p2H4Zh9~w~liZyd-36Z#Z0$Qic0etf
z!Lrd_cV#!s-SE<8@VRdKuOeA!R`_mcyCC1ix7=rb3EYig2K{f--u9AI_&wl%8us#E
ze>WGw|NgZ8ySN?~`}rkssdRAQUPGC&^|Bqqo?tKdsu3)VnUW8-_$_)?v?KhFw8ywX
z8)$+|LJ2b`q5AORD5C5LNTuW4p!_HAg89dJ*xvRl*`pJ0(RIKn5!%1OiWpu)w9Erj
zT}Cn-#Zc-H-SM+u6MziQoY!ohYuBWCf5hz0<w>cx(n#4h-w$(TP<!7e!VxYqArJwH
z(WXZlbwXCeJ3ynz7SQsL9G39aYgCf_H+8fDsU&~!@P6`flyF}L9G5yiPAK61BDkF)
z%hS;%K>kj|jtOUU-u$|Ls!sW;DU`U~d^^&ka=n~HYco-QN&r}ACaO;<g31Cuf0C7w
zw4CGgo=_a^&m_Ej!Txi>wSKpmKE(Ypzd`G_8m?s6VZaMZL;}D<QU(5zKladnjsv~8
zNe6xlFQpc&6YYcG@gZtc#1M-I*}zdeO7E4vLu{|l8_M-%k{18iFUm$7{&1Yn0uZMF
zC;FfV{P#BL{bfiJkmChQtDuvNf4ALZ4agRf+b%^_YgSqqq2Z~HJjgpb0@KpIJXUIU
zfquJPk@pySIbj^uMEHFDsHmJEJlq82de8N?$GZ(J&>n^oEK0&kWm&@iSa@E*nfOG9
zQsUFy5qyGc7QL}b5Q_DZrYoHXf1olV02QC^X6H9STCDXms1P7tR7~V^e@9HPkPAtq
z0~o*}j5OZlZ%$jeKEh=75cchTULs%w!9RJ;&C6*k?HB=WcDY84<VK3(8%6T5J6Fu_
zC#yn%-(YcQ82gs1G7l=r-HzX`^WwBUpR?yH_RP@f+>b1=XUhNB&fUKJ&Kh>ZC?e`*
zqK>|_=VJX0*8d4iA!r)yf2VaPk)>HOXf>D}-*8wsMRC0<*-=>hh0hTtM%+y4^pO70
z<IMUE5F!MYW2+1K{Q!iQ$iUx_;tb(oqV{+vLEnE@FYEu~I&XQcJoX^IRrzQ7V;;2f
z1`;<Kgu9W#urXi-76RS%z|@(B(E$p>txSm&v9^_dm#EU0qZIJqe=uFK#0yh=JBd%A
zki~-iUgE8Xei4qI*+N5kby{)kyLH4oB4-`1PK*=R*ZHP><Ias8$=#!vkwb2EC3WZc
zG??OO|H^e}b)r6D{+ER(uR5^C+SdymyIbmXwEZ(yXWoCn{9eX@J~>*y!&S$7-^Dzc
z06nCg%`WU!0?$R(f1kz^ymJ+;d@if~r@#^H%uP4tHsV#PzHW54^L7=7S5kEEWki;}
zI+aSTw)X3QFrlns;v=wPAJa+-InR8GxBL$OyX%mP3hU(`>Op#B-d}i>PT1@jJ;(L|
zTJ#%>#m=C-T%P@oId(hz{h?d93~VU%`?d8Wer9J;m-FV5e?3pzb80bn?45GlC&w{4
z9+%^39QC=g_$ANd%=Yi4Uu$Nl7lcJ%aTr202$mt##6~|2|2e_yg;*JyVyurSkJ$p5
zYEjFePO%>r|EN4d1N`C$-_vdu5ggY%pJ5k=c|x0^>-8V2<gYakUhFLI5c;s#`9Fm;
z6Wo}wf0NkHfBD)JjOhbracqv=_mbrf--m_<80Bj4X+E#Ixbk}UWBvCKJBGTr2gR3*
z^@aaguk%B7Y%{-s^Qc-qeS_-a+#7`dllE2jHGBW7)zj8hM;7h>^dszlSm#y!Ewk0r
zw{!wZ-wZ)X;dBh|;rATHnRs`LTSryRZsG5&D>x&Af3b1)6x_FJbsfDHvjpSIy~xI_
zFh%M75hv%+@t%VibEQwQm;4_$3orv7!_HIWpv^nL0Y3$MQ}`73HFL7SW1f3XC7zV}
zS+^J2&&JLC*k1C#>jJ!iy?w05tM)#%iVIt7v|3D}93X7@P`#Z}e7)A^bYx1cLEQT}
zE?40He_w777qydMzntB~d{BhS{nS3bj}a9+bF}N`6`!4XH2&gG7!70U=D<QfHfK(0
z+dtH4?Z3Z;wd5;3b8X`=Hx`C?={SYk3tQQQ;mRlyv%%H%|L<*oIUYTDj`FE4)4_-a
zf`!;E0twY2%i<?pQQ>huI65HSsbppB9Z_u*e^5Nw2ai;2?ef_BLWI_*{R#W0zEPsd
zcmAnd^{QiS`FGI{gE2wa|8bl-&(m(6TZg^DbZ=%5@fqmfB?4jDbTT|d2Ax-}j(GNh
z^~qAKh3N<Vgw^>}Vq}MeKT#{YYILK4GM(WZc0#23)#!$<Gdiy?tu3F|(N-KCQ3!>t
zf9l-$mydhp`4eq7I)4~zD8TP%&6)7~TKZE7@1`D7`?W9P$1UTJb~yfv-S`LVwIAWk
z@d>QAll-#qXA<$k590vQrSQQn6vi;-02q@#pWtgqhl3exZktmS;;hCYGrC{a^9G|Y
zyY_LPTBCfYQu65Y9PuP*2>qhJX?EHze;EWX@@?#>cw;BHV$iyD1X!ES+j6&*h`x=^
zpf--d;F0CPlbG`hy&Kr9t2k+z;({wtdZUs}KBK=HWS3PBelxHGXhQsIxK-Nt7|v%F
z^7C9Cdqw}vmGp%L*%ktXvI`1H{qt0SiGpj=z-KGJUo0q;Z=M_LXuA^;1ND#cf80k^
zPSx*px>S^*LuoqCyZ&rq$Oes<QB<dP=h3e15CS^87T`?2d?_+LR-&i$@el0qOV=sl
zW8>;zy^4-%FyE9PmUuo?smN9h*!UdwW88zM^ZB%R(98ZW6`hx1JahB1h9`gCctX6G
zhOny=9lV5c-A`3sf5qXNtFOOCe^!e3pxEmo4csOAK5}6$W<XHlyySxt=TFa)yCab!
zf_3?+2%jC4_f#o=rb_vqD&@~sDc@J6ythhuUzPH~D&_rE$_J{HKUbxExJvm*mGXR~
zymb8*JJVLhi`)ElO(R)Ajw(Bmkhe}`4?~I;>|?^-Iy0|L`W*Ma%9pg^fBlZ1cKmmF
zYf;`L?1|%e6Sg~>|4TJ~zx;gx4Q0EekK+%9>0|j5q>=7B!hCe4zRuRqO7nLK-cSDd
z{wn;l@5N*1u!BdKFaGOU`Qplut%NtnR@nV7&ZH{~9sUH2LLpfB!@J)w-Y91<8^(nB
z*e1NM6ko!vL@_1o>l0u~e>waqlhO5dp4|sl+82i36UGqY#~3(?fUgbL{9#4BsMNFB
z`c(-pU?BO0@#5`S@#5OxNP04oP`ntxnRwyTmB1}P=t{_&U`DzU)Vn^qas?sQ%IQjJ
zYf)?odkV}<S1Rv&<~a{v5YMnYj<N$sN4n6j08h%Fs76OB^{o_Ne=6>Omd%VG&L>%d
zK-qrkDj%%><Fn#NWyn>c8(rv+=znqcpz6K@Tt59yDQANIN_QT@e2T%6a2RdYqN4@(
z{ng2;7@RFgV5v(z>hJ2Q(}&go+7w<d1i#%BW3)@!vfl&Fp88fw2I&offPICqZLjEm
zAE2Dr6FD*a7dL;Xf2ZB~ag?8ey!;r>fxeJ>JlZ26Dq+a(ys92gdN`ZbE_grtvjp#>
z9eNYamoZLH8sEHB?0i*6;B3zD+52hKllFtqNa#ROV~Uf4D%zok>wOMJNOs&$G){{g
z{=7-VPPbV782nH?vkZH)7RZ|7W(6R^d0h<RIW|j_!Df%Le;VHv0{;40ZWa?P@}n41
z(VH1Qfbf}Ajv{VjUlAe^8{@J!GkQ1!>3;LFW*Pft2Dxm8y?TK<vz#|v^!+JTNTlNy
z(~6OlS&o{{mW{l{ikRB5t$<#jImU6jbU()}5xamh`AS!Q7T1L98Jr2%zc8K#B-4P1
z&ccPeJU>nme|2}xV%7S3MBx~t_YU<csn|YgSNv^#J&6Vj^~1l5zGHj|^&=B<JSWE~
zIbM}x)7QiTQjTqM?2+S$9FNKIq#V!SNd3tLd%hy2a0I}g=ri#PG5zG&DaU<s9Fya5
zzusy5`i_kZbhPfX*jZe2-0wHuMzt*zX_qrDj7pn*e>$?jmjh@-N<?piRGLu`D3zwf
zn&ZTF;my1OT4i~X`($dgvwbZXJ^GSr1T-xVqV2f5K^!zb7mb(W>ddPr9`n9io3&-e
zMAPyhZi{;+h>OPOG)|7Y*W^DJm07#{3;p{++y{4W5$^F%->d%o?jGYZx$ksw1>8Ls
zzew-9e>e~B?mgItxp)ye7qs3j8V_PGqM{<eB|Uod%kPnhS%c=QrX#)o;Nf&0@=J+K
zHk$3t4kAp2-#^-kyQgT6;`&Y7OIN-|_$I<Bh;`!b1@YVzj*Ly>?yd0KbFoC+omPAg
z>$}(=t~_bW8LPvUr39k>I9gebySq-PxZ>Gne`DR@MEc>I%vPS<RyOThCCDNZOm(~u
zec_(<QP4)hr4iTMtGerXxaJ<!UC+lg_onW80j{|xb=OU@mkzEM;+lI<cYhJCx%YI}
zjGf0lp1WR$b?!y~n)B*E+W2c&2w(_LGd^o&fZ(K}$S<T1(Q|;-dr-_X7P3W@evn%R
ze^L_@dMqWR+%#iU^8(0`h!(J2MLQH`TAw#b{oqGvwgNk!9wcLw>3I_KZ!P-zFxHjF
zp&D07AFq2n&v3WQFS=~nAa~m>3kY4<Ah8mYD^UfAww#6yFg75qM$ENzANuUAO{J{H
zd_8zjoo8#MUGBEoF8TFy@SpcUf5LA|e<ABvGYrQZeQMU0T_|i9>CKtFIGHXNHDC&#
z^hsMY->dQq_g3Y5x~$*+9U5m_<#MtBQZq0l{gpUt75dluFVMe<r8-Zxn=OnY<J(jb
zF`Us3&;nWx<!-=#Vco~4JN*W60pShz!w-@plD4#jA4YuKVBiJf?3%?321d~se?t)?
z`%Q|LKQJ(It4zc?p5ymh8!v{mk1`OQ2ZY}h_|q%=gL3jw&d+|H5vz0MH_aO0VVmgE
zIwJ9@*2JRms;<;|hO(L9JxB2#Mqdn<^F0G7=Xsy?>wmy-W89?@beKqS0klB`eOoAv
z0?77Uj43xS68OGR|GgsrmG`>Xe^9R83e-CksW*jnn{l2rW|gZ)+Bz1gcSh>D*i2fF
z@`jYz0E5Ls0t^sGm_eBKqWgQ*#A-Qg%msvdgIjzbY4r1v_Isp#7n8~LBZYb|MCy?<
zA)X|iU4#hLJrW}kwfjt%(r>k}gEN87^G8L#&b_-vsMVd!QQsSQBe)6mf6a0Dc)#(Z
z6OsfnWTZrllwgr=WPJJ+#OqNyc4z%X!<dUVA-X&X5g0>wM{c%Keiy~@qUl5l>wdH3
z4r5GG)1V6!@iqm1P4QM^Q3loxicjPOJw!5$+Hozl{b=;RCg_EWf2h4+P1lQXgvFp2
zD(^ZCzBA}YRPIRpJBItTf6qLM^C|GTV>p-ZhwhB*heRnNCil6+&VI3)-)#cz(N59B
znSA+IeLp`E`;e=j&=rHcP0nwzFFkxXeE>dz$^E%i1G&R1M{_G()Y6sdm0Yz}W`|cw
zeC?G)r<I3#)2led$j^jXMZSGo>@+xd^2=i=L9A;je+O8Fc%!lpf9e9qQ8x!(<IvM<
zJjyPN$!mfs?QLtx4gelIV*iBmJHU@8aa<tB+vT_f$8KgI1(fH&o;7Z|u&24zmU>dU
zR!aH&BEKB`hGfOK6{U^fbz4lg_6I1m8|`6jl^VCAt?)heXPER4J3RO`0uQ?|_jZWf
z>jO^_yl&1f%!J;r3vcl>IxoNT6yPx~mw%cC77sSD^D^e!k?{@00E`RWi<hLD1tSJ+
z$9GTc+?UOo1sFPB_-a1pb?37~iOsV8OQ0(#go-wmYF@tFTLxqQW*oy+v_rGiqP!zi
zhxG4`(tfq4QY&qWE{%8HCYK+Z1tKRiumn71_QWP|E}zF<wQ;s_dMnRnS^v-;$GHb*
z&f`5!POLt%yE2z(n*|<!#r`{47*ISu5jzSlhV!^LHg&tTCqxP7^RzuTg1_Rmhcn{S
z<EYo<&pwL{$nmHg$K^O->yvNfb5l}!Ri5K`HNnmoMu+s|@*Ud$E!x{pEVT3==Shs5
zSf+xTBa<suD<jBZ0yk!H&_KSC{9%bgAVMXvSXUPmKM2MKyCJZDHrYuyxOqo%MQlA_
z#Y5k9)XxqVGfx2PPJkl4USIBEOTF_~VV?lm5NEu^b`G*2{OjBMvVTim{*`cU81@zh
z?g%X^f7fRhjL6wH*e;m;yxVk8L!^dDGJz!gwRjskdqD2F?X8Gxp6i{nOVj%*<^G|5
z9_IHV=z$o&!uPg+7M94#3o6SIZbGb5u$5ULgfE*IuyWT@InZ-b&i8DVJRbd7>vitS
z=h83^9^Eg|STta{j6v8>z(uLly(zm+JLw>fpo>qBl@#88%0W8)HaVgONRZNYJZTdg
z#M=}7hs5(|USQ?}v1T9wj_5?7AvZl5U`j83CEAa$E?wV$MLv^uwi2s=t2^S9OkxxR
zj}+Z{Gh0L8hfA9O8$VJ7`N~U(Tyh!FK314bbUFZ84G=XF6dgUn%+z!=5?e9Q+fxtc
zVkWYu?oN<ni0{=q%C}Owr|)eu8#4^LKpFv3qF&6fLs41}`2&n;;yxn8xv7l9^KfNQ
z#Bmx>IUJ&Y|I#kjy-Rt0O8!7?6qCd={<+xAvigO4q;O_C4MwB>HoybN&Cl>x(Kl&F
zxCd3+6#d^V9H(2<56ylRd9i^Q#|zm=C>?;m7&d*_=JiRx+z4@<r2jw9DV*IrbM}+s
z|0M0h`)d>~Iyq#78q6ZN3c(nTQSz2x2lOON6cmnsPLJ`9>y!m(MdtrR<#;y}^R*w$
z>%#t=#F>2lIL@cAo-*r8z#rTeSNmjSv#F@}P`@m@p0D??d8AfC<SUHpV7=<aF$}G0
z?-8*IQDV?xBtHPl6-vfc+T)-f^w-J&zngEkzt+i{OZg%CYgN<plzgubso8zBh=DTx
zcpu?^%{cqA|G}Aj(-N}*z{9*{-U8q8mX5fL>(X=&pC?~3fL{_{0cS|<rCj$XN9#Um
z%Y!exDrGtkl<pDV=KK4YqjkEAar?jdu?G#GQ@mt7hnJ;#!XPh<-nr3sLXdS{*Z#he
z{_(<1%J<&}dIT^1a5&nkaSmsTCmZaOuibusqSN-{4)6`sZ&h&rkp8?w%}7c9p;FHc
z@}Jlf==UHz83Z+I?a#F@2>xaF^HHA+;(_+R+|NPFOT8=<ez#hD^s{%Oo%Xg-yFN2+
zU06+ocn|E0mE&m~j+2m?Me`~lUJA-yfjo%Wg`C~)n-%K4in8N=J>|c5W3R8%L%jcg
z3j8j{iWszBY}Wq?ISM(S?h4H(ac74lDf}&ji{vw-3zGeld1d40F0ju#|C|7hXVABw
z;Qx;ybz;t_u-(Zak$)>(->X_r@Bg&weUbmkcQAgF(gn%kWX^{8n4kIin$CrKqZzEC
zaaRNU{dvWH2lqdi<$m~0!FLDG|6-PZ=g-e_|HE1CUzp|oFK4-bvC6oW^LfV_6rYab
zOniEVd9O2)C69};#*%UySuAHE)sZRya6pg0Tfp!j{zDp>3MGz!?uOKy*y>VzbUe{G
zE;xAJ9E~;MeZ<2NkM#YR98b#ej2y4ZvFSe17vso3)^C%N9yyN4@t7P>;^_3ezk;6k
ze~erseh<#%_kw(5uUo&h6QIHGm*A#im6I`7yZ<$`_68^f`I%0fwf#3@!vEl!>(KYG
zzCd;y`yt*<`SWTcK1?BQK|w2m2l5HZTO)nn{!yoGQr$7za`xuoJw{L-vwA0|YsS0L
z!<WDtM)xEv56jOh-RHM`-|86=3rgf_e?fdG!cO-IuZy0P_qmf$&J%RdzkdSv2@mQ_
z2`B1X`Rw9Q`!fGg&i&k-@c)%4l%X6$BZv|uN;%lAz%wYuylrpTH&WL|d-ipRPXYxN
zfCdqjpO(e$udPhx0Mu<GDun?iiyb|rYUGCqqd6vskE0o{5&tUo1AG_HFXOD)e`Q^?
zG^OV)xJM|zCU7XPU++g(V}0fg)%wS))NhE?pX=9uxk~-Hk@{cp>%UT^{#PRP8~ysP
zT0A~F$Jvv-DtJ7CYmVE1U;YYU#d)OnyX^f=|NhJNezab~*7N*&$8EjJ^{?U`eD5^Q
z`o7m}{h6OTEAy<$JYqVESp>Fle|`ahLL6}bsd<U`HE_}~38_Rn5PW*Vpx)ke{=i<;
zP4Ju*B@s15szC~*b<&#NhMWHKq{Qg5{n${}4y6WEH&t!PRfx1jx<@>3Eo;xAa?ol}
z!l(4Pc-eE9C$1aeDP!v|Eq~7eS3S?*mbTuCvU>gw*H!lm*#G}*b|GbbC?>I+>Ea6l
zSONO-q(ap~9Fb;3h%62#t=?)_O<ms;Y-hMQWc7N5<(HtM1!^-+X9vSD2y-e?Xp#Q9
z^+(qiKHrr_M!FCTXL_D=<n#;L&b2(l^=J(Bc^;AHqW()P??IP6qXioRhTxZ4qXjil
z05DYIwuN_3gzhdhNEiiae<<K(l65#MoJ@=uN&aQOjhn#-5c#VB*#?tz)6TIE+fO8{
zh62fo37w}a!rN{x4nit|S2QQRkONnFMM}k+{g>dQ1sW7Q&vlnkxxyaBGe0NekLURO
z2+ot24x|MZf6&=41tEUKD9LX@rCE|=5hGR{;+T12j%b75Ar^$%lZJ$`7SfV#+e;%%
zN}htr!6ORDcbMbvdcPmf5}&tVAK>SJ20>-u3PvK86uW&4Z3CqTaoy+cDe7dwP<kvo
zR2*`(EnYkRO*uJ45{0!?+>8mQc?$ah1lU1eOZBqRUijD8YEbMNg`ld~R#HZ(PhVRc
zq2pt!&pU=Q_dVO3+<}5A4N{~D+2O{GSTDYeFB}<(wnQ)>63a6N-j#43EBg_6PT>!E
zmY}rAv+zs(2&~?M??E8c5%?#Oo}84I0i^{Se^GA`PyMY}`S7}<jgijuk9a(BSm_ko
zb##hyxN(&8dlBDvn86%DqOflhy_o2_`jG6C!N!o~b&Qs3AR83xl!XQjBOCOT@}1|+
z+p%?MU*evi1X@b}`y21q?_YrTmIfMP{?>QUd!B!UGvSng9@6SWVDZ<V9rMEhF{TUz
zmz$*pC}d-RbLx=Y|KMCne%FL@e&@1TzB6npRxN)?xn!x*cUG4_Rr*ejgMR1f3g7v$
z|DByh{mwR=D}84I<^0Z_roEr~ny|4Ux4p80V0gKFSi4O|Q?l{UNKc~ndxdm=26lVv
zmjjn4rUfh<h}A6=o;L1edI~G9tqV0)rwuf!NE(fOC;Q(~mv5#86;!sMaL9m;^%f5#
zyJYX&yjvzWsdW&&moevc(r5bihRPA-kv<Bf26({lRHS;ua*^`=PQ3RN=6xH^ljg4?
z`V%U+qtV}dTH|8<wmK6^F-FaK+d!AtrUf4XSeN*w1so`%(F0YZea1wr4egNbjiUtq
z4^r;*vHx8-5gzB5e=t*Zb!OV$pQ_83Jf{Uy7lJoa?vCH}t}i!w7j(zLi{<~&MtFHG
zm!_u$A%9e+WBX7}yqT_7JEJaKpTf9zO8rv4C0=nJgp5muhG2YB@Ugl)U&1sjLAf5f
z_f6rN_D7d+zKoB}g!wby6aae+9X}ekW7Lr?1SuWG!rh{FZ?+F6=)(or!60g(8lO7L
zFbUv?z<zsaTE90t43l_)>xssM!2diT(1Z6A&wrshwDOssSozGE82K2de`~?0=*s*9
zVEAixd^lqBu>;|Vxp)~r_Tyy)_`s2K^$@+*ayB|*LHQY5&T)Ahzs3G*Sn1&e&aOX>
z{~<hGz2mrl3g2@K=Ya3LN%kC!6Zn8ZT62{rN@!H_z7$}rhw(51Pmf{^!f+~l!tJh$
zw0}o`x(sXrKLV`W3Z=PRLLvR#=&cHkotQ~L{s7HCshJ1<mTSvQ6z~%657hrpKw9{}
zA;ll}y(e)^{29lY__M4ezMKa7)==;^#2nU4b!0jbqt_nc^gi}lqlh&4Q-S<@DB;yv
zI}W6$>ume?z&=C6*SVH^;hiJyZxRTd?SGw!jo5a77H!vFh1;DP)PCRT?CyqOT9<_)
zKF~N8PQ=bhd*{suu?eYPo~Ooxzb5SD<VYV*Xqx4C6i1=oay22xb8?)*QU7@Vs+28(
z_ba^5<k%_4eR3R=<8e8j#xZ#Atdw1n<Fp(b;ne}VJvpuu4-dBACD-&i{w#J>j(_8F
zk1g^3gp{3=<CMK4{gRR<vPDuafnU&;$Tj(|c>&*@(e>t2--pb_ooBtJzTMOA&UOg_
z4?9%|GKi!W-GPyh`c}$_mYh5QBgSGc%#?>#<ufC>!YbJ`<2Qrduk_`mg;m-}A#Q#l
z7=xJFnESsIIr=%v_iqd0Q^R2goPPi&+kw#m4b6-on2Bwf;l$7p%_#(9RYs=vAZ5U2
zO6qGxS3%)F4Lm&uoQlS)d<1*GFC4ED8>jt#$V$Sm*YE#MF;5X;55ia@v@|Sg@nZ*L
z)=O-A-SOK`*pP#i#6}Q?bI@q;!J)dz4ZO8{S~v-{S!3KIv2&C0p@muy8GmgWBLxdM
zxudZhlI8;7EIxn?kB+Nw95vR5cOdSx;0|qWe<|Zc3WTjHp!my@xNBP8f^zCY&RaS_
zdGDRUI1Z%sW6*?-5#=jQS@xsdJc%e`aomYV4Z%WcMnqPnkjdr~P}@x6B29-1qm;O~
zY*(avXJ9)k@*kWhO^3G6Pk;K8Ul47-$F|=k?Qhif6~s5-4T`V)j%mo+iBDfQPiIut
zmi9O!6@snI%n*m`nzd0BS)+#LmB>)Sp5ptT_|xVoCiE)8tgs5uJuhp}t>y`+CX4w3
zcHfUNZ9Ueb|5xX6Fh8R4KEm^Z@#>Q1qF_Av?WeA3-V0D?o$*r3&VO}c1o;@uFdQ$6
zY>54nXx?S>QOn(Y{Ltr{J_LVF9ijS}e+9cC&1#~u4bOZC>iDY|eP`z2eIoyc3`_KX
zI1`U#p7N#FgXLln$FB*`QtSVNcHMUca`Z;nAK1A3r1g>#O=h_gK2rP8dawI<kblYj
z6IdR}Yq7=Q&ed-sv446wzh}IU-?Qb5(S;elYaQBGeE{{@AYF9rq+B$w{++`|!j7vV
zRt$$+gct$5H#}K6?v>(X-$i;L5rb7q$*rm8KEk%q@*8g7ss3k<erQcFOa!PSAb!Fm
zvEZ<V)3fCl`l9(!IPSj|eEyZ-Gq1vaV6+E7>{xi$LkPn_-G8_r)zg1u`G=20Pv2rb
zlJ(~u?9KS6d41l27B7x03mlL6X0L0{murZSmm?`zKP0|`X1^4R)aJr>2m5;WBC3XD
zH3}sMI+&BW16e$G#z3<Xq<0u4qXl`A<l9MN<TT&TZ=|2<$M+lQ<0r!B%xCTv{l1U@
zCekCcM?S5^=znulcn-1l1P*)6OZc*nF=s!v`{v-zf0Cyf#In2ceLkshqMi4#w6?3Z
zmD=8Xy!CUe`H0YN>DzqdzM(yQFvsx8(0XKskoQO6`(J~68Y-m^O-CvQ0`XIv(=t$^
z^A6{AoEy}Vd;VC-ea)2<ecC1`iR+XgbAVQ8M9*p@A%FO-^tL>G3E+7W`ZeW0e=G3)
zEnpgrcg}M1kGvD`k5?e8+3_XtkMqH?Y@&b(On2aXAgj9{KwEO!1f(Sh&H^)hbz$ay
z^b+ts8h87O&%1FQ3nFs2AfE%*vVZjV1MmYb<MUvS39R@>)O0hInQksYH@F$PPh`T{
z=56TQw145rZCiJD@AjVF+TH1OcW&~U;Vs<kZQs=0zOlW#-D~ge-nF&kTiu(WHrnKE
z-QKlxSNEokTyHQzW!<^@Eb;M@<jWx+`IkOkZSbvytL9Ovj2oqCYta6uzP#yEnUDYW
z@*G|G4#&6a&nC}N8~WoR^ATk@|Jr$um}kh%>wlkO9uU7y?$Pr&&cv%#LB1Y87ODu%
zswM3a`cA)!E1(3-p~c@*_3y<lBKnhOUW3Hyb?cu^z4S$i1N(>ixxy#c$;!ljEV2D)
z!r85ZVLO5b<n$WO+-KJ@zN5QtKIK+uf%XB;9^hUBHHAu!VD<}Xp35Nv(Y+8#kr#a$
zwSNT&w&J4acR66i|M}aLhkXzm!?|1!i!5Lj{URy|VXDY9`9bpiXrFSTCY&jUiknU(
zN?C<~*oUoaT>&bA5)T_Dzd>E(Z}jCG7x2q7(^hu)PXaIU;rBo;DmnIoZ$;)11hgF)
zWx76jKFF)*e3x}Sq&$n(K>rLXmoUGN@qe1W0O4!;0)(&kgs*`I&z4+27rJKu9?*CV
zDjNx{rwN-M@IlEUDBYCZIAhbeUf%Hj;rmMa2aAUTNS$_o3lKJx<pV5wSjK?RPvB0|
z#Uk?i2{=UHi0cR(aXlj((XZLyc$=Y}JQURQBe90^&QAV@!K<_%CGesjdS{Q~bAKDo
z#OK=)xgdMsfJ=v?88#KYfWKEP{*~MF8~gk^U;Z|V)Ot2>4|4-C0dBFE889)!;V4cI
zB+*xqucz1z^J7Wd3cl*R`9o~tY2AmE<}W^j8i=YT$18F~Xn&M2E~naC{!#Q$*Cq!H
zvMgVh91x#Y@TCWw$5A=pzm&YLTu_dtc}AjAG?kZelb|xRxcQ^ypT++BsgRtBm2Qxn
zY5H4)%O9cH_&jzB<2fbQrFy1lzAZ?D{A`^TWdbf7&T3Tp%oeX=4DX?yU<7C4^Lm#C
zu>~xD=0mHKYmyH&%X@kti_Lf)K<XW8Y!u!V4`dI(y<k{UDKKF9;2>5Djo*Y#*iagq
z>Y?;=x%{f3EXe38h$*nAu)PC;`W$<rHJBYK;5h#%FQ3M5o>Q&F{!TgWljE2ikIV5i
zjvR-&2Gv$^7kWtM3HIh#)ZuO0p!YRKf!p_g%|$88=QjMno&!7bn?)N;$&2pq<~C4v
z+K4A~pQzXK<eFMCy`C@cX+%HvNCu~Q_7^SV=KH_Neeu1G4YcE5Aid!AJh`UNh2Ebp
z*9-mY1r6}&Zh&{EJvP~Ei8<N8eKZtfA`j}>t@{c)svcoO9aVG4SF<0oY(|r(XhI@?
zOn5rdQR@ih2O7~H=MjQ_$gbo@wL7s(@%S{(#KVm~9#eSfJcVsUG$!W|WrOI&9a>xB
zYd=A7RpEDH$yvb*;!n>?!gq01{8%jGwzwgRA4@ELEV1~pq@g-~ECGJ#s4IR1*D>*|
zL)HwxhI)dK|6XLr>-1l$9+21Mzs7NYO?V$KDL;y9&igT(39oOI`K#FM1R<U!H2*o)
zN^<b*iACdpik)Zp^;xVDQQLJrnlI~HFgIBaX#*&#%M7~|xc5D9(=Ua%X?O2Vfg9yo
zUlAW^MBEa5Ukdmy0u&IP$o?WE5MKya#xLhDdT}rp<X^!J1j)35G>4&&VJpOc>AOsl
zDTu7(&eAwnPx$MlQtumvdQI3Bm1gO5p?uN@)5)Pixk60Za9lX?sJy>7NnXWk>u<`y
zhH4-S+NU`i@pWW{<s<Cqcw5>XVPqxFNd1N<{AaCI;}`rEjw|sjv6J)qp&8*FAWx`!
zvX9_602^!s0OIeZ9op^%oT*cPr#-nEqf!?F16XmOa`+{SM0k`FZftKh%PB1(;{+9K
z0EarWT=qr-*m>Q9w=;{UT9@ej>A`!sf9b+m`90+GWBd>?gr!M0BhFho5%UD^&zt53
z5A{he#!!MdOmaLe$Fp)|UIVO3a%_|+PFml?Z|JL~MD)Y>6~uX<pX7^wVk;dtEe)#I
zUDm+)F)Z_}%qME-zz~c%#UF}Nr9#q!cvw@x_93|(Llg?j0Q+v@J<!@ZxjV=fG)rHC
zThH{$LWX%SVJ;?oEpq!}-iCcf1AFVZX~n#56*}leR?t@TcOByhY#KzY-C=G#3W&Q0
zD0-&UcQo8y673}`w3nQJp}p3Iz)C6U{|@};y3B4(a85~LFLHN!wAv5(m5C^hc4>^y
zF`PbtoPKao3jiv-5KIXR#Sv!u1!h7!S&B*AZ#QkT>mSalpI1xsbP+E#YZ~GvCF8hU
z?YQzqM2$k~P26SF8k=>OQ8$7pmw;Ew|0Z$*?;(cUp%}fH8H4hFA!u>b$CmSLRE#s|
zI>5xgee}6@@gU2PX8V?C{7dd*pMkwxZUm7aM&ZxF2K{(eAS)7eL+m-3$1`$QP1S){
z>NOxY5l+MHbfjBsf4%X%b{OL^bq{cYnt;QSu^41F2&gF0b0j$^fBC`uL^cz|{dQ4L
zqE@lOw_$8XLhDR_+$3bZPDJ3Seum7K9kD$Z+h`=d=k|+M=%ukkUHVpxO9Hr>68yht
z9u~a42;6NkYa3$Vt)9303HpnM^&s2_Js%6pomW`Cfj&el&<^E8FG2<~25Wk9X)j7k
zqW|7Xyjldd3b90pq!O^C2*potW`CN)qLH?Jds%L!xf&jS2}P#@ug<TAiNE@)I7ykM
zZ)`u%dpZdbl=Uv>x;&-I{|y8A#Of49@$%~-{*v2FvAqGYmw?mEGk&Od=aaN}=PMAe
z8#GP*O_y2z<x(fhN$a${#g?Cy@^b&?(<moC-Rk^vLXPe&=Gl7k9rTt#4)Kb#%lW_D
zL_2NSeBUR3eAJ~a8sFjq&Zj`%&*5AyH~V@-ZU%0Xk&8JJRozOkdQ_F5asAte_i+8`
z!TJB-uS?$B0$fr*p*H6yR3Rc6b4uGj1fqlR>L{K>Tnm@k_5dN!4jW-!5T+2394aEf
zY8ml^<^ht7;>P{WE&lIGcp4<c%tlPwtmvLN!kGg_I$D6)H)J^0S6riHhWmsKo}Xo0
z+Qt`}W5`7A-Ucr*%wT?f(AzmkC&BsfD#lmgw2p9NV&xKh^8X*<VK8?Ro9!g7otJ^P
z1%;Q;w*?e`{%j$@I76q;XdE5Hj`{5GO#3L}Wg@n*$#_q7>_ti|{CLc3-aU|M%Z#pW
zzGdFLD;=?Pp>8zw?^3DM*)^$kYf>wX7i(Ow!7Qp<I;SO-TKjO_zrW>$ErYq<^x%DS
ze!d$a-{!owIo&u|$jtBCfJjtLj0JYby<Lc})tA|SKbSUixAxs;{>%R*>r9}UI@i6w
z$IKyNl0k%*fFx)j0US{zAq-McqM&Wn8ZzuaG-QYD1Vr1i!=N}+soLu41ZZ13i>+;K
zZ|^1G)ETTDZ%->utv&agQ>^W&=bqMl&&Hl_eQSLy>%U|nYlX1)GroKMe_%taEUVb;
zm#`dvlaN*qR%4i8JSosLM6E>jzOoQF3pFb|Tc~ofu+|^+NLU}j3|^1ZlN?maC`soo
zqf(Y*<#oIsm3P%5D-f^hfGUeBB_W@)GYx<v<=7vzsd@=p>ET;yJPw3ufHl#~0;C+7
zy&kYF(%^gI%o?OCYhQzbb(P-&wzQbw1IVF&8n(~Zs7Iun+rp>(j?3!!Yf^c*pz{YT
zd6$xRwShMi6A1HRMZDMV_F2k$l8IcJP|B1ttpx+C+@KxckoXAk2l0Rhk6R{acVW%h
zO4+CwIV(gq-(Y0F4d50L&%AnZ6Ih^`#09ltEH(HYL#eC@v(e{@u7nR27K|QC4g&Fi
zF_O~!U;d9%sxsnI#W9J~(I?7VfOI&RI;IWFmC2TzSTj8v74|5+9-oe}Irxt^VRfwz
zwIxvF=9^YA&W0%$F{}}P#d9*qG@E>+$HWxi8?quVlZ3}*<7J`d7~ddK89Q-rBS1m6
zSCQu^Ng8;`IrHg`JmNZiHML9GC$5%%^YxxICnHujiQlEbwJkl^NM)|;6<w!X47b@C
z@DT0i=pEuFnhP?me0Q)nV@Ui19h|fWL)`P~{}C^xuM~b9+(GYzuk6i{x}2gmrC35Y
zm^N)!y(j9Wf_wmwm*BA_rn}w~N$4qB_)%)n-$c1|sJiMeqUR`%8F$*6*`}I*#&_Xu
z{Z5t(%4xmWBXgd#dzoGIN8;yc4;udHLz>HzT&J7te^viod}D_^;B;eei*sHS>*(hI
ziT*SN$Zzg1qJO>r0$;^NS}R+geSspW9ZTjUQ3I7G#jIGQsB1Fw-y^~L${^<0<M_T5
z+qw%IY+B+9T|g`_()B<;F?cb5AWMe8Ob`tTfZRBi76m78-p6{`#&+8q`1e=kIW?sO
z>kG%J6>3qm=&nT325O9qkVrvG_L3P-(|gH!aq{%oD!<2j#<<;POb6S%CzDi!>PYP4
zv*Uu+`vF;t&T{ypXQY4^G2(pUR@1@p7|l&=V!uUo4QFn*7RVKA&)_eARjo<<8NYb%
z?V>-6O}*dK^JZQpZE<yR7f(r^ec)4KY}!G3{&H29T)cO+C&MP0!XE$c=0>`}?Jbc!
zMYy{T5UP>s6RE+(hvM5A&bNl$ENYH-kG~L#NW8Dwb*l^Ju8+Bw2u2Dr)ccL0ta&rU
z!$c4uGEUY99HVCYUi;I3pKALg{Cseo`yl(4J<xbCdmMLXhw(=qi{eUb+F8Zh_;_dN
z;2TmIQHpJyBk3Rul+P8(h~~zHENQoWM%l=+XKda{aFYz~B_sD<q3$O;FiFcpIhI(7
z5qDBXRYCN|d)HD%@Kc)}#_z>H^Z0RcDe<2o;68&z*li|<8YCWnB|juuVw~oc#Djqs
z$%p9C>=WW1axvkb2(YalS7hl@+DYEnO$6Khm-k<#wvaCowx8bqm3ox)5~g1N(EGlQ
zxPvbGSu&6Qi*Hc%HJO)=3h;!4S4nGLZLsN*_2X81z=MCe@Ws}&vO<3vLP#6?d2py5
zd}b%Vytyhg-fseb2CJL39ZvR4`drLrldQG$SG-RW9Y1b8G?(~C{(R!n8>S}{33=W8
zBY#B_S-GbfT`40S=Qv$%%Z02jtTNm$t7lOY>vdJ4K4m8X$hd1_LrRfIDKk?yTY&#u
zy1ITlr68*A%_I1oY~X6pcH~e?$n+9wZ1|QhV_EQ-_i+?|e!14xp8h5VHxZ<_x*#UF
zB`e_#v1Xto0}t6o`B>>m$Y0A@HGqRX7$k|!82Dha0zDYM05}a8%VL5{uHgKJ-7%oM
zs}8GOamOT@2x2}o3$0?BDYg|0KptWc=72h|i35XHXH%fS2x#VP7s91Qx%4c*m$Eyt
z*)A45@e$L15@LgxqRpcQ^GpsK1jrRh#*uk<97W6QxJKX{<7)yUhB6UFIX(yH$Fa4Q
zknaJV0q=Xq-Bcg6kx$_w8-BO0Ox?c5?!`6$0(Xs#@QZfl?&v~5tJqIAQZA(|EcN(A
zY0s8mZG>63imcFyW57T6j>loc?@%tm2M+^BI!xeyse$V-CIX2;5|9)m1Ia-OkP;LF
zQi0T<SWp}&9+Ut|1Wf}afs#Qfpj6OwP#S0kC>@jmLZD2L29yQL2F(QJfV3bTC>Jyf
zG#jJ`<$>}+29Oa{04f9(f#!hbg64tdgBE}mf{H<lK#M^opxf}7OW|J=$P6k2SwJ<Q
z3Q#3ms0y?cR1LZdv<$Qav>dboR130#R)SW6>Ol3N)u1(?yFvGW?ggy{tplwG-3QtL
zvVj^vc8~+)1i3&A$PH=)HGw>!ji5~+FQ^&h1F;~uEwC0)02BlX*D?f`&%Xr~e|S)?
z9%(cf(J3loyF>tN$tTiLS4Vd%#5e!wqKD=e&7tNNEv(Gtd&1MT)o%P7j~dK3k%`%)
zM?_$>Y0B@=yTG%>jxRejZ%49*iTLtDoIx`>r@X*a!8z@I#<b3-4hEp=ZwCKe41nzc
z!3h?^L@-p;ly1|UmYs`(mW&}{e{KQ0j8e#IBZ||8>k4YU=7vI#D(zkg$K+zmv~`Sg
z1<OC*nG+d6!N`AwA_2f~t=F1%o5%z$Kx(wzMdnr(^SJJ~x|X5H2VNJa=ig`k?KBw_
z$jF=*a)z0*R%1fe4<f9M4Qvvu9Y?*V+6B{EGT!X5S3j!Jpn6RF-t#5*e<Ka?R(aj0
zZ<^L@uTg#|tKf@zPAg>%o-1>Y4VrTdyn?rIM3??@u)NU|-V83ams0`_Q%0+oGM$t%
zMz+nnXTh8BH{%$iJ>YE8EYUXWQBAGiY;6F$+|yFGTHpejDac}!m*Mx62nd6Nra9LS
zI@VPZbQ{C0g~Hno{5Fo;f8)V+QZ@XJMjsbGplV2o96FkQ__1c-4(tntAG3Q09&xqf
z>AwXScVSJOxzI_DsP3v8S;=eG19R%V^o=OKdv)fVYWESDb_F}FEn=xivQLz=PA3Y1
zBegH{8P**giEs3FiM~}|&qr;|ai`U%wPsWS9O#kzBCD1lz7%^he@pT5;s<Ls`y0SI
zm_u1f6K4T?;N0Z(G!(l77~2fUX(!{w!A=|rRM@<8Stro@qsIYaH(|)BDYP)+dUo{9
zXDh0Gywe+UF?GQ*?_vNiR9tSqepfbaVJ8JE*ht*K(%m#T6W99S{R5DUQ56ei!Wl#x
zZD8_gL0UAh28xq?f8s8VB$SuF4-CxZrPaP5bAKa4(U*w9RPFljY3F%+ip}F{B=!8l
zhOBOzlTQ{pKLgndUEe_x+DoHo0$_$7XQZ#^_a4OuU;9?$uJIWGPvL@LD#9^>we;lj
zhM51^-^GxeKPi;lGmsaDKWK|meU{Z^Y?Dniu*xIy-Kf|gf0}CJ)Hbk;Jr=vk)<}eo
zC2X<@aGZbGy6);1ITxURDeUA8f;^D9d^+GKpuZb+g%m<>_fKrdTkd6KIH1y|<4rO4
z8~A2AJHrOFj*j<J=O*pN$!Wh6CiDu?{`<I_U5_6X$8T>)L<i@`;lJV@=yt(a_;v`}
zq)xe-H=s(Ce;>mypo}G?mNx3U4c}1!WBJZ@A+I0z+6pB%XC#pLDN2i~ec);P_)EJ|
zl_jqp9O^^b_aFIvq}Ogb#x1@=WerWl8JF`gFEK$*r@?zU8+RU@$1Ra9eVndPf9h4v
zwm&g)2W;cA6j9GNoG3vCDmarWGEf(^)WhW^Ft`*rf2DEdA7LF^ahIuxv5lU1A0I3v
z1V|>rW_QQ5&6#1vZ^U!w$roaIyf_W5OX${2do8U58KbY!uU9^u){4v0zaoxL{|6SG
zJ!2z2Dw<5I#7|j&5ltlhUDNZ>s#W_lnX;9<`UGy$!c@cht^NRnV&nKTSilrNzMK2!
z<V(KBf7tZMrtyQ5uM9jP3Qlg|l;teCyXit7Q!ouJUWwUa&seuzYG4I$GnXErw&dSf
zm7a^1T#L1L3_R9A{D%>TPg3{T)zrik{iib3dE!O<<+NBryV~z6=$nhG%dIDj^O*pf
z?H<7+qJC-nc*;I0N?W`{>6*PWlhUqWZnq75e{I}|xi6^gcmXz^bo1u)ZfrLCSqnqe
zj34n|wiTDWMOLU^e^InbvUEoDYkX5o6VV^@E<T#Hiweu5%jN&Vmc+~?lV+`t8B=7E
zziI1Q*75O0vo8JZIjK$Bu~MQHeTAh<a|Z`Szhl~4fI|FvX`AS5&qQtEvdjrc_#Rhc
ze}eL}6O;^5kc1&-G20)8*jPKHVGCH?@|*x8)FZkc{%?v{lzUmJ_!MF#-Y+pGwl08x
zk$W-qG=K+<L(njC14kw#7WoBhYq=4RP0Vva0|pZk47F*jPo64KJTe2K$PZx@-2G&a
z?2*()EMWIH2~o0L`8KIIaI!Jvabea-e~kseD!SfJ!}6}4IjRd&;Srv$>`mrK`Vp-V
zBx04af?lnJ;^Jk_ji>g|pDQ6;;$qIy3s=W9+4oLAMXgrAoZsxXO|dd!8h33WM4#R#
z_`n0LE66QVRM3y4a{eF;Y9A_2QMC%K#KQU_4-1sc1O|mQ=(G-cMGWX00xbbtfAfXj
zlE20_*Zb|G1`jW1%M|S<fDZduM94WK(s_JkbT`R0Ngzymd#c^2W&zwpmX6VMr!p7u
zOOO#f!d;`}@=mc0lb<Ji>=B~=78ILvo%Wr)JVqYLDS1|kYDFWWMiEcf2Tq5W7iAS*
zPEYI+9jLVXs0vd`wOcDy{tegie~A-$uxn_OKn0!93L_gV2pSn5jP!>$Bi7d&(?B21
z!F{>EphV+n3ObS$CK`w{;$qt+Tz5VHW936i)OH9A)iv`cUNCT@FJcBEcfkGo9d|By
zR;<VMceSJYS+&ID(hW!<aq1@oj+5<(>?}SgxA6G$34-ypiMFd<XgO=jf2#JmF=*a_
z86NOPJibj}08b`FPGium`hqayKE=h%lsps`ow+Z6=@|*n-5~}OD{xhr*6edOv4LLb
zD<)JvHb^TGG~AB%QI*++xxlVmFoGsnEI!yS*tFk*nFAnpOe7AaU#8S`A&0%34zjGO
zN;g<_TGx>X@Z9_;CUwOmf7-;WE@#jB;Q+$r_{<bYHCa#qqd)w3QgkkMQ|domBhpA+
zbVjsE`e*w0IqCDejQyfmytek{?FC1*^#Oin!P<UpzxKz$qykJm<4a{Qo4TmIsEsC4
zEm)D_Gje)-DLpOE79WjJ(d3Ktq=Gv54gE#ZlW|p(f8wPpA*c%)e~FFXa>Q;2G`8mz
zTg@{kl6Y8H2!p~f5uZt(AP^cMU@qu%jBgg^0tU<7qZyhrIyj6YO>qWE%pNbEqD0v4
z3?2^5cGs76wJWH`YgFzK{j%scy(TKXDNRyjO2f)AS?R<0mE}>{2}M+9BAx7TRQ9VZ
zna-1s$xbKekH<v~e{zF7QyzYPIB_`fljLF9*jtH%RIThn970rWyzc8mFDETWitG-B
z=2%ilQ<_Zws1RPSXo_XCQS>X#(WJFX>*<S%YsQO;i;CzPLmy>R2(Jx_Lg__$v@7Ai
z<#RsDP-G}Z7oX3HCP#ls{`CL;#2eCnMYLaWcrU9EUTf3wf0&gAqNR#bMUmq2Uo*)8
zGOBr4_IqlQXMDf;SV8ZY!AR9EzEZomfzWtdrLt1l0@<&o$NCfc6KuEN`f;CHSyWPb
zoM^CLdX0VKRXQ%Y1Q2oKuVK(_2#{7ip~0-eXl8Sa3x9FE4-puC5}O*s7+Z^4_<Q3n
zsLO;uc6~7te^@)ounr`Hq!4zGGI9-`zY+g?2_h6JRS&xDm{-{Ww)zRxZgIFmp@I;{
zggPOlP;8Sx--SAkxu9AIp^k?WIG{s8x*K&W)j($Pk+u_#5p3=hqBs8Ou*`1(=Br|n
z*eP4*yaie9@paqPOV)?uG<jFfrq$;`b~8N!-;-pNf36>i)8vbDR_8;O>v$^vT}d>b
zh|e;dn^A9QddmLw&THiGwBNd$?4{GRyzi<ql*hDAu)+3Uoq>+H`{TIN()sZ(JxO<|
zj;JI3Kajy`LVxm8)5J4O;NmpfE9O@;GO}Y@_K7=#B_Fg+QG`aZ2Ae>(@80o3{A>dK
zBc<9WfAnb>^M^<OZxF8rar)rN-F;W6jJf~n|Ijq*JRQ@Y-k;9boRRLyowq=JDjVi+
zJ9hEfpEEd~3UU1z{TY15?_nuZno*j8GU)iZB^@eU(h|J02fN+ap**&=zw7OpcKtQ#
zm~tF~0NHTVum6+2?F;Fc@<uM|>v&f&`Ov25e_n;~+M^hxew5WJi2c!8MYW<%s#1`O
zPoz29h6wt%tOu^|nQDn(VFU07sBN+D3Q@@|g7!e;-;ZfgrGEz3By|uRiu4L($~Rxb
z4dUv-`(8Ty3uW;ip~qvK1BK8jdYEr&X`fa4Dh-^Sv2-h*bdDTOJf67jbPN<qdWb4K
ze<Gf0C9HsWK`U{gmuL_eA;F&>AAGV7yVE?i+D)*3xYIxJ`9h)PbcodJQ8#{C+^$aW
zhHf?ca`$PnM1#pgD{#@RC8)5|I^2JhP$iHFr;>;_L;|*LKw*&m6g0><Tb|4yzWNR>
zzrD2}L7X*AoFslsK3_Z{?cbYRn_rv1f3T6vY`2}Ke*NZdt0+T;{xk8sqCLMQ`F6?W
z^hfhDi7#Wbj0&7J-bQZYGeo~}Jf(d0LD@)b4MP1!Xe7`9<K13!<wfcXN>iF-r`w*e
zyA4UhhG9b+8aDjq)9szPcc!VpDrODm6{UDRYsekzn90rTn1N8#F0v!5darb^e{`30
zuSlZrAItwlek|L8XG}wy7U^&YK9)b0|871V(~*y&>i#ilMB0&mDXAl$4TSH?=*S<k
zb>z3@ugL8`!3z@vTt1=!F5jJy#)Oa-!n^^Y`}DBr7S}7wWy0D6S+HJV*)Pm?EaD+9
zg$qm06U(2%x^aFg{3js(LoC*We+?17%vfVFTBjka0<5eJd$f>L2p4joNw|=B;$ob}
zY*QB!nK6idA>#kP%ZV#<|9v^JLYP>oWTH*zo3IdEP9Y)W7)cwxvD)34zXU}J1yGZ(
zt5>x9H;uk~8J@VS<)J-cH92QexVV_3V8!-jG0&YuXe<6??4rIzgk4!Ye;X+y;hO!!
zR@%u@fdIdGDo81NFpN({>DxN-!dz^}?&PPn5A?3Cz}rd)JKX7Flaq%72VvBSG%tV{
zh}0=4k-UbbSbvuiZhwz&Gk_v8p4*<w8#CVFCWMZN^S?vJ>|Y-pe&^6TWP0?SWy_8)
z%2xJoP~`?bh~K{CDgn!Hf9EY|?M8NGc%HeR6`#q7elIsN!yC~vhYx4ozjER5#%S-r
z>l>d=vP;J|PV`}`&l{q~RIa0G*3Fee#1n~2Wwx+kQ2X+WcET1$t}G`TCByIIU-2aU
zRjYPZlyCSFyEAeHJ-3;T@ZMwF#WxMnux(<^#GAaTKdka2mA|%Yf77i+?POfLtwn!q
zk!s6<t*{v$F7D6E@R!XrVZ($8PhqF-wGN@0{xcewjea!5`wyhm#q=9Gt{>>HYB~66
zdB0)MugXKw*5+<;RD1D>i%-mZ$|C*z3GCnWjsA{8EUh!~Cz&lCX`UgY!_eOLukKG(
z<NZmKqK?$ktfxCtfB8insa)#*0cR6GH3f6QvfSG?N7G__V9-BkSi}xxD1OaQ?3ayH
zF?(Z=<y<BVil{-6saQpqC@grbqDxY%*o)*1$M6#~;-J0$h*o9dM`-_RMXze1*OIg&
z=c$N*r@@T`;M|2Xt<I2944@s39mwRH1X2gHxj{Yva9tk?e-qB3x4theSWuvXUwWKo
z@s5PyPhvU}IucqEjP%|Zw|S{yFPhMmCKwYctnXI4RaX?MrEH#`5>8;+$5WgADy8tc
z=VYaM)myq1Fb?<^G$Vt{WdPs_T8b?#Zf-8-I88@~qW#-C`L>Fl#igcV(*sev{J!2w
z>ioz>wN=HEf8+513$w7E4U<99O|n9>+4L>!GO6#J!N}AEUwjH5m_qjE3ou3KAJO8~
zxu<X*h%w8##xiy@(qvi*z+bh+U3IdlzJaa5*xWZtp)W5(hs7F{gEHyz_{O6{R~(kX
z2Vo@0*iV0!-hv&K-hj<<9Tjr$`2ya^_Ffq2a<j-<f1jN;N+yLZ0!7@wM-=hI4%0oX
z56gtXfW+UhT*6+b+(SP;64bcmqWnzi=L=e4!LZG4`o~pLSX*x+%&$tOcFTPWeN>~~
zLlY-48-N^};F}nl+D7<-66I7jg7FJOLLG%wvRc?gll9OrV8Wt=3)(jFcM_Y0Hf7hd
z_&vH@e`*W58-6axkUUHtYFL*rWFfQJZxlWPj>yRpL}@hBQq6w9*TdgoE9GN-e4V|O
zF>{qzO@oj`bhrc~gAGiexI_aZYAov2&C180gyD~rV89r!_XNGn16Xzi@c{NQ`6toG
zSZuXPSOVC+VFdfl{NfTbq|H{0xf@nv4wjW{f6BLp_d&W{KPiCAcR270dMlxWQzd?L
zvwah+zqydW;DV0^$RoIjut?{8+NnkQ0PKMn7ol)r3kzB5m1_6S*~ABn0mKfAJz)FP
zCkxHd{?3o#a!*WMZ*dd9@Sz$@7;R6fg?UY7ti<5@*M@@r(5hgV&nh@4xAG4JCs0;_
ze;#eCE_<L#l5Fv^rkpd13ZLs1s&-q%J=$&CsdRJ6H1^a6Gmln6k!{5sFs2BQM{?u=
zGNEEK?D^}AA%{}dwE^F3W0C`b;w~}20`^P|Q#T`kqm~=@D{9Uz3k0ymZB2Y%Mt3&e
zC0bzi5&PiIBak_vd}_*l!;fo5W?D?Ie@BjZshQ&P#pWfWIdH;I$5dhT`|)DZY^}zV
zx$Gu8-_zzXeY4yXaRyk9bz|RP>W@*Gh`5*jq}CVC<n?~x&O9aVS#k<#O$eq^E*SY6
zCnl**vOErsb!`rjJ<^1IHO1@0iVX(9nFbhs3Z7@*!XH()F%Ax{LB0=Tf(Ag{e;Srz
z_4U?53(Ga%!*Z)GQ%`f+(JsenFLPA^xARejz3O(|<?fd&a>?i2hu3Z2^Pb2rjN<1+
zM^Xos%VEgn;J7bWw)7I83Wvdd6S_`VL}clq;zL!!#A(MH4#85@1uH+bFo_P%2T1k=
zK%Cs|qiv0gcnbEsev{XgLk}1be+C2V6iR6l0gY{7r|FTdc#-(B?eL5e)OcEX8BV-B
z{Mu^Yz%1RVvYv%{3>L&1p@L>KuRlvoyt+(;9@XS%<ivJfX1=rpK`PmfJz+u(`=K2T
zMGnAep7UjW=X6ax(0iJ^$Z_OQp=sS;lPe4j`;R0J$``3ibJRZeJP`x*f3wUZt`VgP
zzfr9$;DXC@e%KYK989~<KCNVMr(ADI&^9>TKY6b1M9rtFEhMuHV|c4TMPgi+Iv>!)
zahY4fCo5$mrku8X9<5-Jl?hB->VxC;>LV799b<~obB9pRbWIXUXMLY|YnO6u6Ow$&
zR~45u6CW5Gc?>zkZT9wvf4~z9z}|c!NckEStEK>5*+EXE3UQgK!KVMf^33-ZJB}UC
z?hwyzco0posnpXfO=tSBqK7e!uKo;FA+lp`;jGHK!Eb2W$Mj`+d=6;^tOBrqgCnUX
zW}s&ZQ1tzUoPClOdfpsNq?I0y%fx30y-KXOK9KBb*5L)Egv%DVf6lh$I;6Qj$M@ye
z*(!AjN__pj3^$QFdl0!-LJw=dFL%69-|Fz=X-><8oYSfLMf*fQ+_g!T4~J2|g%~4!
zkjzxn<rEaoTGm~HE@4)fajKR?-=dFiIMMTi;S2w$IMF`lkB<2>C1ZZL6+Ad(TwHUp
z)X&G4`d4;blGfd5e>eK|)y)M@xgHD*)vaEYT!VCd^GziHeDwRgtbKg1(WF7%qn`{~
zV<t%CIZWEl#cyy=l6|$m_%AfK7EI%A+xBOpMK`fv#-QU@a)^9fnt0xCGvZNLcQ_KZ
zJ9d0Dlu0{6ZvFXrEf145tZ&Za591S*?J(zmA*jn`>E=(Ae`LYoVZ0f!j*a&uG<&l$
zTX3S*vGEDUnSJs&jS+Q0Yf)$O82m&t*J#I&VMO2b_?!YVIQ~p?gL$&u#`s#6z8maY
za~8k0R;?eDtYU^X8dE1!I41$dnb&9LB<((Di%2-b?1M#<-tY6+CMt^7w>3;-ec!Df
z7VFXP57*m1f0yd$*W|?3LCu`<f1R)pbGe~y4VEtAiy7agEiFNH_6kn-d}i*Je9Pj(
zzS8)t!PH23Xm_)(ey*tu8rP;JmPA_B3Wv8fd<4n+mYr{4%LWlV8#669zCF{<H7sxR
zvRfPt4XuNp9^W@!J4ra<5f9<)20=&dY??adhb5t|e`c*7nO)23OxT)oGuDUI^)k*7
z_H27DI^R73$Cr(v$vs7?mPJ2eqC*AqL}Efa`N?M+Pm1EtQ&(ghIw;k-nB8tWatz8V
ze2vy`0!;yN&Ds;Onc|;gxl7h8I3#k7Pft{|)Gdnd_0RB{X8$*iSvB?#y<4&u_ERp~
zHDw2NfAdXzCB^ubQd>&K@qYB8+BGI?x8j<k@%ebCZ4J>QDIhwp+!ARgRc3$9TGWXC
zYC74HVfHUyZbdg<Lq(HVV11is^7Zle13ur%54=BK#_vusQU+=Jab;|rw-FzV6Ts~j
z){9$b!BLg4!jC3P<p;kdNXb75<KwHpI!~y|f9AC)!Ydrr_rHn#LE&AER@FfDr?5}}
z^V&El)IlVH%Y&y0%L4w7+K+inaQJ4><cd$ac_{N!&Hq|l6ws|MgK^a*(}_^7q(Ruu
zo8b8pI~;=iuNNL!66knDPY4=h0SXJd2S~JVB<Et)Z4eSzj>`il)=tO;ur5>kJ<d&d
ze}2f1H04w}EYh%fE&v_dfdD9e6rSH{D)+!cK+Yfr%)+TkkFhLNdT3=vBw51HWy2c)
zt7i7|p{Z5_^W{TB14WtgRZ`75p^bn%SE8}PdK4xt;Bm4nMt0i~F$2067Mqp~%|<wh
z$KlW~lTQ@-piT*g%ApyVGYjcRDp#c6f6>3gT;Xel-<tL5G^^_>R$<mvwUyO16&jO3
z-qWlXwXNT^?QG{Pjkpm4jCW$1Rg4>upFWW@T-W_I5<qPdIIZ9IJS+~~kpNU8tp-cl
z*_MJ&*P_UrP7$nH^Z{L^u1up{npW+`(4E#&hey%{reEzci_C6H_nKl`9V<ice=uCQ
z&a}J2Fyaf0Y3ay<k}}oQ$i`L8F+Uw(@WZC(&Zz4zvm^KFjQWWE{b$bR{;Wrs*x38T
zNNi+QSDeVGPQfKwc=C(I0<cqt{s*2qgC|D>E+*z?V90`I33GexjRJ)8692XXI;34X
zv#L^=W9ydijv9+;*Z(tT#(5(ae;a2e;nd|MYz@v*RLV%Q?Of~vSU&Le7G<@>$?{%d
z+RR@Q7LkgDX3d>vRDNr=hc}dFSu!`uGUCw;u{s_Zk7sLOHrDJ77G6q;i0V@{J~l;c
z4~qp7V&kla!un*`gdLl2reO;vpF_q;b=fwJxiOH&Fqv*U6au@CHT@r^f6fG|sWbim
zcgenxu!x8VZ!Sm@WecEE5J?E2*cK2dYO5xf<O0!<8?&&uaYJycwLsn4PNxR7tzF%!
zow1!U2(8^qb-H&3u(iu{5o>4KPCL!-xxx9L|MBQKVmwE~&GUSp@Avb(udBPA^?R39
z+u>oMk@!hOJx=rUarDEFw=LTR4Fm-FJ2R_?KHmkmKHmnGy??6#j_az<`(s;cuO+0!
zgd{+-7RGXjEo)c5HV8+*wh||i|3XL{6j@r?ilvpTm12uDaZEBDNFmt3lmS{AcW67%
zc0ipeLqh?Z0;QA|o5BE{mcbp`GM!T5&M+{Y7J9yW?s@mzw{M@NG$c><?%Vfs@44rm
zd+zzW=hpsVnt#5^UpV-CvnR5Xt%>V$H!Y8h=MG6oxD1r=H-cs9c)Z#-MfBkaGT>1E
znWI4g5XH}M+dY#~=WEpYE7bXFb$-1%Z&2s!)cIO<UQ1%QIo9^5tg1S%QGEa};_}Ur
zk?jj?2%cPqNQ{Gm@zRBJubO^p_gn5d^NGJpUH8-v&wraNeu+f7p`V|=z>f~v>nS99
z!4b$87Mzseq9O{=zPVn2;aEPK$t$t`dRt({dp%}jZMs{t5xWA~W1l)tkj&A5-GS^e
zt9WDwU#m;5{&XUhs;Nn(1W=@E!9hN@sHMj8SiOBLyqs7N@d|rC@NV&%VYw|?sMI<|
zxn*~8OMkdUeKz%#*=YsEMn+Q+-omhjpObQA@KlY;k_VBNyK03JStPYePesJigq!9<
zUF42*o449DjI7}1<hWEyG5i`rFGwR?s|%5kJ3<`p4*dLbSF(RmKtm7|5$@iQ!(WES
zO(w-G#o{w`gJI&T60H}8%lFua$spv<5B%?8_<wcuR2Zcy5-MDLH5Yrh2o+oyhTr%5
zhRLt02RMx6kkeOg3$F<ruY%<pEKx*9BZuiV!mVltckP=K*qV&yPCA4u(qa_+QoMvV
zMx-lA5^6*+OPW1cIPn-=O#eePIi!Ch_sYFf&uzK$%=K4R{o=xpri6TsFT8cU?;pQ#
z*MF0*zwq!U55Apqr&2lBRpGjl8&9IM!=uWJ+P3Yd3}qNR$f>4}P5h%Sot#LdGCe8-
z-e$Rznx;G6EvZl7xVLwp69S@NRlThT-z1yMG?c|m@@T-#A7Wnx{E$|lZX=O-z_
zPF47svtXrCqlpcfObAMy?$1J*6b5^*S%1vCKx>__xgi}{O!hgmoHIu&iHda2OG8Vv
zIBtfX9yg1IbF{n)OJuPO`4~MtPd#6zMatXhZ<HjyQCcX7MRnWFBI8GB*;$d6mu{ow
zfyd0!*W+f9Fcy}UgFTzl>3Ja4!>U~xRF_`$sJZ9e1QG#q7k#{yfT4t>1WuVi!GFqT
zfLb=y70pUpUe<*b%e+P!0&0$?M=k@CA!VvI>)o*M3k~NdM(M0%z{hp0`@^>@C%S{V
zSZG}4sEO**1L#sqY<Ox|b?Fv<uP(LvacVfwV)xX_K16r0{_vz(%?E@Eq);bvw)KK?
z*QOky9P4wjUK}frchjn`%GPk38-FcU9*?MNj7mX0FAZ^ohn2+2+mVo+_<!{MyrGWe
z;AJPZSL1(>aKLNt$AiIglrRgtQZ`((T2@wg`}6{uo3N|pt5NC}k^HjY;<wTpyt*D#
zIZNj`%JOdUlEwF}M7c72Y3)wLfSe_0n`t%fBtdwL#tCUT2F__aKv60ND}R<1ViXmZ
zHE_36X`@tXnG7Q4$mZy4lwhpP0kECcyz?T<@YEF;04?>WL<&Y%)BNa<FSGoRYQZ;U
ztrVHxa&r5uxeE3w)2-}B2QNr;sEU1ay-cVQc9O`v|IRo3S(<PTD+pQ%-NBu4!;}1F
z?$R7(e&IQH#!ukWopD3)oPRrGIPi=+<5u7~Ig^P4*BEVhgQsU)lQY6m0E?Whrn^yp
zi3DkiR)D?THt2TSF8Q`tdffJRRgJNlCK-NTe#^I|jmN{+tKFA+sy+W=UAJ^p0hfjM
zwBVy!eb>7GV!<i+llorldaL2##e%;Yy!Luvfw1$F(*Bb&lN*ZN=YIxdV*13h-+9OM
z|Mo7;pL*@jo_p_+Bsp^u=Kl{Zy0G&VA8Qj&K0T^RO(!nj7!2*;DawlMT_u~Ys?RT>
zCea|;wBaCJPcCs;NtKsHQKl!zxfC4x)H%g61P2+dgM%!~!I5up=O@(pMRndF#v6Kc
zpE^II&X?5r6?MK*)PGyNtIp4;^CflOutBv&ou5(Xm(_Xlm8vc3{ERwZQs-Cn^EbG6
zN7eZ`b$(f$gM%+s?X|kde&-qBvU)4|PE9SV5|>}+pb(mRf+qoUL$2MFIJZ^7yWO3i
zDY*0V?e6@tI!|_}epcs~)p@ehJ=3Gkbyb$+qcJ%3Tb(|-Wr+8#aX{G2+!tj-&D
zs6JQcXVm$UI=`aM8+NL9)j9g=YSq5FE~c+GDv8?ftNO^kIvbJgJe}D1H>$7H`FV8?
z7<;PLmQ5_3sHBVwYTOHDtWI1#>Yi*+Z}q72WY(eMj8`(rUsa*VM7LQzFHoct7jJV=
zTvg{+nshse^M9$gea^Q&reDshx7H*sTR!YcRy1d)mZ*CtL{f~nc~SK6h<kzd8*wkM
za^r_@Tc88jMUoAa>0k-E+!1opE6b%6X&A2^kGxuta>O*~ErX1FrB$wqt;R&1$VFjA
z<d=|3f_r!(B1>$uPZ(9BmPCCEcovO&B(NWp1C<2#Ie(#uEzh9TT)k6#WZm;U9NV^S
z+qUgY>||ngY}>Y-Ol&(7+t$SX=lT9V@6CHteRp>E>9cFETD8uq)WolGnjWu!23n2#
zhizHGou?hdu8uF~@5C3e!teL@qt^g@!tQ5_jM>YtY53lcYemDR$loJbq)Rs5VTmJ2
zj}v5$k}kYIGj)8uV*yGC?lOD!dLEbkMQp%fX8;T5+@4htR0)Kw+LM8moQU16Dyg2(
z)Vcg}H-K~wpfa$sn0h5l&ZsptxxO#5l<Sl`sDJNIM#k%)kAlEh!227-69?iZC(^ZZ
zlD_ad(|NU<OrSCUNp?q@a!j+V`o<i}xxjqAz0;PkCmvTwuj%cH8XQFgAbsE^^=i>I
z4IOGA(zH1v<zH)}ul25=A#i2B>k4d9yf?(~Fkq5kn`tcCum4&FEF?Vl*lk0BY=+iP
zt?rm5RGF&SOt$rT1n@2~*x7+P`}KIfO&_RVwMAJkDgy4dhAx+Dw1-hR7`c<7v7BzQ
zCGba75WE*;65I8rk;kC|<}&7{=Jl+H@!NN>^DFxw%GSSG+%!<S&ZI2pRVJM^Gy3>k
zR6uSe5&C|6`87M08^0d<!c8bd?k%~GAdwF({x<k#R?2b|8ljy4)TNJRieB1Isa2DJ
zllo^5k&ArXs^)p(_;W(dY%2qKVX=0+aj41?Ipba|=iOeo`7%8C1;^-HHuwb&tQE;d
za|8Kbicj4baPL118Gg%H_C-3bF-z>mj)1y553+VmSb=tUyX)sG7`^`d_@sWK(Gn}X
zTG`+YbP3=1I3hk*?@10i>cv1Zf%d`p34fE55JJ7nPnnw(M8BfFpc{F<POD2uR+Vz7
z*lT{&J;pkIrw3WW_pJiW6~GhPbcw#ho9*L@+@^-BC0BO!n=b+mBIlB@_}yayBLFca
zXbB9b+s2Hpv<spmg?-?c*k^4kk_b(A0Z1<oj(#r6<7)B<ts&Ql9syF020xJvLGjhV
zw*0p$S*so<w34KiWRGb7n)*(GH^>CU28m;cBbw)5);*8kx{?^TsZt)I3KHJ*)b%6|
z)E_{OGpoYsXt~N98rPo>o`H13mjKy(`K4-;aF8slp3CWnX;0xe?2AV-?Nog?C1m0~
z{4;ik!DG0a$Uc%6G2bzTj`7rYG~XTR6^ygB(tL3FhbpnhzAuCe9u|cGmRW)XUb)tp
z&a>y}G;eeQv}A*`{lv|b`XkaRhRfsnP0}X%+XcLfl~>e%7kbT|CqS2q)Bp*SPYhQy
zbcukJ&GH8eijO;MT-`JoLQ;T%{It1WEyJ|^D7lB}6|rBu(;L6h2f`(-(G5}~=*gG}
z;%xBb81~h3xyy7&x9Dx)-wi*@B8M5g&e4wVOwnFn9IH~eurXS^6U29(y{kxT-R@z;
zO0*8}qs!7%g6jNa@39O2Z9p?x7I>V{vgRSd@T2E%K?1Ule$~{DL=w#$wy$i@tWm7^
zLCzp|VZgs;$DG^Gpob}H8o^q-9|h<Uq+Tz4RqOaip3Z%)7(9N38cl6^lA78ef#%;e
zC^q0j&!k3ntZi)~^MO+v%j8)o3^^6en2rs(%q2c@4Z9Ms#w&_JG5|_F$M4}#4(Pwp
z1h*`6SXVr8rDpVN^r3Q!845xmrr4J9ho2)v=KFRe71a^e9FqE8(_z)HY(><92;w)u
zkxx8m`YKct(x9u_wI_N0pT&l#nZkCo()#BG=`!3i?(NPAW$XfdQo{Crvhy7J7eU)~
zHEeRWotlEv0yojMl7QZ|)9y7iS^p?U4n$s$i<I*)gMvY>ENVZZBx!9jGsXF%Qw_ZQ
z{^q=Yaoh5P4dYzJS*IUJ!<kPDxbIgjC=I`gVM7OXPLWSy5$>YA2`xIlLwHNmmcLFA
zlaUVJ_RsxRa&s~NV&?P2%#WJtWg~dhijkN9d&K3XHrm8vZU$_f&by(0c5tLz!U?;r
z203>=UxYu?t^#d|r6@r~g&^)+bQ_Z2tYkk&{bK&>4Vycd(R%$<EtKwcBKLMv0R(Uw
zbOvhn$h+t?7LQ6LSG|1yj8JEHD&Y$g_UolRs-_uUaKM)w8fsjOD@q@%O_#02I-?j%
zAVuz{ohC@EZvwP&pQ}`vBZVi85A_?uGVcj%I(4T+I*OYVP+)wR0DTjO$f{4cwnBQJ
zb!O^*q20YE9Xn*f%cYmnLV@_-DzO-Y;N2HlL>tQh5D@b3q9bGzrbr3w_sL6p2c`ro
zJ5<;QEEL!?UdEXbU4*b2N6FO_nUZgUr+_<*<HO4$tN<4XT3N`REx9t?D^isVUlu`j
z&Vs&8WYA~*X_EaQ35JAnNGxST{*EI)W7=brv72u-0o?l?mQ;&7u=<#8Qre@GdY$*@
zdZnfDSQUf~_?SZmt1XWGYRO+f^5QluvL>|<Q7wJx+mcrzypzdGTX<_0XBYlCK$H>f
z7(r(Q8GzA%2)qPxl2)Vym8ajM&e5r38y>ObUVMnv!tMcju%F<K_{Dl)#q>(P3JPgs
zRP*pksD-M1wM6K#SucVhtgxPyA%2SS^@}q52wx`dfqYAg(iV0PE@9*Rg4VyUG0)by
zgtx?3HY!ed&LWt-I)iGVTZFQ$5%vw}o|<k-s{niP+)9vz&hdtX>!H1dkdDA|L@?9C
zSNZUg@Dx5<Fiw0>e+P5nMxh$7#Pqu^2HjA*!p4{`Wq`LJKsR7q*4(?I9gUyE4@xQN
z2d7%agh;h`e=!eZt=hk#>SUaXATD<1mtu>0Z=tWo7Ur1`qz?&j<1u2r0%AP`-5C9;
z!T@7}4`GXDA>O;V&6eC@(8Y({IzoA*4|%R}_Jew|Xmk<zW1fW>Ich9!CcrnsNF^8D
zIc{y3%Lc{4IR=8i4EA%I<BRDe`vNtZ{1+BX>c8?yWD~lmAb@fz#?HZ7vgEVPXQFLO
zW*2UX6U@1QNU@2#&w<w4U+a;py>mSw1ptI98h+EUoI^8};$s-FwaFIh)NuUcf9T#|
zj|7DkO)yc<0GHap1T)AbShV4(V&79Zxx=Y(+>3zShj7juW|K<W(_w9b;0?{F2VN`E
zf4>8Sv>c3pa|+~?bekksmRx)YA(X2OEVJ^@bPKhLEK*Kr<x9_S^C|$pRxnlF1qdID
z#tnTw^1gm6o39}{bnl&Ar<QEx`F+Rrt};IyPNyl=K#~EbY-nGraBn)yN0Y#RBQYN1
zKCsLRfUukTGY=Mda)9(=l?7jbu#UB5ifqY|Bg|bI$6jilT@XF;nGZ|jeAX)za2DV(
zFMG`JNju;d*sSt~yI&i>V{=jerD_e~@&v_$xHmIvf10@4GdHoX`8$;u^I$m>1(Op0
zJ0tBy{;XU6m&h~LuhfPWbQ2t2iY;l)>=yg^Xt`$7ze*so`sw%qEg3diCj=l_{qb$1
z)%CJ(^o^VNE(UhR;%!0_cn3Q%ywPOz=nkbj$4E=XMrlH|kfH!k2shFe(X_A#MGE)L
zB2w>ofoqQ7b+t!rtso*4AOVg87Kz9Q*ugv}U{L(f0X+FE;K_+!eZP_#+q?t*hDl+C
zm<6^ekA^C&_R!c%yfOVvEDKf|i?5OzzLCgCY&@MAY=%W0Db{5Pz+b1is#4%U8xqPI
z-efh-96HA==a~R-L@|VPb#F?2P$-%~dSz&24VB{lktjefI*P-G38j}EM8|G&D7|-#
z3L%=eTCtBAQ#x%I7Y)~`41B0{jU*sNN1ygM;RsI?vJUYBqP9zTVK;Z8usNlyX6{1+
zAHd;sh76rZmBNb(8*<{SF6isgSOrJ?K=Z+N4KRV9->CtO&<9Qnu7e~3OzOJMA7<F}
zQHtxLBG-k<fT;_Q%zd0K11%Dgmk&5odZ}upiqRhhC>*tEOfK<R7#kd@Q%y@0WpK)d
z){6kYMF`p#f9WH4FXF@5J6=tz)$Op_KZy$(jdE;v!ge6#jdO^*`6=pLJD3yHkBNIh
z(&7Qx;bpaB+U{d>O5|z+Y(?I^<pQz1<bI`>dr)~19ikw^sDOn3W0H)+XUYK;0Z)L(
z=1`JGTHgxkR0<KljK=W^3-7;#_oy@=T0+xeVP5ScnsZ?y)VM6r5S?<}*N8=%tO@8Z
zWW672tNWU{+qU>R@y;OhJ1nh>AbR<nW!(DrZfL#z8M~!_){y4|c)b|lurJeLg3XUr
zMloI09tO>%1lV#z8N^{2bMTpm0>heL0-<eOP{1<x#sI_5$IBib8NK+@7->7`2yYn=
z1a|AJqP7#O$xm?v6pe|E1WXmM?02vinSLkd)>3HX4-@g6c)`^r2RRN7Mtwrtk_42W
zaIAxs2!)6E;#Z3Tct87!pE8B_t^e%QOB-py(Se3`Go$hxPghztWtxGy-w}{r7A_~A
zlm@BV4RnIg$$KV>Aj;!C&wU#VAVc7q7_Sd9T6zUe(dz@FHU-Ty$y3c-Cbt$bSW&84
z)7EL?v61|9sn@TBd-nRtjC&yW`y;3t)U5h>1@HB<a8uYU5|Gn;k|_DKJm(7;j9NSL
zmcm81ADx;)Ft<M=Rk<(I%!!dWg7oOZywJ_>c3Q7W>YCCP8X(CuQquz5%ax64Sb*OT
zq|<9Pu+2cFckx0KwH34Xs_xAz<4l&Gkw_Gb%$r8ZL!j(T%Ar3p)6w2466~h}_A&U!
zQJM{{dYX%R7^eNYihCQEH1RzXxvkUW8X<WBc-OrUBp>O6zTGI~k5pb+Cngk}k%uMu
z(J$rDt9_?I!tGsjDe`S}vArGa(=6`3yr#B@a;GD-=`wa7peqD1h*057z*3B$ze90z
z(I4i1S#CL7*D%O#gEA&@tKjnIe@pqkNa%a{yz*bF(q1_3QGOJ_$H>Srb?E2Q1@oK&
zI(*KHyZ5okDTczQmq)u#`i~lXT1`)Q_@CB{U|6%}o~P9^J9$L3^pw^s37RUV6lyax
zq5v4zk?h#r5BjW0op2fVI5&w--XUgv{L4D9oLEBq3h1zLNoQf6*{js1Z@_(AraS@c
zkZ@oeLg6S;+sX6C1;<8E>_oUcjdl+JWqC(`$)L6J#Xm&ihBgXZ3WH8A;~=tz7E6xJ
zsmi$i$^9xippffYEIpap4*V|JN<r5UlOWu8v3={+0qvDn<|N><zvShYC2vX{1BnN6
z>Q+yr(4cCoF)iqa^#sp|-O@M(Z8`8jeL8gaWg7F!M$~X1Y4v62Yk@i13zey$(OJfx
z!sYw2Xw%@EAu$03-{2iVF^vu2zXjq~IF)5_rpLm67p0sLgcFCmaL{rSQOmRiz7VqM
zgpMuF0pXD1+xh2h+1Bdur?Id12~8#FITVdn;8-P@%PSZ|1DP3jI(#hYHb#*E5H?|H
zzkX#Jve7T=MasX?p<Wz)NRotVxU6-Rl9#PRik47(T5|L3>VP_>L;RX`wkI-B0ad<l
zYiaO{V@=mL7HgL5j*MPm9X7@>^=kFaIXO4L)E(W})qTybGSON}I7r)Sh9m`8)#!ke
z={W-BssmZ8QJ8?r3Iv%OsNt)$pb<6*6cAEm<pBWRr_Tv<4rO$E-GeeY`#a7BCkLbm
zJHZ-0(#XN-ey53y=OfT|h@eG=%KEi3cO6|6@eBDotWhUyNW10t+v#Z!*qMlMs3$?6
z+8u<CMtCF`;9ahugYo#q4m$t}`c@Dr4cp=6e@wcOIiFdQ%p=9A4ZA}JZ#ibz=A3qh
zyXEXTPoj7Pg%zBTN&6d66DhnqMvFo=Ovp3X2kGfwT&Kp{nf<$HXyU&Gm(;e@fyw1c
z^(n=z2u9dNDg#@9ctA@vC%ILZHBb{Ob#g81o0SuUcs_*02P`+<%X|U+5o~qkT{0A2
zuFgb0rvWLj)27>cWdo{QbbRsppw2tM*6+ww^^r`JM?vUCJ|Fz&(rCZYcQmG_V@Dr`
zCtTy1MPKVJi6;|J^^L<8TH^_n4~!Mfh31&Ild<IJuMRq*Mju+B5CE90qG%c)Yj~^v
zWW<VvY{}o{oL}JXEFA!jMOCQIKwyt-0n97IShvI-(VK&9g+cs%ttH65%AO;wB~%*3
zLi~%ew%aSB1$OlCR(~`{{?_V*;kPm|uF<n(+XR=lrc?I(46Zb#?jv`*hpTOZ;`u3!
zX?oLgcZ6cyn1|9jEx8OKoY-BnX#*oyGYt{qRgvB~<<X2kDj9%#nv{^+ygjVUuv#jN
zkd)mq1x0PG{y`L;vi*hF@RUDTL#KvJQJ@ne!fG5U9b6o2DNzJB**^nlSKZI(h}RjS
zUW>TXIp-1y%y@ro!2V3$9T$hn7<M`iAal{+QOSU68t{VE0Eu`sW$DV<j`@dYHFO`0
zK_Lq1Q%BycmdFB#$KE68+oQiyGgmAM-<TOjI?6cgxGsGD<l+dQjP5Y5VsRov_emF(
zhzZQ^Q^ubmW)hRjV;6}{P5!Vm{-)H!W|{{6jX;k1+}bW$XcXc|!eA;_l`3osh^i-9
z+eK0&HtR2svGNKvN*w2@-WgdMMUBp~9jx)MC-soz#)AV8W!4)6ETWHNF$LIg+(NwR
zkJDWC&Gf`gtp57F{rc$G=YP)-B@&!#1~=Fo-m$xQa01j)1Y3_s@$Ve_b+udVObrEc
zKFdTa>cP#m^*4RX1y6e5cS;0d9_C+{f};cYA6H~10ozr^bq2pz>;otx%t$xh*90yn
zR84%cM?!9Z)KGF9Eq6~>w$Rh3+SCZZeRz|>ji%#}ol0YLBTV~2P>))%T&3Cd$ILAU
z)?Js40$-~j=&uV!p&-7lJ15ee$r5>`Jt1<#aJ2+#uI7uHr-tbpxJb69Z$DPjT6B<~
zD4!WWrctBpZzBXM^a8qkZ!K`-+<hv639;)l?dCc_ICmqHss`#BvZ_Bd0)@&+*W!U;
zR1Z_)kg`T7Q^QR!nlzPMFj8e%atbiz7X;ItAL*6rYN%gQ4<dvdoU-tK#a}oG6p+h_
zsgE_uF}l>Fs-)##2&R&q1Dhy<E-|y=Mk4+nR4jCqmf0k0UYXWI$-#3ec+9S+kp5AR
z>d<ijW9hg~5Lg4>&cZB}Y%5T*W4W}B#RH5A9&<u+^vGJ6iYVP;SDShs`PFpO0&Y#~
zJ)N77f^}%b9s(>&|FRH<r*z;TAb5ah&~6z08(#KmG1*3={<}*s$lh9X(<Cf+orI0@
zTjH|OX9U{SFT>7y^Ambtdf-mJt#)uM5@{QNbVd-2uy{D}?j=Y4?Qt?(Z3uGz3_i1{
z*Aab#DBo>8A=4ab@gg_zP(6jL&fv{MRs?oyaG}NUoJNGezXZ}+vh0QBMu?`jI+o6x
zI+~2~c5sh|mSw$1d}Dy6;3#Z+OSMNBIOs(mQxwkTZ>OH;1xAb=)7L%KhpT+#Q$qoO
z$M#u&QNzc=AQ}G?SO3GpJYLz5IEilTU|@-|^Md{{4;^#%KWx$x-ugmIo#0QTE^%EA
zrV}oF{TI0a9gpx_{HDppN1n6eId(3@S8cndUU_TonucR4S)*6=$3j&CaEIw%Ark`k
zjSC)VrcNLW)ZvjCWO0gbJ|fUkI_ounZNqw9XD}4OB0HThskbv$R#ZXK378>XgY5v%
zNtG$9NpjOWOPZobqTJk;6E&Zn>=GgYpFvJnNpX7)O8aKH^KEnmvqj;2Y{fq1`3bxN
z(=ge30qG~GMTj(D)ZoBdDE@dZFpza7zA>C(9Uq{zdnPl%CaFVSafumwcF{NhuXxt&
zrnN$^%|kvf7Oj<_L~wGQYp|Lj;aqZ=54j0@T2@7J36Ca>-8d$mfG1g!v@ouJmmo&F
zrf6NI`*3ayty_typqT1)bebe!>`-@Hxz8ZXNwvvY{5g8CaWb@an28z4fwhoVLx+Tq
z(H73W)qekFL@<W9r=R^R(YgzO#lvnt4vb94%(3@DySFqcJn|cgG1g*B2EM~5h@=HV
zl8jp*1>HVXOkotg4SC3^sPNDE@G$zlO})TowdG|9x-+cT1$$+i8nfFk0eovyJT-2b
z>kk|BS~^AWObw-}3m|ocJt=fjnm!_QZT*Y@8&qQBsSKjvs9Soz98gC9GqF@%2+-fD
z@{RlYuH01G=dfBL12HWsDuU9$oPG-*lH3&)XGvUjLycjbm?^qG5RJLe6zD&3D4Q_4
z<)!ucLTH6SAguy{{xwpAZFe8sp#^3P`3TIIUS1}H(9wx=o%ym%3s>G}yn<~<2X!xV
zoR9*KlCHfUXSzS0p?cqd!#a1n3D+H#m-*5)cXvD<A@7JRQdnIGpTc_NF${>87}_7-
zBy$&pU_Cq5P+aYHY{|4FqH=nKL3$dy)-h0x)+(q0kfCVn&|5U$N97%Y)?@GG#64Ct
z2jqt}deeAt(VmptDz@p9aI@zm`@j$x1yMfRh-M*8#l$j@bUs_a`AFip)qt-a?oAPg
zfp3t_LAABX9EVOsCry%0EU0Vjh+@Ro16H6GLK70?Go3>>gT$)n=8tUG^9%cvTg0Xf
zG2P6B6zzA*zo6DHITBu)4)_eLRMi2y;Fdhy%HtzzcO-|iBJNwV0$;OH2$<*j&U^Zk
zEAR3zhc(F0H$yGJyD%88=G+(PgGf#9#0R+1c6Z~#)5XNoO$(g}i}OOMzZ8Sd^QjB7
zkHrVs6_-J_cQKcJMvEzewA{2p@|)M-tYWG;rX}Lpeud{B(gF#ybq}A*)iEqH`cz%F
zYH|!2x54g+@jt(B3x|&2QbtNKMxr2(tq@&3Rg-bN5wQ~iRyXI3o2ghHN!vf}G8CLc
zq%3aLTyA)}+;MXV-o{eXx?RAo?ek{qguZlC@|D!Hi>3FZ&a9O50T$KA#!p0sL=Q1?
zsTAfC6R_s9*6ZJTkttfUsIW=Ho`0y+M2@saGOX&i+<&|LGIjfH9mxSysxgfTDhHE@
zeV#D>y6@5s7;kcJZhP7M*q4%aZ3?6MOhwbm%qY8(uzJ5Lyqrm^XzN=IE$E#rLIxAT
zb&HdW4eJbcTRz5J&>J`RUthWx!Sz)Y<AlVBg;T)z@yA5KSkK>TI>ERyxL$fsXTq+H
zaRU<z8#nv07&;9M(z;AoWhNL>7lsv!hwWFVHqLAXXs1zLx$h_Vc%(nXrbcC3v%#fr
zS#LjewcT69#iP3l$ui|{&E$cANEoK4hffXK4HN7ew{H?0{gz~^X$wO{OrLLKoI;nJ
zlDK67u}2{(sLoYw8oT%YmaE_r8w7gSP@G8)ZZ?Avf19mX6D^S@GID`&2!`YpY;-rD
z>ZR`olt_`!p6L&=h4E4_+P433;FeI+%*Ds2h2cU${N*9E19F9-lSxPuvsf1DRin^e
zci#+OWglTmE8q{(Q31b{o#?m13w3Jh*@TSlQQ~p+@FOE8i5fF!A>L-4m#p@5iEft}
zW?JMnC(RoE2@akS7Ocn-7GV|>Ntq<UYZZXaX78wyqWjT-;UEGkX8OdD&`|+<Y>^7L
zB$PRcMVRgA;*_s_(j=2%0roEZX9@~5^D}d{;4nPqUVme#tULi6JroV7SXLdJuzUr{
z5V^8v1E{V92ja7>OF29Jj^_0ztp=_<N@>LYY{x92WmZhs^IriBURg}>hET_GD!~By
zm7eWN1Ba58=}<U{F?0C%+RIS`pZ9UAbSWcT2o@K-V!>zxP@ycE0{Z;Zqg=R0cTR!z
z4ffTwwT+!NJIS6J2VGr@g8G`Ws*?JeAH_pmQ#aFUXA%FmmdRDeS4IPP{f&K0%T?BM
z^QtI+KUCBo&D-lOcGeyy^~<MtOa?#=`#F5jj|s+;?|`}^f?i0J<$a`o^zxPzF3%hW
zG9u>aaYcxCq-s-gG`1dLx>bR!n}a$^lzD_5eg;h|MhC90dou<MxHSj=ocqf4^+->D
z&)0HlZhwF3jE}d4Mdugd6#VmoY{+tI&sS^DvX8FdcNuTzdk3z2^UdkyDK^0N2HSE+
z*zlpZEXaPT*4t=S&QpNX(Yi<K!<GRu_1oyG18DE{T2i-D2lf-+j(+0}!oB%6_f{X&
zu4Y3=$IDXn#iysFr2C|SbHN<L;qR6hdDdrHe@%tZR?b#PYikYn*O>eKS?tVm&7XDG
z&4R605dDd^wna%vO<3R7=4-pv%+8%{Mwi8sT|>hwo;uM^UENayn*f6`_ZIivqo>;Z
z%jMh7Qkx19uV6tQUKm|xe9y{GH~dEz_a0E7^tc&(FbzpvO8bI?&U@Zd?XOcBC3XB9
zwW^TDnofU>^f({P?VG6+C->nZ%7hoeG^Z*s^tPh`NIYQJx-moKyI(*+RexdAlqsPI
z(&S^IU;vlC`f(dljYsbw?}Rvyxx)?=YnF;8{(oQ}27xexya7Uya?-)niAlv|lf8aH
ziIvsA#cuSx>{x9a{WGpB8%GZ!C#J%=oc6PK{Jvc*0o>Z09KO$c)LsaAehvCdEAnmc
zw+}ntj{vp1he@uCS`NFNHAF>BUV+cAwC~SeKfrsK-L%+uk<$*`0pmlN%RyM#CmVb(
zM8DS6Re$vCrxEX4iro!@d7<JK1D4$5{G}~Ym@z^7sNlgFqr=yf;a9mJ-ygyA^6<w+
z#&1{b)9(+%@4HX84Yel+Ust|Wdz3H3K>knZTDy+8hcKMBrp2o`{Ij|(or8`OQPn?w
zmxgVN&P#+K_phh6N-dua8l~4^ueut#76?z9opBHN>2D~_XoN87Z*s&i*1Q~@3fONY
zyN<SH67sFA4`~%tTJm;V^tKb)Z}(>o+B*V2{Mko$-5Kv^oMMt|j#XZuU|Pa3q%<I{
zSVtm!VnsQk$>XzZp;Lu)S-SO2du=)*u(EstLUe~?iTtH?sz9_W;WCDflrMqLi3~ax
zCQc@GzxuZP6z(k9oj@F`E|*I}7hj)MUrpS@-?hI{f>d6KykVUg{tgVvS0b3wU!0si
zLG-l~%c>chk4Cz|FKbW#KE<?M=mSs_BV$VB7cc-e`*Tr^TJ2y1Ng1|>%qJ5^dLd|F
z!WtafMI9Vu^>_2eCAPTqRP<7(VE2H}>L$Ed5ZK7&a@p4^q%tZF548o`&(N(-6uOwZ
z%KD;2N)L4peH?Qx8a^7Q*d`KxAYztyAP})JA(39(1Bkow<Wu)vB__i&0|0m|j35nl
z-~g^@bSoCH)Wz?|@@yPVeEBMb(7A${*Z}T~QueIU66Rx;<nk$hsDGnGv`FX#==y~O
zM~{}d)!#&`ilBETk}HIixashpvUby4)A|2I=Gvw1Z(h69lWe{h9|tFQ_6Ha5op1jQ
z-#r#RWVi`^*(Lxd`x*?QBLfJi3PNR((Fs!c2Aihy?C||o!mhL2Mz;Aj;_}LU0l8l5
z6je*Hsm3$Mzqi7;J0?`-SLWTab)RY_rNgWG>m(9DWl<`3pb$fqK1aA{MJB+-`iKJC
zwR%Z!9VDsfR}|a7<YW0)yB-;+{z!ZoGukN=ecnExrc&8>I-r(F2?2ioj!>|nqQs*M
zMy3pFYXyxZc<5ZY?oO~KD6z%$oEr4;0++?E9M=o)x=eaeXC<<fMmsmLD19hLYeZA!
z+DPW}Id^#9HsCv-Eiu;Yi{2jPYm$B)9!P0c#MXsw+FF-Lp1>7k<=Dg|N%DCvT0WCd
z;!0YA6fP0h;iAM5Edb()@^}(^$(cQ@W>}9vt60t-n>+Tff);0|3j5);tof-%6xL^<
z#Xdpy0VaviBWw<Zc;k=;yjU1SnTW=qHjnYjs?J=R-jM={C1SO5a4;wE4@77wkU1wc
zuy`=Z5J+;y00=28Xa=Mx8SI1dTi9f?aG1Er8Q?N#ek2%OCqUl)C(UQ{=(N_KWAjWW
zk}6o1aV>~8<A4~#2&$Oda+nsKXi0UU4U~Lvl+93>RB`fqqt`V-3Go2UkY^rp0`zT+
zGHy0(Pqp9OJrv8K%O&G&^zGkS%Vpnx)F27aG2iEpcigi+c81a!r<~M0`q6EQl?hUs
zg$RzYNdxxEgaGbOMnzkl`(0y>fR`#1at|ADk8-ie*`0N|fM4`+kp}9Fb8hEc5b~OY
zqY=v`BWq`Ki6swWRjQgdqU;a$>kDDsg|Q=v8IJ?})cAW_hxroGkb#0(&~$Ub&~mAJ
z)lf=`?WI%ay2sx!r{Aabg{`Bt9QPRhR-++qw90t<!vM6m6{r<|Lr|##D7H{2j!O|W
zl+}9KHS|wfZ*>&JWW26H01M(F!N=l0jPX1@Ukfu`M@e~pwV9$_$2mw-nT>^VdeQPp
z%Z~-8LxDdnTRKyh?lN@YK#@wJ4)Q-1F0zkeG-7jgIvVi^NpUQj^XDo&83V@8CD?rT
zPDp*R762(|y0IQjxK?#t>)pJ;-*LPR>eaOwo<#^;UIlB%CKgjOOg~wk!GMz{S*|=-
zGfNO>VrYH(1PRX(DPszn<O0tQzqc1>Li`K+!hv(^$ksU=<UY(!Fwfw>6R?+9v*b6!
z`)HElyP~E)&mN5@!n0X{IDA3SSW#gSyIHwC8lZ7aE9IrFF0&ygXQunT{3ng!XQ0y^
z#flSe%Y4z0A#ckNq|lA%jvIo@5rm}o4eRZ*{silT1pifV8UDE+J7ivregz$WxrX?u
zphV1aH4hDiUGC{PnLu(?f@Iqzd{sm3(1ejHlD}`awrSSB9<BG~#Z}ivUa|%Xx7Ch-
z`U<dMqJ%Wnb_G}qaLjN>@h~o$1?7Izs1--g27xkfS%OWA#n%3(JlC>Td0uVF#LIKD
zfg|(9Av3;Al2LS|a3JzRlIX6*=gwuvMbtGm`U?6hw1{vmNr9&#b@P+UC0!S4R$g7_
zN&Q@xUX@wI&cTP8dwcjcF9Y>d$Eq{{)O!7M{7<ODEG#tEWHd6O_Ax2(Y=d-rj9V}X
zXwqG9yriMQ)N65|(3O{zY3=`Nbdvv60jQcG^EGZ^@+1W*4#VDYi4Ze1Q`XyH8pMzo
z04PljBKWjjH*C(NKOc>Fnwnayt<SkLD;kPAT1XgM-ms?L>dQuQ)A%u!5diL9dq`rA
zKIjlHHy$}}LQ$hJnYI=k)a7sX#aV~;iiN*h&k>8Eban&`t>vN8lS(l32PAaTcLu>V
zGye<cr@Mi)t}erwyg+f5XRfeg0?oFSXRWbtBb#^Yf9W?7A{*Qp;<fm+c%NglaxA23
zx>DfTE17_ws2nvsurc}p#5z(n(0GL*<)&x7;|m4c3ZHvkn5ivo&`*o64PzSmiqEOd
zc_bURwn?E{x)|pzNEYJxav($~5?|tA*m?z#Aqgdp8ujkfXbr@+=N@V@F`6OWG~$8z
zP<#=1%6rP=>>qzT)FMG53%j)D38XCk?`)YVg{_roI6tC&2OLNwRKAG~b%vZb5Z40r
zf=EZ7BubLY{(L(%HlLCZhElQqpLst_d#I62SSnHB$V{4U8Y+k!ai1oteI>e?;Dhao
znc&{L`d_IJfaj3k&yPTbOp5(i?*B_^=INO|MeqhXaQP)gt=w#jzb>c{yT*I#T-E-?
zKF<R1VtfHh{4R=;>p1ooBChD@r>5Y4i@<J21A4K{+fe=xnzt>aqtp{Stn+CZKi68(
zvafpwsHBk4-<J<zFR&<1dbak&9^i_O`T{gm>nxewH!h`6O}@%WJ){5l^8Ykg9_<U@
zLLqfOw)wNg1H)7c-HB*EBBVs1#&63_k-;2a;UfVgWZDss0q!9?`A9tnA~#WX0D@$f
zB{P5`@flZOOs&7PiKjZz)JNxKt)JqbQm){Z%HZxoHRQ1fa5z>^H5oL=0dN{Vq+8D-
zb{oNrwGO=)bgS(@rHI!H32A+QAImQ(7Y3@-<qLu2+u(Et_mh?U52?3dzBJIVg~)z3
z_7FfDxzR4TiNsVlxe6r!B-K>}AyT%BcA&aR58!lYws?D8kDh%BiV~fDd0i@8-P+v=
z>$Nl90c+La8B56jK97lmEsk~Bzp6s=Y;oh>eOc0^T3UI@Rk`f)Xsh`2=O*>-W!Os{
zJcaO7GS#y_@EV_3jM9U64OY7}{SKD(3l4xD%5*U66aeNg`h!abXhY?j|4vA*USMV}
zd-(cJZBU%$_~NpeW;AUmn%wTAeEtJ}v>Q>~y}h4Q3ijai<bWnsBly8M(Gx+E<noR|
z!SgT-NU$>d0hvMW9zw?ft3Q&c2vII4*br|xN_(f4tTDE<em{?O#l>42r0At>0>ISE
zCSvQmi>1|^C<op{#RmANn`|Q;;G*h4{SP_9U^ZQ0??*us^MjH8h6|w~7Eha?Te09X
zOo{+u=ES2(Z%*#`z`xQ@6c6`+!g?VMb7-nZBgn<xHjY622Bx)9hFl?sQJP#wl}HqY
zXA#h3Vj4VCx`F4a_J4&|l849gHh_~i>4eYo{#@^89lFo%x(bAM#9us}GtG+qhJNp(
zqOOmVgpXmA&yx5lR5#=z&cU>Ugoz|0&4Ges+OJIniTbPwI^Qj8uNM{z(9k2EZ$?@A
z&!LYfw(EYPmFe=Be|^~@jH|!SD}7lLilIL1auFW~QXpd{`#e#=uR(fYsR2I&?zPBf
zS1`+dk!^MokNM_vSH_-09$l`s9fFGth_X^YyI`TupN$a)yH!{oa%aSHxxu!C8(lL@
z@fcq-D8D$9;TTs!y1Q41gmretTcNav$UL}tY{M$g6O4sk9z&F7RYe+|Zj^R_?M#%3
zu+OkcqLJqPD<^}V`N6vo-vF;KiB#n1b@Iaxi?gHb*^|1^k5<)Ad8YOA)66pz+gKA(
z8v{~e<F;1UE>s|MvaT!n8i<wIc1+ji$#sqDekgHwoP7bPXJGBrdtSa(-skuo;1$aX
zs}P&!zs;!^RSW#h7Lbb>TXuiDNIOrBKSmVj2S9rIjy*@;p9N=<?Ep(=K8om$Mdf19
zBeL~KU;8335qpdbV&oyc?MUc!B=`Bn1ee6#?X&U3pm%U+{ZR(lk|H{~yUNE*-e{KR
z%>O&-8;@>aAUrPf(ZKByXD4*(dOv!ZmqrheHor=w;&VAzdek{6h7q-~PDPUp)0fPc
zDt|EF&fUTaBB+kwB;5A+hk68RSBpr3!N6r=8n$PnUxt(6A<@}^5%wZE!@><ssk(ga
zr{W5tp&D;)UQik%ir~rD<Q*$?;Ky28%mO4eus~Yde;-z9dkc_gz@KeT3y?Ix07gUG
zteP4Ib(^#h5N|6GQTCX4_FxqjiRE}80;1xsK80Nr8o59GN;0>K^_-!uG=el8eY%qd
zDUCy_lc-ARMOu5%R3Rs|f2YpaUBL;nxbL;ajVtXFSI%iqhMbHA)4cNGcL__r-(?Uk
z8G~Hy7P~VI0sn0+rY{_@8%u9M<ygFk2TTNeCHxQK>(kzgU=OtGY(53raI=!j5gJL~
z%C}Xghf?InbO~-twaBLuHaJ$6-o>SyqT5H}4A-Pp0!Lc-4QA-D2V$(A0!e;nq`K4_
zAr3`oxToG<8h%@T$Q>;klJO_B6R1wT8S>&EqtM5iOaI{Lgzeiwvl1$RDaz^Tb!`QD
zMj%cmBAKRG4bClO6Byv)r}7U(k)D?Z{A0dE8a#TwSbCV(Eyn$cVzb(-trL}|mhCPp
z>_x=9>#2|GtEjs?iMv&`z6qascf;X9cy>34feCgmXeLNy08$@_ktC*41WT}=OI&1D
zHu{ab7<JG=ovKykr3MC|Jiho?@=HOq%&l41gClKs&!ok{?fvPOLaEiX`B|i~p6QNy
z#vZ`ZPyM5Js;*wTPtmC3ytJ-tsCe^Res9@@U3;No*4M&H(Zkj)hh-*nH|&o#26G}m
zBita^QDYyyBJ&MW`w_N15@T8ulC>uYEZYz~%K9x7r_?@DHDe&atu>32gkJX_7FSj)
z{8a2$kr#?BH~UjpygZOFaDfG!u@EEkyiq>=9_$#&Ww)H>R@hVXQ4A>;Zd8!-X%x&A
zz5zN$GMG)AN(~6BX@y1rb|aJgUz{0Z5NV919!HITU_Ve`ywvgRP<fuXkfe)tYzjmX
z;rJdUd^h0LNB<d6grg^z;A|y2@oMO+0Q07MLARE+fY!XudGElBBI$;`{WEof=CXv!
zD2D-!$SI(RM2^cCm7yzdjkguLcOb=jvAGzeUG)&%ZfiF)A$KjO$<2UUi;5r7+j5UR
zLZyphpczvDe88qqbBV4YhbOk*F1#VDtONfK#+uRTc<uq<-!CFT2shagw8epcvV-I~
z-(9lp#juFxSo{5lh~^MC9>|&_aB)eYDqL|gN@3sIcZlpSS{cg_|A&N2a~mBM5tPN?
zH4n*_rj^DkGBCVgMnb*|6%1cZ*|(OlS;lw_gbB?g-kvT(a<#M|Qj}t$=KlEq9x|f4
zFF&jg1Yn}bfYBOQ`9z)PpoVWZ;EW^c@=Wq6QQRp+sij$3dWfP9JZcwa_CIQe%fPHy
z5Ys4G?g~ruBU#?gnq9tI^L}`@M~fFo=u%z6piyafG@$fr=*kE|U&?tHhJSh_Fb7zK
z;HS`uD0x7@h>D5t0*dr8a#KhGKRSS}4nXcu01Dnj3O`n>-BmTJ8`~8&SuY~}9loXi
zA^aHsrMWm(;xAzuFKmaVzwKBbaEBSs=Z5Yeb@-Gzc}zo4<(F7+WQ6Ygtkd~&`iq4_
zQV-i^l!gA^9q~d7c+X-|M7KC;k?<ZdutY)-bxy=I>!5Xag7?rHnE(blirr9pz8`8O
z`Y*9#rg0d3Haa}7Einx_nwW=Ly&wtloKZFdda;svLLtbsHn2cwd881=oe<TaV53xq
zin}BB<^P{(>QoF%t)C3aI8|+feY;8ps_cDSax$Pt+-I5swdfV|g8SkhBXKGZsDN#T
z;wqE<FTk2z0eCT%UW{E{QQp)=fHBd>gg^`hLY?7%Se9zTE5TE1JUI(D%?x~3=ci8%
z%}sT2QNAU<74Fl}O9-^NzNC6j4@ekgY2rXi<0zzl)Xa3Q04pFy&IPpHLZ!@KNE3mH
zZ*_9__x#e%-zC<5eoBQ*;=PlU7*3(qd6MJ-|H^~g0ijZpAO~BZV=1A+F~r=z_M0J7
zE=CiQcihRK6u)t#0w3PeG&H-6vB~8{)6#c>Py(w_vhj!$p!oR1*<mfjMHAG+Wg_<4
zlw1yPv=UM{!rzKWpV3L2_%748!Z0RPob+CH&cA?w7vNsf=bD92bO*MGCu#Ps<IT_u
zRfJO20hK~Ren>R&^<bC8eFT=z9!e;uII?WOc<63wiFm(e>8P-Wa$g_kk-RaOw8Hsi
zZBfcKp?`ky6WyLQK{)>ke#CYAu_;B>sfk&vsvu(RSo3ivE(VDyvkDF6m{3n9;TPV&
zC6Nq*fd!p#8MsetXqynfmUvatQ`4XOmVZtU5EJ(X0@_qVLiAlx+Cra`QRj>i-b&Y(
z>`0eqr+K$(+~PuwFjqZLHJOE7LNbmZdZ?w=fP0l=4J3(+w_uHF8kmh_=!4l+re-cf
z`DY993<v#r2SnSD7pnbh?QwJ*;)fu5m5oYCJNTtuUeq$;+HX|)iS;veqPwOnYcB-=
z@U1G<v(Pc4Nz9^XzqqgFw?8)`rpEO)^7#$Mi)H*9>;RP@nMCY|n&T7pi24sc{?r`*
z(3aYU#)skem8n@APdwBbkvOGJ&q=e<6{zWq^Cp5&`bot=V4c)fm8E|dn{Cs38!a5?
zkT~NF@QVn+n6yhmDN9G;{o6u?4;=;gvVQ!N{M;M=RQ{QEJUkJFuWC`|d?Ns1=qpfZ
za@FIMi9b3<o^5p6yLJErqsNWI=cWSlW6<N?Z44Z(EVL-2M^tbXf|@YID5o5C*OX{>
zg9+c>$;xRbO9$j?X)fL5$6ImErSKUL-90_CcH!^47aDGW4&SZ}hT!XKJ8lQa98zhW
zwl@dblvQ`-K=lOr6XN0zHdFthJjTZq`iQVM2MxnyU@aDpg;IY=HmbcR%^upD2No)h
z#dq73=<Sd3Da&O0N1EHsHiSSxq>bj`mRSWVP9`^~XR=7eGW`A?tx(hMYP+>co|F4r
zugde(*`l`BG_C0j<EdI1;{XG2tDBFy2||#9;_PV^1bKf_cQT8N7Z9S*14Z0BN{})H
zDysU;cLqylW)K|0M2lo)ygTr-@FCXmeR<!svX&^F@;Pi1Rt((GjUrfsm-K4?xApgo
zN&P`Fgas5&LCg2<5?U#1*bxcjTN!%o$^GkVir1aqW0+C%()=`ra~9xW)uq@7$)~ke
zGl^7ZgoQ)`j8ZtDX*VDtACMga=b300%pxf}8x>aE_g|qZlZ|c+qiGa74LgnXC5X~Z
z-tUr^m*TTjn+vv|6<c|-8zS$GuUJ_Dz?MhISx>0`SkuFZr7))JuM>KU<>x{ib+bkr
zU(K}7<X$mR-N@?f1K1|Y+fDboJzjY*UKs!W{^SCD?du{Jt?w>LqysJQD@UmQz2Kv<
z3dJ2NQb}ID+h^B;z>2}7H49!=NUsj|umvBZ8Ze<1lAyLn`eE$i1AnUPdK0j*^4oml
zQgtiIREGZ2E6&67UlgLEV}6aC5YKI|fBOE25owhY=gI;b1LAJ=V0`7G)uo9efC%=c
z^`Vk*Bivz<aILVxrtv$4Dj*?7zap|1j`1<V(jCn-yz&CX7>HwptKuq2+D4p+fe~}F
zL4apLWfi`mJaAn3Ch5%rSPc5oW!VP0Vij3kIDh!09=~xOj->A2LSq{*EY6}dymCb(
zzMw1=d~8MdfFDowYaHJw=y&K#N^pS$$m^spyPaBVLr;1}(3?P%5bWPDv&~Mih0&7a
zOXU+_c*w0fAiq+@$|qK}sa1X+{+fupRhav35D+9j8XZv}k@OqmWODj?&>-}}LVnA1
zcUIm|3<(-sINuGmwB3zU7N-X5qIZqHI}RZx_5j>zK!w%S%yOigaYqEl+fu*F5PG3{
zy47AsGJ-OTqX(CW{h>CIw4>V39!IkfFK0mgs|?bI{2!~2M*Y+jq5wv452D!yhD9;I
z1ngK3o9wk~c0ue5$McDju4fb@SFUkeS)WgKvzl@jMr~zU)xqM$^SVsVLu8Br>PbNS
z9efLbPtXwG#U&9VUn2Tj?@m4w#U7P{t0b6iB?vL1?!8a0u~<d#xM-JyEp678IY#e6
zEI>GzrMyoFB5C4IG^^xTpO3~}FK!SLf_;q`C!@Cu0!<|pfje{&168Vr5}TUOab!U*
zyTcgowxeUWp2}f?HZNOE`ZjKvvc~Owltl;F(2aSl1j@Ynn;`Qr>x}<Zw)+vo?_z;4
z|NGk5@<%f{wzid^;CsV>XsG}6X;H;9@CK7IEX91eMuqw#>wh6es}8R4NZbSY$vsEy
z!d*DhqS23FACBtjSIC04<(uso8g(ywRdy>XakWUF)pJLZ9<(70f<Ihgk;<VK%OSwQ
z4B0!5pyv@9+S<F(PH^f1ITC{TkhZC_e3Y?udRZf_vPG6&EPwd11w*sgL=WdHIT`Ct
z*2Q3xu+$8*pGK66n#ue`So*_V>FX6iV@;7&tH;gGP@B#>vVMek3Xv=ndkRr36nho8
z+JEqz)&Xp<ibiQsqecCZ?Gp`LM+C5q5{i?a)mI%b7&=xhtbmcuPT&#}`jP%0$De_0
zSV8OxAabx_*KxO|;q|L}h<?id<4s%te$4u47s&&S$M|}+OuayQ^7Ede*dDuR;SZx;
zDjCo;P*f;u+XDNMhE)v}@Vzh0=pdM2`_0wy#kID3hib<0!0u|j>B4qJ3t%*tblz<G
zL+3IR5p}askcV)!lg%xN1?%JC<%e*-u`;qdStmLBaHo2kw)17|2@fQSLXflxim7o!
zrWXnIN5ROIygUj_Lo@Pc%|wgxsQ-AhPTeksg{pn@Z&8EW8xw#_%BSP!6|D4tbU3Am
zB^4<jvWRHLe#Fn2DO>}Hf6*bHiHtWTrQ5kJH)<aKmH6Ud`Eg(2>jdSF5itz$U(g8D
z?|;YkSc6HXN36ExXS=4G$NKk<+FvE)VbcP+G$CJc{L|lPa13nSiCF=ZuggiyvsJh+
z-u&p<2#@3BI*}*>Hj0^Y=YgbGVGEoey6LD&BsL~Dwu^_90ejdS<4SEmSeO9q+TjJe
z1wTulGit!jyX<M&zHVxqt!9nw%2vw5zVtKO%@7-Z62%_GK|a@!6|tJV+eYo5Iz11+
zetSeAUJLeYyHjZNWKrUA`HaU1{9Z4m@$~IZQhQdr(104F1k6t=B`GE%NYOLtH86rj
zOOL)UPsRcPz(#O`iqOMT@cAPfENje^c2dt)y~m5N;~P`GTkV0!V(-_W_5H<S$NK5!
z?f%!zL-R}#2X_M{i9)9oFPBBFo`X>q?xaP#5Skb3fpc-_UGA3Gbai}miA_o?-{E2-
z6izktP(y(qpb(_hZt&CT!Jg2kKSU^H?ab<)j12}bgfg!_Td+U&@4i)8vE7l^PG*Z$
z)Z0HL_R#5{g7r*!XSrYYd2qF=7Ex?u*u!kU=};wRUmzY@3*)Vn-eBxYtyL;S_vj!W
zTfVG5Qp-Mg50D`y@`L<JOl}wIf`Q(PAWe|ojUc6GC<RJ<fuDGMbG=Gs^P4TT3ku0y
zaohx;r7~!;Z$79~3W^pC!`3i?LyZ(AV*IZU0PU^`3?>T%b60MOs8rCjMa2qdr>g($
zciu9@wBZFeV_wx-OS!VpQAS@CgHOrczUJf~4UVCc^5(Gqb`Ngm63m%g#Lt|ol&iH5
z*A5XUleiCZS8n=KivAo_4Xe{p@nm4@0MdN^FHs84?u<5aZ6+mnXZ`T9%viW%-QS_V
zWg**@gXKsMcaSn9fPhI%alX9JzD%MVAYX;;6hE03l6UY<^FHU2{M4J8hl7k$hjwF?
zU2olshWJ#{yF!?zPzq7{u|x_Ti=<F9Gf-qbK%@eT1_Bd3b~i6_lGTp`j_Q71g`5Y6
z;rdz#t^bt(W%j?o{elWIRKB7(X~>=VKNL2DN7wK%+QUBs_f6aEK@#5Q((>Ea#sWIR
z%79MWIuHg`FCg(a0J0YFFLP&w-W`BlZIg9<0PDRsxagM|dbdK<-m${}{}F*!Ek~tk
zC?1xv@u2SLOkObnl^9B#g<r$1&np|-PAElGdq3&gAN{u6^1DB9gUzFP(MhTE2P*6`
z{9~sr=H>N{os;AQP3-j(;CX+}QXXePF>I~Gttl&hWeIuYoE=7f$PTtLDs|F$(VhoS
zCJn}>E)4)lPp*r^+k~4({DFK|Qq>V_L1I7M!)|Ho%|^g2ZeC(YmDg}3mjC6mpM6J%
zV4QVx?5Sxbv$-0h)O^3%dnqYidFz%~4=t=F>fYo~oCh+AB$Qke*nfCP)l`8Xg#@%L
zLy{cUNh5fjbwC^0S~1!^WF0kjTSQhjc=gH*lj^=Nezmhg9j{+ej3lP-zkrtR2*ZvC
zkxd7ns(@T>CSU=Bd6)zd%@;!)I>{pbkSgv*ZI_dJ>4cP@tCE8M<4u@(AZ%BYVOiR(
zmPj#b(nk;^0*YuXOzr&8F2bxsLc^CqL5+j?!&TqsJD*AST=oMQFE$T>ZG*Qlf`?7a
zg(o#nho5Y_l;yI`q{2I(Y8m|tB);zhUhD<rG=fQ|o+Lqmpn&w`9&*usR2O4gBj%c!
zv~Ni({RaD++{PB)wBPLzEg2%%VholpCX{GWZ1&TM9<9ZWlPPHUF;Pap67KvEF%igO
zz@q)v?kul3d4;*qm-XH9_l-&93(05z%K;=VQsI{3wmdmq3<e$!$c(rwbX5(*06iIS
zPDd31i7@r$#4K9A7o~(;%+ixOA;s?~@SvDlE~Gqp*M!1Of8(5lCnracB3EZvIVE9E
zS!La*UQ@cQAK1@cR@%a=+snWvhy)Q>z+FCpyb{fJC-rg75F~l-A*tEzGrsm;?bO!u
zSV<0(KoD!cy|uksyG|JW?y<t}{R#jVw+BY`9TkfzuZ`MnBHNvFKTrt-vjqYV42ERz
z|3W5XF-6(l5|5XShe83Lftjsi#^WgdVgME*k@uK?Y^+@YK(^=IXzCsV>4#h-0m1J6
zAl70tV=SHh9|gf7_^RbVc-7Eu9A>L$hrr!An~Sw1)7+X~ATQCwA4+sS3&4emW|qB5
z*^B~XuNgH~GmXqYDqxRcKy?RFPl-K}upLE{(mvz!4&40-riyqpTVJgkHZkliUHp%1
zK?FbL|MV5;K}^<x!`(nx62xz;KOz^Xx|;YPk*-!g8geQ%kpI`#TL#3@G;O21i!Cm}
z-Q7J%@ZjzwIKd&fC9t?9xGWOf-6cpMI3ZY&;1V==Ah@03e(vY{-t(TbKW3(8dS`oj
zd#bCix~jU*#0T^#mVZ=8lq^1sXg(M5QoT(4b|=C5{w!4jR@PrSobJ42)KV!CvKSGs
zataNL0Il^Ih^1t!s$`~77(&tU6-fyQnG+Go(7Z3o3n^QF`!Tm-&>^lr&?C+ABPAEU
zc8|Un_M&E@*^i7C)haR};Y}BeRS9SOwW|d{U^h5lx06-_5jk@p*g%Gw@f?YgAEf>i
zIobra`#!H=L@C`+Up-87F8XuNTB5|EVG^HE$SRX*!?J&+vgwG1+-5c~9sKcPdN$qF
zZSXCN>XdGlinzeknEtuMIX|;pbZ`g}xp{an;My3|tV2g|j3MjOc0k;JflB#NBOLXF
zI*@<8()KZ-F_Y<jAo23+nst9j^rwAMcj_I4MBz%<jFp$@jSmT`bcByO5|sYs(Uztn
z-Y0;(QI&^A=OQB+63^^eL5uX3I)0qbb!<9WoU}(A<Ilkn<T+RHbIjpi2R8sy=689~
zl*pW;;!+zT7ZQvm8ea)ZS`QVMV5PlV$;d}fNu}6FM+<vN_5RrgYeFF62}Us%Z41_|
z_FW~ckhA~|oQz@wDCVoRq=k#YjEs(eR=>O-k+)_54NCGy$vMN-HG3m7XM7Og`|pvK
z-6RB1c3|!~fsl3hG955d_iiq=UoG^D{R?1PPwbL4CYc`%aY<#bcUpPp4h6+P<qV=q
zp~6N{1T=YDVLOS_r;N5oSBAq{FzmMWYz1tTsRaDKpww^E#dfdqMGyh4A+(C}W^_Zc
z;&*$IpMOQOBd^po2an--NRc6hzr#k)`RDHlacYkz6T~b@##g*SRJ=8Gw59#ff)e^(
zq+d1+Bd#HcyJCn+?A^~Pb15&TBn34J_T!Q;DJ3*#mzCKX@=RarseLt<g!ypy;`m^}
zxHq77vLFwOLR>(#AmsKwS;wBZXmwB<xj<P<;QvU$<1@%J0aLRE?zp%o3>`8%&TA@)
z)xNyI@)*@?Qn=6|ro}S9qSg$g{?0kdGRe_UBKVW}+)yJLlJcTvwf_CR)>aHodBdi$
znceVd%!@r@eu2@p%-=A)v^L6=dw#=()0*25J3{s5Rd<@xHwTX*_kvY`o~NZAt0+S+
zxtpl8!5XF{=DE=?uC`y<wM#G8rpL#k2qTpgk5fX#1V!=W0Z*L!CGc4|h`+~EVK-ok
zSb<KSbp7LSoKpI_E^c`Wu>xwG(kE&z^nzb_Y-wVwazS;>H88zXD}RHV@$`?c&c<D7
zG<4pZ8WehM-%*cWum8S&-U@Sie@z|m;9;8++;w+>Ju*e|T`Bb509(wyGo(5i>WK|&
zn!<k?iTJF1@{SY})_uc&Qu3$Mi%M0m(sM~A7J8qh8b10tj2^JGa`yvtAR#Hq4cZP=
zKs6AH;2m<o`jlBbB5}QzLrXzEzq$|0tvgrhY4Xar>Yg^EAxbK%zExN#N&z}QbTOIz
z&+Vp}FT!XHqXyz7SaB;!=|uv<5$Wl3dqV6V)vbD2ulHA3UzdxQuG>hoCg}=&j$JWU
z_~pC1%wI0EDqwZQS5eftTVH-#!;u*w=c2s{mw*MO(_$-acfo&+!(aS-9>|-@poID9
zBT)`+VG{keM-+PBNF~k-b383%Wp-2+WpMWyS@JtjN>;eq;dfa^v?qUoXUej6oGHm6
zza~eQ%S2Yqp6DLSsV+V93!gu@HVO>@co6$EH*g>hJ_}6@RcL@vLa!8<hZ|9@CI!S{
z&lrU-<mE~6h18L}FZI$634<4piQ_Ws+(t*0kH)@gJGt8y7d5tX4}4d&y`{4<p-iEF
zxxJ-1jQ4bi*GOZIF4(8JE?=ZjD>s%8*&)i4MPH|8%Kd}HD!j7MP5xS#g@F+tLNJLy
zWO{s|cZQdO2GgN65LGA?#SAV6)x&(_Q@!~{D>K8MQ&H15(Rr7dV_e)Ds`_)c2Gq~|
zMe<k>+I09`e*cDs2{X0|!ZeD~JKHQVyE(A1I?+?bhw|=dSw5d3;|A~U{f%yOc}qpf
zvx$1yXY6aWI7SHzX06DIvUIJ;QL=Qo2#`rzU7xi{llP4TQEy67?mxB&ZlKe5_78U;
z=I^QKEF)OzKPH#);*)o*LABQ?AzS6$hPcf74BugJ>SGjk$oBxa+A)d*_x3yccL(;Q
zY92{;gGH_K>##V}^JRq>!AD+3Aq&|z<~m6NC^t3|f1SD<QV9uaXW*U3C@h@qlu?rU
z7Pf<9fZti56{a?HJTG=Pr-s=i+9&@hxTO;(0ee^mNL+N|g+bUR1IIr>VTUQGg?j;B
zoeT-RCW?gz-jIrsM2EegltS2|=IYN_w|_0ok+|*uV`*A!k4F@{-Os%(v0+Ve9`ao?
z*6;{MNh+W-$C^%&XP7M&_5omBp-6d#sagc0c>cKzMFpder^#6<-w|pwj>}Vc`zv}@
z7ohcgcsbOtmnMY8c}TMlVRp7rpQ&o}PJR66&J*lkwjTp-8dN%9hMvUS^JXLC#+-s{
zj!MX${3h<=a@cVITX&KDlNx>nE%RGN?@@ExLkvjSt&r0DMrZrt4<bUw%Q=G;c`csk
z^WL>s>xKnTO|z379#w!bm?9>}x&?r$g<4=NR9Bc@s0BY@P)2Lw&>_Y{8E2&9UWICi
z5mCPS$YP*@N3~?tImLh0?L8~{Q6QEE!llSdK#YoxlYnA(?Rg1vxtJiwws#nnJyk(h
z)wM{w{bQNqw|2NgmB1{|H<%qPT>#%GvNZrb-_VRweodXNOeb8fuo;i<Nd!#PE&|>y
zk->I+ry6Cmm&^21E6Zayrl~5m0j`keN|TFqiTJLo#KH#=5~B<>uV%WLNWrT|&7A19
z(BYg=#FuGe%;_jE(jF%J-MR}pZlb9r=p=s|Mm6;8e<WVfmR8Mp2O^kPNA!-N``n`<
z=yNB#+%jC<pOW=jJLX&CEQbI|coWj&@V*!#HHv(IMaL(|=`--g8UQB02IjB)z<LRq
z!|u=n0D~eO(dtlBrE__Kn2d9hpwYRn`=_8~`k{TUmk922ib4-=f@htg^sxjaM`++P
zg1UWp2uqkn0RS7qC=Dp!sB@(#VWf|t@^X*-@tYZ;UA*w<GZYUnS<B-YN)#B34UalU
zc@J~OII{P7wiUbmSby2no<KM3Ra0-fc4Hc?62S1>WVHKYuKSLgd+ruQgwIwH%|<vp
zYNcp={})RyWx6QV;N3isyEX>f#Z{iFGe(b@Z$q{(%01j<CKmrJ`+!UPe(iYhYr?05
zACIYbar+SspI#k$dEKn`4y?d#a&nmVZ`xqD`1f}|y9`|=&t#N8S-UMCI}@8e5M1UQ
z9p%HheuUqiFK!>5t>-*sszB&R)ofCv`?Z)SER*w}G#@&^+9Ya~0v;BNxw}A%aLyQ~
z*p8=ovWK4|5bwUsb1ETlZN~M5pKCTOMRn!#x^VgZN#%l~IQG#bS6`I%OvbGj%z7?S
z<?rVtUS-)F-NG4j?=%yJd?G9?&-?_AFfXrQM;0?^jN@>D1)h~MWeQpWcG<bC?+(9~
zjfI5jhPvivW~cb{gERH0=pJf3VP9T0;Gp^tewZpt8$gk<u_P3iD9lOgJ=J?M39MHr
zPjNX|a~OVIbN=@-n{Pm<8X-s!#_|kv6>Gh)drUv={d+T^Rd37ZTVR9R@WGPU^;zo1
z_GhgE3i(C^K5FFM;Ii)sOkHmWyY8AlKW+vr(z~2&wlKY#>E_e<pd2Ed-pTwXO2ja2
zox~%<M?ZZbaY#b!aTCOPSGh^ms*^2FSu#IY=d6I^@kfU?(9cI`qD{;65*8CP5Hy>n
z)(|ISIXEoezQOLTl;ga(JedV^9U0)X``D6@b$N#ktR5w)Dw_m;Rhy)><s!5ds4PRI
zU@KIDOr${UliDgp?lRejy!I*Rj2%p(or{7r!Pk&8XlRrpEcq;G+R*)Rk9`&+U|kvy
zL&fKaSx-O|OV`nq&K){h4MX$?*r4=C7eKe?T>{>K`o1H6c@iMCgmg^xp`Gi&>LLH+
zi!%rPqmI$@(aZd|FVv4H7anq|GJo?Aq;K0SSP4&wu@VroL-czq7w`hubUN$4ET8YO
z(LL6GxhY;Um^*oCKFTGHyWxuy7&su9h!{7Ke$&jCQoVOV$+|BF3l|NS#R(G)SHS5f
z&mc1P{cO#*<HdB!N-XU~b3Vpu6#e{o5(iysMjcoy2HQ!<o!x|xvD2@Duik|SpRfb)
zxW7j+*}Hvf?OD$y^R|G^qb94Wz<crgglm{vj%8ybBzvc(EPOsX-gk;T9iBtbz?$D8
z&ahB=C?qeDpz%2eh8mbkN;Adc*I2Ue==piJAl$sX_7Aj6hZ0|#I;d7Yk9Qa451cpL
z5U#V;Td7=r$`}9a3X>JW?7ga@<1CTRkX0O{hjFlzs)zZ7m3Btl6S7p_^Tl8WK|qI6
zJGzmU+slm_C#X()trEJS9HRR&Tki+)u%2yM0dlG^RRzHQ3pQWWHFY~;Y`LGEnMQdo
zI5jyR_UnW0$C4n4G$XptXvSxV!@%I8?i%8wqXGtU+bSUqL`;|syq60+Kz%}`(=EPg
z`shxW6H>p!_`pyW53U73fmbszq6Vr~!Y+}t1ZLiRUY97%nEpcB#+rHTR$NsqLH33k
z<!HI7mw7Nt10w}1Sp*R-3AQjpsu|~3HaYv%ujXLm2(@CEY9d`j@r-jUT<(Ra=2{5P
z>GPBnF*tDm9S)%2Nj4BTJJ@!Mh4c-Cc@UK5jg8<!g^Bfbt0E%>c|mK&H9R{Ww5}Bh
zj6D1Z2Dk&i2r7faz}zphew6Zs)&Z%pS1JowVTnQ1Ez=YvIzDbCX|YplMsAojnIZNH
zP_z2I_15|M;m6a7rN>vNU1RAVA8yC-#QgUqD0gA4dDz8ypKsf#ZXUI$1|F4i?mj%;
z!XM}BRS63Ii2YFu2>uz>rRE!3dQzGOX%wPN;T=>9=U$C`EN#2}^!5wSVX@Pob8dgI
zF-%BIqx!~r+03IiToAj%FKs5qYg7NT3nVd_sx^?2<<U;hPfMW4?Nqgd%GBv#iktKA
zWUy-Nbbo9RPbg>eOA!LJUc}!zAQIBwI?Qk>4%}~VgyYerCQn4-4HO8rC8e`I2nwPr
z-2}zBuEvmlLRm{ETk4xg2Dx;c#;q&UM!_P!!e#NW*|?1f{cON%3x4D&Ek|Vx5vOG9
zu^gE173wU@wnS83T(6HqPOdOGi&BwiBqDyh20Z{B!2;Cfb2{N7oY-1-eUnm6Ch|*Z
zdc`?XY%;!ym&N7cnZH0rQ+JNhZO4RGFQP`7-(u2Y!C^j(d~thHy(x2gLIR^{5yn1^
zdtYareEW<f1Ly75pDk0@M>`4Cf=8C<u^(2e7#IjerWyFZ<HcQdkvB}UF{dE%a<(p{
zfTwOi&w>F?SHdsF7YrCYX}D0143G$^dR1m@pL1KY4WKEy+<b=TMiY51ooSlc^$*oL
zJTbmpjm?Zszc6gdD>@Gs9x4fgec~YYKdEOnogoy_IeZ|F50XL7%Acog%*6|I1|X;Z
z_<^4e(WWedUVa*U0+Et=5V3q%v}kx5atkXm93xocNM+Vc-aF95-BgL$e<{~>F1=(5
zA_(qVXO&XJAq@o=Zt43EPR`4`6DvKodi!-<+w3ip*$GKD)EX949|q@ejq-||5UBv%
z&kGYS9}-eqcqK6c^iJ<K^d8^|E4oGsxDnsmCYx5u{dOwFCx}wr)*+==RELV<GlS02
zUd=7lNBJnqMoI;l@^IO!R~K}4KAoo})L}Cf+ylllzXc}jJ6R{#2?ts=oDz%z3C7R{
ziBQFE3ccV19WXgt@2UklKV_mtgViIy8Onj9kMuK0j){!K9Grea<R$&F8#ta8U8lTX
zGg<!n@wbseXqX2LaiLO3^md4e5ny!F-Sb=$YBQc^l0s{*2p>{n)PJFlPBu*`9ztC|
z+DnL4cxjD?ynDTXq9kCV{-CyrYNAd_ko4<(Q?pF+eIl%wbxquV<lT=q!A?SX&k!51
z@*JS1uYw4l1y(uvG^XKcgh{aSEYXJ+R<1MBNTopVS-nEEuKZ66wDgz*=M>A7a*b%f
zU+pA)?9Z?<92Q3_U%nJ?srX`~e@T}3MZ+{afaR7I`)gDUS!^Le3&}u(;`r<gil`7y
z!Myk}{_+FNW72ciaH=KWTN^C&oKpV<bo8Y4G&M7PC3=Ea0WclS#T)@r=^q!=*{F%=
zP~1dWC1oj5a~p=+UUp`Q_<YAdL0N38m_PS~<stwE8$E*2x~8IbE}(Pjd!i}j*%$)}
z51sYk$NSkIUk~ItWKMa18_gu%$@bP0kZjYq8-yv415VU%U=C;DMvn#bvR>D`?;QG7
zyN)%nFYIqeC)MdC4tF~2?WSx+<dQ1hNobvQzEvwH^Fn9&!rh4DS7i8cM{5_&UJNdM
zo?ynJtw3vQ50&~lZ8}uRLv9{g+MT6mc7<%FMn>K%q^Nvg`{zR6q$)j#vm9h8e(3K}
z0OQ`u%y>`i@bh3X>XX&bs83#!3TYtR%0-A8yZZxgYc4TDEvE+x8@|_Fm5Ny?4KA76
zG<S~~;h|?h(3&=L;5o<<t@qX7tC<CEozH!E6#Nep1J84#;{(vTjc6Xbvy>K=ra>-u
zmG~82gm1~{YW(Ag$joOh8f|5tjcr{1eF?*RCh5K@7ySEkc1EY?q)<*p??lTcwb<M6
zQNE>;*%w?%+njv#%3h@v_$H-d`qs$uVe$-IPdtr}LEnP7Wfdk4ad2cohp`RGyr>i+
zO8Ju#u}){ZB@3$MBsWg&1z)4v?w{F{FX?!r`-^|m6(xQfRwTdB`Xwc0g?!=5xfRTq
z_pvY2%j8FO`~J~&PdeUrG@nB=i$XPXzr@@tfQ_jAi2(ebG0+e&GSSld3$%j3jPda!
z7$0V&^YG|c$rF1~3@y-U0o()PL#}{M1!_JhEu@;;I9uK%Jq2~V=-nXIlWe*xidm1K
z#(4AWibmnJ3_^Xxge?|m_QfKKE-a2NO8?WNzx|@f?Q3sio#WldFYb}(0_fm0NL53w
zRfW+jWF;bYw_Hpwt#1$~+!gj{%!~;jWGM=r9)q2AiJFG3H(ALdwK#Aeu=C~z5A%)R
zw^1!rXO^W$G`ogSHTN;me9c;y<p1Eeb1?to9Zggp;)GoLos0gS9lrx&C(QO@oC@&p
zw6A;Qif_G<c!g$Z@F2JezUm48Nv#t9>iMsUi50w;JOIo<`>~TP^1Vx6LVwyK5I-i-
z>@clTeY=dgfiB$o=;2M&`F^r1KxfJSg-1?)&f|^H$XfxG?oc>qtY!rIGHT3aj(pM3
zp9jD(ha@O=eQUZaAkWf52FqR%JYya3M0KmKd`u$CUf2Kh^JVaP5~=aBij$?k$I8ka
zmfG^ocBgZvUwh_<<1;QdL!@f=7#k_j2x>MGP1wY|NX*3p;EWl_$sd{uKFz!E?zMdv
z?Cc?ieJ-2RX3X!{;^7PfjPdu}1@y7#ya9J;=I<Lzx`s7t4*syQ!ahA3sl$#@+~|K0
z2#ZL+%j^km;03Y;`-?towT#{~T`n>Xvtm4BFpDlYJ=9c`sEzy6&SQg)P})=Hhk=fl
zK##^tEWu_Mi%2hvbVy5>TrUgmQ;!bUjyRd!?!PhK{j7d!H51-CgIQ*om48^bI=xe@
zuv751tHP`BkjHOE81_n?zU1M}5syE-Cju2zIwMb;_6ggekt%zJU!$nAU_pi=(o2n_
zAuK@67t|cL{s)`4BjP~3(k+tgkDs0lmOSkn;@8x`Sb+zyl%OP)Larz2-M7jM?^Gm%
zaFAPnX9yg=TK^n#zRBmuChi@+cyYE{d1;f-8RqA%@eTlVU<NbBf)jFGT6CSKe@U5k
z3(iXESwO6SKXm;mNRXkq#Yc!5*?vc!A;vW*v`whra9xv!Bpc9gXb8?&m*)C3e~CX3
zU&@2nNMDQ5u$BfHX#CKns6jZSq38LiN*_#s-@?F(=m$N}Wnne*&qLME<J@%r(D7P=
zqbmaqkA)dVEA%zQpK^(gqkY;~^_26_!*BA1-CmvZ?paYVC%AB4{+*Wkd0l3H)?rme
z`|kQ^&wLLD@0Hc5ReY6w5(#t0Hw2eCjJVf&xz1Z8S~90nzch7)*~o=#g_jkU(lAu9
zRyG6aN&<Bu+?yDj97Gksst9OntRc?z8lyJ5t|z51`scN1gRDGvJBXEu1Kq%63I93+
zbIW_@Pw^0g^m4@?`_ob@z%>%5WKQkgU0{JWL=J5r;Qx)ZWDc=K5o>Z5na%R6zTMrn
z)Rn*(42!-|Bne<xjc3<u&&!)KJdX^wQ*S04@YOfHj{0Kn&E$rEb<<zHys$m(;We*O
z9{mR<c-q3F8ZYk)@Xl=HB#BT@nE?y?MH)ApRr_Ea%?7EH671ezn;##~{4KyMs2+6p
zt~XOz7sS@lF{5z`U)V$D*Up3XXpaOZ2ACc9dnb{PA)J_C#8n&Qvs?WvDc5*}Hn1z4
zE1Y95$rZ-%3fn1=k3qiEVqKs&Fb2O<4}q~>X`U);+!=^|lZZIeNJnsS>BhC$1>*kb
zkt4I@8Q5GyLi0?KL@}_0e;{%LJRS8(g$+#}u*VM*TiJ-V`Ib)IvkQ@XnCP{wPyJC@
z)A-07|9p9BZJsk<#4+Q$eWKg^R~ku&ihrHOwF?sTeBW_P=@Bf1#MdS1b?^Zl7l4SL
z5UV0c%1he}!V0g+m1<Sv@BPklVbf%9>%){p6+aFJnTGHVUQlz%e#8DafB(9WUvK_P
z!0v(X^EKTM4)ZBNis^woyfKd7a&Qa&e1sAsY}kV>b!^MfsVSt^?F@Q3WG#yI3}iQK
ziVV&TaU(IUXqK8ruc?%j(<#!~VM(7)c|objYuFUzQM}mQ!XmA?^gQGm^w#9$8nV{p
zrIcbp-B>A9DUP~A(;A&TnD)jd-F-+mw9-fj=rm=)it&Mfr{V1U9mtbUGcRATs$rC0
z<Lj>j;nv}&k?e0+^Qv5-^wgZI){cZSBNi}ln-~`h{FG>({z(%kvNH<nlAs;KzMr1F
zqr>W4NcefN3%}Q3luKQ+ip3C=5c4cXijAJY6%c0Y$t~(L5>d}ee|h`bHVRqehslrf
zh5%s^QYEUrFDr&b#t)*{B?TinCxa-ftzKd~i*Q`8pOg#3kGz<p_gitD(Rb%wBJY$Z
zTaF%%A_8dEnDwh1R)4&Pk^V|n(-V-Fz>Hw~=q6*+>E~S1>4xpuQ0s(|=WF7g%u|m#
z&Zr34{92G$^h6wxLk14DNGpX<=fnpLackc_aZ|L+-B>0tMu^da4=M}6X-naQ5rLN-
zh4_d}2vOKzB<m>bAlgXrCWelkuu5`xDMr|lL)4^1Tr?^OR(WUE;3qtaieIK1vkfUy
zAVAuKUC^eHZ%Lpl>E@0R+?*0T%`%OCK~Otq(S#xkxG?o8qI}Z9WoHdqR{KIA=Qo`B
zKmG4_zlEMmrkrq}aUJd?T;XR6M<p=?SpS^Gc9IwS9@hSbyJ?e%9=m&rSM2AflNg>y
zpDMwsyjU6-|4<?ZP7G5TqP5puW%q@QSs6q3X-5wbvtUk1K(SE<py6&$xI})S6+nHo
zs|_ClY=Gx99%^pizl4^i>1IM(@<k8LJEAE}L>cJkSI8-v<On&{cXjAOpvK#XB%$*C
zg+tWRpOv$QrfiQT4omFrSfbxIv_vedVip`qz^K{|*RcLOQWfgn>`#!7x0@-F6S*s&
zoge?5%;|Mkf};xJhuwzssI|V(U?j>#ULr?2nk=`D&2x)Wq9(W~O(qD8mc$FZ>XgM}
zmUP>;VG!E4B&Z(a-$#_io>jN^IP)fJ*C<x#&5kn-!asTs5uydTe_3nA)s3o$sS&G6
z1<9_xEM(v&9<Si}B!h^N+WlO14_vu`nD%=4f)9Mg?HJ2<WPdx1X-`_6ubR2?49y|O
zTA;-6q@1q*F|0SjQTMh<65TIpV|f$FA9?L-ko>3o%ie-Sk|)nrekc`voRXorOlZh7
zdw;HyZB(8&y{iSpmhup}C)*#UDsngp%vfhwGP+Kt7k1t#OZTH(NQsjJl!9mTxrsyU
zcC)u$mdjf>&j6bcfd@+vK2F5iKB!P~z*EX!&oW-D82$q=2~}N#0OS)xNWqq2uvJQ0
z4u$Jo-dAV0X-@JYIQTFAYR3Ne0IA7=8?T?H9U+2V2jNrSLB`>IYcNK-rC<p1xwH=J
z$MnL|T;p$)-!UHkO6${wAIIYmV4lP5RM3aU%nghzs#I)g^c}2o7m=hPIkS^jE3dZ5
z>R~!>@zYb+wJ>4YK{_OXopwII?!m%2$VB*-8iVLr+|X@>R{U%cJb#>Q5ow)z@-5B?
zGdWzb*IkX+tJR-n>6D`$SQZ%c4@>t(tyBBx-L|FaG_D3t-z6fMk&$IXx65Pef_U9M
zKUrF{sNAEk>1W&UlOH0gB-)$d<#B`}NB6P6ZVGW*WN!!6`@!MpPzsn<YaMDoEI64~
zqZsYU)oYo%3Sgt=fh;k55az(uE5oIL{EJ>bCw;+?dlkcNfr8h3F|Q2v;1#J&^?F+!
zj3P{mo^uq%$GVlFA*tPt!+3?r4^ToDEd&7SF>hB^NK30!Am1Riky|4!5HXh;MmTxI
ztd7aHwLMZkGqOE`ot2s?eq?%cC4_eN4Rk=(yP=^gd2@HuhpbB@|CZ-92EDTc{w)Jm
z%GW;AHH{PpLdllS{)T<bgr9>6RuW^68cj4G%(Na2>_fFTho}#Pj0u?^0kDW%EtK4W
zp5Z7?qg$s{5|}ap08oQ{2E+jf0-|a~aba+4F_zbH^0bAK30;|smTm8rtea((dyg$_
zN#n3Akv!KM*B7wC&{YwZdRV`fmr;~UJ1=@Z79F_8YX&ruws~icB@pFomL^|xSBLQ7
zUm*I*<zFEB=4afg=&8y5KVbFpRmFdeLu5h0o;%Hryk{?&c@{{e8{`pStN?WXJdqaY
z^JZHgnB<;GqCQTy{WkC}Z<#t<qok8?D1IjTuH4(iKPR|N&C&`tZ@ugfFH}x87#;)+
zgW^)QYPkYq?vdfXF)mtWJ3vG=^4c~z<#W;Sz&2Uma!FFFw@%IF1U9+7MLnRI`XsGX
zP?I!Sm9*gy_;m)Lu7H>$1W6Z9Agzs#lTp1IT@ze;GkhL$ts>-9l9VxXW$nHhrhI*(
zi(kv)NPxtv462U)3ihhXyQlsmh=GGLPTT0G9Cv2dc$srC#s7dW_ho)j=I}Ut@`9g?
zkz+<ie6qxu2y>A`;LDRutupZ8AAp-r=;9xMoBzuotj2QZKM40F?vcs7zc)Q9AyV|*
zvuBcYYcW&ZLaZ$jd2d-(Imap)dnwGkbHA;t&?eKOmg|{I>;9^QKJyQ$dT*X@YC+ly
zmQM|20f^Cv8mABL{o()?v8CIAnrm@yo_YzMD?-+{O(h+UFBm5N9KX{;FSibiP;Xi#
zVUPi}C#+J-U`4s-0|~dF1RDV{8Qy1<n6WYnKL9<4BT*UmwMs~DRoCS*$|7M(5hi=+
zmi*EfWa8;yL>w@K)S%L^x~y(W4fhDG(p!vM>p5KW{uNw!f=5nYws?97dudlNF8<`F
zafUiKk}2zH@SRZCV3FSZ*!6M0eh(vID=pO^JS`;Gx1~ApY76%cIhig-KF|VebT`%4
zw=oFu1^!xojP1<<w(aRszQnuN2LuVO)p5Jh8y$U!fg1n7I?2R<!TTHKcYe$J)HhL*
zz2w^Y5wzH~?O8SUF(l=)hC!*=ISV8n?}b~ZaX^WYeFU615t=;gwT0O*?1LYL%kvmj
zRskW=AS3g)!e;R1v8Am%29VL|X;Y3ujQ7#6?_=P-&si6HF#`L$3nhN_1x+KLe;a~|
z8@_5*M(ZBhA;{IfL91o-fbjhVEYn1Cvlze<bP4f+s9AR7<w-<)WojVW$9RWzvDpQC
zhspQj&(&=Ka1I`>k|ivua&-`fE9U>NQ9MC8A<YuUdslwMp-5wYTU8+alOpr??hxO2
zMYy%gNPwe34k}B7!U@KyO|42DHj77+`6rsCTr_bnmN$^72K3}AdvP*WE<+hh)55SI
z5!&Q>A6;OMf$hk9?c8Cd4VeXA0bR)^NO@RN$WVgh0}SBUv2l-WXtI32vHMIZ?|BZ2
zuFjUUi4CpV2~RMcqYfdWh2ce0IfPy9;1sdD7wVXQc^mj8^f~}=;T34<)LL$`2&jVi
zp8`S7pG=foum)905Pq3mp7700-l>c{X_!n+HrAfT<@wkc-VA@+e#@csZIBpfe0VLg
z^d*e0;Dl2?IJ9S~QVl#D8sHZG<fYnq@=_J|<pXhuNNRx-;v9NT)bl13_g&T-u9Rrn
z8;&Be_TKcm#PwM7qxIbAWxBS6=*IEH!*aX9w)8}K=!rC+0e;zYF9}2+!i`GkiOSOk
zqt^+X4J>sBjSlCF?dz?m6=Nu*hVdr>%>$~0h3snpJsMQ_APFMbjo`Hg(1_=~Q>ZMU
z>3Kdw(lw7feVz5vS|ALUT|0C$VQ0UfrY+qFuYb9*P*g5^uw)1`>pY=lbaE8!GykqP
zJ=@|Zon`)6t}WA^*u=+`2GA07h;p4T$SZYyQd+CfAlqUC5(1?Az=Y`{nwN-jxP%Ck
zPr0n&tr-+gVr<y-BTitpA0d==R<+wv&188dF-a;-cn*{<*S<3((YohuT5SG&NB$2^
zGs29ci_B+C^V@#9N$Zx}MlNkF)eIMyiy~)Ii*@3IJ)oRR&y6@KVyo+ZBB2oZ8+){B
zoFq%UxEg5M@O}0R#=zuxn3r|OH8rthn(oJy@BH&{Ci08trMJXi<)&plr)NtdOvaGB
zNS!%#_b&|YZ4N@VdB%8-lEMe<mW4QZG1<A!8=AvfPqqs!!V-?80a_~!=z`cL4A9Ok
zGP@M1JgLcH-bntSC%ut0C3#ML2CCFVD4dk4GQndBff;r3$20TnZc@;-E}|wUg1#R@
ztehbG4g1=9%;;gi^`Zu%CqgS+f_xq(Ym?(=D}eDQK+o;WwPNe1@7$VKOTMY75cyz{
znAtPQusd7zy|Ncx+Onb6`+J;zwE<cMnNjq8P9}mmQ?-1X<C17XGL-m92yS&Hb*vMw
zw<48yV3Mx^*C>DveXIx2p*+!Kix+^sUb(>E?h=L7yDeOk>QwpGyVD-q(pxj3bE4*8
zCjqB~$>sTcSR-v~p36i6%9;nMi9GlF_UYIm&xX~0cwP&aevwym?8>NlnM%BT=!!n_
zcR<%}{WBW?+tI{6$D1ot5`DBKL)ED;fE64Ow1Iit;wLaChJa2_;3L=L-~ic`hqYsQ
z7^COM%vAJ!^UVcJkOq6EbFtRJqNGSM@B_|vBmemG|BK`Zy?a-Bzs$YxaF(}-75m=#
zAHOO`6~>}z#J2F_f-GPl)8{;#i(T)Io4djLYG1_9Mby5)$%nuqbb@S%0;TMIjGOR&
z%PUC4cff6>ks`hDRBi81;i%xT`uYO07df;yrR_@PufNpCvml_W1hF8XsF>Rl1cI$y
ze(O36F+$Vn!&M`7zI8LoMk=M|cYfE9Z!T{#&Q-1uQPcbmU4HX7CbUc!wMK}B^<*A5
z*uw0bk%GWX7<C>d{USlWC=}^~OAv1>FpVZQK!wUPguUoEna#jqH;A2*EU@L>kB!|Z
z&NjhU7;o5JA8vcXIj3vGT|-@v@N5mxHHXa;sKH(#QYq6Yl60zb)o9(q`Cg-6vW9y1
zciCOx&9e!1aNQQu;+cwGcqy!W=8H+WTxYq`<>Gza2&~PZGf$I#Uc$r6M#!|N>@9yg
z{2oY#lKKt3lp9@>CAWuNP$q%Yr-y%n445h0cb5wvH;1Ro$mrQ_Ndg-q`nhwQ{6r}k
zy+|e8!0>|xe~lLM9*%TOiJ!(qGm9}2j}qtpPSuDORCoH>Qq*viqCm;&z<EmqIEB;=
z*rFDu#RamcmG+xK6|?k};SZCo);O2G4niqnpAf(cr81LZ?`XQtk+W!X@V>Q^An!C5
zEEvkGW^0V3_F&3w!k4bs`T$MT(ISAN7}2nz(w7zbl?0C>3_2Lt6MdsVuo`FE5FWh8
zy+IOY1t9YYBOpp|1f$J_Pk-rn@efy*(-BPK^QvGJs-(q++|JSGqk_!1ndXN<=~KUt
zA>-Hq*|e;XF4kUm>WRi6UPQ@g!x9j$#S#_R$~M=7FeP6af~Q1;5aVnf2-qS(BpMvd
z49B+ez4laoDc)!-AHdhhyJ<K1_w;S-`+F;0KJu5R7Wt1i!xf9iT(2p4!OX!OkuWFu
zMa!<TozaE1Gu$eL&r`zs+U421OrHqHHXsI+SZdW{_>%Ysd-}+M!8TF&15Q1W42nU_
zK1bhqTLS>o@jAoa^Z0N-4XIY2B75Pcykaisn_w!-Dcg9BYd9+azzl;me0Ay}0Ni)f
zCrKeqB_l(pzw2w)!6qF8Uo&2Z2{BinR0Gi-L76QG^`MKEkcuEY%)vKNf8!AQC{zB9
z*Yi)~Y*j29cweL1QOcZ=WLU<V?5ZHY5>AX-Cua39siU9;hALUnjNSz_kXozc8;~En
z^KPYIsd$<6tg2;a3D`?wQorDMDs56O9KD-M66>wsdL6s_wC7zVaZD);%7RF&Vl){x
zm5h^Op&M~J^2xihq%&@zcWypiqR3AaU|(o<YE=aM>75j~c(@xRD(C8T{PZ}hoED?}
zZk}K*jk`3MAnU|&8|+idXL@-5`)gCCE#OA7OZ$+Nt#g|qaUOH3-ATvGDP9)qXqx)N
z5n)bxbyPslH0ex|A8Qjv5^yt?&ld4USYix0bzO{^fW0@2zRaCo(VP%7346VAvlb3F
znB#U#DR(DsRsxoqE7qTT3<<l}Dy9nml7%dE?8kwSDl)6UD3(r-nvo&KYKUe}T{AY~
zp&C@sf*pD<<`p6uH)K>UY~!t&k?8NKk*QX2j-CT`Y(ZUaCl-Q95hKy0xI}9~9oCm!
z3WKh#TODQIQXDFbFZ(Z`*9euAR@{y*rQQ5%QrcQ(d?Dz}q0j><Z>;~JwDdVwY9j6M
z>sMseA$X48OUfg`I$!>(FQ__suN5(H<5Ir&PS3|-3gayY%B?~6raVLcQQ@4^;Qjh#
zNhPZ-1*`(*S*aRZ3U$=d3GZ=im;ivI_C!fExLkjCvWeMGV3ToKz1I~mGEm*cOktxh
zu6~~12BWy<%=(4zGDWDRphX=9bvF@~N2ikzu0bbKU;<LqK?t}>h{lvqlU%`XH-W=^
z3q1i6*s|X{YTQ5fdBvL7Z{l5T??TEuTUvNw`y<5O$ZG4-ERZwH^{*=0$){qUw@=iG
z#-f9m8slGn)76DxUEoZjtu-%GcyW?0b5HV8^HfF__-a|<s1p)oy4u<;-`t4fy)#Nx
zsik6g9fpzm)1rl3TR5mA<}?L~;gxP2t;T>x{`wpn{TzO5r<ST|RoRC-FNV$cIg#Vb
zu!BXC0CGFg%^20$9)BJM&68Dc(m*^p7mo`uP=EBv-4uo-am}u0({{8|X&_xVQ)|4@
zGoN5U>8_!2$|Ct8i!slayCHwA4%r-%6yst-nuxBYf7TlnBv)jhi%6pbh1*}zp}I(X
zZJ>3z17G%oDO0WH5-~1tuNA@C!E^*L%UL2T*Jg+Ph-QZpZ5@djC-3{sO2J<<m-Aja
z&pX~CS*S!ku>#OsvLrC&+P0@oR#r|GuPsv~Glo68+Rfjmr!2$T+CP|l*)^3=I(|Xb
zran0iyU*N0MH|tRR^c~cH@`<7JHmsZjvYzsC<(Wt>lUC&ezN+H|LE^2ENEf&(LkYD
z!LlO`G8RVEeu78rQ-`kk)gZ$15wW=D2b7|?rl-+ImnYP$q@UnNJvUKUO7%pl;O>jM
z0<Bcy52v?DJthVUBfhw`8vA)i`&luhZYrLhKLhIQiL2W0?BOYXEIOboE(udzL~4z{
z=DcFrkdi{lY=Bz6zD!#POBN1SkD4HusO<nKJ$So)4W;-M<*bN{1PVa>Dw>j3H!$6H
zR6XnXRNcl;u~(r5u2jImY97$4K~%5OAfaUzW0niUiwyC97TDS^SG}>fL+;r-)@8su
zMpf~_XD)~|cI4)RZm?-<H~lb>G>||$_gObp1g(iF>%n~D&4Dn?%gO!WvP?hLu=B&-
zvNxx;8C-e|^9?B%0*r*U+ZpTyU*A`WM=N_P#8sdujsJwsle}bBFBlm<QbXkU5>V&R
z()?T?%UHpH1FsM(Z!sx9>iaW$Gz2m8O^WVs);{HS3?>9#uyP=U9(R8ztgz2199D>v
z(o@+*aiVc+xB{bTd$<%;Zgre-T9K4z>W^CnujE87{A{}4_{p$#&mZ$p!Yoq5w@R@v
zfEh5S<~{1tdee^xR~jKV3_<wYD%r&K@d(q52*^?J3)yw4XuY4E`Xj!{_aA8@{d&dx
z@9zq9{&*cWO1$`_`3-g}9RNzm(M@w~-`CZ@%xqrG>Q9H|M>zXLVtFpgXXgC@R#b~v
zXbOpYxZfIAXF9)?oQh1kIc{RgD_L2g5F9ZI_XSnltP6<oyJ3uXh#*k{zUy@`<M-o4
zVj+bLbCjA6zxA&8uY0aK?R2A+v^L(;G=D~ZC<QwOfPL+*w3L}CzD)O^M>|;s<x`&W
z);FAQ<9EWOPRRCcbW8!4dT(8(kpOP^amjqj-*D{QPerK=bznhwa@|Q;jQJ2-2P-Ou
zZ&4{IRdJLL`s=Kxn0alK)g=lec?@udAOiMwf8mpfNw5|zYY{e%d^XQ)PCu@$r1`7t
zO`H<yh=<+8We~?y);Tba6z*<$?d6|&7LOdmmR!i;f^@2&+lRP|!fbnch^*-16r&_j
zr%z3(-Ep{G{-0&%^#d&HwYzDuv>^0lStlST&OC*RRN)xkL3fx{##gF%AmGW2MM(HU
zK{wE}e|14v4*8d+B5z|PVzz8^aWWalX0v$EpIrbK%{tdqKJ5v~K=!1O7mMj!m>h#0
zx%)>G#_oN)izr{e`|!nf=5dq=)4@?Xj^QrmR3c#PHKT&V9eCVLRxX3WBLCZz5v5FC
zvV8xp0KqR#y;8s{&oWLmFqYl^u`??h<+8NHDb~4J&7`z9&$3%2Z#n;uo>GH*M@mmJ
z@eD1D)l&GQ@+U#zkLa2~o1qic7?Q3q+E%YOnzWB6C3?L_MgR^nXN-=(=a>$pF*4xY
zks9U`Ya-us2q}dcP;u_#%|?v0#RvYv7m8fYWq+v=`UTAh3ZxU`6OKM>u&|JoYnAfR
z3(W;pDTueasT%h#PR{zqznSr@7Eo4cx}QzBDial)s+4MS?A9gpAwlGn3<Ji0?c;-u
z=yxViQ-ChVWy4(WQ0web)l$Cl{2e6$7kywl$V%Mn>=){=2EQQb_@3)zfDfbJt42{H
z36>wlbIt8^pS9u-;_MaLEsShs%<+~GynwY3H?f28K$moO2n7Ib`x`C-n_{*JAMv!(
z(5sp<UEdEKPyB^p!722s2iQ2xaiK~u{N#Gza4)s|?px`r@XT6Gx)=%pvs8^xhM_FL
zhY`Ir>|PR%*}(nzvAZ1in6W+$C6^kP+?_pYeU*K*6xe7Eg7gd^yae^UgRFJn;Aea9
zeI(FBk93LpWdv4k>y)=)SR3M5$vzHYXwdL=JiQ?ERt+MHcZOy#kD9g)a$Cp`k=|Eq
zYYW7hxM`NVGzy_QnDVdlKE$B+(R?bKHBDKa<M{m3prkoOd*{U){vUJdo!4zGv61rG
zF9Vmwu(BSz>sid+xUgIucMbi#yYJd4ZCClTPq>|VqC|B123+HTD%Z_sTzcg0Q-lt9
z;~eWG{_BZ^l?D*UCiz{Xkyx{7J>*!EUhG1hgq82M!pdLU0kFg~C9GFA0Tirr`RLbu
z-TOwnA1sVmboNdj35!!Isu99PszS9}0|)rO3&~;OTIu>CFk^S?K3JE;r+api8gneC
zV005@11XOITd8#98dw%aLiZ-9#e6l+7`@@$!vYB`Z5f>*lJn>512oUI?4Ev^Ky;qh
zWnrcCE=7d-iC<HIOd$z1EM6Yz9A8?w|Cx&3*#B_B-KotfqdK@>A~z|wNHX&@vel|=
zdro1WM0;1XFR_B7G)PiQ{MMh*_XPb0c4w&ggLs8YdjF-2O8hEy6%d<}&t6VaHV|Ui
zqyXE_t=|0qfiH8gDJJ><4<*3K@(I3l^e1F+eJwi{aIftDcV`Zy>=87WD#2#pi6<&A
z%nH#S>Q0W4EBc0mAE2WWrC0@82kC_lHmm$hMo!55NER%;d3(dEU!uU0>EYt7oMl#5
z*8^LJz4=I_J-4rbOAsWVMiU31Hr!c6rQqi(En%g^Y0l`HWq9~L2gbt)bM#p1o7^Fm
zseKp*Gaic<d%FcAwO4QC4)&a$HPPjHUCN59QcXVi`X4aLZGw!L_JzuwcSiz9-tfKh
z{3<dXC4AQ(_6-?GS5_UPtRo0f&6R%Bi}H&F_K`TuDidbLchf>>^dAa{6`$wdDHrPD
zwByDfN_G8!4#i^gqXGXWSFhr}3M-2~nPxocNV%f#zxn0>mz92fyuM3X!RZjrdDG@h
z>?w0rYVr{H_@<od?tb;YR^!e0LNiu0ZRfuuSI<Zt=n113gByC-GBL2`wa9o3`CxS&
zxLkMAf^+3h1RHVeTf4#A#8)PArPUNKyQbMi2mEnvs8D}Y_CbI*dCp3qft}e7R8I93
zbN>`XF9T_`3(0EK`Q58#6p1#w=BrV!+p;DzLms6pNno;VM|`M6XJ+P)wN`t}_9?kO
zSiMvOv;}0dRYH2rM%~H_(#>pxr7tj52v*URz`thE3VFy5o;5#j^R2SJ2>7iy;!lH%
zEk+xFiWXA>fbA-|-$uXMnN-;Yx-2?9mj62U%xxD{sk!w+e|0dhhIf+g6eUXieSJ-c
zd2~Hmpr~VIY#kr<!+q}LtGYdV*W9d3yyD-|>*@FkG(BQJs3V|hWG1K5Ff7G&LpImT
zXOUKJ_|}m4thPUu#1Yj_YO8iS<`x|Z9aj@4_S;c1Oduc+v|aQQIB3%<#m-7%JqA&T
zbJY^=3v>+WwldUhqL~O#$Tz3tOmXMNCR&i4QwK63NSyfHwEHgD8Pl+xRg(8QeKO4z
z3p`&qvE4^q8VGCrC?E|3&sMj|5wlB)%0qskD)gqC<S!FC@P<ftN-;|5__UWnLZ4~j
zV0agM?cRT(csyO)en`4?(oSs^hoCeV<n+I8w_a6~9c3IwIQ3gFvU!&{{rSE=ZlMB2
zTIa2x$^3W{!~OKAOX*@*ut*fo{_)$c>x7o-7jrvb#eZNQFIE@9avt!-r$;wjbp-B{
z`;4fvD@8d9N-{Bavc`klC#XWBnBGev;$*;|c$8^q&S_#X)-JutwoAV=(l3_p7e=Tm
z)F%EzD^kwr`aiUy!s8*HGwr`;rjK45(bs5hQpV=+2B;YVPpg+#S;CT!o3fUfb<jl8
zdL``1{Sp|jq0|S^KqxbO{QDF9-h1XpRsTq6JgshS&c5YDSGD!1cD=d&JsA3-pWfJW
zSX3w06yw-F&qT#+id~i=M75!D2)S@<Wx;W#=~|;|9U~r1p4AoU)0k^pcvpjLXGB*+
za$xj1yeqBNkneA%m-UP3<(b!iMOz{Tnt6A^Mj`Cu=#GCtUOOQUH4erg&yzdS!CEyS
z#)JQFWKn`hY6a3#_8sh@TDHaV?c>>FQXMw|+$I)^)1t=&^}>Q1!J$}iMjI#&d`|$%
z(PC)>Jwk)e2?B=!ZqOre3z9JO0*olA(<jjK_#DavhJAHj<i_a4-jyJ36RrQ$2o3E+
zYR-?y2P5;#L@e`1t2QkpQuBD;UnU*)Db`vDCB(gd|NhtBML}7EH^!uJyS0U0Ee40M
z(}DA7faCEQ!w4-)h3+AHwP8fUvYx)F-Wo$|;A+Sj@sQbfyrdYsyNpge-(lZSeMg;7
zMQEAbL@**!ITj4jBZ7`Hiqm>#XP=P5M%w;&Jxl5z4<yUX^Z(vzU?Y+W&(7r*4fU&>
zXmgm`{wl#laMPP7-h03BoBHz8t6r$u4ArDcnA76e!ZkJBZ=$=M?LT$~0z%D~Xz{vi
zn28uO231$T(@k6-Z?PdUzgZMOh&r3n=WDdqnVYasPnmt5RndoV<Ne^+vRhiELsB}#
z4VL?jA^!x0nWpGQMXFm14cH;);2rwq6y!_h1LuHUi9+w%W+|~}YDYprlKiIc!=dxL
z@$!0RIg`kaj+JP#=Uu5EwrT>(K0K^c@Jy0#-siYZ@)3?yr773N=Zjg2;pz1Hvi4-5
zFEbNT72CGHR{rggtuXmu#@MQ^wR35FkCe2IgWobL232N-e-{8U`U~1XIp9Qs(64Y!
zHz-F5k`NT!;^+bG!bHu)q2HcF1c4&q{J~H)!~;waDCrK96rLLlWrdvMz-x^V3E=C&
zPy(_Nli@R3Rz#4CI~9l+^gllXaNH2690KJlM0lMMA_*KR3W`JF{86z+4G9D?Bm(`f
z;;iQXl*5NNgh08#)$olFC?lhGB3{`V6a-?B1%ZG%{Ev^QGa|^xk;~n~*YOS9H55uf
zZrI&sXovy=wUU59`2V9M2=vk$ZWaoa1W&^ALZK?)b@<WK?hjlv3@QbIM#2Napy~)H
zQNZs<0`>eI20Wu`44fbwDhZ)ahU)`+@Gp2;I1~WmGT=*3rzP^>lo7z`d$?%?aGIk8
zUhpLD!#AHqvMM-pBv4AW5pMsqhkS-tMnaj$Q`FuXGd|Uj?tj;iw+(&_lmth^xubwO
zDGb2fqo7P=LB57gPQc^SaQyEt_`sWhf(S$ti15jA;J?6%hO&Z(;LoF>%w({4>yeAd
zK%@PC8sZB6J{q_^(lWd&8u+#D)DKW;@CjVz18}Q@--z(q-@vUteSoqelpi6&osSR+
z;j4fIUVx*0gh~M|rt-9_gvWjazPALQ{0L>E5Gdrml>q+HURn@{?Els5^T<f>EMz2d
zxIhfhqM8_R^B5=td3NU4sf#=a2-J-X!u@}h$D)Df$3Vrwd~lvvC^;Of7X=OO7Z1fD
z{~t?HfPkj^A0PET_<9VK>}hQZeuN+<C>*B`g%tjl3HqOJ!WEgJIRB&Hgfc_nurMeo
z{P?MS3kwu}5(*`Ri^TzJjt{_H<A7c<3;zP_5VqO>y*9xP+>0X~Xp#$#e^0r@17Akw
z`d2#P{O^w~asdibH6DtFK*;@{i>ciIy|&K{#liT$6=&puOC~@?5xn@I@HIs!F+4Q^
z%8Brb9}4H<htj}z6M#DbN|zLZA_&J%gfhT00Re$R3JN##g5tyN6QNv?S2FO-MBoK`
zFAIfF8Uc@Sod~=IPf9ow3<9wufc{tWYRbV`lc3@dIt9305>yO<NEr&BkbpA7Cz61t
zW77SnCJg_)rtn!MpaPjmz@xD1{Zon#?v@PYLXb22_qW=fBvSK#B}fV&9sgHSdXoAq
z{=Js?B&A#aD=j=p&Q||Qw5fn3^X6a4{z)RX{zoE%x1<8KIs_!3j&yJoIPk=OZQ;Uj
zC@uUd0caU#H@FuZXqo4UK+EX6|JyR(fpXvy_#GT7iSW_upOYkTgEXN3wfMj%(tuXV
u_4)6A(wGJ%1$V;7)1b<bzW4vRTJ;{dDwYoP`4PBHI+PK4F9>-5K>rUEm8moU
diff --git a/workbooks/README.md b/workbooks/README.md
index 6d8ef4a6d..1c44f3fc3 100644
--- a/workbooks/README.md
+++ b/workbooks/README.md
@@ -16,6 +16,9 @@ To quickly check these out you can import them via ARM into your Azure Monitor i
[](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Freview-checklists%2Fmain%2Fworkbooks%2Faks_checklist.en_workbook_template.json)
+- Network App Delivery workbook:
+
+[](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Freview-checklists%2Fmain%2Fworkbooks%2Fappdelivery_checklist.en_network_tabcounters_template.json)
The Github pipelines in this repo automatically generate Azure Monitor workbooks with those queries grouped in their corresponding categories, for easy consumption. In order to deploy these workbooks to your Azure Monitor instance, you can do a simple copy/paste operation from the corresponding JSON file (for example [alz_checklist.en_workbook.json](alz_checklist.en_workbook.json) or [aks_checklist.en_workbook.json](aks_checklist.en_workbook.json)), and copy them into the advanced editor mode of an Azure Monitor workbook. For example:
diff --git a/workbooks/appdelivery_checklist.en_network.json b/workbooks/appdelivery_checklist.en_network.json
new file mode 100644
index 000000000..505c77dc7
--- /dev/null
+++ b/workbooks/appdelivery_checklist.en_network.json
@@ -0,0 +1,791 @@
+{
+ "version": "Notebook/1.0",
+ "items": [
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "parameters": [
+ {
+ "id": "497a107e-dde8-433e-b263-35ac8e8f7834",
+ "version": "KqlParameterItem/1.0",
+ "name": "Subscription",
+ "type": 6,
+ "multiSelect": true,
+ "quote": "'",
+ "delimiter": ",",
+ "typeSettings": {
+ "additionalResourceOptions": [
+ "value::all"
+ ],
+ "includeAll": true,
+ "showDefault": false
+ },
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "value": [
+ "value::all"
+ ]
+ },
+ {
+ "id": "844e4f4e-df51-4e3c-8eaf-0dc78b92c721",
+ "version": "KqlParameterItem/1.0",
+ "name": "OnlyFailed",
+ "label": "Only show failed",
+ "type": 2,
+ "typeSettings": {
+ "additionalResourceOptions": [],
+ "showDefault": false
+ },
+ "jsonData": "[\r\n { \"value\":true, \"label\":\"True\" },\r\n { \"value\":false, \"label\":\"False\", \"selected\":true }\r\n]"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "name": "WorkbookSelectors"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "If you set \"Only show failed\" to \"Yes\", the different queries will only show items that have failed their compliance checks.",
+ "style": "info"
+ },
+ "name": "InfoBox"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "## Azure Application Delivery Networking - Network\n\n---\n\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\n\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new)."
+ },
+ "customWidth": "100",
+ "name": "MarkdownHeader"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "tabs",
+ "links": [
+ {
+ "id": "4651deef-f33c-4640-a4e4-d2d47beff4f1",
+ "cellValue": "VisibleTab",
+ "linkTarget": "parameter",
+ "linkLabel": "Load Balancer",
+ "subTarget": "tab0",
+ "preText": "Load Balancer",
+ "style": "primary"
+ },
+ {
+ "id": "000b9e25-3c73-4c76-84f1-3d5d73de32c0",
+ "cellValue": "VisibleTab",
+ "linkTarget": "parameter",
+ "linkLabel": "Front Door",
+ "subTarget": "tab1",
+ "preText": "Front Door",
+ "style": "primary"
+ },
+ {
+ "id": "5fb8838c-f1ac-4c7b-a6ba-57b198248d76",
+ "cellValue": "VisibleTab",
+ "linkTarget": "parameter",
+ "linkLabel": "App Gateway",
+ "subTarget": "tab2",
+ "preText": "App Gateway",
+ "style": "primary"
+ }
+ ]
+ },
+ "name": "Tabs"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "## Load Balancer"
+ },
+ "name": "tab0title"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information."
+ },
+ "name": "querytext1"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query1"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information."
+ },
+ "name": "querytext8"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query8"
+ }
+ ]
+ },
+ "conditionalVisibility": {
+ "parameterName": "VisibleTab",
+ "comparison": "isEqualTo",
+ "value": "tab0"
+ },
+ "name": "tab0"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "## Front Door"
+ },
+ "name": "tab1title"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Deploy your WAF profiles for Front Door in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings) for further information."
+ },
+ "name": "querytext5"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query5"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Disable health probes when there is only one origin in an Azure Front Door origin group. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group) for further information."
+ },
+ "name": "querytext6"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query6"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use HEAD health probes with Azure Front Door, to reduce the traffic that Front Door sends to your application. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes) for further information."
+ },
+ "name": "querytext7"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query7"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use managed TLS certificates with Azure Front Door. Reduce operational cost and risk of outages due to certificate renewals. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates) for further information."
+ },
+ "name": "querytext9"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query9"
+ }
+ ]
+ },
+ "conditionalVisibility": {
+ "parameterName": "VisibleTab",
+ "comparison": "isEqualTo",
+ "value": "tab1"
+ },
+ "name": "tab1"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "## App Gateway"
+ },
+ "name": "tab2title"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext0"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query0"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext2"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query2"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext3"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query3"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext4"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query4"
+ }
+ ]
+ },
+ "conditionalVisibility": {
+ "parameterName": "VisibleTab",
+ "comparison": "isEqualTo",
+ "value": "tab2"
+ },
+ "name": "tab2"
+ }
+ ],
+ "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
+}
\ No newline at end of file
diff --git a/workbooks/appdelivery_checklist.en_network_counters_workbook.json b/workbooks/appdelivery_checklist.en_network_counters_workbook.json
new file mode 100644
index 000000000..dc8631400
--- /dev/null
+++ b/workbooks/appdelivery_checklist.en_network_counters_workbook.json
@@ -0,0 +1,1342 @@
+{
+ "version": "Notebook/1.0",
+ "items": [
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "parameters": [
+ {
+ "id": "497a107e-dde8-433e-b263-35ac8e8f7834",
+ "version": "KqlParameterItem/1.0",
+ "name": "Subscription",
+ "type": 6,
+ "multiSelect": true,
+ "quote": "'",
+ "delimiter": ",",
+ "typeSettings": {
+ "additionalResourceOptions": [
+ "value::all"
+ ],
+ "includeAll": true,
+ "showDefault": false
+ },
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "value": [
+ "value::all"
+ ]
+ },
+ {
+ "id": "844e4f4e-df51-4e3c-8eaf-0dc78b92c721",
+ "version": "KqlParameterItem/1.0",
+ "name": "OnlyFailed",
+ "label": "Only show failed",
+ "type": 2,
+ "typeSettings": {
+ "additionalResourceOptions": [],
+ "showDefault": false
+ },
+ "jsonData": "[\r\n { \"value\":true, \"label\":\"True\" },\r\n { \"value\":false, \"label\":\"False\", \"selected\":true }\r\n]"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "name": "WorkbookSelectors"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "If you set \"Only show failed\" to \"Yes\", the different queries will only show items that have failed their compliance checks.",
+ "style": "info"
+ },
+ "name": "InfoBox"
+ },
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "value::all"
+ ],
+ "parameters": [
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query0Stats",
+ "type": 1,
+ "query": "resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query0FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query0Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query1Stats",
+ "type": 1,
+ "query": "resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard')| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query1FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query1Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query2Stats",
+ "type": 1,
+ "query": "resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query2FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query2Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query3Stats",
+ "type": 1,
+ "query": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query3FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query3Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query4Stats",
+ "type": 1,
+ "query": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query4FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query4Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query5Stats",
+ "type": 1,
+ "query": "resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query5FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query5Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query6Stats",
+ "type": 1,
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query6FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query6Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query7Stats",
+ "type": 1,
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query7FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query7Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query8Stats",
+ "type": 1,
+ "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query8FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query8Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query9Stats",
+ "type": 1,
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query9FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query9Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab0Success",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query1Stats:$.Success}+{Query8Stats:$.Success}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab0Total",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query1Stats:$.Total}+{Query8Stats:$.Total}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab0Percent",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "round(100*{Tab0Success}/{Tab0Total})"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab1Success",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab1Total",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab1Percent",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "round(100*{Tab1Success}/{Tab1Total})"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab2Success",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query9Stats:$.Success}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab2Total",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query9Stats:$.Total}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab2Percent",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "round(100*{Tab2Success}/{Tab2Total})"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "WorkbookTotal",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query1Stats:$.Total}+{Query8Stats:$.Total}+{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query9Stats:$.Total}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "WorkbookSuccess",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query1Stats:$.Success}+{Query8Stats:$.Success}+{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query9Stats:$.Success}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "WorkbookPercent",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "round(100*{WorkbookSuccess}/{WorkbookTotal})"
+ }
+ }
+ ]
+ }
+ ],
+ "style": "pills",
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ "name": "InvisibleParameters"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "## Azure Application Delivery Networking - Network\n\n---\n\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\n\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new)."
+ },
+ "customWidth": "50",
+ "name": "MarkdownHeader"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"WorkbookPercent\\\": \\\"{WorkbookPercent}\\\", \\\"SubTitle\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}",
+ "size": 4,
+ "queryType": 8,
+ "visualization": "tiles",
+ "tileSettings": {
+ "titleContent": {
+ "columnMatch": "WorkbookPercent",
+ "formatter": 4,
+ "formatOptions": {
+ "min": 0,
+ "max": 100,
+ "palette": "redGreen"
+ }
+ },
+ "subtitleContent": {
+ "columnMatch": "SubTitle",
+ "formatter": 1
+ },
+ "showBorder": true
+ }
+ },
+ "customWidth": "50",
+ "name": "ProgressTile"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "tabs",
+ "links": [
+ {
+ "id": "1580d7e9-c3bd-4a78-9ae5-e518a7ac8d1a",
+ "cellValue": "VisibleTab",
+ "linkTarget": "parameter",
+ "linkLabel": "Load Balancer ({Tab0Success:value}/{Tab0Total:value})",
+ "subTarget": "tab0",
+ "preText": "Load Balancer",
+ "style": "primary"
+ },
+ {
+ "id": "e48c62d9-35f1-45dd-a6d3-01fda8bab437",
+ "cellValue": "VisibleTab",
+ "linkTarget": "parameter",
+ "linkLabel": "App Gateway ({Tab1Success:value}/{Tab1Total:value})",
+ "subTarget": "tab1",
+ "preText": "App Gateway",
+ "style": "primary"
+ },
+ {
+ "id": "b7b8151f-114a-4fcd-b4f9-f064fccdc26b",
+ "cellValue": "VisibleTab",
+ "linkTarget": "parameter",
+ "linkLabel": "Front Door ({Tab2Success:value}/{Tab2Total:value})",
+ "subTarget": "tab2",
+ "preText": "Front Door",
+ "style": "primary"
+ }
+ ]
+ },
+ "name": "Tabs"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "## Load Balancer"
+ },
+ "name": "tab0title"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information."
+ },
+ "name": "querytext1"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query1"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information."
+ },
+ "name": "querytext8"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query8"
+ }
+ ]
+ },
+ "conditionalVisibility": {
+ "parameterName": "VisibleTab",
+ "comparison": "isEqualTo",
+ "value": "tab0"
+ },
+ "name": "tab0"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "## App Gateway"
+ },
+ "name": "tab1title"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext0"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query0"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext2"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query2"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext3"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query3"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext4"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query4"
+ }
+ ]
+ },
+ "conditionalVisibility": {
+ "parameterName": "VisibleTab",
+ "comparison": "isEqualTo",
+ "value": "tab1"
+ },
+ "name": "tab1"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "## Front Door"
+ },
+ "name": "tab2title"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Deploy your WAF profiles for Front Door in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings) for further information."
+ },
+ "name": "querytext5"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query5"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Disable health probes when there is only one origin in an Azure Front Door origin group. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group) for further information."
+ },
+ "name": "querytext6"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query6"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use HEAD health probes with Azure Front Door, to reduce the traffic that Front Door sends to your application. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes) for further information."
+ },
+ "name": "querytext7"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query7"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use managed TLS certificates with Azure Front Door. Reduce operational cost and risk of outages due to certificate renewals. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates) for further information."
+ },
+ "name": "querytext9"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query9"
+ }
+ ]
+ },
+ "conditionalVisibility": {
+ "parameterName": "VisibleTab",
+ "comparison": "isEqualTo",
+ "value": "tab2"
+ },
+ "name": "tab2"
+ }
+ ],
+ "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
+}
\ No newline at end of file
diff --git a/workbooks/appdelivery_checklist.en_network_counters_workbook_template.json b/workbooks/appdelivery_checklist.en_network_counters_workbook_template.json
new file mode 100644
index 000000000..00cac79ce
--- /dev/null
+++ b/workbooks/appdelivery_checklist.en_network_counters_workbook_template.json
@@ -0,0 +1,57 @@
+{
+ "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "workbookDisplayName": {
+ "type": "string",
+ "defaultValue": "Azure Application Delivery Networking - Network",
+ "metadata": {
+ "description": "The friendly name for the workbook that is used in the Gallery or Saved List. Needs to be unique in the scope of the resource group and source"
+ }
+ },
+ "workbookType": {
+ "type": "string",
+ "defaultValue": "workbook",
+ "metadata": {
+ "description": "The gallery that the workbook will be shown under. Supported values include workbook, `tsg`, Azure Monitor, etc."
+ }
+ },
+ "workbookSourceId": {
+ "type": "string",
+ "defaultValue": "Azure Monitor",
+ "metadata": {
+ "description": "The id of resource instance to which the workbook will be associated"
+ }
+ },
+ "workbookId": {
+ "type": "string",
+ "defaultValue": "[newGuid()]",
+ "metadata": {
+ "description": "The unique guid for this workbook instance"
+ }
+ }
+ },
+ "resources": [
+ {
+ "name": "[parameters('workbookId')]",
+ "type": "Microsoft.Insights/workbooks",
+ "location": "[resourceGroup().location]",
+ "kind": "shared",
+ "apiVersion": "2018-06-17-preview",
+ "dependsOn": [],
+ "properties": {
+ "displayName": "[parameters('workbookDisplayName')]",
+ "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"value::all\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query0Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard')| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query1Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query2Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query3Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query4Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query5Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6Stats\",\n \"type\": 1,\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query6Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7Stats\",\n \"type\": 1,\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query7Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query8Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9Stats\",\n \"type\": 1,\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query9Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Success}+{Query8Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Total}+{Query8Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab0Success}/{Tab0Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab1Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab1Success}/{Tab1Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query9Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query9Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab2Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab2Success}/{Tab2Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookTotal\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Total}+{Query8Stats:$.Total}+{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query9Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookSuccess\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query1Stats:$.Success}+{Query8Stats:$.Success}+{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query9Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookPercent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{WorkbookSuccess}/{WorkbookTotal})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"InvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Application Delivery Networking - Network\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"50\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"WorkbookPercent\\\\\\\": \\\\\\\"{WorkbookPercent}\\\\\\\", \\\\\\\"SubTitle\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 4,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"WorkbookPercent\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"SubTitle\",\n \"formatter\": 1\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"ProgressTile\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"1580d7e9-c3bd-4a78-9ae5-e518a7ac8d1a\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Load Balancer ({Tab0Success:value}/{Tab0Total:value})\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Load Balancer\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"e48c62d9-35f1-45dd-a6d3-01fda8bab437\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"App Gateway ({Tab1Success:value}/{Tab1Total:value})\",\n \"subTarget\": \"tab1\",\n \"preText\": \"App Gateway\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"b7b8151f-114a-4fcd-b4f9-f064fccdc26b\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Front Door ({Tab2Success:value}/{Tab2Total:value})\",\n \"subTarget\": \"tab2\",\n \"preText\": \"Front Door\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Load Balancer\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## App Gateway\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Front Door\"\n },\n \"name\": \"tab2title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy your WAF profiles for Front Door in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Disable health probes when there is only one origin in an Azure Front Door origin group. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group) for further information.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use HEAD health probes with Azure Front Door, to reduce the traffic that Front Door sends to your application. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes) for further information.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use managed TLS certificates with Azure Front Door. Reduce operational cost and risk of outages due to certificate renewals. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates) for further information.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab2\"\n },\n \"name\": \"tab2\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}",
+ "version": "1.0",
+ "sourceId": "[parameters('workbookSourceId')]",
+ "category": "[parameters('workbookType')]"
+ }
+ }
+ ],
+ "outputs": {
+ "workbookId": {
+ "type": "string",
+ "value": "[resourceId( 'Microsoft.Insights/workbooks', parameters('workbookId'))]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/workbooks/appdelivery_checklist.en_network_tabcounters.json b/workbooks/appdelivery_checklist.en_network_tabcounters.json
new file mode 100644
index 000000000..4e6ff8fa7
--- /dev/null
+++ b/workbooks/appdelivery_checklist.en_network_tabcounters.json
@@ -0,0 +1,1389 @@
+{
+ "version": "Notebook/1.0",
+ "items": [
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "parameters": [
+ {
+ "id": "497a107e-dde8-433e-b263-35ac8e8f7834",
+ "version": "KqlParameterItem/1.0",
+ "name": "Subscription",
+ "type": 6,
+ "multiSelect": true,
+ "quote": "'",
+ "delimiter": ",",
+ "typeSettings": {
+ "additionalResourceOptions": [
+ "value::all"
+ ],
+ "includeAll": true,
+ "showDefault": false
+ },
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "value": [
+ "value::all"
+ ]
+ },
+ {
+ "id": "844e4f4e-df51-4e3c-8eaf-0dc78b92c721",
+ "version": "KqlParameterItem/1.0",
+ "name": "OnlyFailed",
+ "label": "Only show failed",
+ "type": 2,
+ "typeSettings": {
+ "additionalResourceOptions": [],
+ "showDefault": false
+ },
+ "jsonData": "[\r\n { \"value\":true, \"label\":\"True\" },\r\n { \"value\":false, \"label\":\"False\", \"selected\":true }\r\n]"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "name": "WorkbookSelectors"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "If you set \"Only show failed\" to \"Yes\", the different queries will only show items that have failed their compliance checks.",
+ "style": "info"
+ },
+ "name": "InfoBox"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "## Azure Application Delivery Networking - Network\n\n---\n\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\n\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new)."
+ },
+ "customWidth": "100",
+ "name": "MarkdownHeader"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "tabs",
+ "links": [
+ {
+ "id": "fa96473c-8845-4a7c-8524-36d600249767",
+ "cellValue": "VisibleTab",
+ "linkTarget": "parameter",
+ "linkLabel": "Load Balancer",
+ "subTarget": "tab0",
+ "preText": "Load Balancer",
+ "style": "primary"
+ },
+ {
+ "id": "dfa55dce-93e6-47de-b9ec-afb3256c2196",
+ "cellValue": "VisibleTab",
+ "linkTarget": "parameter",
+ "linkLabel": "App Gateway",
+ "subTarget": "tab1",
+ "preText": "App Gateway",
+ "style": "primary"
+ },
+ {
+ "id": "11edc678-ed6a-4233-a855-3c466b54cf3f",
+ "cellValue": "VisibleTab",
+ "linkTarget": "parameter",
+ "linkLabel": "Front Door",
+ "subTarget": "tab2",
+ "preText": "Front Door",
+ "style": "primary"
+ }
+ ]
+ },
+ "name": "Tabs"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "items": [
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "parameters": [
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query1Stats",
+ "type": 1,
+ "query": "resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard')| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query1FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query1Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query8Stats",
+ "type": 1,
+ "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query8FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query8Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab0Success",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query1Stats:$.Success}+{Query8Stats:$.Success}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab0Total",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query1Stats:$.Total}+{Query8Stats:$.Total}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab0Percent",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "round(100*{Tab0Success}/{Tab0Total})"
+ }
+ }
+ ]
+ }
+ ],
+ "style": "pills",
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ "name": "TabInvisibleParameters"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "## Load Balancer"
+ },
+ "customWidth": "50",
+ "name": "tab0title"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab0Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}",
+ "size": 3,
+ "queryType": 8,
+ "visualization": "tiles",
+ "tileSettings": {
+ "titleContent": {
+ "columnMatch": "Column1",
+ "formatter": 4,
+ "formatOptions": {
+ "min": 0,
+ "max": 100,
+ "palette": "redGreen"
+ },
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ "subtitleContent": {
+ "columnMatch": "Column2"
+ },
+ "showBorder": true
+ }
+ },
+ "customWidth": "50",
+ "name": "TabPercentTile"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information."
+ },
+ "name": "querytext1"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query1"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information."
+ },
+ "name": "querytext8"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query8"
+ }
+ ]
+ },
+ "conditionalVisibility": {
+ "parameterName": "VisibleTab",
+ "comparison": "isEqualTo",
+ "value": "tab0"
+ },
+ "name": "tab0"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "items": [
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "parameters": [
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query0Stats",
+ "type": 1,
+ "query": "resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query0FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query0Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query2Stats",
+ "type": 1,
+ "query": "resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query2FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query2Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query3Stats",
+ "type": 1,
+ "query": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query3FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query3Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query4Stats",
+ "type": 1,
+ "query": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query4FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query4Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab1Success",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query0Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab1Total",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query0Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab1Percent",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "round(100*{Tab1Success}/{Tab1Total})"
+ }
+ }
+ ]
+ }
+ ],
+ "style": "pills",
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ "name": "TabInvisibleParameters"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "## App Gateway"
+ },
+ "customWidth": "50",
+ "name": "tab1title"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab1Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}",
+ "size": 3,
+ "queryType": 8,
+ "visualization": "tiles",
+ "tileSettings": {
+ "titleContent": {
+ "columnMatch": "Column1",
+ "formatter": 4,
+ "formatOptions": {
+ "min": 0,
+ "max": 100,
+ "palette": "redGreen"
+ },
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ "subtitleContent": {
+ "columnMatch": "Column2"
+ },
+ "showBorder": true
+ }
+ },
+ "customWidth": "50",
+ "name": "TabPercentTile"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext0"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query0"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext2"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query2"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext3"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query3"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext4"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query4"
+ }
+ ]
+ },
+ "conditionalVisibility": {
+ "parameterName": "VisibleTab",
+ "comparison": "isEqualTo",
+ "value": "tab1"
+ },
+ "name": "tab1"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "items": [
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "parameters": [
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query5Stats",
+ "type": 1,
+ "query": "resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query5FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query5Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query6Stats",
+ "type": 1,
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query6FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query6Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query7Stats",
+ "type": 1,
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query7FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query7Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query9Stats",
+ "type": 1,
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query9FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query9Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab2Success",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query9Stats:$.Success}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab2Total",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query9Stats:$.Total}"
+ }
+ }
+ ]
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Tab2Percent",
+ "type": 1,
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "criteriaData": [
+ {
+ "criteriaContext": {
+ "operator": "Default",
+ "resultValType": "expression",
+ "resultVal": "round(100*{Tab2Success}/{Tab2Total})"
+ }
+ }
+ ]
+ }
+ ],
+ "style": "pills",
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ "name": "TabInvisibleParameters"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "## Front Door"
+ },
+ "customWidth": "50",
+ "name": "tab2title"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"Column1\\\": \\\"{Tab2Percent}\\\", \\\"Column2\\\": \\\"Percent of successful checks\\\"}\",\"transformers\":null}",
+ "size": 3,
+ "queryType": 8,
+ "visualization": "tiles",
+ "tileSettings": {
+ "titleContent": {
+ "columnMatch": "Column1",
+ "formatter": 4,
+ "formatOptions": {
+ "min": 0,
+ "max": 100,
+ "palette": "redGreen"
+ },
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ "subtitleContent": {
+ "columnMatch": "Column2"
+ },
+ "showBorder": true
+ }
+ },
+ "customWidth": "50",
+ "name": "TabPercentTile"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Deploy your WAF profiles for Front Door in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings) for further information."
+ },
+ "name": "querytext5"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query5"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Disable health probes when there is only one origin in an Azure Front Door origin group. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group) for further information."
+ },
+ "name": "querytext6"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query6"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use HEAD health probes with Azure Front Door, to reduce the traffic that Front Door sends to your application. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes) for further information."
+ },
+ "name": "querytext7"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query7"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use managed TLS certificates with Azure Front Door. Reduce operational cost and risk of outages due to certificate renewals. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates) for further information."
+ },
+ "name": "querytext9"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query9"
+ }
+ ]
+ },
+ "conditionalVisibility": {
+ "parameterName": "VisibleTab",
+ "comparison": "isEqualTo",
+ "value": "tab2"
+ },
+ "name": "tab2"
+ }
+ ],
+ "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
+}
\ No newline at end of file
diff --git a/workbooks/appdelivery_checklist.en_network_workbook.json b/workbooks/appdelivery_checklist.en_network_workbook.json
new file mode 100644
index 000000000..e2081af13
--- /dev/null
+++ b/workbooks/appdelivery_checklist.en_network_workbook.json
@@ -0,0 +1,791 @@
+{
+ "version": "Notebook/1.0",
+ "items": [
+ {
+ "type": 9,
+ "content": {
+ "version": "KqlParameterItem/1.0",
+ "parameters": [
+ {
+ "id": "497a107e-dde8-433e-b263-35ac8e8f7834",
+ "version": "KqlParameterItem/1.0",
+ "name": "Subscription",
+ "type": 6,
+ "multiSelect": true,
+ "quote": "'",
+ "delimiter": ",",
+ "typeSettings": {
+ "additionalResourceOptions": [
+ "value::all"
+ ],
+ "includeAll": true,
+ "showDefault": false
+ },
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "value": [
+ "value::all"
+ ]
+ },
+ {
+ "id": "844e4f4e-df51-4e3c-8eaf-0dc78b92c721",
+ "version": "KqlParameterItem/1.0",
+ "name": "OnlyFailed",
+ "label": "Only show failed",
+ "type": 2,
+ "typeSettings": {
+ "additionalResourceOptions": [],
+ "showDefault": false
+ },
+ "jsonData": "[\r\n { \"value\":true, \"label\":\"True\" },\r\n { \"value\":false, \"label\":\"False\", \"selected\":true }\r\n]"
+ }
+ ],
+ "style": "pills",
+ "queryType": 0,
+ "resourceType": "microsoft.operationalinsights/workspaces"
+ },
+ "name": "WorkbookSelectors"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "If you set \"Only show failed\" to \"Yes\", the different queries will only show items that have failed their compliance checks.",
+ "style": "info"
+ },
+ "name": "InfoBox"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "## Azure Application Delivery Networking - Network\n\n---\n\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\n\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new)."
+ },
+ "customWidth": "100",
+ "name": "MarkdownHeader"
+ },
+ {
+ "type": 11,
+ "content": {
+ "version": "LinkItem/1.0",
+ "style": "tabs",
+ "links": [
+ {
+ "id": "52745264-69a9-4a24-a9cc-0d190f55eaf3",
+ "cellValue": "VisibleTab",
+ "linkTarget": "parameter",
+ "linkLabel": "Front Door",
+ "subTarget": "tab0",
+ "preText": "Front Door",
+ "style": "primary"
+ },
+ {
+ "id": "517f8214-53f0-4bf9-a56e-a946cf2adbe2",
+ "cellValue": "VisibleTab",
+ "linkTarget": "parameter",
+ "linkLabel": "App Gateway",
+ "subTarget": "tab1",
+ "preText": "App Gateway",
+ "style": "primary"
+ },
+ {
+ "id": "22aff6a9-aecd-4a05-be7d-4abe481678c4",
+ "cellValue": "VisibleTab",
+ "linkTarget": "parameter",
+ "linkLabel": "Load Balancer",
+ "subTarget": "tab2",
+ "preText": "Load Balancer",
+ "style": "primary"
+ }
+ ]
+ },
+ "name": "Tabs"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "## Front Door"
+ },
+ "name": "tab0title"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Deploy your WAF profiles for Front Door in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings) for further information."
+ },
+ "name": "querytext5"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query5"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Disable health probes when there is only one origin in an Azure Front Door origin group. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group) for further information."
+ },
+ "name": "querytext6"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query6"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use HEAD health probes with Azure Front Door, to reduce the traffic that Front Door sends to your application. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes) for further information."
+ },
+ "name": "querytext7"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query7"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use managed TLS certificates with Azure Front Door. Reduce operational cost and risk of outages due to certificate renewals. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates) for further information."
+ },
+ "name": "querytext9"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query9"
+ }
+ ]
+ },
+ "conditionalVisibility": {
+ "parameterName": "VisibleTab",
+ "comparison": "isEqualTo",
+ "value": "tab0"
+ },
+ "name": "tab0"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "## App Gateway"
+ },
+ "name": "tab1title"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext0"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query0"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext2"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query2"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext3"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query3"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this."
+ },
+ "name": "querytext4"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query4"
+ }
+ ]
+ },
+ "conditionalVisibility": {
+ "parameterName": "VisibleTab",
+ "comparison": "isEqualTo",
+ "value": "tab1"
+ },
+ "name": "tab1"
+ },
+ {
+ "type": 12,
+ "content": {
+ "version": "NotebookGroup/1.0",
+ "groupType": "editable",
+ "items": [
+ {
+ "type": 1,
+ "content": {
+ "json": "## Load Balancer"
+ },
+ "name": "tab2title"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information."
+ },
+ "name": "querytext1"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query1"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information."
+ },
+ "name": "querytext8"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 4,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query8"
+ }
+ ]
+ },
+ "conditionalVisibility": {
+ "parameterName": "VisibleTab",
+ "comparison": "isEqualTo",
+ "value": "tab2"
+ },
+ "name": "tab2"
+ }
+ ],
+ "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
+}
\ No newline at end of file
diff --git a/workbooks/appdelivery_checklist.en_network_workbook_template.json b/workbooks/appdelivery_checklist.en_network_workbook_template.json
new file mode 100644
index 000000000..6508766c3
--- /dev/null
+++ b/workbooks/appdelivery_checklist.en_network_workbook_template.json
@@ -0,0 +1,57 @@
+{
+ "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "workbookDisplayName": {
+ "type": "string",
+ "defaultValue": "Azure Application Delivery Networking - Network",
+ "metadata": {
+ "description": "The friendly name for the workbook that is used in the Gallery or Saved List. Needs to be unique in the scope of the resource group and source"
+ }
+ },
+ "workbookType": {
+ "type": "string",
+ "defaultValue": "workbook",
+ "metadata": {
+ "description": "The gallery that the workbook will be shown under. Supported values include workbook, `tsg`, Azure Monitor, etc."
+ }
+ },
+ "workbookSourceId": {
+ "type": "string",
+ "defaultValue": "Azure Monitor",
+ "metadata": {
+ "description": "The id of resource instance to which the workbook will be associated"
+ }
+ },
+ "workbookId": {
+ "type": "string",
+ "defaultValue": "[newGuid()]",
+ "metadata": {
+ "description": "The unique guid for this workbook instance"
+ }
+ }
+ },
+ "resources": [
+ {
+ "name": "[parameters('workbookId')]",
+ "type": "Microsoft.Insights/workbooks",
+ "location": "[resourceGroup().location]",
+ "kind": "shared",
+ "apiVersion": "2018-06-17-preview",
+ "dependsOn": [],
+ "properties": {
+ "displayName": "[parameters('workbookDisplayName')]",
+ "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Application Delivery Networking - Network\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"100\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"52745264-69a9-4a24-a9cc-0d190f55eaf3\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Front Door\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Front Door\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"517f8214-53f0-4bf9-a56e-a946cf2adbe2\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"App Gateway\",\n \"subTarget\": \"tab1\",\n \"preText\": \"App Gateway\",\n \"style\": \"primary\"\n },\n {\n \"id\": \"22aff6a9-aecd-4a05-be7d-4abe481678c4\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Load Balancer\",\n \"subTarget\": \"tab2\",\n \"preText\": \"Load Balancer\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Front Door\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy your WAF profiles for Front Door in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Disable health probes when there is only one origin in an Azure Front Door origin group. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group) for further information.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use HEAD health probes with Azure Front Door, to reduce the traffic that Front Door sends to your application. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes) for further information.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use managed TLS certificates with Azure Front Door. Reduce operational cost and risk of outages due to certificate renewals. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates) for further information.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## App Gateway\"\n },\n \"name\": \"tab1title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab1\"\n },\n \"name\": \"tab1\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Load Balancer\"\n },\n \"name\": \"tab2title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 4,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab2\"\n },\n \"name\": \"tab2\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}",
+ "version": "1.0",
+ "sourceId": "[parameters('workbookSourceId')]",
+ "category": "[parameters('workbookType')]"
+ }
+ }
+ ],
+ "outputs": {
+ "workbookId": {
+ "type": "string",
+ "value": "[resourceId( 'Microsoft.Insights/workbooks', parameters('workbookId'))]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/workbooks/network_appdelivery_checklist.en_counters_workbook.json b/workbooks/network_appdelivery_checklist.en_counters_workbook.json
index b749df9f3..82346a814 100644
--- a/workbooks/network_appdelivery_checklist.en_counters_workbook.json
+++ b/workbooks/network_appdelivery_checklist.en_counters_workbook.json
@@ -236,7 +236,7 @@
"version": "KqlParameterItem/1.0",
"name": "Query6Stats",
"type": 1,
- "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
"crossComponentResources": [
"{Subscription}"
],
@@ -259,6 +259,90 @@
},
"queryType": 8
},
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query7Stats",
+ "type": 1,
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query7FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query7Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query8Stats",
+ "type": 1,
+ "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query8FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query8Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query9Stats",
+ "type": 1,
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources"
+ },
+ {
+ "id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
+ "version": "KqlParameterItem/1.0",
+ "name": "Query9FullyCompliant",
+ "type": 1,
+ "query": "{\"version\":\"1.0.0\",\"content\":\"{\\\"value\\\": \\\"{Query9Stats:$.FullyCompliant}\\\"}\",\"transformers\":null}",
+ "isHiddenWhenLocked": true,
+ "timeContext": {
+ "durationMs": 86400000
+ },
+ "queryType": 8
+ },
{
"id": "daf05c62-1d5b-4325-b241-d7ee468f23eb",
"version": "KqlParameterItem/1.0",
@@ -273,7 +357,7 @@
"criteriaContext": {
"operator": "Default",
"resultValType": "expression",
- "resultVal": "{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}"
+ "resultVal": "{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}"
}
}
]
@@ -292,7 +376,7 @@
"criteriaContext": {
"operator": "Default",
"resultValType": "expression",
- "resultVal": "{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}"
+ "resultVal": "{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}"
}
}
]
@@ -330,7 +414,7 @@
"criteriaContext": {
"operator": "Default",
"resultValType": "expression",
- "resultVal": "{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}"
+ "resultVal": "{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}"
}
}
]
@@ -349,7 +433,7 @@
"criteriaContext": {
"operator": "Default",
"resultValType": "expression",
- "resultVal": "{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}"
+ "resultVal": "{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}"
}
}
]
@@ -423,7 +507,7 @@
"style": "tabs",
"links": [
{
- "id": "84a8f791-f30a-4813-96ad-9d0cf8905a4f",
+ "id": "286a5c29-5ff7-4d7d-9edd-715ce498af8f",
"cellValue": "VisibleTab",
"linkTarget": "parameter",
"linkLabel": "Network Topology and Connectivity ({Tab0Success:value}/{Tab0Total:value})",
@@ -823,7 +907,7 @@
{
"type": 1,
"content": {
- "json": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information."
+ "json": "Disable health probes when there is only one origin in an Azure Front Door origin group. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group) for further information."
},
"name": "querytext6"
},
@@ -831,7 +915,7 @@
"type": 3,
"content": {
"version": "KqlItem/1.0",
- "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
"size": 0,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
@@ -881,6 +965,192 @@
}
},
"name": "query6"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use HEAD health probes with Azure Front Door, to reduce the traffic that Front Door sends to your application. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes) for further information."
+ },
+ "name": "querytext7"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 0,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query7"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information."
+ },
+ "name": "querytext8"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 0,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query8"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use managed TLS certificates with Azure Front Door. Reduce operational cost and risk of outages due to certificate renewals. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates) for further information."
+ },
+ "name": "querytext9"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 0,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query9"
}
]
},
diff --git a/workbooks/network_appdelivery_checklist.en_counters_workbook_template.json b/workbooks/network_appdelivery_checklist.en_counters_workbook_template.json
index 0145dd5ae..17bd9b8f4 100644
--- a/workbooks/network_appdelivery_checklist.en_counters_workbook_template.json
+++ b/workbooks/network_appdelivery_checklist.en_counters_workbook_template.json
@@ -41,7 +41,7 @@
"dependsOn": [],
"properties": {
"displayName": "[parameters('workbookDisplayName')]",
- "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"value::all\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query0Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard')| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query1Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query2Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query3Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query4Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query5Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query6Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab0Success}/{Tab0Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookTotal\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookSuccess\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookPercent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{WorkbookSuccess}/{WorkbookTotal})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"InvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Application Delivery Networking\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"50\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"WorkbookPercent\\\\\\\": \\\\\\\"{WorkbookPercent}\\\\\\\", \\\\\\\"SubTitle\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 4,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"WorkbookPercent\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"SubTitle\",\n \"formatter\": 1\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"ProgressTile\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"84a8f791-f30a-4813-96ad-9d0cf8905a4f\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Network Topology and Connectivity ({Tab0Success:value}/{Tab0Total:value})\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Network Topology and Connectivity\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Network Topology and Connectivity\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy your WAF profiles for Front Door in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}",
+ "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"crossComponentResources\": [\n \"value::all\"\n ],\n \"parameters\": [\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query0FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query0Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard')| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query1FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query1Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query2FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query2Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query3FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query3Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4Stats\",\n \"type\": 1,\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query4FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query4Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5Stats\",\n \"type\": 1,\n \"query\": \"resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query5FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query5Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6Stats\",\n \"type\": 1,\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query6FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query6Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7Stats\",\n \"type\": 1,\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query7FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query7Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8Stats\",\n \"type\": 1,\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query8FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query8Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9Stats\",\n \"type\": 1,\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId| summarize Total = count(), Success = countif(compliant==1), Failed = countif(compliant==0) | extend SuccessPercent = iff(Total==0, 100, 100*toint(Success)/toint(Total)) | extend FullyCompliant = iff(SuccessPercent == 100, 'Yes', 'No') | project Query1Stats=tostring(pack_all())\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Query9FullyCompliant\",\n \"type\": 1,\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"value\\\\\\\": \\\\\\\"{Query9Stats:$.FullyCompliant}\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"queryType\": 8\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Success\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Total\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Tab0Percent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{Tab0Success}/{Tab0Total})\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookTotal\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Total}+{Query1Stats:$.Total}+{Query2Stats:$.Total}+{Query3Stats:$.Total}+{Query4Stats:$.Total}+{Query5Stats:$.Total}+{Query6Stats:$.Total}+{Query7Stats:$.Total}+{Query8Stats:$.Total}+{Query9Stats:$.Total}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookSuccess\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"{Query0Stats:$.Success}+{Query1Stats:$.Success}+{Query2Stats:$.Success}+{Query3Stats:$.Success}+{Query4Stats:$.Success}+{Query5Stats:$.Success}+{Query6Stats:$.Success}+{Query7Stats:$.Success}+{Query8Stats:$.Success}+{Query9Stats:$.Success}\"\n }\n }\n ]\n },\n {\n \"id\": \"daf05c62-1d5b-4325-b241-d7ee468f23eb\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"WorkbookPercent\",\n \"type\": 1,\n \"isHiddenWhenLocked\": true,\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"criteriaData\": [\n {\n \"criteriaContext\": {\n \"operator\": \"Default\",\n \"resultValType\": \"expression\",\n \"resultVal\": \"round(100*{WorkbookSuccess}/{WorkbookTotal})\"\n }\n }\n ]\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\"\n },\n \"name\": \"InvisibleParameters\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Application Delivery Networking\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"50\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"{\\\"version\\\":\\\"1.0.0\\\",\\\"content\\\":\\\"{\\\\\\\"WorkbookPercent\\\\\\\": \\\\\\\"{WorkbookPercent}\\\\\\\", \\\\\\\"SubTitle\\\\\\\": \\\\\\\"Percent of successful checks\\\\\\\"}\\\",\\\"transformers\\\":null}\",\n \"size\": 4,\n \"queryType\": 8,\n \"visualization\": \"tiles\",\n \"tileSettings\": {\n \"titleContent\": {\n \"columnMatch\": \"WorkbookPercent\",\n \"formatter\": 4,\n \"formatOptions\": {\n \"min\": 0,\n \"max\": 100,\n \"palette\": \"redGreen\"\n }\n },\n \"subtitleContent\": {\n \"columnMatch\": \"SubTitle\",\n \"formatter\": 1\n },\n \"showBorder\": true\n }\n },\n \"customWidth\": \"50\",\n \"name\": \"ProgressTile\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"286a5c29-5ff7-4d7d-9edd-715ce498af8f\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Network Topology and Connectivity ({Tab0Success:value}/{Tab0Total:value})\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Network Topology and Connectivity\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Network Topology and Connectivity\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy your WAF profiles for Front Door in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Disable health probes when there is only one origin in an Azure Front Door origin group. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group) for further information.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use HEAD health probes with Azure Front Door, to reduce the traffic that Front Door sends to your application. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes) for further information.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use managed TLS certificates with Azure Front Door. Reduce operational cost and risk of outages due to certificate renewals. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates) for further information.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}",
"version": "1.0",
"sourceId": "[parameters('workbookSourceId')]",
"category": "[parameters('workbookType')]"
diff --git a/workbooks/network_appdelivery_checklist.en_workbook.json b/workbooks/network_appdelivery_checklist.en_workbook.json
index 5327e8741..bb51eba43 100644
--- a/workbooks/network_appdelivery_checklist.en_workbook.json
+++ b/workbooks/network_appdelivery_checklist.en_workbook.json
@@ -70,7 +70,7 @@
"style": "tabs",
"links": [
{
- "id": "83d2e347-1b16-40f6-94df-e48ecac1f405",
+ "id": "2783bb1e-5110-4940-ad93-2aca862b756d",
"cellValue": "VisibleTab",
"linkTarget": "parameter",
"linkLabel": "Network Topology and Connectivity",
@@ -470,7 +470,7 @@
{
"type": 1,
"content": {
- "json": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information."
+ "json": "Disable health probes when there is only one origin in an Azure Front Door origin group. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group) for further information."
},
"name": "querytext6"
},
@@ -478,7 +478,7 @@
"type": 3,
"content": {
"version": "KqlItem/1.0",
- "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
"size": 0,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
@@ -528,6 +528,192 @@
}
},
"name": "query6"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use HEAD health probes with Azure Front Door, to reduce the traffic that Front Door sends to your application. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes) for further information."
+ },
+ "name": "querytext7"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 0,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query7"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information."
+ },
+ "name": "querytext8"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 0,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query8"
+ },
+ {
+ "type": 1,
+ "content": {
+ "json": "Use managed TLS certificates with Azure Front Door. Reduce operational cost and risk of outages due to certificate renewals. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates) for further information."
+ },
+ "name": "querytext9"
+ },
+ {
+ "type": 3,
+ "content": {
+ "version": "KqlItem/1.0",
+ "query": "cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed",
+ "size": 0,
+ "queryType": 1,
+ "resourceType": "microsoft.resourcegraph/resources",
+ "crossComponentResources": [
+ "{Subscription}"
+ ],
+ "gridSettings": {
+ "formatters": [
+ {
+ "columnMatch": "id",
+ "formatter": 0,
+ "numberFormat": {
+ "unit": 0,
+ "options": {
+ "style": "decimal"
+ }
+ }
+ },
+ {
+ "columnMatch": "compliant",
+ "formatter": 18,
+ "formatOptions": {
+ "thresholdsOptions": "icons",
+ "thresholdsGrid": [
+ {
+ "operator": "==",
+ "thresholdValue": "1",
+ "representation": "success",
+ "text": "Success"
+ },
+ {
+ "operator": "==",
+ "thresholdValue": "0",
+ "representation": "failed",
+ "text": "Failed"
+ },
+ {
+ "operator": "Default",
+ "thresholdValue": null,
+ "representation": "unknown",
+ "text": "Unknown"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "name": "query9"
}
]
},
diff --git a/workbooks/network_appdelivery_checklist.en_workbook_template.json b/workbooks/network_appdelivery_checklist.en_workbook_template.json
index 8a76fe45c..18da2bdd4 100644
--- a/workbooks/network_appdelivery_checklist.en_workbook_template.json
+++ b/workbooks/network_appdelivery_checklist.en_workbook_template.json
@@ -41,7 +41,7 @@
"dependsOn": [],
"properties": {
"displayName": "[parameters('workbookDisplayName')]",
- "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Application Delivery Networking\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"100\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"83d2e347-1b16-40f6-94df-e48ecac1f405\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Network Topology and Connectivity\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Network Topology and Connectivity\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Network Topology and Connectivity\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy your WAF profiles for Front Door in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}",
+ "serializedData": "{\n \"version\": \"Notebook/1.0\",\n \"items\": [\n {\n \"type\": 9,\n \"content\": {\n \"version\": \"KqlParameterItem/1.0\",\n \"parameters\": [\n {\n \"id\": \"497a107e-dde8-433e-b263-35ac8e8f7834\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"Subscription\",\n \"type\": 6,\n \"multiSelect\": true,\n \"quote\": \"'\",\n \"delimiter\": \",\",\n \"typeSettings\": {\n \"additionalResourceOptions\": [\n \"value::all\"\n ],\n \"includeAll\": true,\n \"showDefault\": false\n },\n \"timeContext\": {\n \"durationMs\": 86400000\n },\n \"value\": [\n \"value::all\"\n ]\n },\n {\n \"id\": \"844e4f4e-df51-4e3c-8eaf-0dc78b92c721\",\n \"version\": \"KqlParameterItem/1.0\",\n \"name\": \"OnlyFailed\",\n \"label\": \"Only show failed\",\n \"type\": 2,\n \"typeSettings\": {\n \"additionalResourceOptions\": [],\n \"showDefault\": false\n },\n \"jsonData\": \"[\\r\\n { \\\"value\\\":true, \\\"label\\\":\\\"True\\\" },\\r\\n { \\\"value\\\":false, \\\"label\\\":\\\"False\\\", \\\"selected\\\":true }\\r\\n]\"\n }\n ],\n \"style\": \"pills\",\n \"queryType\": 0,\n \"resourceType\": \"microsoft.operationalinsights/workspaces\"\n },\n \"name\": \"WorkbookSelectors\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"If you set \\\"Only show failed\\\" to \\\"Yes\\\", the different queries will only show items that have failed their compliance checks.\",\n \"style\": \"info\"\n },\n \"name\": \"InfoBox\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Azure Application Delivery Networking\\n\\n---\\n\\nThis workbook has been automatically generated out of the checklists in the [Azure Review Checklists repo](https://github.com/Azure/review-checklists). This repo contains best practices and recommendations around generic Landing Zones as well as specific services such as Azure Virtual Desktop, Azure Kubernetes Service or Azure VMware Solution, to name a few. This repository of best practices is curated by Azure engineers, but open to anybody to contribute.\\n\\nIf you see a problem in the queries that are part of this workbook, please open a Github issue [here](https://github.com/Azure/review-checklists/issues/new).\"\n },\n \"customWidth\": \"100\",\n \"name\": \"MarkdownHeader\"\n },\n {\n \"type\": 11,\n \"content\": {\n \"version\": \"LinkItem/1.0\",\n \"style\": \"tabs\",\n \"links\": [\n {\n \"id\": \"2783bb1e-5110-4940-ad93-2aca862b756d\",\n \"cellValue\": \"VisibleTab\",\n \"linkTarget\": \"parameter\",\n \"linkLabel\": \"Network Topology and Connectivity\",\n \"subTarget\": \"tab0\",\n \"preText\": \"Network Topology and Connectivity\",\n \"style\": \"primary\"\n }\n ]\n },\n \"name\": \"Tabs\"\n },\n {\n \"type\": 12,\n \"content\": {\n \"version\": \"NotebookGroup/1.0\",\n \"groupType\": \"editable\",\n \"items\": [\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"## Network Topology and Connectivity\"\n },\n \"name\": \"tab0title\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using Application Gateway v2 SKU. Check [this link](https://learn.microsoft.com/azure/application-gateway/overview-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext0\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/applicationgateways' | project id, compliant = properties.sku.name in ('Standard_v2', 'WAF_v2') | project id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query0\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Ensure you are using the Standard SKU for your Azure Load Balancers. Check [this link](https://learn.microsoft.com/azure/load-balancer/load-balancer-overview) for further information.\"\n },\n \"name\": \"querytext1\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/loadbalancers' | project id, compliant=(tolower(sku.name) == 'standard') | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query1\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Your Application Gateways v2 should be deployed in subnets with IP prefixes equal or larger than /24. Check [this link](https://learn.microsoft.com/azure/application-gateway/configuration-infrastructure#size-of-the-subnet) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext2\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/applicationgateways' | extend subnetId = tostring(properties.gatewayIPConfigurations[0].properties.subnet.id) | project id, subnetId | join (resources | where type=='microsoft.network/virtualnetworks' | project id,subnets=properties.subnets | mv-expand subnets | mv-expand subnets.properties.addressPrefixes | project id, subnetId = tostring(subnets.id), prefix1 = subnets.properties.addressPrefix, prefix2 = subnets.properties.addressPrefixes | mv-expand prefix2 | extend prefix = iff(isnotnull(prefix1), prefix1, prefix2) | extend subnetPrefixLength = split(prefix, '/')[1])on subnetId | extend compliant = (subnetPrefixLength <= 24 or subnetPrefixLength == 64) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query2\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Configure autoscaling with a minimum amount of instances of two. Check [this link](https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext3\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(properties.autoscaleConfiguration) and properties.autoscaleConfiguration.minCapacity >= 2) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query3\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy Application Gateway across Availability Zones. Check [this link](https://learn.microsoft.com/azure/reliability/migrate-app-gateway-v2) for further information.. [This training](https://learn.microsoft.com/learn/paths/secure-application-delivery/) can help to educate yourself on this.\"\n },\n \"name\": \"querytext4\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type =~ 'microsoft.network/applicationGateways' | extend compliant = (isnotnull(zones) and array_length(zones) > 1) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query4\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Deploy your WAF profiles for Front Door in 'Prevention' mode. Check [this link](https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-policy-settings) for further information.\"\n },\n \"name\": \"querytext5\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type == 'microsoft.network/frontdoorwebapplicationfirewallpolicies' | project policyName=name, policyId=id,policySku=sku.name, links=properties.securityPolicyLinks, enabledState=properties.policySettings.enabledState, mode=properties.policySettings.mode | mvexpand links | extend securityPolicy=links.id | extend securityPolicyParts=split(securityPolicy, '/') | extend profileId=strcat_array(array_slice(securityPolicyParts, 0, -3), '/') | project id=profileId, compliant=((enabledState=='Enabled') and (mode=='Prevention')), enabledState, mode | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query5\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Disable health probes when there is only one origin in an Azure Front Door origin group. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#disable-health-probes-when-theres-only-one-origin-in-an-origin-group) for further information.\"\n },\n \"name\": \"querytext6\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups/origins' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups')) | extend originGroupId = substring(id, 0, indexof(id, '/origins')) | join kind=inner (cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend originGroupName = name | extend hasHealthProbe = isnotnull(properties.healthProbeSettings)) on $left.originGroupId == $right.id | summarize numberOrigins = count() by originGroupId, subscriptionId, frontDoorId, hasHealthProbe, originGroupName | extend compliant = not(numberOrigins == 1 and hasHealthProbe) | project id = frontDoorId, compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query6\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use HEAD health probes with Azure Front Door, to reduce the traffic that Front Door sends to your application. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-head-health-probes) for further information.\"\n },\n \"name\": \"querytext7\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/origingroups' | extend frontDoorId = substring(id, 0, indexof(id, '/origingroups/')) | extend compliant = (isnull(properties['healthProbeSettings']['probeRequestType']) or toupper(properties['healthProbeSettings']['probeRequestType']) == 'HEAD') | project compliant, id=frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query7\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use Azure NAT Gateway instead of Load Balancer outbound rules for better SNAT scalability. Check [this link](https://learn.microsoft.com/azure/nat-gateway/nat-overview#outbound-connectivity) for further information.\"\n },\n \"name\": \"querytext8\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"resources | where type=='microsoft.network/loadbalancers' | extend countOutRules=array_length(properties.outboundRules) | extend compliant = (countOutRules == 0) | distinct id,compliant | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query8\"\n },\n {\n \"type\": 1,\n \"content\": {\n \"json\": \"Use managed TLS certificates with Azure Front Door. Reduce operational cost and risk of outages due to certificate renewals. Check [this link](https://learn.microsoft.com/azure/frontdoor/best-practices#use-managed-tls-certificates) for further information.\"\n },\n \"name\": \"querytext9\"\n },\n {\n \"type\": 3,\n \"content\": {\n \"version\": \"KqlItem/1.0\",\n \"query\": \"cdnresources | where type =~ 'microsoft.cdn/profiles/customdomains' | extend frontDoorId = substring(id, 0, indexof(id, '/customdomains')) | extend compliant = (isnull(properties['tlsSettings']['certificateType']) or tolower(properties['tlsSettings']['certificateType']) =~ 'customercertificate') | project compliant, id = frontDoorId | extend onlyFailed = {OnlyFailed:label} | where compliant == 0 or not (onlyFailed == 1) | project-away onlyFailed\",\n \"size\": 0,\n \"queryType\": 1,\n \"resourceType\": \"microsoft.resourcegraph/resources\",\n \"crossComponentResources\": [\n \"{Subscription}\"\n ],\n \"gridSettings\": {\n \"formatters\": [\n {\n \"columnMatch\": \"id\",\n \"formatter\": 0,\n \"numberFormat\": {\n \"unit\": 0,\n \"options\": {\n \"style\": \"decimal\"\n }\n }\n },\n {\n \"columnMatch\": \"compliant\",\n \"formatter\": 18,\n \"formatOptions\": {\n \"thresholdsOptions\": \"icons\",\n \"thresholdsGrid\": [\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"1\",\n \"representation\": \"success\",\n \"text\": \"Success\"\n },\n {\n \"operator\": \"==\",\n \"thresholdValue\": \"0\",\n \"representation\": \"failed\",\n \"text\": \"Failed\"\n },\n {\n \"operator\": \"Default\",\n \"thresholdValue\": null,\n \"representation\": \"unknown\",\n \"text\": \"Unknown\"\n }\n ]\n }\n }\n ]\n }\n },\n \"name\": \"query9\"\n }\n ]\n },\n \"conditionalVisibility\": {\n \"parameterName\": \"VisibleTab\",\n \"comparison\": \"isEqualTo\",\n \"value\": \"tab0\"\n },\n \"name\": \"tab0\"\n }\n ],\n \"$schema\": \"https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json\"\n}",
"version": "1.0",
"sourceId": "[parameters('workbookSourceId')]",
"category": "[parameters('workbookType')]"